Privileged Session Recording & Management

An appropriate level of privileged session recording and control plays a significant role in ensuring your organization’s cybersecurity. Verizon reports that in 2017, privilege misuse was behind 12% of all security breaches.

And according to Gartner, by 2020, the lack of Privileged Account Management (PAM) processes will be the cause of more than half of all security failures associated with IaaS and PaaS services.

Monitoring and managing accounts with privileged access are one of the main requirements of leading compliance standards such as HIPAA and PCI DSS. PAM tools help organizations ensure secure access to critical information and decrease security risks by controlling, monitoring, recording, and auditing privileged users’ activity.

There are two PAM approaches that can be implemented within an organization:

• Privileged account and session management (PASM)
• Privilege elevation and delegation management (PEDM)

PASM focuses on protecting privileged accounts by vaulting their credentials and managing them actively as well as recording full sessions. Access to these accounts is brokered for human and non-human users (services and applications).

PEDM, on the other hand, provides more granular control, with host-based agents granting privileged access specifically to certain users and usually only for certain activities.

Even though these two approaches are complementary and can be implemented simultaneously within the same organization, it would be wise to start with just one set of tools. Today, we’ll focus on implementing PASM.

PASM: What is it and how does it work?

Privileged account and session management (PASM) tools are meant to monitor, control, and manage accounts with enhanced permissions. Basically, the PASM approach consists of two tasks: controlling privileged accounts and managing privileged sessions.

Managing privileged accounts

The first task is to manage accounts with elevated permissions that allow access to critical data. An organization usually has three types of privileged accounts:

• Administrative accounts
• System accounts
• Operational accounts

These accounts are one of the biggest risk factors within a corporate network. They’re vulnerable to both outsider attacks and insider threats and therefore require tight control.

Privileged account management includes:

• Granting and revoking access to privileged accounts;
• Monitoring and auditing the activity of users with elevated permissions;
• Securing passwords with a password vault;
• Changing passwords to privileged accounts on a regular basis.

Now let’s look at managing privileged sessions.

Managing privileged sessions

Privileged session management (PSM) focuses on monitoring, recording, and managing sessions started by privileged accounts. Aside from real-time monitoring, session auditing activities may include recording full sessions, including recording screens and capturing keystrokes, thus allowing for live viewing and playback when needed.

PSM helps you identify unauthorized or anomalous actions and stop or at least halt them until you can make sure that the controversial activity is legitimate. Plus, session management provides an unimpeachable audit trail that proves rather helpful for incident investigation.

With PASM tools allowing you to manage both privileged sessions and accounts, you can address a larger set of cybersecurity risks and boost the level of your company’s critical information protection.

Key features of PASM solutions

When selecting a PASM solution, pay special attention to the features it provides. Below, we’ve listed several features that are necessary for any PASM solution:

Vaulting passwords – An encrypted and hardened vault is required for storing any credentials of privileged accounts, including private keys and passwords.
Changing passwords regularly – Passwords should be changed on a regular basis. It’s a common practice to change passwords at set intervals (weekly, monthly, or quarterly) or after specific events.
Access control for shared accounts – Access to shared accounts may be granted based on additional workflow approvals or the use of a high-trust multi-factor authentication (MFA).
Session establishment – A separate session should be established for each privileged user to ensure better visibility of their actions.
Privileged session recording and playback – All privileged sessions have to be recorded in a searchable and comprehensive way. Recordings should be taken in both video and command-line formats.
Live session monitoring – A real-time view of privileged sessions is required for monitoring and terminating suspicious activities or unauthorized sessions.
Audit and reporting features – A PASM solution should have comprehensive reporting features that can provide you with detailed information on privileged accounts and their activities.

Different vendors may offer other features and functionalities, but the core set of capabilities is usually the same. You can also build an effective PASM system by deploying several separate solutions.

Building a PASM system

One of the main benefits of the PASM approach is that it can be applied to different types of systems, from on-premises to SaaS and cloud applications. And even though the granularity of control may be lower with PASM, you can still manage privileged accounts across several platforms.

Here are some things that you should pay special attention to when building a PASM system within your company:

Determine and control all privileged accounts – First and foremost, you need to determine all accounts with elevated permissions so that you can manage them effectively and disable, block, or delete accounts as needed. When left unaccounted for and uncontrolled, privileged accounts pose a serious threat to your company’s security.
Define corporate rules and policies for privileged accounts – Create a set of rules and policies for the different types of privileged accounts that exist in your corporate network. Determine what groups of users can access critical information and what actions can be performed with particular privileges. This way, you can effectively manage and control privileged activity within your corporate network.
Use multi-factor authentication (MFA) – Enable a high-trust MFA mechanism for all accounts with elevated privileges. At least two-factor authentication is required for decreasing the risk of credential theft and improving your company’s sensitive data protection. Also, all passwords need to be changed regularly.
Monitor user activity – Monitor, audit, and control actions of privileged users to prevent possible insider threats.
Deploy session recording tools – use session recording and live monitoring tools for good visibility of privileged activity.
Deploy application-to-application password management (AAPM) – Use AAPM tools for securely delivering credentials to applications and scripts.
Provide single sign-on (SSO) for shared privileged accounts – Make sure that privileged sessions are automatically established in a secure manner using protocols such as SSH, RDP, and HTTPS so that actual credentials aren’t revealed to users.
Apply the least privilege principle – Consider denying full access by default and allowing privileged access on a case-by-case basis instead. Doing so lets you make sure that users within your corporate network have only the necessary permissions and, as a result, significantly decreases the risk of accidental data loss or leaks.
Educate your employees on cybersecurity risks – Human mistakes remain one of the biggest cybersecurity risk factors. Educate your employees on both your company’s security rules and the importance of following those rules.

Now let’s take a closer look at the benefits of deploying a PASM solution.

What can PASM give you?

One of the main goals of implementing a PASM system within an organization is to ensure an unimpeachable and unalterable audit trail of every action taken by privileged users. This is required for ensuring satisfactory incident response and for proving regulatory compliance. In particular, deploying PASM tools can help you meet such standards as HIPAA, GDPR, SOX, PCI DSS, and ISO 27001.

However, this isn’t the only way your company can benefit from building an effective PASM system. There are several more reasons why your company should consider deploying PASM tools:

Great visibility – PASM tools help you monitor, audit, and control privileged accounts and sessions launched by them across both on-premises and cloud-based applications.
Efficient insider threat prevention – Thanks to real-time visibility, you get a better chance of responding to an insider attack in a timely manner or preventing it from happening altogether.
Third-party access issues prevention – PASM tools help protect your company’s critical information not only from malicious insiders but also when granting access to third-party vendors.

Even though you can use separate tools for building your own PASM system, we suggest you put your time to better use and turn to an effective and affordable out-of-the-box solution – Ekran System.