Scribd
Upload
71 views22 pages

Introduction To Cybersecurity & PAM

The document discusses the concepts of Identity and Access Management (IAM) and Privileged Access Management (PAM). It defines PAM, describes why it is important for security, and how PAM systems work to securely manage privileged user accounts and monitor privileged access. The document also discusses benefits of PAM and differences between PAM and IAM.

Uploaded by

Shahbaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views22 pages

Introduction To Cybersecurity & PAM

The document discusses the concepts of Identity and Access Management (IAM) and Privileged Access Management (PAM). It defines PAM, describes why it is important for security, and how PAM systems work to securely manage privileged user accounts and monitor privileged access. The document also discusses benefits of PAM and differences between PAM and IAM.

Uploaded by

Shahbaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

ISAC IAM/PAM

Inaugural Session
Information Sharing and Analysis Center
- By Shahbazuddin
Introduction to Cybersecurity

• The term cybersecurity is used to refer to the security offered through online
services to protect your online information.
• With an increasing amount of people getting connected to internet , the
security threats that cause massive harm are also increasing.
Need of
Cybersecurity
• Cybersecurity is
necessary since it helps
in securing data from
threats such as data
theft or misuse, also
safeguards your systems
from viruses.
Major Security Problems

• Virus and Worms


• Hacker
• Malware
• Trojan Horses
• Password cracking
Business Products

• Data Loss Prevention (DLP)


• Multi Factor Authentication (MFA)
• Web Application Firewall (WAF)
• Security information and event management (SIEM)
• Identity & Access Management (IAM/PAM)
• Vulnerability Assessment (VA)
What is PAM?

• Privileged Access Management refers to systems that securely manage the


accounts of users who have elevated permissions to critical corporate
resources. These may be human administrators, devices, applications and
other types of users.
• Privileged user accounts are high value targets for cyber criminals. That’s
because they have elevated permissions in systems, allowing them to access
highly confidential information and make administrative level changes to
mission critical systems and applications.
What is PAM?

PAM consists of 3 main components :-


• Access Management – allows
organization to control who can access
which account
• Session Management – allows
organization to monitor the session
activity of account
• Password Management – Cycling of
password to reduce risk exposure
The 7 Deadly Privileged Accounts You MUST
Discover, Manage, and Secure

• Domain Admin Accounts


• Domain Service Accounts
• Local Admin Accounts
• Service Accounts
• Break glass Accounts
• Application Accounts
• Shared Accounts
Why is PAM Important?

• Privileged accounts exist everywhere. There are many types of privileged


accounts, and they can exist on-premises and in the cloud.
• They differ from other accounts in that they have elevated levels of
permissions, such as the ability to change settings for large groups of users.
• Privileged accounts present a serious risk. Cyber criminals are more
interested in stealing credentials for privileged accounts than any other type
of accounts. Thus, they present a challenge for IT departments.
How do PAM system work?

• A PAM admin uses the PAM portal to define methods to access the privileged account
across various applications and enterprise resources.
• The credentials of privileged accounts are stored in a special-purpose and highly secure
password vault.
• The PAM admin also uses the PAM portal to define the policies of who can consume access
to these privileged accounts and under what conditions.
• To ensure security, the PAM user is usually asked to provide a business justification for using
the account. Sometimes manager approval is required as well.
• Often, the user isn’t granted access to the actual passwords used to log into the applications
but instead is provided access via the PAM.
How do PAM system work?

• Additionally, the PAM ensures that passwords are frequently changed, often
automatically, either at regular intervals or after each use.
• The PAM admin can monitor user activities through the PAM portal and
even manage live sessions in real time, if needed.
• Modern PAMs also use machine learning to identify anomalies and use risk
scoring to alert the PAM admins in real time of risky operations.
PAM Benefits

• Protect against Cyber criminals


• Protect against inside attacks
• Greater Productivity
• Ensure Compliance
How is PAM different from IAM?
• Privileged Access Management is sometimes confused with Identity Access
Management (IAM).
• IAM focuses on authenticating and authorizing all types of users for an
organization, often including employees, vendors, contractors, partners and even
customers.
• PAM focuses on privileged users, admins or those with elevated privileges in the
organization. PAM systems are specifically designed to manage and secure the
access of these users to critical resources.
• Organization need both tools if they are protecting against attacks.
Gartner Magic
Quadrant for
Access Management
• CyberArk Named a
Leader in the 2022
Gartner® Magic
Quadrant™ for PAM –
again!
Careers & Certifications
• PAM technology came into existence around the turn of the millennium to
address the growing need for control of privileged access in networked
environments.
• Its importance has only increased since then, with the sudden expansion in
remote working caused by the COVID-19 pandemic and the concomitant
boost to cloud adoption combining to make it even more vital to monitor
and control privileged access.
ISAC

You might also like