For those most concerned with IoT devices, the Unix and Linux subset of controls will prove quite useful. However, another subset of controls called Privilege Management for Network, IoT, ICS, and SCADA Devices may be a better fit. Here, administrators can manually define policies for specific devices as well as register and manage access to those devices. What’s more, administrators can record sessions and have a complete audit trail of user activity across all network, IoT, ICS, and SCADA hardware.
All the shortcuts offered on the Privilege Management Console launch additional dashboards, which support drill down into more informational screens.
Arguably, the most important component of Endpoint Privilege Management is policy definition and execution. Defining policies can be somewhat complex, depending upon the level of integration offered by the particular endpoint. However, integrated policy debugging helps administrators vet policies before deployment, ensuring that proper rules are applied.
There are several different policy definitions available and policies can be associated with users, groups, devices, and more. Global default policies can also be created as a starting point, with more granular policies available for specific use cases. A global policy is a good way to shut down all privileges and then only open privileges via other policies based upon the user.
BeyondTrust does an excellent job of inserting PAM into heterogeneous networks, which should help secure the growing ecosystem of IoT devices. What’s more, the company’s platform approach brings with it a unified methodology to control access, while also giving full visibility into privileges assigned and a complete audit trail.
As compliance needs increase and networks become more distributed, organizations must account for the who, what, when, where, and why of access. Based on behavioral analytics, BeyondTrust automates control of privilege assignments, preventing unauthorized access if any user or device behavior falls out of the calculated norms.
The Endpoint Privilege Management platform can also serve as a foundation for integrating BeyondTrust’s vulnerability management, secure remote support, privilege-based remote access, password and session management, and change auditing solutions.
By using the concept of privilege as the litmus test of access, BeyondTrust shifts the paradigm from predefined access to just-in-time access based on policies and actual use. That will go a long way toward protecting networks components from inappropriate use.
List price starts at $40 per seat, with volume discounts available.