IT Security News and Opinion
Monday May 20th 2013
Auto Discovery Webinar

Controlling Privileged Access: “Who did what” on your servers?

Guest Commentary by
Gábor Marosvári, Product Marketing Manager, BalaBit IT Security

There’s plenty of proof that controlling privileged access and tracking the actions taken by privileged users are both crucial elements of a secure enterprise.

Lieberman Softwares  recent survey of IT professionals revealed that 42% of the IT staff share passwords to access systems in their organizations. Lieberman’s technology partner BalaBit also conducted a survey which revealed that 74% of IT professionals have already misused their company’s IT system. (Lieberman Software survey, BalaBit survey).

With standalone password management tools it is not possible to restrict users based on their actual activity, only general access to the account can be controlled. So, to better manage the threat represented by “super-users” – and answer the question of “who did what?” – integrating password management with activity monitoring should be considered.

Why complement password management with activity monitoring?

An advanced Privileged Activity Monitoring (PAM) appliance can control access to remote servers or networking devices, and record the activities of the users accessing these systems. In addition, it offers a way to store user credentials (for example, passwords or certificates) and utilize them to login to the target server, without the user having access to the credentials. That way, users only have to authenticate on the PAM device with their usual password.

By integrating PAM with a password management solution organizations can enjoy the benefits of both technologies. Users can continue to access servers just as before, while PAM controls and monitors their activities, without disclosing  privileged account passwords.

Users are authenticated by the PAM device, and credentials for accessing the server are retrieved transparently from the password manager by the PAM impersonating the authenticated user. This automatic password retrieval is crucial, as this method protects the confidentiality of passwords.

How PAM integration supports IT forensics

As we’ve already noted, not only the authentication process, but the whole privileged working session can be recorded by a PAM tool. Gateway-based PAMs extract auditing information directly from the network communication – providing reliable, easy-to-access content. The recorded audit trails can be played back like a movie – recreating all actions of the administrator.

Audit trails are invaluable for both real-time and post-event investigations. They enable the auditor to search, for example, for all the users who accessed a specific account number in a specific time-frame across any platform in the enterprise. Or, in the case of an unexpected shutdown or database manipulation, the circumstances of the event are readily available in these audit files so the cause of the incident can be quickly identified. This is especially important for business-critical servers, or if your company has outsourced its server administration to an external company.

In a sense, combining PAM and PIM technology results in a single-sign-on solution for your privileged users. This simplifies the password management on your servers and improves your activity control and audit capabilities. And, from the auditor point of view, the question of “who did what” can be easily answered.

About the Author

Mr. Marosvari joined BalaBit in early 2011. As a product marketing manager he covers BalaBit’s activity monitoring and network security products, and supports sales and marketing communication activities by defining target groups, product positioning and go-to-market strategy. Prior to joining BalaBit, Mr. Marosvari worked a decade for global technology research firm, IDC as a regional software research manager covering security software and mobile devices research programs. He also worked as a business analyst for Hungarian solution provider Hypermedia Systems Ltd. as well as a system administrator for the Hungarian Television Company. Mr. Marosvári holds a Bachelor of Arts degree in IT engineering from Denis Gabor College in Hungary, an MBA and a degree in info-communication management from the Budapest University of Technology and Economics.

FacebookTwitterLinkedInDeliciousTechnorati FavoritesDiggBlogger PostGoogle ReaderShare
Post Published: 26 January 2012
Author: Admin
Found in section: Security Best Practices, Technology News

Tags: , , , ,

Previous Topic:
Next Topic:

Leave a Reply


+ five = 13

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed
Visit the Lieberman Software Website

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security Cloud Computing Cloud Security CSO cyber-attacks cyber attack Cyber Security data breach Data Breaches Datacenter Security Data Security default password disaster recovery enterprise security Governance Risk and Compliance hacktivism Identity Management insider threat Insider Threats Internet security IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats online privacy Password Security PCI-DSS Compliance privileged account credentials privileged account management privileged accounts Privileged Identities privileged identity management regulatory compliance RSA Securing Legacy Applications Security Management SIEM smart card smartphone security stolen credit card Stuxnet