Privileged Identity Management

Why executives should take notice of privileged user access

Solution Features & Benefits

> Embrace the modern enterprise
Privileged users are no longer entirely inside the perimeter, nor is your infrastructure. Consistently control access to hybrid infrastructure for both on-premises and remote users.

> Reduce complexity with an integrated solution
Control access to infrastructure and privileges, enforce individual accountability where you can, share privileged accounts where you must - and audit across both.

> Comprehensive access control compliance
Leverage a single source for internal auditors to prove access controls are in place and working across individual and shared administrative accounts.

> Harden your internal network & applications from the tech savvy insider

> Stop insider and targeted attacks with privileged-user activity monitoring

> Prove compliance with regulations and industry mandates to auditors with a single view into the control and security of user privileges.

> Administrator rights discovery

> Identify, secure and manage privileged identities found throughout your IT infrastructure

> Management for privileged users

> Dynamic, context-aware, role-based & identity access management for privileged users

> Operations performed by privilege users are automatically recorded and audited.

> Control access to privileged accounts

> Password management

> Enforce the use of complex and unique passwords to common local administrator accounts for each computer

> Separate privileged users and sensitive data

> Businesses utilising effective privilege management can lower their desktop support costs by up to 35%

> Control Windows privileges

> Record and play back privilege user sessions for audit & compliance

> User, administrator and privileged user auditing

> Safeguard data with privileged user access controls

> Reduce the risk of attack through your privileged accounts
Easily assign or revoke the right privileges for users across Windows, Linux and UNIX systems.

> Enable you to elevate or lower admin rights on a per-user, per-application or per-task basis

Users with a standard user account can be given elevated privilege to specific applications or tasks.

A user that has to have an administrative account can conversely have their privileges reduced for changes to anti-virus settings or adding new hardware.

With this level of precise control, you can give users the access they need while still protecting the desktop.

> Implement a least privileges access model access model based on application, user and content control.

> Meet Compliance Requirements
Segregation of roles by user type to protect specific data types such as credit card information for PCI-DSS and Personally Identifiable Information (PII) HIPAA / HITECH acts.

Comprehensive Audit Trails: When IT staff request privileged access, an audit trail is created showing the requester, target system and account, date and time, and purpose of the request to combat insider threats.

Compliance Reporting: Whenever you must prove compliance with regulatory standards such as PCI-DSS, Sarbanes-Oxley, HIPAA, FISMA, and others.

> Audit and alert
Audit and alert on the requester, purpose, and duration of each privileged access request is documented.

> Improve IT governance
By automatically documenting which individuals have access to sensitive data and the ability to make changes that impact IT service delivery; at what times, and for what purpose.

> Session Recording
Administrators can configure automatic session recording for any systems and applications they choose. Authorised auditors can then search and play back recorded sessions.

> Identify and document all your IT assets
And their linked privileged accounts and inter-dependencies.

> Identify who
Who has access to privileged credentials so that only appropriate personnel, using the least privilege required, can login to IT assets.

> Mitigate risks
Whenever planned and unplanned changes happen in your IT environment or IT staff turnover occurs.

> Tamper-proof storage
For credentials, log files and recordings ensures sensitive information is protected from unauthorised access and misuse.

> Segregation of duties
To ensure that privileged credentials can only be accessed by authorised users for approved business reasons.

Separate privileged users and sensitive data.

Create a strong separation of duties between privileged administrators and data owners.

> Discover default passwords
When new devices are deployed with default passwords that could make your network vulnerable - discover and secure these credentials.

> Enforce rules for password complexity, diversity and change frequency, and synchronise changes across dependencies.

> Securely store passwords in a central vault for authorised disclosure.

> Limit access to administrator passwords and logging all disclosures.

> Removing unauthorised accounts’ administrator rights.

> Ensuring authorised accounts maintain administrator rights.

> Provisioning common accounts.

> Deleting undesirable accounts.

> Flexible multi-factor authentication options support time-based authentication by email and SMS.

