Securing Network, IoT, ICS and SCADA Against Privilege Risks

Like most organisations you likely have dozens – if not hundreds or thousands – of nodes that comprise the outermost boundary of the network.  Typically these are  routers, switches, firewalls, IoT or SCADA devices.  And while it’s relatively easy to monitor and report on network activity or performance on these, or advise about  security risks or compliance problems, these are usually reactive measures.

To best protect critical network assets, it makes sense to be proactive in order to limit not only who can assess these devices, but also what they can do with their access in the first place?

Privileged Device Access?

It is a consistent challenge for many organisations to be proactive in limiting privileged access to network nodes.  There are some good reasons why:

  • Basic command blacklisting isn’t granular enough, and creates too many workarounds
  • Most network devices do not allow the installation of agents, limiting depth of control
  • Many network tools are manufacturer-specific.  If you have a network with multiple vendor products, this is problematic.
  • Password management is a great starting point, but needs to extend past when a user obtains the credential?

PowerBroker for Networks – Command Control and Auditing for Network devices including Routers, Switches, IoT, ICS and SCADA

BeyondTrust has finally solved the problem of the lack of privilege control and auditing on devices with the introduction of PowerBroker for Networks.  Building on more than 30 years privileged access management experience, PowerBroker for Networks is an industry-first solution that controls, audits, monitors and alerts on activity on network devices.  It is fully integrated with the PowerBroker Privileged Access Management Platform, and allows the same level of control and audit on network devices as is available on Windows and UNIX/Linux servers, and closes a risky gap common that exists in most corporate network environments today.

A 2-minute overview of the key features of PowerBroker for Networks 

PowerBroker for Networks Use Cases

Multiple different use cases in securing network devices can be satisfied by using PowerBroker for Networks.

Centralised Authorisation and Logging

PowerBroker for Networks provides all authorisation and logging functions from a centralised, high-availability infrastructure via one or more gateway servers, with no local caching of policy information to prevent any tampering.  This applies to authorised activities, as well as session logs which are streamed live to log servers.

Reducing the Overhead in Managing Policies

The PowerBroker for Networks policy language is flexible and powerful and able to be configured with functions and procedures to make exception handling or broad restrictions easy to manage.  Building a single function to restrict access to files and applying it to many policies reduces the overhead required to manage PAM functions in an enterprise.  Both regular expression handling, and explicitly defined commands are supported, and within the limits of the device operating system, commands can be validated prior to execution.

Overcoming Agent Restrictions – a Platform Agnostic Approach

PowerBroker for Network delivers an agentless deployment as most network devices do not permit the installation of secondary or tertiary software.  Using a proprietary method of wrapping sessions in strong controls permits full control without the possibility of voiding a warranty, or introducing software to a network device that may be under lease from a third-party provider.  Since PowerBroker for Networks does not rely on an agent, but rather on the connection protocols (SSH or telnet) to broker sessions, this makes the tool platform agnostic.  Virtually any session that uses telnet or SSH can be strictly controlled.

Who Wins?

With PowerBroker for Networks, network admins gain rule enforcement to reduce or eliminate misconfiguration, role-based access controls that confine activity for teams and groups to what is authorised, and audit logging to provide an irrefutable audit trail of activity.

Security teams gain comprehensive coverage of devices where currently there is little or no visibility, and visibility into user behaviour and activity to enhance insider threat program reporting.  Audit teams get complete coverage of devices where reporting was previously difficult or impossible, and industry-recognized event logging and reporting.  And CISOs gain unprecedented visibility into network security perimeter – including IoT – as well as industry-leading audit reporting to reduce the cost of audit, and to enforce compliance of policies and standards in the network environment.

Take Control of Your Network Devices Today

Want to learn more about how PowerBroker for Networks can help?  BeyondTrust have created a series of six short videos that demonstrate key features. You can check them out here.

For a complete list of features and recommended product architecture there’s also a white paper: Securing Network Devices Against Privilege Risks.

To schedule a demonstration, contact us today!

Source link