Intro
Imagine a castle where every door, vault, or passageway is behind a lock and key. As you move down the hallways, you can see the doors, which are locked. There is only one way in if you have the key. This idea is essentially privileged access management. In this essay, we’ll cover what is a tiered approach to privileged access management, why anyone would use this, and what kinds of cyber threats this can help prevent.
What is tiered access management?
Privileged Access Management is a set of concepts, protocols, and tools for controlling and limiting asset access. These assets are segmented into three tiers, from most critical to most common. Critical assets might be servers holding the company’s crown jewels or a domain controller. The mid-tier might be every other server, web server, application server, and the broader scope of assets. The low tier might be workstations used by employees and printers. The idea is to limit and control a user’s ability to either log onto an asset they shouldn’t or move laterally to another asset they shouldn’t.
Why use tiered access management?
This multi-tiered approach is crucial because it limits what privileged accounts can access each tier. In the event of a compromise, you don’t want the adversary to compromise a workstation with a user logged in as an administrator. The adversary can dump hashes and potentially crack them offline. A hash is a one-way algorithm that will turn input into a string of alphanumeric characters and has the benefit of not being reversible, hence a way one algorithm. If the compromised asset is domain-joined, the adversary could launch Responder, a protocol poisoner, and potentially collect more hashes. In a research paper by André Koot entitled “An Introduction to Privilege Access Management,” Koot explains further, “Cybercriminals often target privileged accounts due to the extensive access they provide. Malicious actors can gain unauthorized access to critical systems and data if these credentials are compromised. 1)” Implementing a multi-tiered privileged access framework can significantly limit and even entirely contain the damage.
How do you prevent lateral movement?
One of the many benefits of deploying a privileged access management framework is helping to prevent and controlling lateral movement. The framework is necessary because if an asset is compromised, the damage can be contained. In cybersecurity there is a concept called the principle of least privilege. The idea here is that all users should receive just the right amount of access to the resources they need to do their jobs and no more. In 2014, Sony found this out the hard way when North Korean hackers compromised them. Siddhesh Bhargude explains further in his research paper, “after the attack, Sony Pictures Entertainment implemented Privileged Access Management to strengthen their security protocols. PAM systems were used to implement the least privilege principle, manage and monitor privileged accounts, and enable multi-factor authentication.” It is not a matter of if a company will get compromised but when. Knowing this, we can be proactive and start deploying frameworks and tools to be prepared for when a compromise does occur.
Conclusion
In conclusion, implementing a private access management framework can have tremendous benefits in helping reduce malicious lateral movements. By breaking down administrative accounts by tiers and allowing only specific individuals to use these accounts, we can begin to control the flow and access to these resources. It’s better to be safe and prepared than sorry.
References:
- Koot A. Introduction to Privileged Access Management. IDPro. 2024;1(13). doi:10.55621/idpro.101
- Bhargude NMrS. Privileged Access Management: ensuring security and accountability. International Journal of Advanced Research in Science Communication and Technology. July 2023:647-651. doi:10.48175/ijarsct-12098