Book Demo!

According to Forrester 80% of security breaches involve privileged credentials. Verizon Data Breach Investigations Report, has reported that “privileged misuse” is the second most common category of security attack.

If a hacker gets access to your privileged accounts they can move around your network, applications and equipment. Malicious actors can steal your data, as well as delete it, modify it and change your settings or create persistent backdoors into your network.  For any company (just ask Marriott/Starwood), the risk is significant – stolen user information, loss of intellectual property and damage to your brand. Not to mention possible regulatory fines, lawsuits, etc.

With statistics and risks like this, it’s no wonder that security professionals are turning to privilege access management (PAM) solutions. 

Why invest in a PAM solution?

Until recently, many companies have managed privileged accounts and credentials using manual processes and password enforcement. It’s not unusual for organizations to rely on spreadsheets or a basic password manager (a bit of an improvement over a spreadsheet) to keep track of credentials.

Manual processes can quickly become hard to manage and outdated. The changing IT landscape, rise of cloud services and applications, and compliance regulations make manual approaches even more challenging.  There are also multiple layers of technology within an organization with HR, Marketing, Supply Chain all managing their own specific applications. All this makes manual account and permissions management impossible for IT teams.

It’s time that companies rethink their PAM strategy and start evaluating solutions that help automate privileged account management.

Questions you should ask Every PAM Vendor

Gartner says that “privileged access management, is intended to make it harder for attackers to access privileged accounts as well as allowing security teams to monitor behaviors for unusual access.”

PAM software (also called privileged account management or privileged identity management) helps by providing end-to-end control for your privileged passwords, secrets, certificates and documents. PAM systems do this by putting privileged credentials inside a secure vault or repository. System admins and other privileged users must go through the PAM solution and be authenticated in order to access their credentials. More importantly, users can access the company asset/server via a high trust session without ever knowing the password. The software logs, records and monitors each session. Credentials and passwords can be reset after each use or if the password is never seen can be rotated based upon policy for the highest level of security.

For many businesses, PAM solutions were out of reach to due to cost, IT resources and complexity. Today that has all changed with a new host of enterprise-class solutions that are easy to install, implement and affordable.  When evaluating solutions consider the follow questions:

  1. How is the privileged account management solution deployed? Can it work on-premises or in the cloud in physical or virtual environments, hosted on Windows or Linux OS?
  2. How long does it take to implement? What is the client install, server footprint, and is it agentless?
  3. Can you automate tasks such as password resets, discovery for servers and network devices?
  4. Does it offer a full audit trail for all privileged access and permissions? Extensive logging and reports, as well as integration into other systems.
  5. Can you establish secured high trust connections to remote devices and systems?
  6. Can you record privileged sessions with playback indexed by keystrokes, file and clipboard transfer events?
  7. Does the solution provide out-of-the-box controls to meet several crucial regulatory requirements such as GDPR, HIPAA, NIST 800-171 or ISO 27001?
  8. What is the solution’s pricing model? Is it a unified pricing model? And are all features included or do you have to buy separate modules?
  9. Is there a Free trail download or demo and how responsive is the customer support team?
  10. What is the product’s road map? And how often is the product updated to ensure the latest feature set and security patches?

Consider Xton Access Manager (XTAM)

XTAM for Privileged Access Management is the only solution that combines privileged account, passwords, sessions and task management in one product at an unbeatable price.  Download a free trial today or contact us for a personalized demo.

 

Categories: Industry

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Industry

What is Just-in-time Privileged Access?

Access management is a top concern for companies – especially when it comes to sensitive customer data and systems. Which employees or systems should have privileged access to certain types of resources, data, the ability Read more…

Industry

5 Ways to Reduce Insider Threats

September is National Insider Threat Awareness Month.  While many companies underestimate the risk of insider threats, they are increasing at alarming rates. A study by the Ponemon Institute found a 47% increase over the last Read more…

Industry

Data Security and CCPA Compliance

In case you missed it, California Consumer Privacy Act (CCPA) went into effect at the beginning of 2020 and enforcement started on July 1. Modeled after the EU GDPR, the CCPA is designed to enhance Read more…

Copyright © 2020 Xton Technologies, LLC. All rights reserved.