Available on contracts DIR-SDD-3805 and TIPS 200105.


Legacy PAM Is Not Enough for the Modern Attack Surface

Legacy Privilege Access Management (PAM) has been around for decades and was designed back in the day when ALL of your privileged access was constrained to systems and resources INSIDE your network. The environment was Systems Admins with a shared “root” account that they would check out of a password vault, to access a server, a database or network device. Legacy PAM served its purpose.

Centrify Delivers Cloud-ready Zero Trust Privilege

A Zero Trust Privilege approach helps enterprises grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Zero Trust Privilege minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise.
VERIFY WHO: Not just people but workloads, services, and machines. Verifying WHO means leveraging enterprise directory identities, eliminating local accounts and decreasing the overall number of accounts and passwords, reducing the attack surface.
CONTEXTUALIZE REQUEST: It is important to know WHY privileged access is needed. This includes associating the request with a certain trouble ticket and providing a reason as well as a timeframe. Once the request is contextualized then it must be routed for approval.
SECURE ADMIN ENVIRONMENT: To not expose malware to servers or introduce infections during our connection, we need to ensure access is only achieved through a clean source. Avoid access from user workstations that have Internet and email, which are too easily infected with malware.
GRANT LEAST PRIVILEGE: Just enough privilege to get the job done. Just in time privilege based on temporary access through a simple request process and limiting lateral movement by only granting access to the target resources needed and no more.
AUDIT EVERYTHING: Audit logs are critical for evidence of compliance and are used in forensic analysis. Best practice for privileged sessions is also to keep a video recording that can be reviewed or used as evidence for your most critical assets. Multiple regulations including PCI-DSS for payment card data specifically requires this level of auditing.
ADAPTIVE CONTROL: Modern machine learning algorithms are now used to carefully analyze a privileged user’s behavior and identify anomalous and therefore risky activities. Controls include alerting as well as active response to incidents by killing sessions, adding additional monitoring or flagging for forensic follow up.

© 2020 Complete Tablet Solutions. All rights reserved.