Protection and management of privileged access
Privileged Access Management (PAM) solutions are designed to manage and protect privileged access in an organisation, i.e. access to accounts and resources with broad administrative privileges.
Attacks on privileged accounts are one of the biggest threats to IT security, so PAM minimises the risk by restricting access, controlling user activity, monitoring user activity and limiting excessive privileges. Integration with other security systems makes PAM a key component of any organisation's defence strategy.
Attacks on privileged accounts are one of the biggest threats to IT security, so PAM minimises the risk by restricting access, controlling user activity, monitoring user activity and limiting excessive privileges. Integration with other security systems makes PAM a key component of any organisation's defence strategy.
Main functions of PAM:
1. central management of privileged accounts
PAM enables the centralisation of the management of all privileged accounts in an organisation, allowing for better control and security of these resources.
How does it work?
How does it work?
Storage of credentials in a vault (password vault): all passwords and access keys for privileged accounts are stored in an encrypted central repository, eliminating the risk of them being stored in unsecured locations.
Example: An IT administrator in a large company has access to many critical systems. With PAM, all passwords to these systems are stored in a central vault. To gain access, the administrator authorises a session via PAM and the system automatically logs him or her into the relevant resource without revealing the password.
Example: An IT administrator in a large company has access to many critical systems. With PAM, all passwords to these systems are stored in a central vault. To gain access, the administrator authorises a session via PAM and the system automatically logs him or her into the relevant resource without revealing the password.
Automatic password management: PAM automatically changes passwords for privileged accounts at regular intervals or after use, minimising the risk of leaked credentials being used.
Example: once the administrator has finished working with the database system, the PAM immediately automatically changes the access password, preventing it from being used by an attacker who could potentially intercept the session.
Example: once the administrator has finished working with the database system, the PAM immediately automatically changes the access password, preventing it from being used by an attacker who could potentially intercept the session.
2. restricting access on a 'least privilege' basis
PAM follows the principle of least privilege, restricting privileged access to only the necessary resources and for a limited period of time.
Temporary vesting: users are granted access only for the duration of a specific task (so-called "just-in-time access"), and access is automatically revoked once the session has ended.
Example: a subcontractor in the company is given access to the production server for 3 hours to install updates. After this time, PAM automatically revokes his privileges, eliminating the risk of him accessing the system for longer than necessary.
Example: a subcontractor in the company is given access to the production server for 3 hours to install updates. After this time, PAM automatically revokes his privileges, eliminating the risk of him accessing the system for longer than necessary.
Access limited to resources: Privileged accounts are assigned to specific resources or functions, preventing widespread and uncontrolled access.
Example: The finance department needs access to the ERP application, but only to the payment processing function. PAM allows them to assign permissions only to this part of the system, blocking the ability to change settings or access data of other departments.
Example: The finance department needs access to the ERP application, but only to the payment processing function. PAM allows them to assign permissions only to this part of the system, blocking the ability to change settings or access data of other departments.
Session isolation: PAM allows for the separation of privileged user sessions, which prevents them from performing unauthorised actions.
Example: The administrator accesses the privileged server via a secure PAM portal. The session takes place in an isolated environment, which prevents the administrator from performing actions outside of the allocated scope - such as copying files to their device or installing unauthorised software.
Example: The administrator accesses the privileged server via a secure PAM portal. The session takes place in an isolated environment, which prevents the administrator from performing actions outside of the allocated scope - such as copying files to their device or installing unauthorised software.
3. monitoring and recording of privileged sessions
PAM allows detailed monitoring and logging of activities performed by users with privileged access.
How does it work?
How does it work?
Session recording: all user activities during a privileged session are recorded (e.g. clicks, typed commands), allowing subsequent analysis.
Example: When troubleshooting the application server, the administrator performs a series of actions. All of his steps, including the commands he types, are recorded by the PAM. A week later, the recording is used in a security incident analysis to determine whether the administrator's actions had an impact on the problem.
Example: When troubleshooting the application server, the administrator performs a series of actions. All of his steps, including the commands he types, are recorded by the PAM. A week later, the recording is used in a security incident analysis to determine whether the administrator's actions had an impact on the problem.
Real-time alerts: PAM generates notifications if the user performs unusual or suspicious actions (e.g. attempts to change critical configuration files).
Example: PAM sends a notification to the security team when an administrator attempts to make an unusual change to the network configuration that they have not done before.
Example: PAM sends a notification to the security team when an administrator attempts to make an unusual change to the network configuration that they have not done before.
Audit of activities: recorded logs and recordings can be used for internal audits and to meet regulatory requirements.
Example: During an internal audit at a telecoms company, the compliance team analyses access to a key database server where customer data is stored. Thanks to PAM, it is possible to view activity logs. The auditors can trace in detail all operations performed by the administrators - which commands they typed, which data they viewed and which they modified.
Example: During an internal audit at a telecoms company, the compliance team analyses access to a key database server where customer data is stored. Thanks to PAM, it is possible to view activity logs. The auditors can trace in detail all operations performed by the administrators - which commands they typed, which data they viewed and which they modified.
4 Elimination of shared accounts
PAM solutions eliminate the risks associated with the use of shared accounts, which are difficult to control and monitor.
How does it work?
How does it work?
Assignment of individual access: each user uses unique credentials, even when performing administrative actions.
Example: within the company, all administrators previously used a common 'Admin' account. PAM eliminates this approach by assigning individual credentials to each administrator, allowing each user's actions to be accurately tracked.
Example: within the company, all administrators previously used a common 'Admin' account. PAM eliminates this approach by assigning individual credentials to each administrator, allowing each user's actions to be accurately tracked.
