Why is PAM Needed?

00:00

everyone welcome back to the course. So in the last video, we talked about what privileged access management actually is. And in this video, we're to talk about why privilege access management is needed.

00:11

So we're talking about some of the privilege related challenges as well some of the benefits of Pam.

00:18

So we've got some risk in challenges associated with privileged access management.

00:22

So we're talking about things like lack of visibility, right? So this is gonna be more along the lines of lack of visibility into what privilege users we actually have. Like how many accounts we have. What are some of the credentials that are out there where the assets. But basically

00:37

we're thinking through

00:40

privilege accounts that have been for gotten so as an example, someone leaves the company. Nobody has a process in place to actually say when somebody leaves. This is what we do so that accounts stays there. And of course, it's not being used. But take that one account,

00:56

multiply that by thousands or even in some cases, millions of accounts

01:00

on your standard enterprise. And that becomes a big problem, right, because we don't realize that there's a 1,000,000 accounts out there that are old, that nobody's using because they've all left the company

01:11

or that we've created them, for example, maybe for a penetration test, right? And now we forgot to just deactivate those accounts that the pen testers were using and also of those accounts with their privilege, access air still sitting out there available for someone to compromise. So that's really what the Attackers were looking for. They're looking for those accounts that they can take over

01:30

that, or maybe not in use, but that do have privileged access

01:33

also over provisioning. So if the private Jackson Central's air overly restrictive, what they can do is they can interrupt user work flows. Has anyone ever been in that type of situation? If you're a system into our network coming out there and you try to lock down things, you always usually get some kind of phone call saying, Hey, I can't access this thing anymore, right?

01:52

And that's what we're talking about here is before too restrictive,

01:55

then we're gonna get a lot of complaints. The business met possibly can't even function, So it's really that balancing act right,

02:01

And because of that, a lot of times

02:05

sys admin, zor network engineers or whomever may over provision in access to these users. Right. You may just say, Well, that's okay. I'm just gonna give him all the access. So that way they don't call me and complain, so they'll have all the access. They don't know they have all the access, but I'm just gonna give it to him because I don't want them calling me every single day with this problem.

02:24

Next shared accounts and passwords. So on shared accounts. You're gonna see this a lot of times with, like, I t help desk personnel. So or even I just thought you're generalized. I t team. So what happens a lot of times that they're gonna be sharing the route or the Windows admin type of account

02:45

and any other privileged credentials. So that way, they basically to share the same credentials. So it's easier for everybody to log in, right? We don't have to create a bunch of different accounts. Remember a bunch of different passwords. It's just Here's the administrator account, and here's the password for it. And now you can get into everything.

03:01

The problem with that? Well, number one, The problem is you shouldn't be sharing access, right? But the problem with that is that you don't have any. In most cases, you don't have any auditing capability. So, as an example, I don't know that you were the one logging in and changing things and not Joey over there, right? So I may

03:20

fire Joey because I think that he did it. But really, it was you that caused the issue that you that deleted that thing or

03:25

created a new user account that shouldn't have it or you gave somebody credentials and various eyes. He's been privileged access that they shouldn't have. So really, we don't want to be sharing those credentials because there's no way to know who actually did what and then also make awesome compliance issues based on our organization and will kind are regulations we might need to follow. So

03:46

really get away from if you're sharing

03:47

a an account right now with an entire team, get away from that. Give everyone their own individual access. Yes, they have to remember Anu additional password or whatever, but it's definitely something that you'll want to do.

04:01

We've also got our hard coded stuff. So the 88 to A is just app to app, and then a two. D is just application a database. So really, these air, mostly gonna be your credentials that are shipping with it. So as an example, we ship or we get a router ship to us, and that's got the default credentials of, like, admin, admin. Or,

04:20

you know, like Cisco like Cisco Cisco

04:23

type of stuff. So the user name and password are very default type of stuff that everyone can know and find out. And so that's that's basically risk, right, because it's shipping with that default. So what we need to do is we need to make sure that we're changing those default credentials.

04:38

A. D. C. Using decentralized credential management. So what on me? What do I mean by that? Basically, we're trying to do a manual or some other type of very slow way that's not efficient.

04:48

And what we should be doing is centralizing the credential management so I can see in one dashboard or one location.

04:56

These are the people with this type of privilege access, and then it gets quickly see okay, they need it or they don't and I can add or remove access as needed.

