BR +55 11 3069 3925 | USA +1 469 620 7643

Compliance

and Audit

Audit

PCI DSS

SOX

ISO 27001

HIPAA

NIST

GDPR

ISA 62443 |

Industry 4.0

Security and

Risk Management

Privilege Abuse

Third Party Access

Privileged Access Recording

Insider Threat

Data Theft Prevention

Hardcoded Passwords

Password Reset

Solutions

By Industry

Energy and Utilities

Financial

Government

Health Care

Legal

Telecoms

Retail

senhasegura

Testimonials

See Testimonials

360º Privilege Platform

Account and

Session

PAM Core

Domum

Remote Access

MySafe

GO Endpoint

Manager

GO Endpoint

Manager Windows

GO Endpoint

Manager Linux

DevOps Secret

Manager

DevOps Secret

Manager

Multi

Cloud

Cloud IAM

Cloud Entitlements

Certificate

Manager

Certificate

Manager

Privileged

Infrastructure

PAM Crypto Appliance

PAM Load Balancer

Delivery : On Cloud (SaaS) | On-premises | Hybrid

Services

and Support

Documentation

Solution Center

Suggestions

Training and Certification

Deployment and Consulting

PAMaturity

PAM 360º

Support Policy

senhasegura

Resources

Rich Materials

Customer Cases

Webinars Calendar

senhasegura Stickers

BLOG

CONTENT

Is your company really prepared for a cyber attack?

The Pillars of Information Security

7 signs that your company needs to improve the security of sensitive data

See more articles about cybersecurity

Technical

Information

How it works

Product Archicture

Integration

Security

High availability and contingency

Privileged Auditing (Configuration)

Privileged Change Audit

Features and

Functionalities

ITSM Integration

Behavior Analysis

Threat Analysis

Privileged Information Protection

Scan Discovery

Task Management

Session Management (PSM)

Application Identity (AAPM)

SSH Key Management

Affinity Partner

Program

About the Program

Become a Partner

MSSP Affinity Partner Program

Security Alliance Program

Academy | E-learning for Certification

Affinity

Portal

Portal dedicated only for Partners to find commercial, marketing supporting materials and certification program of senhasegura.

Access Partner Portal

Opportunity

Booking

For our Commercial Team to support your sale more effectively, request your opportunity booking here.

Opportunity Booking Request

Find a

Partner

We work together to offer a better solution for your company.

Check all senhasegura partners

About

Company

About us

Achievements

Why senhasegura

Press Release

Press Room

Events

Career

Presence in the World

Terms of Use

End User License Agreement (EULA)

Privacy and Cookie Policy

Information Security Policy

Certification at senhasegura

senhasegura

Testimonials

See Testimonials

Latest Reports

and Awards

KuppingerCole Leadership Compass Report for PAM 2023

Frost & Sullivan Customer Value Leadership Award 2022

Gartner PAM Magic Quadrant 2021 Report

KuppingerCole Leadership Compass: PAM 2021

GigaOm Radar Report 2021

Gartner PAM Magic Quadrant 2020

Gartner Critical Capabilities for PAM 2020

Information Services Group, Inc. (ISG)

KuppingerCole Leadership Compass: PAM 2020

Contact our team

Request a Demonstration

How to ensure control of your privileged accounts with PEDM

by | Jan 7, 2021 | BLOG

It is well known that hackers wreak havoc around the world with advanced cyberattacks targeting a company’s most valuable assets. Another worrying scenario is the existence of malicious people inside a company who disclose confidential information to the public or take actions to cause internal damage. 

Most of these violations are due to the theft, abuse, or misuse of a privileged account. Privileged accounts allow anyone to control company resources, disable security systems, and access large amounts of confidential information. Given this, it is perfectly natural to consider the risks of privileged accounts as one of the greatest security threats a company faces today. 

Privileged accounts are a risk to a company’s security strategy and need unique controls in place to protect, monitor, detect, and respond to all privileged account activities.

The first step in managing and controlling the use of your privileged accounts is to identify where those accounts are and then establish usage guidelines through appropriate policies. Below, we show how you can take these steps cooperatively with your team.

Who are the users of your privileged accounts? 

Companies tend to ignore the wide range of access to privileged accounts. Anonymous, unverified access to these accounts leaves a company open to abuse that can paralyze its operation entirely. Thus, it is necessary to map the existing privileged accounts and verify who are the users who have access to these accounts, after all, it is impossible to manage something that we do not know. 

Check below the possible types of privileged accounts in your company and the associated risks.

