In an exclusive interview with Security Advisor ME, Rajesh Ganesan, vice president, ManageEngine, discussed how its latest privileged access security offering can enable organisations to maintain control and visibility into their critical assets as they adopt zero-trust models.
As organisations increasingly embrace digital technologies, many security teams are facing challenges in maintaining managing and protecting various assets and systems that reside in multiple environments.
Traditional IT perimeters are becoming more fluid and dynamic as fast-growing technologies like cloud, mobile and virtualisation make the security boundaries of an organisation blurry.
In the face of growing threats, it is now more important than ever for organisations to implement strategies and solutions to manage and control access to enterprise systems and data.
Today, privileged access security has become one of the top IT priorities for CISOs as they seek to reduce the risks of cyber-attacks by protecting their organisations from unauthorised access. The importance of implementing privileged access management (PAM) solutions is undeniable. Fundamentally, a user with privileged access holds the keys to the kingdom, access to the highly valuable and confidential information, which are attractive to cybercriminals.
However, as privileged access solutions are typically centred on users, organisations need to implement a comprehensive PAM solution that will allow them to gain the right visibility and control over who gets to access their assets.
When privileged accounts are used in unintended ways, it can cause security incidents that could have a devastating impact on an organisation’s reputation and bottom line.
“Monitoring and regulating access to privileged accounts are critical to enterprise security,” said Rajesh Ganesan, vice president, ManageEngine.
“When people access systems and information that they are not supposed to, they leave their organisations susceptible to data security breaches,” he explained.
According to Ganesan, organisations today need to employ a ‘zero-trust’ approach, which requires strict verification for every person or entity attempting to access critical controls and data, regardless of whether they are sitting within or outside of the network perimeter.
“In addition, enterprises need to have a 360-degree approach to privileged access security to gain comprehensive visibility into who gets access to their assets and stay ahead of the growing threats,” said Ganesan.
To enable organisations to achieve this, ManageEngine has launched PAM360, a complete privileged access security solution that offers enterprise-grade capabilities in privileged access governance, including just-in-time controls and privileged user behaviour analytics (PUBA).
“ManageEngine has strong security offerings such as password manager, active directory infrastructure, security information and event management (SIEM) and IT analytics among others,” said Ganesan. “With PAM360, what we have done is integrated those solutions with PAM to provide organisations with a unified and comprehensive approach to privileged access security.”
In addition, Ganesan noted that security should always be a business enabler and should not impede productivity within the organisation. That’s why PAM360 allows security teams to orchestrate and automate workflows from a central console.
“PAM360 also record videos of privileged sessions, which allows security teams to better monitor users that access critical resources,” he explained.
Equipped with user behaviour analytics, PAM360 also creates baseline behaviours and detect anomalies in privileged account activity by correlating privileged access data with endpoint event logs. This accelerates remediation on privileged access misuse.
When it comes to developing their security strategies, organisations often focus on external threats and overlook internal ones. The human factor plays a vital role in cybersecurity.
“That’s why, more than having the latest tools in the market, we believe that there should be constant education and training within the workplace,” said Ganesan.
“Organisations need to instill a security-aware culture by ensuring that everyone within the enterprise has a proper understanding of the cyber risks and the proper steps to take action. At ManageEngine, we are committed to providing our customers not only with the best security tools like PAM360 but also with proper training and education on the skills they need to stay cyber resilient,” he said.
[PAM360 is available immediately in Enterprise and MSP Enterprise editions. The Enterprise edition pricing starts at $7,995 for 10 administrators and 25 keys. The MSP Enterprise edition pricing starts at $11,995 for 10 administrators and 25 keys. A free, fully functional trial version is available here.]