With the migration of the workforce to remote-work models, endpoint protection has been considered a major concern within the cybersecurity industry. This change further reinforces the elimination of the security perimeter concept, based on Zero Trust approaches. Thus, in this article, we explain the scenario of increased need for endpoint protection, and how senhasegura, as a Privileged Access Management (PAM) solution, can help organizations to have sovereignty over this type of device.
New market trends
In recent years, and especially now, in times of a pandemic, with the mass adoption of remote work, some trends have been observed in the cybersecurity market.
The first of these trends is the migration from on-premises applications to SaaS models. Gartner, for example, estimates a drop of more than 30% in on-premises solution acquisitions and an increase in the presence of Cloud investments, from 67% to 83%, by 2024.
The second trend observed in the cybersecurity market is the introduction of “Bring Your Own Device.” In this approach, the employee uses their own device to perform their professional duties. However, it is interesting to note that in order to increase their productivity levels, many people ignore best cybersecurity practices. As, in many cases, these devices have not been approved and do not have the appropriate control mechanisms for the Information Security teams, it is not possible to have visibility and control over the actions performed. This can result in unauthorized access to Cloud environments, and data leaks, including through insecure APIs.
What NCSC says?
According to the National Cybersecurity Center of the United States, cybercriminals are increasingly taking advantage of this moment of concern due to the Covid-19 pandemic to perform cyberattacks and hacker campaigns. These campaigns mainly use guidelines from the World Health Organization (WHO) or the Federal Government, and involve phishing attacks through the installation of ransomware.
In Italy, for example, the number of such attacks has increased by more than 300% if compared to last year’s average number. After infecting a device through email links, file downloads, and other means, the purpose of this malware is to encrypt the data on infected systems, demanding an amount for them to be recovered.
Thus, in addition to conducting campaigns with their employees to prevent attacks based on Social Engineering, IT leaders must adopt solutions for the Management of Endpoints used by their employees. This type of solution, in fact, must protect privileged actions performed through user credentials, also known as Privileged Access Management (PAM).
What is Gartner’s forecast?
Gartner considers that, by 2022, 70% of organizations will implement Privileged Access Management practices for all use cases, which is considered a significant increase if compared to the current 40%.
When should a PAM solution be applied?
One of the problems that can be addressed by a PAM solution is the Privilege Elevation and Delegation Management (PEDM). In this case, a PEDM solution, such as senhasegura.go, must allow the elimination of administrator accounts from endpoints, both Windows and Linux. In this way, the user who needs to perform privileged actions from time to time can use senhasegura.go and temporarily take the privileges of a credential that by default is not privileged.
These actions can even be valid based on time, that is, just-in-time. In this type of approach, the user must request privileged access and stipulate an expiration time for this access. Then, it may be necessary to wait for approval from a manager before access is granted. After the end of access, the privilege is removed and the user will have to make a new request to perform a new privileged action.
A PEDM solution, such as senhasegura.go, ensures a just-in-time approach based on the least privilege model in daily operations, facilitating the process of assigning, changing, and auditing privileges. In this way, PEDM solutions provide an additional layer of protection and allow organizations to rely entirely on the use of privileged credentials.
The features of passhasegura.go include:
- Role-based access controls: it allows the implementation of the least privilege concept, which brings greater control over users’ privileges. Consequently, it is possible to reduce the risks of a range of threats. The access granularity of senhasegura simplifies the implementation of least privilege models in Linux and Windows environments.
- Access requests based on approval workflow: senhasegura.go allow the invocation of administrator privileges to run applications, considering the control by lists of authorized actions. Besides, one can protect Linux and Windows systems through the configuration of approval workflows at one or multiple levels.
- Windows features: access to Windows Control Panel operations with administrative privileges. Also, senhasegura.go allows the invocation of administrator privileges to access sensitive data shared on the network, thus ensuring security for files and directories against threats.
- Auditing and compliance: all requests for use of administrative credentials are recorded in session logs, allowing for greater traceability of user actions
This current exceptional and uncertain period that we are going through is an excellent moment to assess the changes required by the Covid-19 pandemic. With the change from the work environment to people’s homes, in addition to the use of the Bring-Your-Own-Device approach, it is necessary to assess how organizations will respond to the new cybersecurity demands in relation to remote work. The use of a solution like senhasegura.go allows reducing the cybersecurity risks introduced by the pandemic through Privilege Elevation and Delegation Management on Windows and Linux Endpoints. By doing this, one can perform privileged actions with credentials through the temporary elevation of privilege. This reduces the attack surface and helps mitigate cybersecurity risks.