Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Avoid these Common Privileged Access Management (PAM) Pitfalls & Misconceptions

January 31, 2020

  • Blog
  • Archive

Over the past several years, the landscape of cyberattacks and data breaches has expanded and dramatically worsened. First, threat actors are getting smarter, and using less obvious attack tools and techniques to blend in and be less conspicuous. Furthermore, they’re increasingly finding and leveraging privileged credentials as part of their attack path.

In Verizon’s 2019 Data Breach Investigations Report, use of stolen credentials and privilege abuse each consistently rank amongst the top threat actions, both in terms of number of incidents and full-blown breaches. This trend has been underway and for years, too, and the security community knows it. Additionally, the proliferation in privileges and avenues by which privileged access can be exploited have been a growing challenge for IT. Why, then, don’t we focus more on privileged access management (PAM)? The answer is…complicated.

Many organizations maintain long, firmly held beliefs about privileged access management (PAM) tools and concepts that don’t hold up to much scrutiny. These misconceptions can cause IT teams to overlook easy, and highly attainable ways to reduce risk, and also cause organization to use dangerous tactics and workarounds that inflate their organization’s risk surface.

For instance, organizations still commonly enable a risky “browse up” security model, where administrative tasks and actions can be performed from low-trust end user systems like mobile devices, laptops, etc. To make this work and still maintain security, many organizations have tried using dedicated “jump boxes” and bastion hosts that are locked down extensively for all remote admin and privileged activity. While this can be an effective approach that has some merit, it’s often impractical and inconvenient for users, which consequently leads to efforts to circumvent this access model altogether (and we know where this can lead).

There’s no doubt that it’s time to prioritize PAM, but we need to be looking at a realistic model and tools that are operationally sustainable. To overcome mental barriers to PAM adoption, we also need to address myths and misperceptions about PAM.

It’s long been thought that any robust PAM implementation requires the use of shared accounts, which present a security risk in their own right. Some organizations have struggled to change admin and other privileged user behaviors around shared accounts, and that struggle will likely continue…but PAM shouldn’t be a contributing technology factor here.

Likewise, to some, PAM seems to imply that only privileged accounts and access is attainable, but modern enterprise PAM tools should facilitate any type of controlled connectivity, with password and session management, various integration elements with authentication, federation, and other security services, as well as robust logging and monitoring of activity.

And contrary to some misconceptions, PAM solutions extend far beyond Active Directory. In fact, any enterprise-class PAM platform should also completely address privileged accounts on Unix and Linux, as well as mobile devices, and non-traditional devices, like IoT.

Today’s best PAM tools can truly address an expansive list of use cases, such as vendor remote access and other more granular access needs. Some have tried to equate this to a “zero trust” implementation, but accomplishing a full-fledged “zero trust” model is exceedingly difficult to achieve. While PAM is one facet of “trust limitation and monitoring”, it shouldn’t be misrepresented as providing a complete “zero trust” model. Let’s start debunking PAM myths here—not create new ones!

Above all, there’s been a misconception that PAM is difficult to implement and manage. This shouldn’t be the case! There’s no better time to look into PAM, given the current threat landscape we face, and it’s best to find options that integrate into your environment without enormous headaches and operational demands.

For a deeper dive into unwinding PAM myths and setting the facts straight, check out my on-demand webinar: Debunking Dangerous Misconceptions about Privileged Access Management.


Whitepapers

Busting the Six Myths of PAM

Dave Shackleford

Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.