The 2019 Verizon Data Breach Investigations Report (DBIR) found that out of all attacks – 29% of total breaches involved the use of stolen credentials – second only to phishing. No doubt that number will keep climbing in 2020 and beyond since we hear about ransomware, insider threats and password-related breaches in the news on a daily basis. The fastest path for an attacker to move across and infect a company network is by compromising an administrator account with unnecessary standing permissions.
The reality is that this is still the case even though Privileged Access Management (PAM), as an industry, has been around for 20 years. Why is that? Because incumbent solutions are password vault-based approaches to PAM:
- Cannot scan networks to discover where privileged access currently exists;
- Do not reduce the blast radius and violate the principle of least privilege by enabling standing, always on access to administrators to network assets (aka Standing Trust);
- Add friction to the administrator experience by requiring shared service accounts and additional authorization steps; and
- Can’t reach company-wide scale because they require intrusive permissions to function.
One of our newer portfolio companies is Remediant, a Silicon Valley-based security startup that is rethinking privileged access by reducing Standing Trust. Gartner coins this term Zero Standing Privilege (ZSP). Remediant’s SecureONE solution has been deployed to directly minimize Standing Privilege in minutes across organizations of large scale to:
- Continuously discover privileged access - across a network;
- Single action remove of standing privilege - across the network;
- Just-in-time administration (JITA) to only the right asset, using the administrator’s own account; and
- An agentless, vaultless single appliance deployment.
Competitors in the PAM space are now adopting JITA in response but still depend on the persistent service accounts necessary for password vaults to function. Remediant’s Zero Standing Privilege approach renders privileged accounts useless to unauthorized users, even if they possess account credentials.
Our team at ForgePoint is excited by Remediant’s progress through a number of industry awards, top tier analyst recognition, technology innovation and overall company growth, which the team announced in today’s press release. It’s great to see the adoption of SecureONE by major enterprises across a number of industries. 2020 will be an exciting one considering the impressive team building done in a short time.