Extended PAM: Intelligent automation for risk-based, adaptive privilege
Jon Kuhn
Why Privileged Account Management must be extended
In my previous blog, Extended PAM for integrated, multi-layered cyber defenses, I explored the reasons why we at Delinea believe that privilege is the future of cybersecurity. Over the course of my career in cybersecurity, I’ve seen the rise of many promising solutions, but at the end of the day, compromised credentials and ransomware always found a way around even the most well-funded in-depth defense approaches. Why? Because they didn’t secure the weakest link—identity.
Having seen first-hand how Privileged Access Management (PAM) protects privileged systems by securing identity—via features like credential protection, Multi-Factor Authentication (MFA), session auditing and recording, and Just-in-Time (JIT) privilege elevation—it became clear that there is a tremendous opportunity to secure organizations’ growing attack surfaces by extending PAM. In today’s modern organization, sensitive data and risky access are everywhere, not just in privileged systems.
But for this extension to be effective, PAM needs to evolve dramatically.
Extended PAM is automated & interconnected
Our vision for Extended PAM requires several things: increased automation to efficiently elevate privilege and provide broader context about suspicious activity, seamless data sharing with the full range of modern security tools, an intuitive user interface, and coverage of the full range of hybrid infrastructures and new departments like DevOps.
Why Delinea can deliver Extended PAM
Fortunately, Delinea is perfectly positioned to deliver Extended PAM, with an award-winning product portfolio, patented innovations, and decades of history in the industry. We were the first PAM vendor with solutions built in the cloud, and we have deep experience leveraging enterprise Identity and Access Management (Active Directory and Identity as a Service)to control access and privileges for infrastructure, databases, and legacy applications.
Delinea’s current capabilities cover the full cycle of PAM maturity, including:
- Advanced vaulting for all types of secrets (passwords, credentials, SSH keys, certificates)
- On-premise and cloud discovery of assets
- Endpoint (both workstation and server) privilege elevation management (to prevent lateral movement)
- Remote access with session management and recording
- Identity checks at every point in the access chain: MFA at login and elevation
- PAM for cloud and machine identities, service account governance, and DevOps secrets vaulting
- Privileged Behavior Analytics to measure baseline behavior and identify unusual behavior
Coming Soon: The Delinea Platform
Over the next 18 months, Delinea will begin to offer our current solutions within a unified, cloud-native platform that will simplify the way we deliver the full breadth of our identity security capabilities.
The Delinea Platform will seamlessly extend identity protection and authorization across a larger footprint within the enterprise—ultimately to all users and identities—while offering new adaptive authorization features that will help IT and security teams efficiently reduce risk across the attack surface.
Our first step in extending PAM is to expand discovery and visibility so that you can monitor, control, and report on privileged access authorizations for all infrastructure and applications.
This ultimately must cover any account or machine no matter what authentication source is used, across everything from infrastructure to SaaS apps, thus providing adaptive, granular access and authorization controls for the entire organization.
Delinea can deliver on the promise of Extended PAM
What makes this expansive vision possible?
Our products will leverage our current behavior analysis technology and recommendation engine, using machine learning to respond to unusual and risky behavior. This will automatically enable adjustment of individual privilege policies and the granting of just-in-time access to users, while intelligently adjusting their level of privilege based on risk.
Instead of relying on standing access and overprivileged identities, all users, roles, systems, and machine identities can be intelligently granted access and privileges as needed.
As risk changes, your team can be alerted and your response workflows automated
As our Extended PAM vision is fulfilled over time, Delinea’s solutions will continuously assess risk for every machine and identity in your environment so that as risk changes, your team can be alerted and your response workflows automated.
Through 2023, Delinea PAM customers should expect to see:
- Consolidating the full range of PAM capabilities in a singular cloud-delivered SaaS platform
- Smarter analytics that create auto-adjusting policies for access and privilege
- Intelligent risk scoring, using machine learning models, which will make privileged access policies more automated, while decreasing risk
- A single interface for more efficient administration and reporting
- Growing integrations with popular tools and vendors
All these capabilities will be built on a single cloud-native platform, delivered in phases.
This improved experience will help our customers reduce identity risk in their adoption of cloud environments and SaaS apps, speed up deployment with fewer resources, and easily integrate with authentication vendors—all delivered with exceptional reliability.
Ultimately, we are excited to offer a more intelligent, adaptive, and resilient Extended PAM platform to make your organization more secure.
This post is part of a 2-part series:
Read Part 1: Extended PAM for integrated, multi-layered cyber defenses
All-in-One Extended PAM Toolkit