Description: Privileged access rights can be created from a number of sources – operating systems include built in admin rights; privileged users may confer privileged rights on other users or create privileged accounts. Applications may also inherit privileged accounts/rights in various ways; group membership changes may also confer privileged access rights. It is imperative to detect when new privileged rights are conferred so they can be properly audited, managed, and revoked.
Benefit: Reduces the threat landscape by limiting the abuse of privileged access for the purposes of lateral movement. Detect and automatically resolve policy-violating privilege access grants to maintain continuous compliance.
Watch the deep dive webinar to learn more about this security outcome.
Implementation Approaches
Security Frameworks
NIST Cybersecurity Framework 1.1
- PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
- PR.AC-3: Remote access is managed
- DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
NIST SP 800-207; Zero Trust Architecture
- 3: Continuous diagnostics and mitigation (CDM) system
- 3: Data access policies
| Title | Local Agent Discovery |
| Technology Components | Privileged Access Management (PAM) |
| Description | Software agent is installed on every target system in order to continuously monitor and report any new privileged access created. Data is sent to a central management console for easy admin viewing, reporting and policy enforcement. |
| Pre-requisites | Software distribution system for local software agent Asset management to identify target systemsNetwork connectivity for local agents to communicate to PAM PAM is configured to control access based on continuous discovery of privileged access |
| Supporting Member Companies | BeyondTrust, Centrify, CyberArk |
| Title | Agentless Discovery via API Integration |
| Technology Components | Privileged Access Management (PAM) |
| Description | PAM solution using native target system APIs to continuously monitor and report any new privileged access created. |
| Pre-requisites | Target System exposes API for privileged access monitoring and control PAM is integrated with these APIs on target systems PAM is configured to control access based on continuous discovery of privileged access through APIs exposed by the target system |
| Supporting Member Companies | BeyondTrust, Centrify, CyberArk, Remediant |