05:03

One of the other challenges is that

05:06

a lot of the identity management tools and processes are there being siloed. So

05:14

what this leads to is it leads to

05:16

basically inconsistent administration for I t. So there's no specific. This is how we do these things because everything's in his own little silo. So there's nothing talking to each other. Really.

05:28

Also, Dev Ops Environments, right? So we've heard a lot about in the news different breaches caused by insecure like s three buckets, for example. So when we're talking through Dev Environments, what do you think through these containers that many deaf teams air using

05:45

because a lot of them have inadequate secrets management? They also might have embedded passwords to the hard coded passwords, you know, So the A to A and the A to D.

05:54

Aziz Well, assay may have excessive privileges already provisioned right as part of that container,

06:00

so we just need to be aware of. Is this container hardness possibly as much as possible? Have we reduced the amount of privilege that's available because we don't actually need it, So we just need to think through these things as were thinking through the privilege access management for our particular organization.

06:17

Now I o T devices are just causing a nightmare for most I t teams, right, because you really it's like B Y o d. Bring your own device. You don't have control over like my iPhone, for example. Right? But what you do have control over there is you can put me on a guest network and not allow me to connect to the internal network. So there are a few things that that you can do.

06:38

Um,

06:38

but one thing that is a big challenge is you don't have necessarily control over my iPhone in the concept of making sure that I'm getting my software updates, usually with IOS, most people have automatic updates turned on. But a lot of times with Android depending on your device,

06:55

you may at the user may have to and manually go in and update the operating system.

07:00

Every single time there's an update.

07:01

So a lot of people are lazy. We all know that, and so they don't update their software. So they're running an older version of Android that might be vulnerable to attack. And that might be an entry point into your network. So when we're talking about I o. T, it's really important for you to focus on making sure that your organization sets minimum standards, saying we only allow devices with this

07:21

OS or later

07:23

to connect to our systems. Right? So that way it makes the employees keep that up to date. But before they're connecting to the network.

07:31

And then, of course, we talked a little bit with the Dev ops about about cloud types of environments. So again, just talking through the cloud and making sure that we're locking everything down. We're not giving administrative access where it's not needed. And that's really one of the bigger challenges of the cloud. As we've seen, like I mentioned before with the history buckets, right, because

07:48

it's not being configured properly, is not being secured properly,

07:53

and so anyone can come and just take the data.

07:57

So what are some of the benefits of privilege access management? Well, we mentioned before that it would helps reduce the attack surface for your organization, So this does a combination and reduces the attack surface for both the external threats as well as the internal threats. Right? So our insider threats.

08:13

It can also reduce memoirs, propagation. Eso. As Mauer breaches our network on one of the host systems,

08:22

we can hopefully prevent against it, or at least mitigate the propagation of it across our network because we've limited the privileged access or the credentials of that individual user so they don't have the the domain admin access where they can spread across the entire network.

08:39

So can also enhance operational performance because we're restricting privileges to just the minimum necessary range of processes to actually form a specific activity. Eso What's that? What that does is it helps reduce our chances of incompatibility, issues the queen between our applications or like our systems,

08:56

which helps reduce the risk of downtime so again increases our overall performance.

09:03

And then it's easier to get compliance or at least be auto friendly when we're taking privilege access management seriously and having that in place because we could say, Look, we know that our users

09:15

are not able to have access to these things. So, as an example with healthcare, I know that the nurses air the doctors that don't work in this particular unit or this department they won't have access to these patients here because we've said you only get access to this department over here.

09:31

So just a quick quiz question and this one has multiple answers. You just kind of think through this one,

09:37

and I t helped. His team has been sharing the same privilege account for months, and a member, a member of the team, left the company yesterday. What should remain remaining team members to?

09:46

Like I said, there's many answers here. There's a lot of good answers here. Ah, couple things they definitely want to do is number one. They should. They should already have a process in place for when someone leaves a company. What do they do if they don't? They need to make sure they put that in place right away.

10:00

And then the other thing I would recommend is that they immediately changed those credentials for the account that they're sharing. And then the other thing is create separate accounts, right? This individual shouldn't have been sharing a privilege account with others. We should have had one accounts and we could easily deactivate it.

10:16

And everyone else wouldn't have had to go through the hassle of changing passwords, etcetera. So

10:20

a couple of main things there that I think people should think through. But there are some other answers you can think through as well.

10:26

All right, So this video, we just talked about some of the challenges related to privilege access management. We also talked about some of the benefits of implementing privilege access management for your organization.