BR +55 11 3069 3925 | USA +1 469 620 7643

The Competitive Landscape report for PAM

by | Feb 11, 2021 | BLOG

Privileged credentials are spread across the infrastructure of organizations of all sizes and types. Through them, it is possible to take a series of administrative actions, such as significant changes in assets and critical systems as Domain Admin servers or ERP systems. No wonder one can also call them “keys to the kingdom”. 

And ensuring the security of these “keys” and privileged access is not an easy task for those responsible for Information Security. And taking into account the latest news of data leaks, not just IT teams but all organizational leaders are aware of the risks associated with privileged credentials and how such risks are considered to be part of the business strategy. 

It is also worth remembering that, driven by the shift to decentralized models, we saw a boom of cloud-based approaches. For this reason, according to Gartner, more than half of global companies that already use Cloud will adopt a 100% Cloud-based strategy by 2021. In addition, the increase in connected devices as a result of the expansion of IoT, Industry 4.0 (also called Industrial IoT), DevOps, and other digital transformation initiatives has also increased the number of connected devices and privileged credentials. Many of these credentials are not associated with people and are called service accounts. As they are not associated with a user, in most cases, these accounts are not properly managed and monitored by the security teams, which increases the risk of being exploited by malicious attackers.

And for those who think cyberattacks are limited to large organizations, 28% of these attacks were performed against small and medium-sized businesses, according to the Data Breach Investigation Report from 2020. Also, research by the National Cyber Security Alliance has found that 60% of these companies shut down within 6 months after a cyberattack. 

Regarding cyberattacks, some of the biggest and most recent ones involved the lack of proper protection for privileged credentials. The attack on SolarWinds, for example, came to show us the need to ensure the security of these credentials. This is because, by obtaining improper access to the infrastructure through malware, malicious attackers were able to move laterally through the infrastructure via compromised privileged credentials.

Thus, the goal of Privileged Access Management is to assist organizations to protect, control, manage, and monitor privileged access to critical assets. Therefore, by centralizing the management of privileged credentials in one place, a PAM solution is able to ensure the maximum level of security, controlling access and monitoring suspicious activities.

Gartner considers Privileged Access Management so important that it chose this market as the number one security project for two years in a row in its publication Top 10 Security Projects. And to address the Privileged Access Management scenario, Gartner has released the Competitive Landscape: Privileged Access Management report, prepared by its researcher Swati Rakheja. 

And with the increase in PAM adoption, mainly through SaaS deployments, privileged credential management solutions, which were previously limited only to global organizations, are now also reaching small and medium-sized companies. Also according to Gartner’s report, the PAM market will continue to experience great adoption, expecting a compound annual growth (CAGR) of 10.7% between 2020 and 2024, reaching the size of USD 2.9 billion in 2024. 

Considering that PAM use cases are evolving along with the capabilities and functionality of the solutions, and in order to continue to serve this large and promising market, PAM providers must reassess their strategic positioning in the market by offering new features to meet the needs of organizations of all sizes.

Some of the basic functionalities of a PAM solution, according to Gartner, include everything from credential discovery, onboarding, and management through password vaulting and rotation to privileged access governance and recording and auditing capabilities, such as privileged activity logging and reporting.

While small and medium-sized companies are starting their PAM implementations with these basic functionalities, global organizations are including advanced PAM use cases, which cover, for example, Just-in-time, or JIT access. When using JIT approaches, the solution performs access provisioning based on time of use, reducing the attack surface and the risks of attacks that exploit privileged credentials. 

Also, functionalities based on Artificial Intelligence and Machine Learning, Privileged Task Automation, or PTA, and privileged session auditing are also included in the list of advanced PAM functionalities.

Other emerging needs in the PAM market are access management in multi-cloud and DevOps environments, including CI/CD automation and secrets management.

It is important to note that this difference in the use of PAM features also extends to geographic regions: while emerging markets such as Asia-Pacific and Latin America are still implementing basic Privileged Access Management features, more mature markets such as the European and North American already consider and implement more advanced use cases.

Finally, Gartner’s report presents the competitive profile of the main provider within the PAM market, including senhasegura. In this profile, Gartner brings information such as the product or portfolio overview and how the provider competes in the market.

Regarding senhasegura, Gartner highlighted our PAM offer based on the privileged access life-cycle, considering the Before-During-After approach. This life-cycle includes aspects from the discovery of assets, credentials, and digital certificates to the visibility of actions performed in the environment, allowing the organization to cover all aspects associated with the protection of credentials and privileged access.

As a competitive advantage of senhasegura, Gartner mentions Keystroke Dynamic Identity, or KDI. Based entirely on Artificial Intelligence and Machine Learning, KDI allows the continuous verification of the user’s identity through behavioral biometrics. Gartner also shows that senhasegura has been highly praised by its users for its ease of use and quick installation, not to mention its intuitive and user-friendly interface.

Top 7 Types of Phishing Attacks and How to Prevent Them

Social engineering, in the context of information security, consists of practices performed by hackers to manipulate users to take actions that go against their interests, exploiting their vulnerability and lack of knowledge for their benefit. One of the main types of...

ISO 27001 – What is the importance of having achieved the certification

The process of digital transformation has intensified in companies of all sizes and industries, and is considered an essential factor for business success. One of the main consequences of this process is the exponential growth in the amount of data from customers,...

Principle of Least Privilege: Understand the Importance of this Concept

Granting administrator access to a user who does not even have time to explain why they need this permission is not an efficient way to solve a company's problems but rather to harm its security.  This is because sensitive data can fall into the wrong hands through a...

How to Prevent DDoS Attacks in Your Company?

There are several methods by which malicious agents attack websites and destabilize network services and resources. One of the most widely used techniques is the DDoS attack, which means distributed denial-of-service. Through this attack, a website ends up becoming...

Gartner and PAM: What Does One of the Most Important Consulting Companies in the World Say About this Cybersecurity Solution?

All of us have already heard of digital transformation at some point. This phenomenon affects companies of all verticals and sizes and has been gaining prominence in the market.  Digital transformation increasingly requires organizational leaders to adapt their...