Many businesses, financial institutions and regulated authorities have implemented a Privileged Identity Management (PIM) solution to address security requirements for the monitoring of privileged user activity. These solutions are especially relevant for servers which are controlled by IT / system administrators (sysadmins).
Such solutions are traditionally designed to grant secure access to specific destinations via a password vault. When a sysadmin requests access to a specific server, the vault will grant access by providing a temporary administrative account and then begins recording the session. Access rights will be granted for the duration of the session until the task is completed, and then the session is closed.
The key benefit of such solutions comes from the tight control of login credentials, ensuring that the sysadmin never has visibility of the password. This increases the organization's security defenses against unauthorized configuration changes, data compromise and other insider threats.
Additionally, session recording is used to ensure that regulated companies have the tools to meet their audit requirements for the monitoring of privileged activity.
However, session recording alone is inadequate when adhering to many audit requirements or security policies, or indeed, the more advanced internal and external threats that are facing organizations every day.
These PIM solutions, when used in isolation, simply do not provide enough protection. Assuming that sysadmins do not attempt to hide their unauthorized activity, any damage captured in recording has already been done. The challenge for IT teams is to find a solution that enhances and complements their existing vaulting and session recording technology.
By building upon their original investment, organizations can increase their security defenses and take a more proactive stance to combat todays advanced threats.