> Delegate access to privileged credentials so that only appropriate personnel, using the least privilege required, can login to IT assets.

Business value of privileged identity management

Taking control of privileged identities can help your organisation

Reduce IT staff workloads by eliminating the manual steps required to secure privileged account credentials, access systems for maintenance, and document each access.

Improve IT governance by automatically documenting which individuals have access to sensitive data and the ability to make changes that impact IT service delivery; at what times, and for what purpose.

Lower cost and uncertainty of IT regulatory compliance audits by providing detailed reports that prove compliance with today’s regulatory standards including SOX, PCI-DSS, HIPAA, and others.

Mitigate risks whenever planned and unplanned changes happen in your IT environment or IT staff turnover occurs.

Eliminate error-prone IT tasks

Improved Staff Efficiency: When your security policies require frequent changes to privileged passwords, quickly secures these credentials, eliminating hours of tedious work.

Fewer Service Disruptions: As your integrated IT services expand, detect new application inter-dependencies and simultaneously deploys changed credentials to avoid service disruptions and lockouts.

Faster Emergency Access: Whenever IT personnel need privileged access for emergency repairs, grant the credentials immediately, according to roles that you pre-define.

Management capabilities

Management and discovery of all leading computer platforms: including Windows, Linux, UNIX and others.

Flexible multi-factor authentication options: support time-based authentication by email and SMS.

Out-of-the-box integration: with leading system management frameworks and SIEM solutions such as ArcSight, RSA enVision and more.

Lights-out server management access control: maintains credentials for HP iLO, Dell DRAC, and other remote access devices.

Service management integration: controls and audits privileged access as part of the trouble ticket lifecycle in HP Service Manager, BMC Remedy and Microsoft SCSM.

Full two-way inter-operability: between ERPM and Microsoft System Center Operations Manager (SCOM) / System Center Configuration Manager (SCCM) / System Center Service Manager (SCSM).

Fine-grain management features: to protect assets in the cloud infrastructure – physical and virtual systems, hypervisors, databases, middleware, applications and hardware devices.

The challenge

The most dangerous malicious insider, is the privileged insider, such as system administrators.

These users not only have escalated privileges on your network, but also technical skill. This group can leverage configuration and system vulnerabilities.

Capturing the detailed actions of privileged users is even more critical in today’s business environment that is driving cost efficiencies through IT outsourcing, off-shoring and supplementing IT staff with contractors.

Security and compliance issues also exist with third-parties including Cloud Providers, Service Providers.

Every major compliance regulation requires organisations to document what users actually do with the privileges and rights granted to them and how their actions impact the IT environment.
Organisations need to ensure that every privileged session can be audited across their extended enterprise creating a high level of visibility on UNIX, Linux and Windows systems whether in the data centre or in cloud computing environments.

Critical services and application are prone to user or malicious software tampering
The dirty secret for most organisations is that local administrator accounts rarely have their passwords changed and those accounts and passwords are shared by IT administrators for service calls and administration.

Risks of Unsecured Privileged Identities
Privileged identities aren’t controlled by your identity access management (IAM) system, so in all likelihood:

You do not know of all the privileged logins that exist on your network;
You have no record of which privileged credentials are known to different individuals;
You have no proof of who has used privileged logins to gain access to your IT resources, when and for what purpose;
There is no way to verify that each of your privileged account passwords are crypto-graphically strong, sufficiently unique, and changed often enough to be secure;
You have no reliable list of privileged logins stored within your applications, and no way to know which in-house and vendor personnel can use these credentials to access sensitive information.

Privileged users should never be given access to, or visibility of, resources that lie outside of the scope of their responsibilities. Many organisations have learned this the hard way.

Insider abuse: It is often easy for malicious insiders to abuse their privileges, whether to make money or sabotage the business. These risks are exacerbated in the cloud, where organisations may be exposed to the threat of their own administrators, as well as those of the cloud provider.

External attacks: Administrative privileges represent a vital asset, and one that is increasingly targeted by external attackers. For example, an advanced persistent threat (APT) attack may use social engineering tactics to gain one administrator’s credentials, and use that as a launching point to access and exploit other systems and services.

