Privileged credentials (administrator rights) are a top target for attackers from outside the organization, or even from among unhappy staff within, because of the access they provide. A Privileged Access Management (PAM) solution is implemented to reduce or remove the need for humans to know these privileged credentials and reduces the chance that they might be misused.
The PAM system becomes the keeper of all privileged credentials, with policies that allow specific identified individuals access to use the appropriate credentials. To be the single source of privileged access, your PAM needs to support all of the authentication sources you use and all of the target systems to which elevated access permission is required. User acceptance is also important, and so the PAM solution should support or improve existing methods of accessing privileged systems, otherwise authorized staff will seek ways around the PAM solution.
A basic function of the PAM is to maintain an encrypted vault with the privileged credentials and other protected resources. Logging and session recording are crucial PAM features, and they allow auditing of privileged actions and forensic analysis after a privilege misuse event. Simply having logs and recordings is not sufficient; searchability is crucial for validating compliance and identifying the scope of any malicious access. Ideally, these logs would integrate into wider security analysis tools in a more holistic security approach.
Often, the PAM platform will act as a proxy or jump host to connect the unprivileged network where users operate to the privileged network that requires managed privilege credentials. The proxy function may support native tools, such as SSH or RDP gateway, or it may provide an HTML5 browser-based interface. The proxy may be part of the main vault application, or it may be deployable as a separate server, and can access the PAM vault as credentials are required. The separation of vault and proxy is essential when the PAM is used to bridge different trust levels such as internet-based privileged access, or any multi-tenant deployment such as PAM as a Service.
No matter how secure a PAM system is, there is always a risk of unintended disclosure of credentials or authorized staff who misbehave, whether accidentally or maliciously. Behavior analytics is a common method used to identify access that is being exploited inappropriately and is commonly integrated with a PAM solution. Ideally, the user behavior analytics would be able to identify the individual user’s actions both with their own credentials and using the PAM to exercise privileged credentials…
Related Projects
Chris is always happy to contribute to a discussion or to an issue and is more than happy to lend a hand to both assist team members with their tasks or to lend his expertise in order to benefit the requestor. He is constantly providing knowledge transfer in a peer to peer manner, engaging others to work together to move a project forward or to resolve an issue. Most importantly, Chris is an open and honest communicator about whatever the topic of the moment is, something that is refreshing in today’s world. I could always count of Chris to lend his opinion or his ideas to any subject matter, and this becomes an important contribution for any team. Chris has tremendous talent and is a very hard working, team player. I would welcome Chris to my team at any point in the future.
Chris was the driving force behind the creation of the ISOC Colorado chapter. I appreciated his leadership and technical skills and his determination. I enjoyed working with Chris on this project and I am looking forward to doing it again.
Chris is a focused individual, willing to go the extra mile to help customers, and do the job correctly. He is a great teacher, and a smart man.
Chris is technically creative, hard working, and extraordinarily effective at working with both internal and external technical expert communities. A pleasure to have had on the team at CableLabs. I fully expect him to significantly move his organization and the industry.
In a wireless organization the network your products operate on needs to be reliable, dependable and operating at top efficiency. Chris made sure that was a reality. Chris was a leader in the day to day operation of our network, on initiating improvement designs for the future and helping out the other departments to close performance gaps. There was never a problem to hard to solve, a solution he was not willing to seek out or a cutting edge idea he hadn’t already researched.
Chris is one of the most brilliant technologists and charismatic speakers I’ve met in a long time. He’s an absolute creative, has a mind focused on solutions, and is driven by a deep belief in what he does. He’s both an inspirational leader and great colleague. I’d work with Chris again any day of the week.
As Chris’ Editor for Exploring IPv6, a Day One book, he kept to his schedule, output exceedingly lucid prose, and gave a sense of instructional design to an extraordinary tough technology to deploy. On time, better than could be expected, and executed with grace.
I have worked with Chris on several projects over the years. His leadership, cooperation, and execution skills are first class. Chris looks at the big picture, identifies necessary actions, builds a plan, and gets the project done
Chris Grundemann was among the most energetic and competent members of our Council throughout his time as an elected member. I found(find) Chris a most thoughtful man who brought insight and experience to the role, but was also always a genuine and professional member exerting leadership with tact and good humor. I think highly of Chris both as a technical professional and community leader, but also as a trusted friend.
Chris is an excellent organizer and leader with vision and energy. He pulled together the Colorado Chapter of the Internet Society, wrote the inital by-laws and saw the process through to the actual chapter formation.
Chris is a superior problem-solver with great people skills and ability to ask the really hard questions. A team player who is engaged and approachable, I expect Chris will have significant impact in the tech industry.
We appreciated his work ethics and clarity of thought. His mind was always on the “next step” and kept us all on our toes.
Together we conquered many challenges, won impossible battles in the vendor industry and created a unique security practice. He has an interesting set of talents of being an engineer, innovator, and a thought leader, but never mixes any of these roles. That is what makes him successful as a leader. “Never be comfortable” is what Chris would tell me, which is what pushed me to do my first tech talk. I now have dozens behind me within some of the largest conferences known in the security vendor industry. Chris is nothing short of supernatural.
Chris is an exceptionally energetic individual, a talented thinker and an accomplished public speaker. He is a very rewarding person to work with due to the level of organization he brings to every project. He has vision and probity, a rare combination. I has been a great privilege to work with him.
Chris was an excellent coach, mentor and problem solver. Chris consistently possesses a “can do” attitude while taking on more and more responsibility and taking the time to fully understand, upskill and learn as required for success. Chris is very organized and patient. He is proactive in identifying and addressing risks and issues that could erstwhile derail hard-earned successes. Chris’ list of talents and intangibles is long, but never a surprise once you get the opportunity to work with him.
Chris is a really hard working person. Very smart technically & could handle issues very promptly. Was very nice working with him.
Chris is one of the sharpest minds you will be lucky to come across, whether in a personal or professional setting. His ability to cut through the noise and see the relevant elements and data in any situation is remarkable.
Chris is intensely focused, dedicated, and capable. He absorbs and synthesizes data quickly, finds the leverage points, focuses on what matters, and delivers results. Any high-performing team will get a boost from engaging with Chris.
Chris is extremely knowledgeable and, more importantly, readily shares that knowledge with his peers to promote better overall understanding and improvement.
Working with Chris has been a real pleasure. He is open, friendly, intelligent, discreet, skilled, productive, driven, resourceful and trustworthy! Our organisation has really benefitted