GUEST ESSAY: The need to assess context, intent when granting privileged access in today’s world

By Ravi Srivatsav

The number one cybersecurity threat vector is unauthorized access via unused, expired or otherwise compromised access credentials.

Related: The rising role of PAM for small businesses

In the interconnected work environment, where users need immediate access to many platforms on and off-premises to do their jobs, keeping track of user activity and proper on and off-boarding is becoming more and more difficult.

Over 95 percent of cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Privileged Access Management (PAM) – which enable granular access and monitor, detect and alerts to unauthorized access through policy guardrails- requires a big cultural shift upon implementation inside organizations that are used to workflow-based access systems or ticket-based systems.

PAM and other legacy access management systems do alert to unauthorized access, but the alerts lack a clear picture of the user’s intent and the context behind the alert.

Today’s alert fatigue is not caused by the sheer number of alerts but by the poor quality of individual alerts.

Srivatsav

SaaS platforms have led to very different types of user profiles over the last few years. Users are now dynamic; they move from platform to platform, and their need for access changes continuously. A modern access management system should handle the following:

•Sprawling user roles. Users’ activities — and the varying levels of privileged access required – are growing at the same rate as the infrastructure proliferation.

•Outdated Role-Based Access Controls.  RBAC solutions  provide perpetual access based on a user’s roles – a methodology that has run its course. Even with the addition of zero-trust-based access on a granular level, RBAC is no longer enough.

•The dynamic nature of access. Today’s enterprise users wear multiple hats and use different software with varying privileges. The nature of these privileges has to be dynamic, or the access management system becomes a bottleneck.

•The need for flexibility. A user with a specific level of access may need to temporarily elevate their privilege because they need access to protected data to complete a task. Scaling workflow-based systems to match larger teams’ needs is difficult and creates a chaotic situation with many users simultaneously bombarding the security admins for approval.

•Smarter automation. Some access monitoring solutions rely heavily on automated access controls, such as group policies or other sets of criteria, that will allow access requests to be processed automatically. Automation lacks the intelligence to adapt to changing user behaviors and entitlements.

PAM and SIEM solutions are classic systems built on observability the issue alerts for unauthorized access. But, observability is no longer enough to keep your organization safe.

PAM and SIEM systems can also create a lot of extra noise, and experience shows that they are often not fully implemented. Another problem is that alerts come in after the fact and not in real time. Privileged access abuse is a here-and-now problem that must be addressed as it happens.

This is where a new approach, Automated Moving Target Defense, comes into play. AMTD solutions  can immediately remediate privileged user access abuse in-line. This is accomplished by determining the context and intent behind every user activity.

ATMD provides companies, for the first time, an aggregated view of users, their profiles and activities across different environments which is a big challenge faced by enterprises today.

Here at Inside-Out Defense, for instance, we provide a comprehensive 360-degree view of what every user is doing at any one time, along with an immutable forensic log, thereby enabling enterprises to stay in compliance.

We know that threat actors are constantly becoming more cybersecurity sophisticated as they work to find new avenues for disruption. Current solutions focusing on static signatures of threats often miss a crucial understanding of cyber attackers’ sophisticated yet unknown behaviors.

Organizations  need solutions like ours that can work at scale and in real-time to address some of the most persistent problems in network security.

About the essayist: By Ravi Srivatsav is the  co-founder and CEO of Inside-Out-Defense, a security startup supplying advanced solutions to privilege abuse.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone