Privileged Account Management- Mitigate Insider Threat

How to mitigate Insider Threat

1. Practice Least Privileged Access principle.
2. Secure privilege accounts.
3. Apply Segregation of Duties principle.
4. Educate Users
5. Monitor and Audit Usage

Privileged Account Management- Insider Threat

What is Insider Threat

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates. The insider threat can  be categorized as:

1. Malicious Insider: A user with a malicious intent
2. Unintentional Insider: Stupid user, falling victim to phishing emails.
3. Exploited Insider: Exploiting high value users, spear phishing.
4. External Insider: Third party vendor, partner or contractor.

Privileged Account Management- Privileged Accounts Usage

Privileged Accounts Usage:

1. Access sensitive data
2. Change system configuration
3. Install Software
4. Access and change account

Privileged Account Management- Types of Privileged Account

Types of Privileged Account

1. Elevated personal user account: Used by an end user with elevated/unrestricted  access, like IT admin or executives.
2. Shared privileged account: Unrestricted access to system to house sensitive data. Unix root account or windows admin, social media account.
3. Application Account:  Service accounts, This is used by applications to interact with each other.

Privileged Account Management- Types of User Account

Types of User Account

1. Regular user account: Identified by username, password and privilege, used by regular end user
2. Super User account: A special user account that can make system wide changes for all users.
3. Application account: This is used by applications to interact with each other without user interactive login procedure, typically stored in applications or data files.
4. Service Accounts: A service account is a special user account that an application or service uses to interact with the operating system

What is Privileged Access Management?

A privileged user/account is a user/account who holds the "key to the kingdom" i.e. the user/account has administrative access to the systems. They can carry out system wide configuration changes, lock/unlock other users, define and enforce system policies, install software, apply patches, access sensitive information etc. For instance, the individual who can set up and delete email accounts on a Microsoft Exchange Server is a privileged user.

“Privileged Account Management(PAM)” or “Privileged Session Management(PSM)” are generally interchangeable.

As is clear from the description of a privileged account, this access needs to be controlled, monitored and audited. Most cyber attacks target these privilege accounts to gain access to resources in any organization. PAM keeps your organization safe from accidental or deliberate misuse of privileged access. Most organizations have 3 times as many privileged users as employees.

PAM allows you the following high level capabilities:

• Grant privileges to users only for systems on which they are authorized.
• Grant access only when it’s needed and revoke access when the need expires.
• Avoid the need for privileged users to have or need local/direct system passwords.
• Centrally and quickly manage access over a disparate set of heterogeneous systems.
• Create an unalterable audit trail for any privileged operation.

What is Access control

Access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.