Managing privileged access to a corporation has become an obligation almost everywhere in the world. Laws such as the LGPD (General Data Protection Law) and GDPR (General Data Protection Regulation) oblige companies to maintain the integrity and security of the data providers’ personal information.

Also, companies operating in countries that do not have data protection laws yet are subject to great pressure from the market to adopt certifications that guarantee the integrity and security of personal data, such as ISO 27001, NIST’s Cyber Security Framework, and PCI DSS.

One way that companies have found to comply with these standards is by adopting an efficient privileged access management solution, but when implementing this type of solution, companies face a great difficulty in integrating the 3 phases of privileged access management to cover the complete cycle of these accesses.

To help you in this task, we have separated the 3 fundamental phases for you to see if your privileged access management solution performs accesses in a broad and efficient way. Check them out:

Before

In order to have a broad and efficient privileged access management, it is necessary to pay special attention to the initial phase of managing privileged credentials.

This phase is responsible for provisioning and guaranteeing access to certified machines and privileged credentials through digital certificates, passwords, SSH keys. Therefore, it is really important.

During

This is the part where privileged access management actually takes place, making it possible to track all user activities in the privileged session in real time, monitor, and analyze suspicious behaviors from users and machines, etc.

Having a solution that can define and limit the tasks that a privileged session will be allowed to perform is essential for your company’s information security to succeed.

After 

After performing the two previous phases, it is important that your privileged access management solution records every action taken in the privileged session. Through this audit, your company ensures that, during the sessions, there are no security breaches, can record all actions performed by users and machines, and allow viewing the privileged session recording.

Points that require attention

There is a great difficulty for companies to implement this type of technology, since most suppliers do not offer an integrated support, in which the 3 phases of the management of privileged credentials are interconnected, and that makes the companies end up opting for hiring more than one solution, so that each one performs a different part of the task.

Unlike other solutions, senhasegura offers the market an integrated solution, through which it performs the 3 phases effectively in just one environment, facilitating the management of privileged credentials and keeping your company secure, free from fines and leaks of sensitive data.

Click here and see in detail how the 3 phases of senhasegura’s privileged access management work. 

According to Gartner – an Institute with a focus on researching, executing programs, and consulting and recommending efficient technologies for its customers, such as digital security – there are some fundamental projects for a company to ensure information security in its environment. 

According to senior analyst director at Gartner, Brian Reed, people spend a lot of time analyzing the choices we make about security, wanting to achieve perfect protection that does not exist. For him, companies should look beyond basic protection decisions and also improve the organizational methodology through innovative approaches in order to detect and respond to a possible security incident.

Gartner has recently released some information security projects focused on risk management and detecting flaws in the execution of a company’s activities.

Today, we will simply and clearly show you what they are and how to implement these points to reduce the risk of data leaks, cyberattacks, and abuse of privilege in your company, without decreasing the productivity of your business. Check it out:

Remote Work Protection 

After the outbreak of COVID-19, many companies have rooted the home office in their business models and faced several issues in ensuring data protection efficiently. 

You probably already know how your employees access workplaces remotely, but now it is time to analyze whether the privilege level is right for your employee to perform all of their tasks or if there is any unnecessary privilege granted.

Learn more: Cybersecurity and the Covid-19

Vulnerability Management

Assess what the points of your company are and focus on the most vulnerable. The ideal is that you do not perform this task alone. Employees who use a certain environment daily can help in carrying out this task with a broader view.

Cloud Security Management

It is of utmost importance that cloud applications allow automated protection so as not to lose the dynamics that tasks normally require.

DMARC

Through DMARC email authentication, organizations that use their emails as a source of verification will be more secure against falsification. The system implements another layer of security in the verification of the sender, identifying and preventing a fake domain from having access to an environment, further increasing the efficiency of your information security project.

Importance Classification 

Your information security project must be classified by importance, after all, sensitive data such as reports, forecasts, agreements, and databases must have a greater layer of protection than any other environment.

From these definitions, you can prioritize the areas that should be protected the most.

It is undeniable that the use of a privileged access management solution (PAM) considerably improves a company’s information security. But what many do not know is that there are some essential features or recommendations for a PAM solution to guarantee information security efficiently.

Today, we list the 09 essential features or good practices that a privileged access management solution must have to ensure its success as a PAM.

Learn more: Quick Guide – PAM Best Practices

1 – Privileged Session Recording

It is essential that your privileged access management solution has the privileged session recording feature to record, in video and text, the actions performed by the user within the system while using a privileged credential.

This is one of the main tools to check if users are performing actions relevant to their tasks, ensuring the confidentiality of the company’s sensitive data and that all actions are tracked and audited.

