Privileged password management has now emerged a key aspect of IT management. With ever-increasing number of privileged identities in shared environment, protecting the administrative passwords is absolutely essential, but that alone is not sufficient. IT Managers are required to establish both ‘protective’ and ‘detective’ measures in managing administrative passwords.
While Privileged Password Management deals more with the ‘protective’ aspect of securely storing administrative passwords and restricting access to passwords, the ‘detective’ provisions to monitor password management operations and user activities are highly essential from the standpoint of preventing/identifying insider-threats and ensuring compliance to numerous industry and government IT regulations.
These traps/syslog messages can be sent to a third-party SIEM tool, which can thoroughly analyze and correlate the data from Password Manager Pro with other network events. This results in a more secure infrastructure with an in-depth and holistic view of overall network activity.
The auditing mechanism of Password Manager Pro is quite comprehensive. It records all operations performed by the user including the password viewing and copying operations. The list of important operations that are audited (with the timestamp and the IP address) includes:
- User accounts created, deleted and modified
- Users logging in and logging off the application
- Resources and passwords created, accessed, modified and deleted
Upon the occurrence of any of these events, real-time alerts are generated. The integration with SIEM allows security administrators and auditors to monitor privileged account access and activities from a single console and reconcile security incidents to possible privileged access abuse. With insider threats looming large, specifically due to privileged account access, this ability to quickly understand the root of a security event makes it possible to rapidly respond to attacks and always be in complete control of the computing environment.
The original article/video can be found at Privileged password management: Protection alone is not sufficient