Remediant Blog

Privilege access is at the heart of most organizations’ security and is an attractive attack vector that bad actors frequently target. Legacy PAM solutions provide a starting point for keeping credentials safe, but an advanced PAM strategy (i.e. a PAM+ approach), improves your security posture overall. Case in point, when we look at the MITRE ATT&CK framework, we see 71 attack techniques, spanning 9 of the 13 attack stages, that can be thwarted if an organization takes a PAM+ approach.

The principle of least privilege drives this PAM+ strategy. Least privilege is a concept in computer security that limits users’ access rights to only what is strictly required to do a job. This may go as far as granting users permissions to resources aligned to the task at hand. A privileged user is one that is trusted and authorized to perform functions that the ordinary users are not. Following the principle of least privilege, if a privileged user account is mishandled or compromised, unintended or unwanted consequences could ensue. Today, many data breaches occur when threat actors compromise privileged account access.

Advanced PAM+ solutions address TTPs across the MITRE ATT&CK framework. Image courtesy of Tidal Cyber.

Legacy PAM has been a strategy for exerting control over privileged user accounts; those accounts that have super-user access and introduce unnecessary risk to organizations. Legacy PAM is concerned with protecting credentials, usually driven by compliance, and relies heavily on vaulting and session recording. Legacy PAM, based on the nature of how it was designed, typically has hundreds, if not thousands, of privileged accounts on devices waiting to be used, or compromised.

For a long time, legacy PAM solutions focused on protecting credentials, not protecting access. In light of the lack of innovation in the PAM space, Remediant PAM+ is raising the bar by focusing on the true driving factor: removing over-provisioned admin access in your environment. The PAM+ approach prioritizes protecting access to resources, usually driven by the need to enhance cyber resilience by using Zero Standing Privilege and Just-In-Time Access.

The solution is easier than we think.

Instead of vaulting the most coveted accounts, we instead remove the privileged accounts from each endpoint. It’s essential to look at standing privileges across the estate and follow the industry best practices, which includes a critical idea dubbed Zero Standing Privileges (ZSP), as part of the Zero Trust model. It’s the most secure way to mitigate privilege escalation and lateral movement threats.

The idea of ZSP is simple: remove the 24x7x365 login rights of all privileged accounts from all servers, workstations, and laptops. Leave standard users as is, but when it comes to privileged access, it should be enabled with Just-in-Time access (JITA). For those who are new to the concept of Just-in-Time access, it describes a process where a user requests access to a specific machine or several machines, at a specific time and only for a specific period of time. This way, even if a user’s credentials are compromised, the blast radius is reduced to one system, or worse, just a handful of systems that the same user requested JITA access to, as opposed to hundreds or thousands of systems where the user had standing privileges.

For organizations using the MITRE ATT&CK framework to shape a threat-informed defense, utilizing a PAM+ approach is one of the most critical and effective methods to prevent lateral movement and halt most incidents. See how Remediant, the leader in PAM+, utilizes Tidal Cyber's revolutionary threat-informed defense platform that can help your organization efficiently assess, organize, optimize and protect Privileged access and mitigate lateral movement. Contact us today.