European IT pros reveal top reasons to monitor privileged users

BalaBit IT Security announced results of a recent survey of IT security professionals about use of privileged identity management (PIM) and privileged activity monitoring (PAM) technology.

Of those surveyed, respondents ranked the reasons for monitoring privileged users, from most to least important, as follows:

1. Detect/track suspicious user behavior and prevent incidents — 60 percent considered this the most important factor

2. Control and audit IT service providers

3. Control and audit internal IT staff

4. Support IT/network staff in troubleshooting

5. Support internal business processes (i.e., reporting)

6. Meet/prove compliance with regulatory requirements

7. Control and audit virtual desktop infrastructure (VDI) users

8. Reduce costs for IT operations

9. Support forensics investigations

10. Reduce costs for security audits.

“With compliance as the sixth most important reason for companies to deploy PIM, it is reassuring to see that most companies recognize it is more important to increase their operational efficiency by increasing the security level and managing people than only ‘checking the box’ and passing the audits,” said Zoltan Gyorko, CEO of BalaBit IT Security.

Altough 98 percent of respondents said that a PAM tool could increase the level of protection to their system security, a relatively high number of 16 percent stated that they have no solution deployed at all to protect against malicious insiders.

“It’s disturbing that so many decision-makers are still ignoring the human factor and making their procurement priorities based on the physical and virtual infrastructure. The most commonly used product, firewalls, are completely ineffective against handcrafted attacks, especially APT or internal attacks. It is clear from today’s headlines that these types of attacks are happening with much more frequency and are not only a common source of data breaches but the primary source of the most costly cyber attacks,” said Gyorko.

Additional survey findings include:

• Those who have any kind of tools against internal attacks use at least two different products at the same time to provide the required protection. Although almost all companies have been using firewalls, only 63% of the interviewed said that they use firewall options such as access policies to prevent internal cyber-attacks
• 37 percent use identity/password management
• 30 percent use network access control (NAC)
• Activitity monitoring is performed by 25 percent of the companies
• Almost two-thirds would prefer to have a standalone, turnkey appliance for PAM purposes.