It is undeniable that the use of a privileged access management solution (PAM) considerably improves a company’s information security. But what many do not know is that there are some essential features or recommendations for a PAM solution to guarantee information security efficiently.

Today, we list the 09 essential features or good practices that a privileged access management solution must have to ensure its success as a PAM.

Learn more: Quick Guide – PAM Best Practices

1 – Privileged Session Recording

It is essential that your privileged access management solution has the privileged session recording feature to record, in video and text, the actions performed by the user within the system while using a privileged credential.

This is one of the main tools to check if users are performing actions relevant to their tasks, ensuring the confidentiality of the company’s sensitive data and that all actions are tracked and audited.

For a good privileged session recording, check with the PAM solution provider if the tool allows the storage of session record files and audit logs to prevent users from editing their activity histories and damaging your entire monitoring system.

2 – Review of Privileged Credentials 

In order to ensure good information security, one needs to perform recurrent preventive practices, such as managing their company’s privileged accounts.

A solution that does not have this feature – or has a flawed one – leaves many security holes, allowing a possible cyberattack.

With this features, it is possible to gather all active privileged credentials and check the privilege level of each one, reviewing whether it makes sense for users to have access to such environments, in addition to removing credentials that are no longer used, such as those of employees who were dismissed from the company.

3 – Credential Management

In order to mitigate the risks of data leaks, in addition to reviewing access to privileged credentials, it is necessary to manage them through an automatic password change feature, be it by predetermined use, period, or time.

This prevents users from sharing passwords or improperly accessing anything outside the solution.

Learn More: Machine Identity and Digital Certificate Management

4 – Two-Factor Authentication

The main solutions on the market require two-factor authentication from the user, usually through an OTP (One-Time Password). It is also possible to send an SMS or an email with a confirmation code for someone to be able to use the privileged credential.

This type of feature makes it difficult for unauthorized people to use the privileged user’s credential.

5 – Backup

One of the most important parts of a PAM solution is to have the feature of automatic backups. Even with all the security locks, the backup appears as one of the last information security features.

This ensures that even with leaked and/or deleted data, the company is able to have access to all data protected by the privileged access management solution.

6 – Strong Passwords

This practice is very simple and essential. Through a company, it is possible to implement a PAM password vault and make privileged credentials available to users. However, there must be some kind of guarantee that all privileged credentials have strong passwords that are difficult to be broken with the use of malicious software.

The ideal is to guide the user to create a password that mixes upper and lower case letters, numbers, and special characters, with at least 8 characters.

Learn more: Best Practices Manual for PAM

7 – Emergency Access 

In the event of any abuse of privilege in your company, it is important to have a last-security feature through the break-the-glass functionality in case any type of system unavailability occurs, be it a product or an infrastructure failure, even a cyberattack. The person responsible for information security has the autonomy to take their privileged credential through a segregated backup file.

This type of feature prevents technological lock-in, and there is no way for the user to resort to the occurrence.

8 – Notification of Suspicious Actions

Whenever there is a suspicious action within a privileged session, in addition to having several security locks, your PAM solution must notify those responsible for information security to take appropriate measures.

9 – Access Reporting

Finally, access reporting is important so that the responsible person has a complete view of the actions performed through privileged sessions, allowing the identification of security breaches and points for improvement. A complete set of reports optimizes time and work, as there is no need to conduct audits from session to session.

Another cyberattack with devastating consequences for financial institutions. The target now was BancoEstado, one of the three largest Chilean banks, which was affected by ransomware on September 6. According to a statement to Chile’s Cybersecurity Incident Response Team (CSIRT), the cyberattack is believed to have involved the Sodinokibi ransomware, also known as Revil.

On the 6th, the bank informed through a statement that it had detected malicious software in its operating systems and that their platforms could have some kind of unavailability due to the incident. However, ATMs and Internet Banking were not affected, nor were the resources of its customers or the institution itself. It is believed that the attack, again, was orchestrated through Social Engineering, when one of the bank’s employees opened an Office document infected with the virus.

By compromising the employee’s machine, the attacker was able, through lateral movement, to infect more than 12,000 endpoints and affect the operations of all 416 branches of the Chilean bank.

After detecting the cyberattack on the 5th, Saturday, BancoEstado reported the incident to the Comisión para el Mercado Financiero (CMF), the equivalent of our Securities and Exchange Commission (CVM), which soon issued an alert to the Chilean banking system.

Long lines formed in the days following the cyberattack in front of BancoEstado branches. Account holders have complained on Twitter about various anomalies in their accounts, such as uncredited transfers to destination accounts, as well as lack of access to investment accounts, and inconsistent data in the amount totals. At the same time, there are reports that cybercriminals have started spam campaigns on behalf of the bank to capture customer credentials.

An attack of this magnitude indicates major flaws in the control of access to internal networks, including an efficient monitoring and response system. This involves the lack of computational and human resources for adequate response to incidents.

Another organization victim of the same ransomware that hit BancoEstado, in July this year, was Telecom Argentina, the country’s largest telephone operator. In this specific case, the required amount was US $ 7.5 million.

