Currently, the digital transformation process in organizations has not been limited only to startups or technology companies, reaching all verticals and sizes. This digitization process, essential in business strategies, brought with it new access points to the infrastructure through an increasing number of privileged credentials used from network devices, such as firewalls and routers, to DevOps pipelines.
This explosion of credentials used in privileged access has resulted in new attack vectors, which malicious attackers can exploit to steal data and cause enormous losses. After all, more than a third of cyberattacks are linked to the use or theft of privileged credentials. In times of increased cybersecurity regulations, such as ISO 27001, PCI-DSS and HIPAA, in addition to data protection laws, such as GDPR and LGPD, these incidents can bring considerable cybersecurity risks, which directly affect business continuity.
Those new attack vectors are present throughout the entire journey of the user: from the moment employees or third parties need access to devices and access is provisioned until the moment that access is no longer needed. This occurs, for example, when the user is no longer part of the organization, leaving behind the trail of privileged actions performed in the environment.
Taking a three-stepped approach to protecting this type of access can help solve the challenges of privileged access. It’s important to secure the entire lifecycle—those actions performed before privileged access, those performed during and, finally, those actions performed after access. However, according to Gartner, privileged access risk management is virtually impossible without specialized tools.
It is worth remembering that the implementation of security solutions alone cannot be sufficient to address the challenges associated with the privileged access lifecycle. In fact, it is useless to implement state-of-the-art cybersecurity tools without properly working on the other two associated aspects: people and processes.
In this case, the recommendations are first to establish the processes related to privileged access, then raise awareness and train people and, finally, acquire specialized solutions for managing privileged access.
- Step One: The first step of this cycle deals with mapping and identifying all devices connected to the infrastructure and their respective credentials, including digital certificates, SSH keys and DevOps artifacts.
In increasingly heterodox, dynamic and complex environments, with devices from different manufacturers and models, the activity of continuous discovery and mapping of privileges and permissions can consume a considerable effort by those responsible for cybersecurity in organizations. After all, it is impossible to track what is not managed, and it is impossible to manage what is unknown.
By using a solution that allows the discovery, onboard and management of these assets connected to the infrastructure, it is possible to ensure full visibility and reduce attack vectors that hackers can use to gain improper access, steal data and cause financial and image damage.
- Step Two: The second step in the privileged access lifecycle addresses the actions taken during privileged access, including its effective management, according to the privileges of the credentials previously granted.
In this step, the actions performed during access are recorded and monitored by the security teams. One way to ensure this is through features such as Privileged Session Recording, Privileged User Behavior Analysis and Threat Analysis with Zero Trust approaches.
In this way, it is possible to ensure that, in the event of cyber incidents, it is possible to carry out their analysis, find and remedy their causes, obtain compliance with the data breach reporting due dates comprised in data protection legislation, for example, in addition to meeting audit requirements.
- Step Three: The third and final step in the privileged access lifecycle is linked to the verification of all actions carried out in the environment through privileged credentials. When using specific solutions, it is possible for the environment administrators to check violations or privilege abuse in the actions performed in the previous steps, allowing the traceability of those actions and facilitating the audit and incident response processes.