Privileged Access Management (PAM) requires having a solution within an organization’s environments to secure the privileged user lifecycle, preventing privileged credential abuse and misuse as well as centralizing privileged credentials in one place.
Implementing a PAM system ensures a high level of security for an organization’s critical assets, providing control over who is accessing them while also logging and monitoring for any suspicious activity.
Accomplishing this requires implementing policies and procedures beyond those that are used for lower-risk assets. These include:
- Password Rotation: Protection Against Compromised Passwords
A compromised password provides an attacker with access to any assets that it secures for the life of the password. The implementation of password rotation limits this exposure by automatically refreshing credentials at regular intervals.
- Vaulting: Secure Credential Storage for Critical Assets
An identity vault stores the most current version of credentials for critical assets and helps an organization maintain complete administrative control over its passwords, keys, files, and certificates.
- Session Recording: Maintaining an Audit Log
Session recording creates a log of all actions taken by a user when interacting with critical assets. This information can be used to prevent malicious actions being taken on a system, or, it can be used as a tool in performing an investigation after an incident has occurred.
- Check In/Out: Limiting Attack Surface
Enforcing check-ins and check-outs for authentication credentials for critical assets limits access to these assets. Ensuring that only a set number of users can access an asset at one time decreases the potential for credential compromise.
The MorganFranklin team will provide insight to an organization on multiple qualifying PAM platform providers. We provide guidance to the organization on which platform to implement, and then we’ll roll up our sleeves and deploy a team of engineers, architects, developers, and analysts to get it running on systems. A dedicated MorganFranklin team will write the policies to secure, control, manage and monitor permissions across users, accounts, processes, and systems. Your InfoSec team will be trained on the platform, as well as the written policies, and given the tools they need to manage it once implementation and testing is complete.
MorganFranklin has experience in deploying, monitoring, and maintaining a number of different solutions for PAM. This includes tools created by leaders in the space, including:
- Thycotic: Thycoctic is the only PAM vendor with support for cloud deployments. Their easy to deploy solution includes privileged identity management (PIM), vaulting, automated password rotation, and access analytics.
- CyberArk: CyberArk’s PAM solution includes support for PIM, vaulting, key rotation, and session recording. While this product is extremely scalable, it can be difficult to deploy.
- BeyondTrust: BeyondTrust offers a large deployment infrastructure. Supported functionality includes password vaulting, key rotation, session recording, and PIM.