For a good privileged session recording, check with the PAM solution provider if the tool allows the storage of session record files and audit logs to prevent users from editing their activity histories and damaging your entire monitoring system.

2 – Review of Privileged Credentials 

In order to ensure good information security, one needs to perform recurrent preventive practices, such as managing their company’s privileged accounts.

A solution that does not have this feature – or has a flawed one – leaves many security holes, allowing a possible cyberattack.

With this features, it is possible to gather all active privileged credentials and check the privilege level of each one, reviewing whether it makes sense for users to have access to such environments, in addition to removing credentials that are no longer used, such as those of employees who were dismissed from the company.

3 – Credential Management

In order to mitigate the risks of data leaks, in addition to reviewing access to privileged credentials, it is necessary to manage them through an automatic password change feature, be it by predetermined use, period, or time.

This prevents users from sharing passwords or improperly accessing anything outside the solution.

Learn More: Machine Identity and Digital Certificate Management

4 – Two-Factor Authentication

The main solutions on the market require two-factor authentication from the user, usually through an OTP (One-Time Password). It is also possible to send an SMS or an email with a confirmation code for someone to be able to use the privileged credential.

This type of feature makes it difficult for unauthorized people to use the privileged user’s credential.

5 – Backup

One of the most important parts of a PAM solution is to have the feature of automatic backups. Even with all the security locks, the backup appears as one of the last information security features.

This ensures that even with leaked and/or deleted data, the company is able to have access to all data protected by the privileged access management solution.

6 – Strong Passwords

This practice is very simple and essential. Through a company, it is possible to implement a PAM password vault and make privileged credentials available to users. However, there must be some kind of guarantee that all privileged credentials have strong passwords that are difficult to be broken with the use of malicious software.

The ideal is to guide the user to create a password that mixes upper and lower case letters, numbers, and special characters, with at least 8 characters.

Learn more: Best Practices Manual for PAM

7 – Emergency Access 

In the event of any abuse of privilege in your company, it is important to have a last-security feature through the break-the-glass functionality in case any type of system unavailability occurs, be it a product or an infrastructure failure, even a cyberattack. The person responsible for information security has the autonomy to take their privileged credential through a segregated backup file.

This type of feature prevents technological lock-in, and there is no way for the user to resort to the occurrence.

8 – Notification of Suspicious Actions

Whenever there is a suspicious action within a privileged session, in addition to having several security locks, your PAM solution must notify those responsible for information security to take appropriate measures.

9 – Access Reporting

Finally, access reporting is important so that the responsible person has a complete view of the actions performed through privileged sessions, allowing the identification of security breaches and points for improvement. A complete set of reports optimizes time and work, as there is no need to conduct audits from session to session.

Another cyberattack with devastating consequences for financial institutions. The target now was BancoEstado, one of the three largest Chilean banks, which was affected by ransomware on September 6. According to a statement to Chile’s Cybersecurity Incident Response Team (CSIRT), the cyberattack is believed to have involved the Sodinokibi ransomware, also known as Revil.

On the 6th, the bank informed through a statement that it had detected malicious software in its operating systems and that their platforms could have some kind of unavailability due to the incident. However, ATMs and Internet Banking were not affected, nor were the resources of its customers or the institution itself. It is believed that the attack, again, was orchestrated through Social Engineering, when one of the bank’s employees opened an Office document infected with the virus.

By compromising the employee’s machine, the attacker was able, through lateral movement, to infect more than 12,000 endpoints and affect the operations of all 416 branches of the Chilean bank.

After detecting the cyberattack on the 5th, Saturday, BancoEstado reported the incident to the Comisión para el Mercado Financiero (CMF), the equivalent of our Securities and Exchange Commission (CVM), which soon issued an alert to the Chilean banking system.

Long lines formed in the days following the cyberattack in front of BancoEstado branches. Account holders have complained on Twitter about various anomalies in their accounts, such as uncredited transfers to destination accounts, as well as lack of access to investment accounts, and inconsistent data in the amount totals. At the same time, there are reports that cybercriminals have started spam campaigns on behalf of the bank to capture customer credentials.

An attack of this magnitude indicates major flaws in the control of access to internal networks, including an efficient monitoring and response system. This involves the lack of computational and human resources for adequate response to incidents.

Another organization victim of the same ransomware that hit BancoEstado, in July this year, was Telecom Argentina, the country’s largest telephone operator. In this specific case, the required amount was US $ 7.5 million.

Learn more: How to protect your company from insiders threats?

But, what is the Sodinokibi ransomware and how does it work?

