We looked at the importance of privileged access management (PAM) software in our last article. It enforces each user’s access and restrictions of business software and accounts, and it determines which devices will be allowed to interact with the network. The objective of PAM is to drastically limit the exposure of the company’s sensitive data, which is among the most valuable assets that a company needs to protect. Some brands of PAM software can do more than just manage the policies and permissions that govern access rights. Some can also cover the next step of internal network security: tracking and documenting the activity of the top administrators.
Hands on the Controls
System administrators control the cybersecurity of the whole network house. They are the ones who get to determine who gets what permissions within it. A malicious administrator, however, can destroy the internal security of the system with a few simple strokes on the keyboard. They can:
- Install malware
- Create backdoor accounts
- Manipulate or make copies of files and sensitive data
- Make alterations to the system to cover their tracks
Because it is possible for a top administrator to work around a privileged access management system and make off with a trove of data, the network needs to be additionally monitored with an independent surveillance system.
A Network Surveillance System
Some PAM software has system surveillance capabilities. If yours does not, then we advise you to either switch to a PAM software that does have the additional features able to monitor administrator accounts and behaviors, or get supplemental software that will do the job.
A proper surveillance software able to monitor admin accounts will be able to perform the following:
- Monitor network activity
- Log the following activities:
- Executed commands
- Executed scripts
- Applications launched
- Websites visited
- Keystrokes typed during the session
- Identify and manage (accept/reject) all devices linked into the system (i.e, USB devices) during each session.
- Perform regular audits of all system activity, to detect changes in behavior.
Having an Outside Firm Manage Security Administration
By the natural distinctions between the duties of a network administrator and a security administrator, it is good to consider having these two roles strictly divided. Let the Network Admin focus on the day-to-day “reactive” duties, and let an independent resource deal with the more “proactive” nature of security. There is a strong argument for outsourcing. To implement security well, the following activities must be enforced:
- All network users need to be informed that their activities are being surveilled. If there is any employee with a malicious intent, it is better to dissuade them from any attempts by letting all network users know that they are being watched. And, if they are being watched by an independent agency, they will have less access to manipulating a surveillance workaround.
- System alerts, errors, and performance will need to be regularly reviewed. The job of security should never impede the efficient flow of business. To prevent one objective from stepping on the toes of the other objective, regular reviews of the network are essential.
- At the end of the day, humans must assess the behavior of other humans. Software can detect and analyze a lot, but no one has a nose of suspicious activity quite like a good security administrator.