Complexity and optimism of scalability.
Fail may be too strong of a word, maybe “don’t reach their full potential” is a better way to describe most Privileged Access Management (PAM) projects. They start off complex between vaults, modules, configurations, redefining roles, collapsing access, and more often lasting 6-9 months if lucky, longer if not. Once PAM solutions get implemented, use cases start to grow and pop-up over time. From network switch access to accessing database backups, to a more obscure example like security camera access. More and more use cases get added to support edge cases that distract from the initial goal – getting from A to B securely.
As the PAM solution ages, it gets larger and more ingrained in the corporate infrastructure. APIs, workflow processes, new accounts, new use cases, it can grow out of control quickly. When PAM solutions get overloaded they break with inevitable disruption and financial impacts to the organization. Think of the systems most critical to your operations and how many require your PAM to access them. What impact on your operations would happen if administrators could no longer gain access to make changes? Somehow protecting a PAM’s vault has become as important as keeping critical systems and infrastructure running.
Many organizations cannot see a path forward away from their existing PAM solution/vendor, and that is exactly where that vendor wants you! When switching costs are high, the vendor can rely more on your annual maintenance dollars, give less new features/capabilities, and forcing you into PAM their way, not yours! Many have evaluated competitive PAM solutions, enticed by the new-ness/fresh start offering, but often come to realize the time, expense, and real cost of implementing a replacement PAM solution is prohibitive. It can be a major undertaking, with many decision-makers unwilling to embark on the rip and replace exercise.
Most current PAM solutions don’t really reduce your attack surface, instead, they may actually be adding to it. All those privileged accounts increase your attack surface. Those accounts are potential vehicles for attackers to use to gain privilege access. Those accounts hold privileges even when not in use, therefore the more accounts you have, the greater the attack surface (also known as standing privileges). Unfortunately, most PAM solutions do little to reduce privilege accounts and reliance on a password vault, because it disrupts how their solution works and revenue flow.
Vendors such as Stealthbits have innovative technology that can reduce attack surfaces and simplify PAM administration by offering temporary privilege accounts that are created when needed and discarded when not. We use Activity Tokens, or ephemeral accounts, more like an Uber/Lyft/Taxi ride that gets privileged users from A to B efficiently, without leaving artifacts behind. No need to house and maintain our own fleet when someone might need a ride. With Stealthbits Privileged Activity Manager™ (SbPAM™), you have privilege access “rides” whenever you want/need them without having to maintain, store, and secure multiple accounts/taxis. Simply request access and if you’re authorized, it’s provided within seconds and removed upon task completion. Simply, secure, the way WE SHOULD BE PROVIDING PRIVILEGED ACCESS!
With Stealthbits’ unique ability to enable the use of an existing vault, and layering our technology on top, we help organizations realize a clear path toward a new PAM solution without the cost and disruption of swapping out a completely new solution or throwing away previous significant investment. Use your current PAM solution/vault to manage the rotation of break-glass accounts such as administrator and root. Then use SbPAM to safely and securely get your sysadmins to the infrastructure they need to manage with zero attack surface.
Different than all other PAM vendors, Stealthbits gives you vault options. Want to use an existing vault you spent precious time and effort perfecting, we can do that! Want to use our vault because you’re vault-committed, we can do that! Want to operate without a vault at all, we can do that! At the expense of sounding too marketing-speak, we want to provide you PAM options to deliver privileged access your way, not ours.
SbPAM overlays on top of your existing PAM solution to decrease an organization’s privileged account attack surface, and reduce the load on an existing PAM solution. We are priced accordingly and can even save more with zero cost scale-out architecture and mesh self-healing VPN network. We were named Best Privilege Access Management GOLD WINNER 2020 by Cybersecurity Excellence Awards.
“…the option for customers to integrate their own existing password vault into its technology rather than have to buy one from Stealthbits, a feature Ovum considers to be a significant differentiator.”– Rik Turner, Ovum (3rd party data research and consulting firm)
Martin is Vice President of Product Strategy at Stealthbits – Now part of Netwrix.
Martin is an experienced technologist, with over 30 years in the Privileged Access Management and security space. Prior to Stealthbits, Martin led the privileged access team at BeyondTrust where he took their password management solution from unknown to a recognized leader in the industry within 3 years. At BeyondTrust he also drove the development of their first SaaS PAM product as well as a new micro service-based platform for DevOps security. Prior to BeyondTrust, Martin held key management positions at Quest/Dell, Novell, Fortefi and Symantec. He is a recognized expert and a regular speaker for security events and webinars.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.