Secured integration to the future

Secured integration to the future

Delinea RMA - the keys to your IT infrastructure are in safe hands

Illustration

13.03.2023
You need to pay close attention to an administrator control system when building a reliable cybersecurity business. This system protects you from attacks and unauthorized access using privileged accounts. All the attacks of recent years, including Maze, Kaseya Supply Chain, WhisperGate, HermeticWiper, were successful precisely because they penetrated the computers of system administrators and from there gained access to the entire company infrastructure.
In order to avoid such hacker attacks and many other incidents that can originate both outside and inside the company, it is necessary to implement a PAM system.
PAM is a system that manages and provides administrative access to employees. It includes monitoring of IT systems and applications and provides control over privileged user accounts (system administrators, application administrators, technical support staff, application developers, partners, and contractors).
Why do you need to implement a PAM system?
Privileged users are employees with rights greater than those of ordinary users and have extended access to the IT infrastructure. They can perform various operations: export all data from the system, modify it, and change the configuration of the application in such a way that someone can be granted extended access. Such privileged users are a source of information security risk.
The following is a list of typical problems and incidents:● A complicated process of granting access to partners, inventorying, and updating access;● inability to see online where the partner has access (sometimes there are situations when access was expanded and supplemented with additional services). This information is not consolidated;● uncontrolled granting of access to a partner or expansion of access;● lack of control over partner accounts created locally on servers or in services;● no linkage between the partner's account in Microsoft Active Directory and the local system;● Lack of control over changing passwords in local systems;● No control over compliance with password policy in local systems;● partner actions are not controlled. It is not clear what the partner is doing in the target systems;● the duration of partner sessions is not controlled;● passwords to accounts may be transferred and stored in violation of security rules;● connections are not always made using MFA (multi-factor authentication);● after connecting to the network via VPN, there is no further control over the contractor and its movement on the network;● there is no control over the contractor's copying/deleting of information and preservation of evidence;● prompt blocking of the partner and all related accounts;● prohibition of connecting partners from certain regions and countries at certain times of the day and night.
Company owners and managers want to find out what happens when such incidents occur. Investigating incidents involving information security threats is a rather complex task.
To investigate, you need to have an access control system in place and log and record the actions performed by privileged users. If this is not in place and has not been done, then incident investigation becomes an unrealistic task.
But this task can be accomplished if a PAM system has been implemented. It provides a complete account of how the events that led to the incident unfolded.
With a PAM system, it is extremely easy and sometimes impossible to determine who exactly did what with the business system. And if it's impossible to decide on, it inevitably leads to the fact that there is no evidence of the privileged user's misconduct.
The business owner cannot present anything to either system administrators or those who work with the company's infrastructure on an outsourced basis. There is simply no evidence. This also means it is impossible to bring the perpetrators to justice under the current law.
Conclusion - for cybersecurity and incident investigation, it is necessary to implement a PAM system in the company's infrastructure.
A PAM system will collect information conveniently for incident investigations and provide evidence of illegal or, conversely, legitimate user actions.
Using such a system is beneficial not only for business owners and managers. Administrators and IT specialists who work under an outsourcing contract also benefit from implementing this system.
PAM is also about protecting honest and conscientious employees. If a PAM system is implemented, the company's management cannoonlyccuse employees based on their opinions alone, without factswithidence. This phenomenon is also a common occurrence.
PAM identifies the cause of an incident - and that's one of the most important benefits of this system! And when the cause is found, measures can be taken to eliminate it.
It's important to note what causes incidents: ● Active and malicious actions of privileged users. For example, an insider (a full-time company employee) acting in their own selfish interests or the interests of competitors. Another option is a disloyal employee who deliberately works against the company's interests. For example, an employee who is upset that he or she has not been given a salary increase or promoted.● Accidental actions of employees. For example, a system administrator's mistake causes a failure in the IT infrastructure. This was unintentional, and the notorious human factor played a role. ● External attackers hack into an account and perform actions on behalf of the system administrator. This was how malware, such as WhisperGate, HermeticWiper, etc., was distributed.
What does a PAM system consist of?
A PAM system consists of a server as a gateway for a privileged user to access target systems. At the same time, the PAM system grants access according to rules records all user actions and provides video of the user's actions. What is very important is that this system provides convenient means of searching the database:1. By actions;2. By systems;3. By users.
Thus, a PAM system allows you to control user access to administer systems, log user actions according to certain rules, stop the work of a privileged user, and disconnect him from the system.
PAM systems are recommended for PCI DSS and ISO27001 certification and to meet the requirements of NBU Resolution No. 95. such systems facilitate certification.
IT Specialist specializes in the implementation and technical support of the Delinea PAM system (https://delinea.com/). This is a full-fledged, multifunctional solution for managing privileged accounts with all the necessary functions to successfully solve the tasks.
Delinea was created due to the merger of PAM leaders Thycotic and Centrify in 2021 and is recognized as a Gartner Magic Quadrant leader in privileged access management (PAM).
Delinea PAM system has been recognised as a leader in the KuppingerCole Leadership Compass for Privileged Access Management 2023 report. For the first time in the report under a new brand, the company was named an overall leader and a leader in market innovation.

IT Specialist invites you to learn more about the PAM solution, see how the system works, and test it. This is done in the form of a presentation that will be held for your company.

You also have a unique opportunity to create a pilot project to implement a PAM system in your company's infrastructure to demonstrate its benefits and effectiveness.

Many business representatives have realized the importance of implementing a PAM system and have decided to integrate it into their company infrastructure.

Our experts are ready to provide information about vendors, select the best product, implement PAM systems in your company's infrastructure, and give more support.
If you are in doubt whether your company needs a PAM system, we will tell you the main thing:
PAM is an essential element of your business cybersecurity!