19
January 2022
Announcing Osirium PAM v8.0 - MFA, JIT, and a lot of security goodness
Mark Warren
A Major Update for Osirium PAM
Today we announced a new level of protection for powerful administrator accounts with the release of Osirium PAM v8.0. Based on customer requests and feedback, we're really excited about this major update. The new release focuses on two critical new and enhanced capabilities making it easier for businesses to adopt zero-trust security strategies: scheduled and approved access to administrator accounts, and built-in multi-factor authentication (MFA).
Zero-trust is a rapidly growing security model in many organisations. According to MarketsandResearch.com, “The global zero trust security market size is expected to reach USD 59.43billion by 2028, registering a CAGR of 15.2% from 2021 to 2028” - that means a lot of organisations are adopting zero-trust. It even gets attention at the highest levels. In the USA, President Biden issued an Executive Order to improve cybersecurity in federal organisations, including particular focus on protecting privileged accounts and adoption of Zero-Trust Architectures.
Pre-approval for Just-in-Time Privileged Access
Zero Trust Architectures cover a wide range of IT systems and capabilities. One of the most critical is removing implicit trust for users accessing privileged accounts. According to the Verizon Data Breach Incident Report 2021, Privilege Misuse is the most common factor in data breaches - 80% of all attacks.
As recommended by the National Cybersecurity Centre, to minimise the risk of privilege misuse, access to privileged accounts should only be granted as and when needed then removed as soon as it’s no longer required. That's often referred to as "no standing privileges." Indeed, this is a requirement of many standards including Cyber Essentials, ISO27001, NHS DSP and many others. But it's a pain to implement because it makes it impossible for Admins to access the systems and devices they need unless a request for access is approved by a manager or senior expert.
Osirium PAM v8.0 builds on its existing support for requesting and approving privileged access by approving access for a specific time frame in the future. For example, if an update needs to be applied overnight at a weekend, the access can be granted for that maintenance window rather than being open all weekend or assuming a senior staff member is available to approve the request the time it’s needed (and no one wants to waiting around at that time just in case they need to give and approval!)
Built-in Multi-Factor Authentication
Another key enhancement to further securing privileged access is the addition of built-in MFA. Currently, Osirium PAM customers integrate an external MFA tool. With PAM v8.0 MFA is now available to all customers, even if they don’t already have an MFA provider. It has Timed One-Time Passwords (TOTP) that supports the RFC 6238 standard so popular authentication apps from Microsoft, Google and others can be used to prove the identity of the PAM. You can see it in action in the video below. The result: enhanced security and reduced cost and complexity.
This extends the already flexible authentication options provided with Osirium PAM, so if you already have a singe sign-on or MFA solution, PAM will work with them as well. After all, when PAM separates users from admin credentials, it's critical that the identity of that user is secure.
Enhanced Usability and Security
The release also sees significant improvements to the PAM user experience, making admin tasks faster and simpler, with changes like a "recently used" device list for quick re-connects to the systems you use often, and an improved search.
The PAM virtual appliance also includes a major update to the underlying database to simplify cluster management and updates and the appliance OS has been updated to the latest version to get all the latest security updates.
Osirium PAM v8.0 is yet another exciting release from Osirium and shows our continued investment in improving security, simplifying Privileged Access Management and responding to customer requests.
If you'd like to know more, please get in touch.