Masking of credentials: users gain access to privileged accounts without knowing their passwords (e.g. via an automatic login mechanism), preventing them from being leaked.
Example: administrator who wants to log in to a critical system does not know the password for the root account - PAM automatically enters it for him, eliminating the risk of accidental disclosure.
Example: administrator who wants to log in to a critical system does not know the password for the root account - PAM automatically enters it for him, eliminating the risk of accidental disclosure.
5. detecting and preventing abuse of power
PAM prevents the use of excessive privileges by employees or attackers who have taken over access to privileged accounts.
How does it work?
How does it work?
Behavioural analysis: PAM analyses the actions of privileged users in real time, identifying deviations from the typical pattern of behaviour (e.g. logging in from an unusual location or performing infrequent commands).
Example: PAM detects that an administrator logs in from an unusual location (another country) and tries to run scripts he has never used before. The system automatically blocks his session until his identity is confirmed.
Example: PAM detects that an administrator logs in from an unusual location (another country) and tries to run scripts he has never used before. The system automatically blocks his session until his identity is confirmed.
Blocking suspicious activities: the system automatically blocks the user's session if it detects suspicious activity, such as attempts to escalate privileges.
Example: an IT employee attempts to access HR data even though there is no need for it in their job. PAM blocks this attempt, generating an alert to the security team.
Example: an IT employee attempts to access HR data even though there is no need for it in their job. PAM blocks this attempt, generating an alert to the security team.
6 Security of remote access
PAM protects the organisation from the risks associated with remote access to privileged accounts.
How does it work?
How does it work?
Secure remote access: remote privileged sessions are tunneled through the PAM solution, providing an additional layer of protection (e.g. encryption and session control).
Example: An external consultant needs to access the application server to diagnose the problem. With PAM, his session is tunneled through a secure gateway, allowing full monitoring of activities and preventing unauthorised changes.
Example: An external consultant needs to access the application server to diagnose the problem. With PAM, his session is tunneled through a secure gateway, allowing full monitoring of activities and preventing unauthorised changes.
Multi-factor authentication (MFA): users must go through a multi-factor authentication process before gaining access to privileged accounts.
Example: The administrator logs in remotely to the CRM system. PAM requires him to go through multi-component authentication (e.g. password + SMS code), which increases the security of his access.
Example: The administrator logs in remotely to the CRM system. PAM requires him to go through multi-component authentication (e.g. password + SMS code), which increases the security of his access.
Blocking unauthorised devices: PAM allows access to be restricted to trusted devices or locations only.
Example: PAM rejects an employee's login attempt from an unregistered laptop, even though their credentials are correct.
Example: PAM rejects an employee's login attempt from an unregistered laptop, even though their credentials are correct.
7. protection against Pass-the-Hash and Credential Theft attacks
PAM prevents attacks involving the interception of passwords or authorisation tokens.
How does it work?
How does it work?
Change passwords after each session: PAM automatically changes passwords at the end of each session, making it impossible to use them in later attacks.
Example: administrator performs an operation on the critical server. Once the session is complete, the PAM changes the access password, which prevents the attacker from using the captured credentials.
Example: administrator performs an operation on the critical server. Once the session is complete, the PAM changes the access password, which prevents the attacker from using the captured credentials.
Masking of credentials: users do not have direct access to passwords, eliminating the risk of them being stolen by malware.
Example: users never see the passwords to privileged accounts - login is done automatically via PAM. This ensures that an attacker, even after hacking into a user's computer, is unable to read the credentials.
Example: users never see the passwords to privileged accounts - login is done automatically via PAM. This ensures that an attacker, even after hacking into a user's computer, is unable to read the credentials.
8 Meeting regulatory requirements
PAM supports the organisation in meeting the privileged access management requirements of the regulations (e.g. GDPR, NIS2, PCI-DSS).
How does it work?
How does it work?
Detailed audit: PAM generates detailed reports on the use of privileged accounts that can be presented during regulatory audits.
Example: During a PCI-DSS compliance audit, PAM generates a report containing the full history of privileged access, including session logs, password changes and actions taken.
Example: During a PCI-DSS compliance audit, PAM generates a report containing the full history of privileged access, including session logs, password changes and actions taken.
Enforcement of access policies: automation of access management ensures compliance with standards, such as limiting access to critical data to authorised persons only.
Example: PAM automatically enforces a 'least privilege' policy, restricting access to financial data only to auditors with specific privileges, as required by the GDPR.
Example: PAM automatically enforces a 'least privilege' policy, restricting access to financial data only to auditors with specific privileges, as required by the GDPR.
9. automation and simplification of management
PAM facilitates the management of privileged access, minimising the risk of human error.
How does it work?
How does it work?
Automatic entry of policies: PAM allows the creation and automatic enforcement of privileged access rules (e.g. access scheduling, password rotation rules).
Example: the organisation implements a new security policy that requires administrators to change their passwords every 24 hours. PAM automatically implements this policy on all privileged accounts.
Example: the organisation implements a new security policy that requires administrators to change their passwords every 24 hours. PAM automatically implements this policy on all privileged accounts.
Integration with other systems: PAM can integrate with SIEM, SOAR and IAM solutions for better coordination of cyber security activities.
Example: during an incident detected by the SIEM system (e.g. unusual logins to a privileged account), PAM automatically blocks access to that account, coordinating with other security systems.
Example: during an incident detected by the SIEM system (e.g. unusual logins to a privileged account), PAM automatically blocks access to that account, coordinating with other security systems.
Learn about the privileged access protection and management solution we offer
Click on the button to see the solution.
Explore the offer