Paul Lanzi, Co-Founder and COO
A typical organization operates in the dark when it comes to its employees’ privileged access (PA) to the critical systems. How long do the employees need PA? What part of the administrative access should remain with them if they move to a different department or role? Questions such as these are seldom addressed in any organization. “What many organizations don’t realize is that excessive PA can not only lead to hacking but also to inadvertent misuse by the employees,” informs Paul Lanzi, Co-founder and COO of Remediant. “To that end, knowing which employee needs the authorization, and for how long, is crucial. It also pays to keep a tight vigil around the highly sensitive systems.” As the saying goes, ‘Knowing the problem is half the problem solved,’ but the enterprise world lacks the tool to quantify excess PA.
Innovative, enterprise-class cybersecurity firm Remediant has developed SecureONE, a solution that helps companies detect, monitor, and manage the level of PA allotted to the employees (or accrued by them over time inadvertently).
At the outset of the client engagement, Remediant offers a free onsite proof of concept that lets clients run SecureONE in scan-only mode to gain insights into the areas in their ecosystem where PA is active. This initial discovery process gives clients the full scope of the problem at hand and only takes a couple of hours even in large enterprises. With this information, clients can turn on the ‘Protect’ mode in the solution through which PA across the board is turned into just-in-time access protected by multi-factor authentication. Subsequently, every change in the PA attribution level is tracked and reverted automatically if found to be anomalous. Such a strategy allows companies to steer clear of the unnecessary operational overhead of redrawing the PA map all over again after the implementation of the solution.
We change the status quo by shifting the MFA control point from an endpoint location to a centralized web portal
There are regulations, such as multi-factor authentication (MFA) as part of NIST 800-171, in place to ensure that PA attribution is protected. However, implementing MFA across thousands of systems can be daunting, to say the least. “We change the status quo by shifting the MFA control point from an endpoint location to a centralized web portal,” says Lanzi. The portal becomes the single compliance checkpoint to ensure all PA is done through MFA swiftly.
For maximum benefits, Lanzi believes that PA management has to move away from the current siloed nature to be part of a broader fabric of information security solutions deployed in an organization. Taking a pioneering step, Remediant streams all the data pertinent to just-in-time escalation to the SIEM solution for better reporting and alerts. This strategy helps in the real-time detection of compromised credentials. Lanzi explains, “For instance, if we find SecureONE denying access to an account holder trying to log into a system with PA despite accurate credentials, the information related to this event of denial is shared with the SIEM for further investigation.”
Defense giant, Lockheed Martin, is leveraging SecureONE’s MFA and dynamic privilege access to instrument its regulatory performance while minimizing the impact on ongoing operations. SecureONE improve compliance operation and security, and just-in-time access to individual systems to reduce lateral movement risks. Remediant’s aggressive timeline and full-lifecycle implementation allowed Lockheed Martin’s more than 150,000 endpoints to be secured in a few months versus years for password-vault based solutions.
Besides growing tremendously in recent years, Remediant is now supporting Mac and Linux systems, so DevOps teams can work in a highly secure environment. The company aims to take its value higher by integrating with other information security tools.