Sodinokibi is a family of ransomware that affects Windows systems and encrypts important files, requesting a cash amount to decrypt them. The ransomware creators are also associated with other malicious software, GandCrab, which was already linked to approximately 40% of global ransomware infections before being retired by its creators in June 2019. Thus, one can already have an idea of the potential for Sodinokibi infection.

The first difference noticed by users when having their device infected by ransomware is an infection warning, when the files are already encrypted. The ransom instructions are also visible on the user’s Desktop.

More than ever, cyberattacks through ransomware are among the biggest risks for organizations of all sizes and industries. According to the Mid-Year Threat Landscape Report 2020, there was a 750% increase in attack attempts through malicious software involving ransoms. And not only is the number of these attacks increasing but so is their sophistication.

In many cases, malicious attackers use threats against their victims to leak encrypted data, something that can compel them to pay the high amounts required as a ransom. One of the causes is the heavy sanctions that organizations are subject to in case of data leaks. If the leak involves personal data of European citizens and the organization is subject to GDPR, the fine could reach up to 50 million euros. If it takes place in Brazil and the LGPD is applied, this amount can reach up to 50 million reais.

One of the ways to mitigate the risks associated with a ransomware infection is to ensure that security updates are applied as soon as they are released by developers. By doing this, one can prevent malicious attackers from exploiting vulnerabilities to infect the environment. The implementation of features such as Multifactor Authentication is another strategy that prevents hackers from moving laterally through the environment and infecting even more endpoints.

Cybersecurity teams must also perform backups of their systems, as well as periodic testing as part of their disaster recovery and incident response plans. Thus, it is possible to guarantee that the systems are recovered without the need to pay a ransom.

Deploying a PAM solution such as senhasegura is also an excellent way to mitigate cybersecurity (and business) risks associated with ransomware infection.

Through our Privilege Elevation and Delegation Management solution, senhasegura.go, one can segregate access to sensitive information, isolating critical environments, and correlating events to identify any suspicious behavior. By controlling lists of authorized, notified, and blocked actions with different permissions for each user, senhasegura.go allows reducing the risks linked to the installation of malicious software and abuse of privilege, which can compromise the environment. Finally, through senhasegura, one can overcome the challenges of implementing controls for data protection legislation such as GDPR and LGPD, as well as PCI, ISO, SOX, and NIST regulations, with the automation of privileged access controls to achieve maturity in the audited processes.

Any corporation is subject to some type of cyberattack, and it is essential to have a system that defends and maintains data integrity.

According to a report by Fortinet Threat Intelligence, Brazil has suffered more than 24 billion cyberattack attempts in 2019, a fact that reinforces the need to have efficient solutions against this type of threat.

Preventing external attacks is already very common within companies, and according to the Verizon Data Risk Report, 34% of data breaches involve internal agents and 17% of all confidential files were accessible to all employees, which turns on a big alert for companies to protect themselves from insiders threats as well as external ones.

For this, it is recommended that some technology be implemented to efficiently monitor privileged access by employees. In order to help you with this task, we have separated 3 practices on how to protect your company from insiders threats, check them out:

1- Know who has access to privileged accounts

One of the biggest mistakes of companies is making privileged credentials available to many users, which directly affects data breaches and the risk of leaks through insiders threats.

You need to find out which people have access to protected environments, and ensure that people who do not need to access such environments have some kind of administrative credential, limiting the number of privileged users.

Ideally, credentials with a higher level of privilege should be controlled by those responsible for IT, so that there is no type of breach.

Learn More: So, what does Privileged Access Management mean?

2- Ensure user traceability

With the use of some technologies, you can know who, when, where, and what actions were taken by the user to perform a privileged session, in addition to limiting the actions that can be performed in the environment.

Some solutions alert and block the user who performs any improper action and provide session recording for analysis.

3- Third-party access

If any type of service provided to your company is outsourced, there must be some kind of protection.

Ideally, any type of access to company environments should be monitored through a VPN dedicated to a specific application for a predetermined time.

The best way to ensure that there are no loopholes for insiders threats in your company is by having a complete PAM password vault, which ensures protection from possible threats, monitors privileged sessions, and automates tasks.

senhasegura is one of the largest PAM solutions in the world according to Gartner. In addition to preventing data leaks and abuse of privilege and avoiding insiders threats, the solution is complete to guarantee protection against external threats. Moreover, the senhasegura implementation helps your organization to:

• Apply the Security aspect in your DevOps pipeline, ensuring DevSecOps;
• Perform the proper management of digital certificates;
• Comply with LGPD and GDPR;
• Ensure security in your Cloud environment.

If you want to know how our solution works and stop insiders threats in your company, fill out the form below and request a demo of the solution.