 

  • Third-party Suppliers – Privileged access is granted to perform a job function, allowing contractors to work on the company’s infrastructure. Once inside, third-party contractors have unrestricted access to elevate privileges to confidential data across the company.
  • Cloud Server Managers – Business processes, such as finances, HR, and purchases, are shifting to cloud applications, exposing corporate assets to high risks due to the broad access granted to cloud administrators.
  • System Administrators – For almost all devices in an IT environment, there is an account with shared and elevated privileges and unrestricted access to your operating systems, networks, servers, and databases.
  • Application and Database Administrators – Application and database administrators have broad access to manage the systems to which they are assigned. This access allows them to also connect to virtually any other database or application found in a company.
  • Business Users – Senior executives and IT staff often have privileged access to business applications that contain sensitive data. In the hands of the wrong person, these credentials provide access to corporate financial data, intellectual property, and other confidential data.
  • Social Networks – Privileged access is granted to manage the company’s internal and external social networks. Employees and contractors have privileged access to write to these social network accounts. Improver use of these credentials can lead to a public acquisition, damaging a company’s brand or an employee’s reputation.
  • Applications – Applications themselves use privileged accounts to communicate with other applications, scripts, databases, web services, and more. These accounts are an often overlooked and significant risk, as in most cases they are hard-coded. A hacker will use these attack points to scale privileged access across the company.

Establishing a policy to align risk management with business goals

Best practices recommend that companies create, implement, and enforce a privileged account security policy to reduce the risk of a serious breach. Effective corporate security and compliance begin with a well-executed business policy. An initial policy approach ensures that exposure to external threats, insider threats, and improper use is reduced and that the organization complies with government and industry regulations.

Implementing the principle of least privilege

The principle of least privilege deals with the idea that any user, program, or process must have only the minimum privileges necessary to perform a role. For example, a user account created to extract records from a database does not need administrator rights, whereas a developer whose primary role is to update legacy code does not need access to financial records.

The principle of least privilege can be applied at all levels of a system. It applies to end users, systems, processes, networks, databases, applications, and all other aspects of an IT environment. 

Below, we list the best practices for implementing the principle of least privilege in your business.

 

  • Start with an audit – Check all existing accounts, processes, and programs to ensure that they only have the permissions required to do their job.
  • Start all accounts with the least privilege – The default for all new account privileges should be set as low as possible. Just add specific higher-level capacities as needed to get the job done.
  • Enforce separation of privileges – Separate administrator accounts from standard accounts and top-level system roles from lower accounts.
  • Make individual actions traceable – user IDs, one-time passwords, automatic monitoring, and auditing can make it easier to track and limit the damage.
  • Be consistent – Privilege auditing regularly avoids a situation in which older users, accounts, and processes accumulate privileges over time, regardless of whether they still need them or not.

Using PEDM (Privilege Elevation and Delegation Management) solutions

Monitoring and managing accounts with privileged access are one of the top requirements of the main information security compliance standards that establish best practices in the area. PAM (Privileged Access Management) tools are great allies in this activity, as they help companies to ensure secure access to critical information and reduce security risks by controlling, monitoring, recording, and auditing the activity of privileged users.

PEDM (Privilege Elevation and Delegation Management) is a PAM approach that can be implemented within a company. PEDM is the solution that implements the principle of least privilege. 

A PEDM tool controls the scheduling of privileged accounts and allows elevating and delegating privileged tasks to non-administrator users who require temporary access to target systems. After privilege tasks are completed, access rights are revoked.

Below we list the main benefits of PEDM solutions for managing privileged access in your company.

 

  • They eliminate super-privileged users who can introduce risks to your IT network.
  • They implement a zero local administrator policy. They grant privileges at a granular level, assigning specific rights to perform a specific action.
  • They establish security policies for applications and processes, rather than per user.
  • They facilitate productivity. Non-administrator users can still perform tasks with adapted privileges.
  • They protect assets with workflows combined with user access, use of credentials, and limitation of local rights.
  • They protect critical systems through session control and precise management of applications and processes.
  • They track and monitor activity with full session recording and logs for local devices.

senhasegura, among the best PEDM solutions in the world

Gartner, one of the most respected technology research and consulting institutions in the world, has recently released a new report called Critical Capabilities for PAM, in which PAM technologies and their ability to run and provide the functionalities needed for the cybersecurity universe are assessed. The document, which assesses the three critical pillars of PAM (PASM, PEDM, and Secret Management), has placed senhasegura in the top 3, among the main global companies that offer these resources.

This is an important report to assist leaders in risk and security management to gain more technical knowledge when choosing any of the PEDM providers present in the Magic Quadrant.

Download Gartner’s 2020 Critical Capabilities report here.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...
Read More

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...
Read More

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...
Read More

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...
Read More

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...
Read More