Why Privileged Identity Management is not enough?

Privileged Identity Management (PIM) is a very powerful access control solution that capable to enforce the IT Administrators to follow pre-determined or customized policies and requirements (such as allowed time, approval, etc) before accessing a critical system.

 

Why Privileged Identity Management (PIM) is not enough?

Security is not just about who is doing it (identity), but more importantly is about what are they doing (activity).

Most of PIM on market already have a complete video recording that record the entire privileged activity, but it might be not practical and extremely boring to have an IT Security expert watching the entire privileged user activity video replay everyday.

Efficient real-time monitoring could only be achieved by leveraging textual audit log to be analyzed by machine instead of human, some companies have been using state of the art Big Data monitoring tool for this, while some others still use their SIEM.

However, most of the text based audit log in PIM is nothing more than who accessed which account, which server, which application, and when.  Since PIM lacks in textual detail, it could leave a security blind spot for Splunk and SIEM to analyze the risk properly, beside textual detail is important to efficiently generate complete auditor friendly report, watch the reporting demo here.  In the demo, it can be seen that ObserveIT captures every command the user runs, including it’s in-script system calls, thus it provides complete clarity on what is the privileged user doing.

 

Global Excellence Award – Gold Winner in Forensics

Why combines ObserveIT and PIM?

Privileged Identity Management (PIM) is a very powerful in privileged access control, but weak in text based audit log. Beyond a simple audit log, ObserveIT complements PIM with strong and searchable text based audit forensic at scale, thus ObserveIT augmented the privileged user activity monitoring and becomes an official monitoring tool for IBM ISPIM, and CA Privileged Session Manager.   Some other customers who already has CyberArk Privileged Identity Management also implement ObserveIT in order to gain detailed and searchable activity audit forensic (even though there is no official partnership announced between ObserveIT and CyberArk).

ObserveIT integration with PIM enables the corporation to have in depth audit forensic, including what system calls invoked inside the script the privileged user ran.  The audit forensic is searchable, and can be integrated with Splunk or SIEM for real-time and efficient security monitoring.

 

How ObserveIT reduces fraud?

Just like security, fraud is not about who they are (identity), it is about what they do (activity).  Just imagine when there is crime scene like a murder case, a murderer is anybody that kill a person, the murderer might be the victim’s most trusted person, or might be a complete stranger.

Fraud is just the same, it is not about who they are, they could be privileged user, or just a basic user.  But, is it practical to over control everybody’s activity?  Fortunately, people tend to act more positive when they know that they are being watched by somebody else, and that is exactly what ObserveIT does to fight insider cyber crime.  Beside servers, ObserveIT can also be installed in everybody’s PC (with configurable privacy policy to exclude some user/application), so that a corporation could have a clear visibility on who did what in the entire company.

Since ObserveIT is a lightweight background monitoring tool, it won’t change the way the business user interact with system, therefore  comply with PCI-DSS for the entire users becomes feasible for the corporation, as stated in PCI-DSS Chapter 10.1: Implement audit trails to link all access to system components to each individual user (who access the cardholder data).

 

PS: Sometimes PIM is mentioned as Privileged Access Management (PAM), Privileged Account Management (PAM), Privileged User Management (PUM), or Privileged User Manager (PUM), depending on the marketing term used the product maker.  Some PIM act as a simple enterprise password vault which provide simple integration (like password manager), while the others offer higher security with elevated privilege provisioning. But, in general all of them have a very similar functions and features.

Fossa is ObserveIT authorized distributor in Indonesia

 

Fossa is the Authorized ObserveIT Distributor in Indonesia