Everybody is familiar with risks associated with computer viruses from the infamous “I love you” strain to the current generation of malware and Trojans. To combat these evolving threats, solutions have advanced from the installation of antivirus software on desktop computers to end-to-end security across the corporate network.
In all these developments, threats from the inside are seldom seen as part of the potential attack surface, much less one of the vulnerabilities of an enterprise. When the insider risk is taken up, the usual response is to let the CCTV catch the perpetrator or lay the blame on informal protocols of lazy security personnel.
In recent phone interview with this Space, Rajesh Ganesan, vice-president at ManageEngine, shared that the way privileged accounts are handled could either prevent or encourage insider threats. Systems administrators who are responsible for privileged accounts in the company would be most vulnerable to taking advantage of these accounts.
“Imagine the role of managing privileged accounts in the network server,” Ganesan illustrates, “Systems administrators are usually a team reporting on different shifts. The thing is, a System administrator logs into the network simply as “Administrator.
”It grants them the privilege of almost anonymous access to all the accounts on the network. There’s always the risk that for some reason or another, they could be tempted to copy files, delete them or do things that could compromise the security of information on the network.”
Ganesan relates the story of a theft in a European bank. The system administrator created multiple depositor accounts where he moved small amounts of money from time to time. Over the next five years, he accumulated about a billion euros in deposits which alerted management of the bank on the grand larceny. The thieving system administrator, probably too greedy for his own good, finally got caught.
Ganesan adds that part of the fault may be in the manner most businesses treat security risks to the enterprise. They invest in firewalls and regularly updated antivirus protection and feel they’re protected enough. The equally insidious leaks of privileged information are hardly part of the overall security protocol.
The ManageEngine executive offers, “It is therefore important to have a solution that manages and secures privileged accounts. For example, all the passwords and credentials should be in a central repository of all the servers. Anybody needing access to the privileged information database should make a request, specify the reason for the request and after a period of time, the password issued for the request is automatically modified.”
As an added protocol, the activities are recorded in video. Ganesan expounds, “Because they’re accessing privileged information, the users should be monitored as to whether they’re doing what they’re supposed to do. All their activities are captured in video which is then stored in a tamper-proof audit database.”
Ganesan further explains that as cloud and mobile technologies expand the cybersecurity parameters, they increasingly compromise the management of privileged access. Organizations now need to correlate privileged data access with system logs, analytics and other IT management platforms to make meaningful inferences for quicker response to eliminate threat vectors.
ManageEngine has just launched PAM360 to provide complete security against outsider and insider risks across the network. Among the capabilities of PAM360 are: a) Privileged account governance that centralizes the enforcement of privileged access policies for all categories of users; b) Just-in-time privilege elevation to orchestrate access management workflows from a unified console; c.) Privileged session monitoring which records videos of privileged sessions; and d.) Privileged user behavior analytics to detect anomalies in privileged account activity by correlating privileged access data with endpoint event logs.
PAM360 could be the right tool to eliminate all threat vectors inside and out while keeping the enterprise ahead of the curve.