Cyber Defense eMagazine May Edition for 2022
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
via compromised accounts and servers to gain additional rights and maximize their damage potential.<br />
For this, dedicated Privileged Account Management (PAM) is required.<br />
What Is PAM?<br />
When it comes to protecting identities and accounts, the so-called ‘least privilege principle’ has always<br />
been an important best practice: It ensures that each authenticated user is only granted the minimum<br />
level of privileges sufficient to per<strong>for</strong>m their intended task. This ensures that even if an attacker gains<br />
access to a user account, the maximum damage they can cause is limited by the privileges of the user<br />
in question: For example, if a user only has read access to selected resources, the risk is relatively<br />
manageable. For optimum protection, it is also recommended to assign privileged roles (i.e., roles with<br />
particularly extensive rights) only <strong>for</strong> a brief period and never permanently. This just-in-time access will<br />
help companies minimize the attack surface of critical network functions.<br />
Additional Recommended Measures<br />
Most vendors support this basic PAM solution with a wide range of additional technologies, and at first<br />
sight, the strategies of the manufacturers differ in many details. However, closer examination reveals<br />
many common traits and key components:<br />
• High-level Tier 0 or Tier 1 resources, such as domain controllers, require the highest degree of<br />
protection. As a result, most vendors grant privileged access to them only in an isolated<br />
environment and protect access with robust Multi-Factor Authentication.<br />
• Equally strict are the requirements to access the identities and credentials of SaaS admins and<br />
privileged business users. Here, the focus lies on robust Password Management strategies, e.g.,<br />
en<strong>for</strong>cing strong passwords and automatic regular password changes.<br />
• It should always be possible <strong>for</strong> critical credentials <strong>for</strong> infrastructure accounts, DevOps accounts,<br />
and SSH key pairs to be stored in secure vaults.<br />
• To ensure additional cyber resilience, most vendors recommend further measures such as red team<br />
exercises or enhanced auditing and reporting features.<br />
Which Solution Fits Best?<br />
When evaluating the PAM market <strong>for</strong> the first time, the wide selection of available solutions can look a<br />
bit intimidating. To find the right product <strong>for</strong> their organization, identity leaders should ask themselves the<br />
following key questions:<br />
• Which assets and accounts are we looking to protect? Which specific risks are we looking to<br />
mitigate?<br />
• Are we facing a true greenfield project? Or do we already have standalone PAM solutions in use in<br />
certain areas or even an enterprise-wide legacy solution with which we are not satisfied?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>May</strong> <strong>2022</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.