KuppingerCole Report
By Martin Kuppinger

Manage privileged access from everyone & everywhere. Understand your risks. Become compliant.

Privileged Accounts are the high-risk accounts – and they are the target of attackers, both internals and externals. SOCs must implement modern Privilege Management as part of their overall toolset, for identifying and countering attacks. Session Monitoring and Privileged User Behavior Analytics are cornerstones of a modern SOC.

1 Introduction

The IT landscape is undergoing its biggest change at least since the introduction of the PC. Cloud services and mobile devices stand for the hyper-connected enterprise, where everyone has access to everything, and where services reside somewhere, in the organization and in the cloud. This extends the risk surface. It is no longer about protecting some centralized servers in a well-secured data center, but about a sprawl of systems and services.

On the other hand, not only compliance requirements but also cyber-attacks are ever-increasing. Attackers are trying to gain access to privileged accounts, hijacking these. Organizations must react. A key element of counter-measures is implementing a Privilege Management infrastructure that helps monitoring, recording, and analyzing sessions. This helps in better identifying fraudulent behavior. It allows getting a grip on access of external users, but also access to external services. It enables a faster detection of, reaction on and remediation of incidents.

The change in both risk perception and factual risks and the growing number of ever-tightening regulations and audits lead to an increase in the number of privileged users in scope. Privilege Management must go beyond the traditional internal IT administrators. SOCs thus also must not concentrate on few user groups anymore, but on all types of users. They need efficient tools to support this change, beyond SIEM and beyond the traditional Privilege Management primarily focusing on Shared Account Password Management.

This whitepaper explains how organizations can reduce their risk surface with an adequate Privilege Management strategy, particularly focusing on session management and analytics, helping them getting ready for working with service providers, fulfilling the ever-increasing requirements for regulatory compliance, and identifying fraudulent behavior of users and potential attacks.

Modern Privilege Management is more than managing access to shared accounts. It is shifting from system administration towards the SOC and taking a far bigger role than it has ever before.

2 Highlights

  • The changing requirements of SOCs: New types of attacks and the increase in numbers require new approaches for countering attacks
  • Regulatory compl ...
Login Get full Access

3 SOCs, Risks, and Compliance

Ever-increasing cyber-risks and the growing number of ever-tightening regulations and audits change the requirements for SOCs and Privilege Management ...

Login Get full Access

3.1 The changing Risk Landscape

Over the past years, external attacks increased massively. On the other hand, internal attacks remain at a high level, with many of the internal attac ...

Login Get full Access

3.2 The ever-tightening Regulations

While the risks grow, organizations are on the other hand facing ever-tightening requirements for regulatory compliance. Over the past years, the numb ...

Login Get full Access

3.3 The changing Role of SOCs

A central element in fighting the ever-increasing cyber-attacks are SOCs – if organizations have these. In many cases, the IT security department ta ...

Login Get full Access

3.4 Who are today’s Privileged Users?

The third area of change are the users to deal with. Traditionally, the focus has been on a restricted number of internal, highly privileged users suc ...

The change in both risk perception and factual risks and the growing number of ever-tightening regulations and audits lead to an increase in the numbe ...

Login Get full Access

4 Privilege Management: Beyond Shared Account Passwords

Privilege Management is changing. While protecting passwords of shared accounts has been the main discipline in past times, analytics and monitoring a ...

Login Get full Access

4.1 The new scope of Privilege Management

This new scope and role of Privilege Management becomes obvious when looking at the variety of use cases organizations are facing today. Figure 1 illu ...

On the other hand, the perception of what a privileged account is has changed. It is no longer only or primarily the shared account, but every account ...

Login Get full Access

4.2 The Privilege Management Cycle

In consequence, Privilege Management becomes more complex. When implementing or expanding a Privilege Management approach, organizations must focus on ...

Major questions organizations should raise for themselves are:

  • Do we know about all our privileged accounts?
  • Do we protect all privileged accoun ...
Login Get full Access

4.3 SOCs and Logs

When looking at the Privilege Management Cycle, there are three phases that require attention, but also new technologies – even more, when looking a ...

Login Get full Access

4.4 Modern Privilege Management

Modern Privilege Management thus is broader than it has been considered previously. Shared Account Password Management and the related capabilities re ...

Session Management is what enables controlling not only access to certain accounts and sessions, but monitoring, recording, and restricting what happe ...

Login Get full Access

5 The Balabit Approach on mitigating Risk and achieving Compliance

Balabit provides a platform that support customers in addressing the emerging requirements of modern SOCs and Privilege Management. The three solution ...

Login Get full Access

5.1 Balabit syslog-ng

Balabit syslog-ng is offered in three different editions. All of these editions add a number of capabilities to the standard syslogd. The entry level ...

Login Get full Access

5.2 Balabit Shell Control Box

Shell Control Box is a standalone appliance that controls, monitors and audits remote administrative access to servers and network devices. It is deli ...

Login Get full Access

5.3 Balabit Blindspotter

Blindspotter is the latest addition to the company’s portfolio, released in 2015 as a solution for real-time user behavior analysis to help identify ...

Login Get full Access

6 Recommendations

KuppingerCole recommends organizations reviewing their Privilege Management approach and taking a broader view on this essential element of their IT S ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.