Learn more: How to protect your company from insiders threats?

But, what is the Sodinokibi ransomware and how does it work?

Sodinokibi is a family of ransomware that affects Windows systems and encrypts important files, requesting a cash amount to decrypt them. The ransomware creators are also associated with other malicious software, GandCrab, which was already linked to approximately 40% of global ransomware infections before being retired by its creators in June 2019. Thus, one can already have an idea of the potential for Sodinokibi infection.

The first difference noticed by users when having their device infected by ransomware is an infection warning, when the files are already encrypted. The ransom instructions are also visible on the user’s Desktop.

More than ever, cyberattacks through ransomware are among the biggest risks for organizations of all sizes and industries. According to the Mid-Year Threat Landscape Report 2020, there was a 750% increase in attack attempts through malicious software involving ransoms. And not only is the number of these attacks increasing but so is their sophistication.

In many cases, malicious attackers use threats against their victims to leak encrypted data, something that can compel them to pay the high amounts required as a ransom. One of the causes is the heavy sanctions that organizations are subject to in case of data leaks. If the leak involves personal data of European citizens and the organization is subject to GDPR, the fine could reach up to 50 million euros. If it takes place in Brazil and the LGPD is applied, this amount can reach up to 50 million reais.

One of the ways to mitigate the risks associated with a ransomware infection is to ensure that security updates are applied as soon as they are released by developers. By doing this, one can prevent malicious attackers from exploiting vulnerabilities to infect the environment. The implementation of features such as Multifactor Authentication is another strategy that prevents hackers from moving laterally through the environment and infecting even more endpoints.

Cybersecurity teams must also perform backups of their systems, as well as periodic testing as part of their disaster recovery and incident response plans. Thus, it is possible to guarantee that the systems are recovered without the need to pay a ransom.

Deploying a PAM solution such as senhasegura is also an excellent way to mitigate cybersecurity (and business) risks associated with ransomware infection.

Through our Privilege Elevation and Delegation Management solution, senhasegura.go, one can segregate access to sensitive information, isolating critical environments, and correlating events to identify any suspicious behavior. By controlling lists of authorized, notified, and blocked actions with different permissions for each user, senhasegura.go allows reducing the risks linked to the installation of malicious software and abuse of privilege, which can compromise the environment. Finally, through senhasegura, one can overcome the challenges of implementing controls for data protection legislation such as GDPR and LGPD, as well as PCI, ISO, SOX, and NIST regulations, with the automation of privileged access controls to achieve maturity in the audited processes.

Any corporation is subject to some type of cyberattack, and it is essential to have a system that defends and maintains data integrity.

According to a report by Fortinet Threat Intelligence, Brazil has suffered more than 24 billion cyberattack attempts in 2019, a fact that reinforces the need to have efficient solutions against this type of threat.

Preventing external attacks is already very common within companies, and according to the Verizon Data Risk Report, 34% of data breaches involve internal agents and 17% of all confidential files were accessible to all employees, which turns on a big alert for companies to protect themselves from insiders threats as well as external ones.

For this, it is recommended that some technology be implemented to efficiently monitor privileged access by employees. In order to help you with this task, we have separated 3 practices on how to protect your company from insiders threats, check them out:

1- Know who has access to privileged accounts

One of the biggest mistakes of companies is making privileged credentials available to many users, which directly affects data breaches and the risk of leaks through insiders threats.

You need to find out which people have access to protected environments, and ensure that people who do not need to access such environments have some kind of administrative credential, limiting the number of privileged users.

Ideally, credentials with a higher level of privilege should be controlled by those responsible for IT, so that there is no type of breach.

Learn More: So, what does Privileged Access Management mean?

2- Ensure user traceability

With the use of some technologies, you can know who, when, where, and what actions were taken by the user to perform a privileged session, in addition to limiting the actions that can be performed in the environment.

Some solutions alert and block the user who performs any improper action and provide session recording for analysis.

3- Third-party access

If any type of service provided to your company is outsourced, there must be some kind of protection.

Ideally, any type of access to company environments should be monitored through a VPN dedicated to a specific application for a predetermined time.

The best way to ensure that there are no loopholes for insiders threats in your company is by having a complete PAM password vault, which ensures protection from possible threats, monitors privileged sessions, and automates tasks.

senhasegura is one of the largest PAM solutions in the world according to Gartner. In addition to preventing data leaks and abuse of privilege and avoiding insiders threats, the solution is complete to guarantee protection against external threats. Moreover, the senhasegura implementation helps your organization to:

• Apply the Security aspect in your DevOps pipeline, ensuring DevSecOps;
• Perform the proper management of digital certificates;
• Comply with LGPD and GDPR;
• Ensure security in your Cloud environment.

If you want to know how our solution works and stop insiders threats in your company, fill out the form below and request a demo of the solution.

After two years of waiting, the general data protection law (LGPD) will finally come into force in Brazil. The law aims to regulate the processing of personal data, mainly ensuring the security, transparency, and integrity of the data provided.

