BR +55 11 3069 3925 | USA +1 469 620 7643

Zero Standing Privileges

by | Apr 28, 2021 | BLOG

With the growth of cyberattacks, access credentials have become a strong attack vector. In 74% of cases of data breaches, companies confirm unauthorized access to a privileged account as its main cause.

In addition, The Verizon Data Breach Investigations Report (DBIR) has found that 29% of the total breaches in cyberattacks involved the use of stolen credentials, second only to phishing.

Once a credential is compromised, a malicious attacker is able to move sideways, infecting other devices and increasing the risk of data leaks, or even infection by ransomware. The reason behind this (and because administrator credentials remain an easy target for attackers) is the high level of access that these credentials provide.

Generally, PAM or Endpoint Privilege Management (EPM) solutions are not designed to deal with the risks associated with standing privilege.
The standing privilege is when administrator accounts with privileged access are always active (always-on). On average, in a large company, it is possible to find 480 users with administrator access on their workstations.

Thus, the concept of Zero Standing Privileges (ZSP) aims to eliminate standing privileges within organizations and mitigate cybersecurity risks.

What is Zero Standing Privileges (ZSP)?

 

Administrative privilege provides the means by which attackers need to take criminal action, be it data exfiltration, data destruction, or other crimes.

When an organization has identities with standing privileges (always-on), it must prioritize efforts to control access to such identities, monitor their use, and protect them from misuse.

However, for most of the day, these highly privileged identities remain idle, unused, but still pose risks.

Traditional PAM approaches have focused on managing and controlling access to privileged account passwords or temporarily elevating privileges to manage when users can work with administrative privileges.

For example, a server administrator employee can check the password of the day to access their privileged personal account each morning. Or they can simply use a solution to have their privileges elevated on demand.

Nevertheless, the focus of each of these approaches is to ensure that the employee uses their privileges in an authorized manner, considering that they are a good employee and not an attacker looking for ways to compromise the organization.

In both cases, the privileges granted to their privileged personal account or in the sudo configuration are permanent and at risk of being abused by a motivated criminal.

 

Just Enough Privilege (JEP) and Just in Time (JIT)

 

What if we can eliminate these standing privileges and replace them with a policy-driven process to allow privileged access only when necessary and with scope only for the required tasks?

The answer to that is using the concepts of Just Enough Privilege (JEP) and Just in Time (JIT). In a just-in-time workflow, there are no standing privileges for employees – no sudo settings to manage, no privileged personal account to monitor.

Instead, potential employee privileges are detailed in a centralized policy. When an employee’s job requires privileged access, they start an activity that describes what they want to do and what resources they need to do it.

Behind the scenes, an activity identity is created or activated and only required privileges are granted to perform just the desired task.

The activity is then performed interactively by the employee (for example, a remote desktop protocol for a server – RDP) or by the system on their behalf (for example, rebooting a server).

Upon completion of the activity, privileges are revoked from the activity’s identity and it is destroyed or deactivated.

By adopting this workflow, the privilege attack surface is reduced to the window during which the employee is actively using the privilege, which decreases the risk that an attacker will steal credential passwords.

2021 Data Breach Investigations Report

Reduce risks with insights from the 2021 Data Breach Investigations Report (DBIR) from Verizon. Read the official report today.

Unlike traditional PAM, where the focus is on protecting the means (for example, privileged accounts or settings) that provide privileges, the focus of the JEP and JIT workflow is on the user.

All an employee needs to know is that they are required to restart a specific server, and the system will take care of providing, protecting, and destroying the privilege when they are done.

The goal of Zero Standing Privileges (ZSP) can be achieved through just-in-time privilege access, improving operational sustainability for your privilege access program and dramatically reducing the privilege attack surface.

 

Benefits of Zero Standing Privileges (ZSP)

 

Standing privilege is defined as the fact that accounts have access with persistent privileges at all times to some set of systems. Zero Standing Privileges (ZSP) is just the opposite.

It is the purest form of just-in-time administrator access, ensuring that the principle of least privilege is applied by granting authorized users the privileged access they need for a minimum period and only the minimum rights they need.

This elimination of permanent privilege through Zero Standing Privilege is really an advantage for understanding the current privileged access and mitigating possible cybersecurity risks.

 

Final Thoughts

 

It is encouraging to see the market has started to recognize standing privilege as a key risk that needs to be addressed and that storing secrets and rotating local administrator passwords on critical servers is not enough.

Attackers are targeting workstations as the easiest way and using the administrator access available on those workstations to spread across corporate networks.

It is necessary to consider a position of Zero Standing Privilege in our environments. Stolen credentials will continue to be the easiest target for attackers and will continue to contribute to 80% of data breaches.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...