//////////////////////////////////////////////////////////////////////////
This uncertainty can now be addressed
using Identity Analytics (IdA) technology,
which uses Machine Learning to discover
and analyse privileged accounts and
account access, working as an extension
to existing IAM and PAM to spot accounts
that are not being controlled. This includes
not only accounts that have acquired more
privileges after they were provisioned but
also privileged credentials embedded within
applications and unstructured data. IdA is
particularly effective at finding associated
accounts that might aid hidden backdoor
access, which are today a major risk area for
organisations of all sizes.
Using Machine Learning to do this is ideal
because it’s a technology perfectly suited
to detecting anomalous access once it
has modelled what baseline access looks
like for an organisation. It’s also good
at spotting and risk scoring orphaned or
dormant ‘access outlier’ accounts that will
often be unknown to admins. Once these
FEATURE: THREAT ANALYSIS
accounts have been brought to the attention
of admins, decisions can be made about
which to de-provision or impose additional
authentication upon on the basis of peers,
activities and context, a process which can
be automated through API integration
with provisioning platforms. Achieving the
same result through manual methods and
old-world rules – the traditional technique
for housekeeping privileged accounts –
would be both time consuming and almost
certainly fail at some point.
It’s a lot to take in: organisations move
to IAM, mature with PAM and then fill in
the gaps and exceptions with IdA. But
what is ultimately driving this evolution is
the increasing complexity of businesses
that now depend on cloud access, rapid
development and ever more layered security.
This is how business is and there is no
evidence these trends will slow down. IdA,
then, is another technology a company can
use to make sense of this riskier world. n
to misuse systems but an essential part
of this is the way they exploit privileged
access. This can be both abuse of privileged
accounts for which an individual has
permission, but which is being misused, as
well as access to non-authorised accounts.
Clearly, permissions don’t act as a barrier
to either because one form of access might
appear legitimate while the other would
remain invisible.
On top of this is access bloat where over
time multiple users have been given access
to a resource. This is not only a bad idea
because it stretches user management but
expands the attack surface for cybercriminals
looking to execute a phishing attack. Finally,
there is the under-estimated weakness of
credentials and root keys left exposed in the
cloud, which can allow an attacker to not
only set themselves up as the admin but
potentially lock out existing ones. Indeed,
the cloud poses huge challenges of its own,
not least because it has been the biggest
driver for the expansion of privileged and
risky accounts.
www.intelligentcio.com
ORGANISATIONS HAVE INCREASINGLY
TURNED TO PRIVILEGED ACCESS
MANAGEMENT (PAM) SYSTEMS WHICH
IMPOSE CONTROL AND MANAGEMENT
ON ACCOUNTS USING THE PRINCIPLE
OF LEAST PRIVILEGE.
INTELLIGENTCIO
57