Reducing cyber risk with endpoint privilege management (EPM)

By Graham Hawkey, PAM specialist, Osirium.

  • 1 year ago Posted in

Endpoints – the desktop computers, laptops, tablets and phones employees use to carry out their work – are the backbone of productivity in every organisation. Their criticality ensures they will remain ubiquitous in the workplace for years to come; and the same is true for the cyber criminals seeking to find an open door to the systems they connect to.

Once inside, they can wreak havoc. If a hacker can gain access to an organisation's network or cloud storage via just a single endpoint, they will have a foothold from which they can move laterally to steal data, make changes to apps or servers, or plant malware or ransomware, for example. The impacts can be catastrophic. The Met Police data breach revealed in August, in which personal details of officers were leaked into the public domain, has been attributed to a hacker gaining “unauthorised access” to a supplier’s IT system.

The ‘insider’ threat

Threat actors are continually engineering an increasingly diverse and sophisticated array of exploitation techniques to find weaknesses at the endpoint. It’s often the simple tactics that are most effective, however. A distracted employee clicking on a link in a phishing email, an individual accessing the corporate network over an unsecured wifi connection, or the accidental exposure of privileged credentials can all turn an endpoint into a gateway.

Even the most cyber-savvy employees will slip up now and again, and cybercriminals know this all too well. According to Verizon's Data Breach Investigations Report, human error is a contributing factor in four out of five data breaches, while the World Economic Forum also reports that 95% of cybersecurity issues can be traced to human error.

The privilege problem

These days, cyber attackers prefer logging in to hacking in, and if there’s way they can get their hands on user credentials, they will. The greatest risk comes from those accounts and credentials that carry privileged access rights.

While a ‘regular’ user may only need to log onto their laptop and complete everyday tasks such as accessing their emails and Microsoft365 apps, special administrator privileges are occasionally required to complete certain tasks, such as installing a new application, updating software, or changing a configuration setting. As more business is digitised, more staff members – and also in some cases third-party vendors – will need to be able to carry out this kind of task.

If privileged credentials fall into the wrong hands, these greater access permissions can be used to hop from a single device to an entire company network where sensitive data can be stolen or deleted, other user credentials found, and software and other components modified.

It is imperative, therefore, that organisations limit the granting of local administrator rights, and allow only the lowest privilege levels the user needs to execute a task. However, this must be done in a way that enables employees to do their jobs effectively.

The truth is that within every organisation, there are too many users that have local admin rights they don’t need on their desktops, laptops and other devices. The simplest solution to the problem

would be to strip all of these rights away – but this would have a significant impact on productivity, while at the same time increasing the IT team’s workload.

Control, don’t block

Endpoint Privilege Management (EPM) is an approach to managing uncontrolled access that strikes the balance between defending systems and data against compromise, and allowing employees to get on with their jobs. Instead of elevating a user, which gives them unlimited privileged access, the approach switches focus to elevating the applications and processes. The IT team is able to grant approved users permission to run specific applications with elevated permissions for a limited period of time, to carry out specific actions.

Users can do what they need to do, while IT retains visibility over all actions in case activity needs to be stopped, or incidents need to be investigated at a later date. If permissions need to be granted on an individual basis, for each user and application, IT will be buried under an avalanche of requests – so ideally EPM tools should allow rules and policies to be created and then applied at scale.

Of course, as with all cyber security defences, strength comes from building multiple levels of protection. As more and more business processes are digitised, limiting the potential threats associated with privileged accounts should be one of these layers. Reducing access to elevated privileges using EPM reduces the potential attack surface, while prioritising productivity – ensuring staff can continue to safely access the IT systems, services and data they need to be effective.

By Darren Thomson, Field CTO EMEAI, Commvault.
By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...