New Technologies: Cloud, virtualisation and big data expand the threat – With each new technology layer used as part of system deployment and management new privileged user roles are created.

Advanced Persistent Threat (APT) attacks target privileged accounts – Attackers have now found that if you want access to everything, you want to compromise privileged user accounts and their system and data access rights.

Determine and manage privileged access based on identity

Employees

Partners

Customers

Administrators

Privileged users & identities are accounts that hold elevated permission to access files, install and run programs, and change configuration settings. These keys to your IT kingdom exist on virtually every server and desktop operating system, business application, database, Web service, and network appliance in your organisation.

Such as IT administrators, network support staff, IT consultants, cloud / managed service managers, and super-user login accounts utilised by individuals to change configuration settings, run programs and perform other administrative duties.

Sensitive data: financial records, pay role, HR, legal documents, corporate strategy, PII ,customer data…

Types of privileged account users

Continuously discovers, strengthens, audits and recovers local, domain and process account passwords in the cross-platform enterprise. It identifies, secures and manages the privileged identities found throughout your IT infrastructure, including:

> Super-user login accounts utilised by individuals to change configuration settings, run programs and perform other administrative duties.

> Service accounts that require privileged login IDs and passwords to run.

> Application-to-application passwords used by web services, line-of-business applications, custom software, and other applications to connect to databases, middleware, and more.

> Third-party providers
Privileged access is granted to perform a job function allowing contractors to work under a cloak of anonymity.

> Hypervisor or cloud server managers
Business processes, such as finance, HR, and procurement, are moving to cloud applications, exposing enterprise assets to a high risk from the broad access granted to cloud administrators.

> Systems administrators
For almost every device in an IT environment, there is a shared privileged account with elevated privileges and unfettered access to its operating systems, networks, servers, and databases.

> Application or database administrators
Application and database administrators are granted broad access to administer the systems to which they are assigned. This access allows them to also connect with virtually any other database or application found in the enterprise.

> Select business users
Senior-level executives and IT personnel often have privileged access into business applications that hold sensitive data. In the hands of the wrong person, these credentials provide access to corporate financial data, intellectual property, and other sensitive data.

> Social media
Privileged access is granted to administer the corporate internal and external social networks. Employees and contractors are granted privileged access to write to those social media accounts. Misuse of these credentials can lead to a public takeover causing harm for an organisation’s brand or an executive’s reputation.

> Applications

Applications themselves use privileged accounts to communicate with other applications,

scripts, databases, web services and more. These accounts are an often overlooked and significant risk as they are often hard-coded and static. A hacker will use these attack points to escalate privileged access throughout the organisation.

illustrating the problem: Multiple privileged users share credentials to multiple systems access

> Limit privileged user control
(i.e. root, system, cloud or storage administrators)

> Privileged user access control and the collection of audit logs without re-engineering applications, databases or infrastructure.
IT Administrators Privileged accounts and passwords are extremely powerful, able to connect directly and anonymously, often using shared credentials, to systems with complete control of the target system with full access to all of the information on that system, leading to major security risks and no audit trail.

This vulnerability could potentially cause tremendous financial losses and reputational damage for businesses. For enterprises, privileged accounts are especially difficult to manage:

The average enterprise has thousands of privileged identities, accounts, and passwords. Manually managing and updating these are a time-consuming, costly and repetitive process.

Administrative and application accounts (hard-coded, embedded credentials) are found on virtually every piece of hardware, software, and application within an organisation, including virtual environments.

Administrative or application accounts are shared, which means that the system does not track WHO logged in as an Administrator, merely that a login occurred—a significant audit challenge.

Unlike a personal identity, such as JBloggs, administrative or application accounts are nearly impossible to disable due to high potential for disruption to business.

Administrative and application accounts are subject to regulations such as Sarbanes Oxley, PCI, and Basel II, requiring that companies prove exactly who logs in to sensitive systems and, increasingly, what they are doing.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk