Check out all the on-demand sessions from the Intelligent Security Summit here<\/a><\/em>.<\/p>\n

\n<\/div>\n
Nowadays, having a solution that manages privileged access<\/a> is essential to prevent increasingly advanced hacker attacks. However, to ensure secure protection without gaps, you must include privilege elimination in your cyber strategy.\u00a0<\/p>\n
In this article, we\u2019ll talk about privileged access management (PAM), explain the importance of adopting privilege elimination in your security strategy and discuss the relationship between privileges and zero trust. <\/p>\n
Privileged Access Management (PAM)<\/h2>\n
PAM seeks to monitor the privileges of each user on the network, thus ensuring the security of a company\u2019s information. That\u2019s because stolen privileged credentials are used in virtually every attack today. <\/p>\n
According to Fernando Fontao, channel account manager at BeyondTrust<\/a>, PAM tools have typically been used to solve a specific problem: How to store privileged identities and manage their use.\u00a0<\/p>\n
<\/p>\n
\n
Event<\/h3>\n
\n
Intelligent Security Summit On-Demand<\/span><\/p>\n
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.<\/span><\/p>\n<\/div>\n

\n Watch Here <\/a>\n <\/p>\n<\/div>\n
<\/body><\/p>\n
But with the rise of ransomware and the fact that hackers are increasingly efficient in their attacks, taking away the privilege is the best solution to stop them. Yet, many companies implement PAM without covering all vectors.\u00a0<\/p>\n
Many organizations believe that protecting privileged identities means keeping administrator credentials in a password vault. But the truth is that there must be a whole strategy that covers what constitutes a privileged activity.<\/p>\n
Why use delete privileges?<\/h2>\n
According to Verizon\u2019s Data Breach Investigations Report 2022, more than 80%<\/a> of breaches involve privilege abuse.<\/p>\n
Hackers take advantage of privileged credentials stored in local repositories, connected devices and more. Therefore, eliminating privilege should be part of every business\u2019s defense strategy. What does this mean? It\u2019s simple; it\u2019s all in changing how permissions are implemented.\u00a0<\/p>\n
This change will not make life difficult for the user nor prevent them from performing their tasks. However, a policy is used \u2014 instead of a privilege that a hacker can steal. With a policy, you give the user the same permissions, just through a different, non-theft mechanism.<\/p>\n
Because, to execute a cyber-attack, a hacker needs to go through some phases. The first is to infiltrate the company\u2019s system.\u00a0After that, they seek to escalate privileges; that is, make a lateral exploration movement until discovering new privileges that provide greater access. And, finally, when they execute the attack.\u00a0<\/p>\n
So, removing privilege through PAM prevents hacker from advancing from one phase to the next. No matter where they entered, the attack dies if they can\u2019t get through.<\/p>\n
And, adopting privilege elimination will protect against different attacks.\u00a0For example, the Lapsus$ Group<\/a> performs attacks without using technology. They do not exploit loopholes in systems, vulnerabilities or code, but focus on gaining access to a legitimate credential through social engineering.\u00a0<\/p>\n
This type of attack is challenging to block using technology. Therefore, the best way to prevent attacks like this is to eliminate privilege.<\/p>\n
Relationship between privileges and zero trust<\/h2>\n
With the dissolution of the security perimeter, zero trust is emerging. This practice move protections away from static, network-based perimeters to focus on users, assets and resources. Thus, the new security perimeter is identity.<\/p>\n
Zero trust<\/a> requires that any access to anything be authenticated.\u00a0It doesn\u2019t matter so much where you\u2019re coming from and where you\u2019re going. The location and destination no longer matter \u2014 just the user and what they want to access. If a credential has a privilege, any person or system controlling it can misuse it.\u00a0<\/p>\n
To fight back against today\u2019s increasingly sophisticated hackers requires a comprehensive and well-defined security strategy that, most of all, involves de-privilege.\u00a0<\/p>\n
Usama Amin is a founder of cybersnowden.com<\/a><\/em><\/p>\n
\n
DataDecisionMakers<\/h3>\n
Welcome to the VentureBeat community!<\/p>\n
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.<\/p>\n
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.<\/p>\n
You might even consider\u00a0 contributing an article<\/a>\u00a0of your own!<\/p>\n
Read More From DataDecisionMakers<\/a><\/p>\n<\/div>\n
\t\t\t\t<\/html><\/div>\n<\/p><\/div>\n
Read More<\/a>
\n Usama Amin<\/p>\n","protected":false},"excerpt":{"rendered":"
February 19, 2023 11:10 AM Padlock protecting access to technology Check out all the on-demand sessions from the Intelligent Security Summit here. Nowadays, having a solution that manages privileged access is essential to prevent increasingly advanced hacker attacks. However, to ensure secure protection without gaps, you must include privilege elimination in your cyber strategy.\u00a0 In<\/p>\n","protected":false},"author":1,"featured_media":610401,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4397,36554,46],"tags":[],"class_list":{"0":"post-610400","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-access","8":"category-privileged","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/610400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=610400"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/610400\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/610401"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=610400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=610400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=610400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

Event<\/h3>\n\nIntelligent Security Summit On-Demand<\/span><\/p>\nLearn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.<\/span><\/p>\n<\/div>\n