Since its announcement, it has been widely discussed among companies how to adapt to the rules established by law, as the impact on data processing is enormous for companies to create their communication strategies and protect personal data effectively.

Companies that have not yet adapted to the LGPD are subject to fines of R$ 50 million, which would bring huge losses to any company.

If you have not adjusted yours yet and want to catch up with the damage as soon as possible, we have this article to show you the 10 privacy principles for you to comply with the LGPD, check them out:

Learn More: 7 important details between the LGPD (Brazilian) and the GDPR (European)

10 Privacy Principles

Before you put measures in place to regulate your company, it is important to know the 10 privacy principles that LGPD requires from companies, which are:

1. Purpose limitation principle: inform the purpose of collecting data from the user.
2. Adequacy principle: the data will have to be processed in a way that makes sense with the purpose that was informed to the holder.
3. Necessity principle: request only the information necessary for the fulfillment of its purpose.
4. Free access principle: give assurance to the personal data holder that they can know the form and duration for which their data will be used.
5. Quality of data principle: the company will be responsible for the quality of provided.
6. Transparency principle: the user must receive a notice with a detailed list of how their personal data can be used.
7. Security principle: a company must have a means to ensure that only authorized people have access to such data.
8. Prevention principle: data cannot be shared with other companies or people not authorized to process it.
9. Non-discrimination principle: data cannot be used for illegal purposes.
10. Accountability principle: it is necessary to have the term that ensures the 10 principles are being followed.

How to Ensure that the 10 Principles are Followed

To ensure the integrity of personal data, your information security team must contribute a lot, since fully protecting personal data is required for the company to have efficient privileged access control.

One that allows only authorized people to access the information and ensures the security from any internal or external threat, in addition to recording all types of actions taken on personal data.

A good way to solve this effectively is by hiring a PAM solution. A good PAM solution manages all the points you need to pay attention to, ensures internal and external security, and even records all actions performed within the databases. If you are curious to know how a PAM solution works, fill out the form below and request the demo.

Through the digital transformation, now driven by the Covid-19 pandemic, we see a massive migration to decentralized, cloud-based models. And those who already use these models will further accelerate the migration to the cloud. According to Gartner, by 2021, more than half of global companies that already use Cloud will adopt a strategy in a 100%-Cloud environment.

Proper protection of this type of environment becomes a growing concern for Security teams and a business must. Thus, the risks associated with the lack of proper protection of the Cloud environment must be considered not only by the Security team but also by senior management, in order to ensure the organizations’ digital sovereignty over data, in addition to business continuity.

Learn more: Remote Work and Increased Usage of Cloud

Lacework researchers, for example, found more than 22,000 container orchestration dashboards and API management systems open on the internet. Among the applications Lacework has found during the research, we have Kubernetes, Mesos Marathon, Swagger API, Red Hat Openshift, and Portainer from Docker Swarm and Swarmpit. Also, according to the research, 95% of these dashboards and management systems were stored on Amazon Web Services (AWS). Although the vast majority of these interfaces have privileged credentials for access control, the researchers consider it an issue that these interfaces are exposed on the internet. This is because anyone with access to dashboards is able to perform tasks such as starting or stopping workloads, adding or removing applications, or even configuring security controls.

Against this background, it would be very easy for security teams to hand over responsibility for the cybersecurity aspect to CSPs (Cloud Service Providers). It is worth mentioning, however, that in distributed environments, organizations should not rely only on their cloud providers to ensure this protection. If the interfaces are not properly configured, the attack surface increases considerably, which brings a greater risk of cyberattacks to organizations’ infrastructure.

Also, new regulatory requirements, such as GDPR and LGPD, require adequate data protection, which can lead to heavy sanctions if not met. For organizations that treat personal data of European citizens, this figure can reach up to 50 million euros, or 50 million reais if the organization treats personal data of Brazilians and is subject to the LGPD, considering that the Brazilian legislation is already in force.

Some of the best practices that can be implemented by the Security teams to reinforce the organizations’ behavior when it comes to the security of Cloud environments and avoid data leaks include:

Having an understanding of their cloud environments

While ease and convenience bring together some of the biggest advantages of using services in a cloud environment, the implementation of workloads is not as trivial as it seems. The security team must commit itself to know all the configurations and permissions of its Cloud-based services, and thus leverage the maximum of the security features integrated with the contracted services. Even though it is an activity that requires extensive effort, it is necessary to ensure the security of the distributed environments.

Checking and configuring credentials and permissions

Organizations that are implementing Cloud approaches may find that using the default security settings is enough to prevent their workloads from being compromised. However, these settings are very basic or even non-existent. Given this, the recommendation is that those responsible for security in the Cloud environment constantly check credentials and permissions and ensure that access to workloads is limited to those who really need access, ensuring the implementation of the Principle of Least Privilege. This can be achieved through a Privileged Access Management solution or PAM. Besides, the use of features such as Multifactor Authentication (MFA) ensures an additional layer of security to the environment immediately.