Machine Learning and Privileged Access Management
Until recently one of the major driving force for PAM implementation had been regulatory compliance. However, with the change in Security ecosystem, Privileged Access Management landscape has also seen some drastic changes. In order to have a competitive edge, businesses are investing heavily in technologies such as Cloud Computing and Mobile access and going through a rapid digital transformation. Additionally, rapid advancements in Robotic Automation, the advent of newer, sleeker disruptive technologies such as –IoT, IDoT, Blockchain, Quantum Computing, Augmented Reality and methodologies such as DevOps along with distributed workforce have set the need for more advanced account security and access management requisites.
The legacy PAM solutions were expensive, bulky and agent-based ones who took considerable time and effort for an enterprise roll-out. During this phase, the PAM solutions took care of only the basic Privileged accounts requirement – privilege creeps, password management, accountability and such. Fast forward to 2020 and we have emerging technologies such as Robotic Process Automation (RPA) and machine learning capabilities bringing an interesting perspective to Privileged Access Management domain.
The use of bots to handle high volume, mundane, repetitive tasks has been hailed as the next big thing because of the cost-effectiveness and efficiency it brings in. For those uninitiated- bots are nothing but software robots or AI workers which are configured to repeat a set of demonstrative actions which would otherwise be performed by humans. RPA systems study the way a human would perform a list of actions in an application's GUI and mimic the same behavior by repeating those tasks. While there is a definite advantage to business regarding reduced payroll costs, improved customer service and better utilization of skilled labor, what many times go unnoticed is the associated risk involved in case of a compromise. Be it automating repetitive business processes such as running a payroll, invoicing or pure technical tasks such as AD management, service restarts or network changes - RPA’s software robots process information from multiple databases, applications and log into different powerful privileged accounts using security sensitive passwords.
This results in the automation platform gaining access to all kinds of sensitive information such as (inventory lists, credit card numbers, addresses, financial information) about an organization’s employees, partners, clients, and vendors. In addition to this, we have various new privacy laws and compliances such as GDPR threatening dire consequences in case of a breach resulting in the PII (personally identifiable information) being compromised. It is a double-edged sword, and your savior is – proper implementation of a mature, next-gen privileged account management solution with the ability to manage bots.
One of the best practices to achieve this would be to have in place a well-defined process and solution framework for Privileged accesses that include the next-gen BOTs. Avoid powerful credentials- such as a domain credential, to be stored in the application’s server for the BOT to access. The passwords should be stored in a centralized, secure and encrypted location which needs to be access controlled by implementing PAM policies and workflows. Integration with Ticketing tools, SIEM, MFA solutions (API based just on time tokens and so on for the second factor) can further enhance tighter control on these sensitive accounts. BOT Transactions should be assigned to unique accounts. Avoid application of general password policy to BOTs as this may result in unauthorized use of BOT login credentials.
One of the areas that are most targeted by attackers today is an enterprise’s endpoint. While choosing your PAM solution, look for solution capabilities to prevent and contain privilege attacks at endpoints. An intuitive PAM solution with file-based machine learning algorithms that detect and control automatic installation of the hazardous application is also the need of the hour. In addition to least privilege access management, RBAC, application control, etc. these solutions should seamlessly integrate with powerful privilege analytics engine. A mature privilege analytics engine helps to identify and secure accounts that are potentially exposed to credential theft, automatically invalidating suspected stolen credentials and immediately quarantine or terminate high-risk privileged sessions by leveraging statistical modeling, machine learning, UEBA and deterministic algorithms to detect malicious activity.
Take it to the next level by deploying robotic Privilege Task Automation that is offered by some PAM solution vendors and further reduce the risks of cyber-attacks. Mundane yet security-sensitive tasks such as service restarts, AD management, changing VLAN assignments on network switches and so on which are carried out by a privileged user can be easily automated using simple template language - available out of the box from these solutions. Even innocuous errors in such tasks - a spelling mistakes or errant commas, can cause significant disruption and security breaches. Thus, robotic privilege task Automation will also act as an extra layer of security to business by removing processes that involve exposure to vulnerable accounts at the user level. Every such privileged robotic automated process is captured, monitored, audited and reported – reducing compliance burden and allowing management teams to identify errors swiftly and effectively.
Next-gen PAM solution has a lot to offer for enhanced security to an enterprise regarding machine learning - RPA, behavioral analytics, threat intelligence to name a few.
Question is: Have you consulted the industry experts and chosen the correct PAM solution for your business? If yes, are you deploying it to its fullest capabilities?
About the Author: Susmita Shankaran
Susmita is currently working as Technical Manager at Happiest minds with close to 13 years in IT industry where she leads the Identity and Access Management practice. With 9+ years in Enterprise Security, ‘Privileged Identity and Access Management’, ‘Identity and Access Management (IAM) and GDPR are her area of expertise. She has worked in Software Services, Consulting, Operations and Pre-sales across industry segments and at a global level. Passionate in exploring the emerging trends in information security technologies. In her free time, she likes to explore various areas of creativity like sculpting, mural painting and writing.
PS: Originally published in: Water Proofing Special - October 2018 - Siliconindia Magazine -1