6 PAM technology integrations that should be on every PAM admin’s to-do list
Chris Smith
Mastering the art and science of integrating other technologies with PAM solutions to enable maximum cybersecurity visibility and efficiency is no small task.
Start from the premise that PAM controls work best when they are integrated with other IT and cybersecurity tools. With tight integration, the IT Admin with an advanced level of knowledge can help his or her organization gain better visibility into threats, generate timely reports, and keep information current in order to make more informed decisions and minimize risks.
We examine six technology integrations here.
1 – PAM integrated with IAM/IGA
While PAM secures access to key system and admin accounts, Identity & Access Management (IAM) is for every user account in your organization. IAM enables the right individuals to access the right resources at the right times for the right reasons. By integrating IAM/PAM you can coordinate governance throughout the privileged account lifecycle. That means tracking privileged account ownership, flagging accounts that aren’t being used, automating the provisioning of new accounts, simplifying the assignment of privileged accounts, and making it possible to regularly limit access.
Integration also enables you to meet compliance and regulatory reporting requirements efficiently and with minimal overhead. IAM tools that include Identity Governance and Administration (IGA) typically provide monitoring and reporting capabilities necessary for a compliance program. These tools are helpful for ensuring broad compliance with security protocols and identifying outliers. They also help with separation of duty control, access request handling, and re-certification of access (continuous re-certification or trigger-based re-certification throughout a lifecycle, rather than requiring manual periodic review).
Your account management process must be coordinated every step of the way with your PAM solution
2 – PAM integrated with Active Directory
Privileged user accounts are typically located in a central authentication system running in Active Directory (Windows) or in another central identity and authentication system that manages accounts, groups, and employee permissions. Password changes can be challenging in one system; when you attempt to keep multiple systems in sync, there’s a high likelihood that errors can occur. Your account management process, from creation to rotation and de-provisioning, needs to be coordinated every step of the way with your PAM solution.
3 – PAM integrated with IT Service Management
Most organizations have numerous service management systems to help support workflow and IT processes. A PAM solution will be implemented more quickly and completely—and will be more sustainable over time—if it shares information with systems that your IT operations team relies on to do their jobs.
Asset management systems, for example, track approved endpoints and applications in use throughout your organization. As you deploy your least privilege and application control policies, connecting with these systems improves the privileged account discovery process and helps keep your account inventory up to date. You can set up a least privilege policy for new endpoints faster and easier by integrating with the same tools IT uses for the configuration and deployment of new devices. You can also integrate application control with your helpdesk ticketing system to manage user requests for applications and endpoint support. Application elevation requests can be managed directly in the system, enabling continuous communication and event tracking.
4 – PAM integrated with Vulnerability Scanning
Integrating your PAM solution with vulnerability testing tools helps ensure that vulnerability scans have the correct credentials to scan systems for missing patches and when a patch is being applied. This helps make sure the correct credentials are being used, and patches are installed correctly. Integrating PAM allows for a more thorough vulnerability assessment than you would be able to achieve with penetration testing alone.
5 – PAM integrated with Threat Analytics
Integrating PAM tools with threat analytics helps you keep pace with cyber criminals as they develop new malware and advanced strategies for attack. Threat intelligence databases such as VirusTotal provide blacklists that you can build into your PAM tools and block known malicious applications from running. Artificial intelligence and machine learning from tools like Cylance can also help you anticipate and detect malicious activity.
6 – PAM integrated with SIEM
Enterprise IT and security teams typically rely on Security Information and Event Management (SIEM) and log management tools, such as ArcSight, Splunk, and LogLogic, for centralized reporting and coordinated incident response. As part of a risk-based approach, these tools classify and score a wide range of events to prioritize business and technical risk.
Events associated with privileged accounts can be correlated with your overall risk ranking process and workflow so that administrators receive alerts in the same system they would normally use. Any SIEM system using Syslog format should be compatible with PAM tools. When integrated, an administrator can set up a filter for certain activities associated with privileged accounts, and those events are logged with different alert levels depending on their potential risk. For example, administrators may want to know and act quickly if users are locked out, if “unlimited administration” mode gets turned on, heartbeats fail, or secrets expired. SIEM tools are also good for generating consolidated reports for company leadership and auditors to demonstrate cybersecurity progress.
Integrating existing tools with your PAM program ensures your IT operations and security teams are all working toward the same goals
Where to go from here
Integrating all these technologies with your PAM solution is no small feat. You will need a PAM solution that can be easily customized with APIs that will fit your specific cybersecurity environment and toolset. Integrating existing cybersecurity tools with your PAM program ensures your IT operations and security teams are all working toward the same goals. When PAM becomes a core element of your ongoing cybersecurity efforts, both PAM awareness and adoption increase across your organization.
All-in-One Extended PAM Toolkit