The Australian Cyber Security Centre (ACSC) developed the Essential Eight to help organisations effectively reduce their attack surfaces, while also improving their ability to recover from cyberattacks. Modern cyber threats are typically multi-faceted. By leveraging the Essential Eight, organisations can not only help to deflect attacks, but also minimise the capabilities of attackers should they breach some of your defences.
One of the greatest challenges for IT Security professionals is how to secure privileged access. Forrester research has estimated that privileged credentials feature in approximately 80% of breaches, so gaining control over these powerful credentials is an effective way to drastically reduce cyber risk. In addition, a 2021 report from the Identity-Defined Security Alliance (IDSA) highlighted that timely reviews of privileged access was the most-cited (50% of respondents) security control that could have prevented or mitigated a breach experienced by the respondents. Today, most IT security specialists and industry experts recognise that privileged access plays some role in almost every security breach.
The Essential 8 recommends several core strategies for mitigating vulnerabilities and others risks around privileged access and credentials. Here are three of those security measures:
- Restricting administrator privileges is one of the most highly effective security risk mitigation strategies, and it also supports the implementation of an environment consistent with least privilege and zero trust principles. For attackers who gain credentials through phishing attacks or other means, limiting privileges reduces their ability to move laterally around an organisation’s network and expand their foothold.
- Application control allows only approved applications and application subfunctions to be executed. Unauthorised applications–for instance, crypto-mining software--can introduce the potential for vulnerabilities to your network and systems, or consume significant resources that impact broader system and application performance.
- User application hardening provides organisations further protection, particularly where attackers may try to evade application control by introducing malicious scripts or piggybacking off an approved application’s legitimate functionality. Such behaviour is often seen in malicious applications, such as ransomware. Application hardening, which can include removing features or disabling functionality, can limit the ability of such programs to run and cause damage.
PAM & the Essential Eight
Privileged Access Management (PAM), which encompasses the strategies and technologies for managing, auditing, and securing privileged access, plays a significant role in the Essential Eight. Complete PAM platforms include integrated capabilities for privileged password management, endpoint privilege management, secure remote access, and cloud privilege protection.
Let’s briefly break down these four key PAM pillars:
- Privileged password management solutions discover, onboard, and vault privileged human, application, and machine credentials, enforcing credential security best practices (complexity, uniqueness, rotation after use, etc.). These products help protect credentials against password re-use attacks, brute-forcing, and other common credential-based threats.
- Endpoint privilege management solutions provision the right level of privilege for users, endpoints (desktops, servers, IoT, etc.), and applications. Ideally, they adhere to a just-in-time access model, provisioning access only for the finite moments it is needed, and removing access upon completion of an activity or task, or expiration of an amount of time. Enforcing least privilege organisation-wide drastically reduces cyber risk from insiders and external threat actors, including ransomware. Endpoint privilege management solutions also layer on application control capabilities, providing instant ‘allow or deny’ decisions for application access or privilege elevation based on allow listing, block listing, and grey listing policies. Least privilege and application control capabilities complement each other, creating risk-reduction and performance-enhancing synergies.
- Secure Remote Access PAM solutions can proxy access to control planes and other applications, while limiting the access of users to just what they need to do their job These solutions extend robust privileged access security controls beyond the perimeter to remote workers, vendors, and service desk personnel. PAM solutions for secure remote access address important privileged use cases for which VPNs and other common remote access technologies and protocols are inadequate.
- Cloud privilege protection is an emerging PAM pillar. These solutions centralise visibility and management of entitlements across multicloud environments. Cloud privilege protection solutions go beyond the capabilities and cut through the silos of native cloud tools.
In addition, PAM solutions should provide robust monitoring and management of every privileged session, whether it involves a human, machine, application, vendor, or employee. Every action should be tied to a single identity for an unimpeachable audit trail.
While implementing the Essential Eight can be a challenging project for any organisation, leveraging PAM capabilities, like those above, can provide significant coverage across key aspects of these cyber security strategies.
You can learn more at beyondtrust.com.