« Lenny Zeltser on Moats | Main | Paging John Wanamaker - 36% of online ad traffic is fraud »



Hi Gunnar,

I'm interested in your thoughts on priv user access reviews vs priv user monitoring. In my experience most auditors unceremoniously bunch these two control types into the same bucket without considering the differences.

In my mind reducing root/admin type privileges to no-one and having an appropriate authorisation and escalation process is really beneficial (normally tied to a change control record or incident ticket).

Beyond that then having some type if session recording / key logging mechanism is really helpful. I see this recording as slightly preventative, as admins are less likely to do dodgey stuff, especially if logs are being sent off-server. The recording can also be a detective control looking for particular commands that aren't usually needed.

What I'm looking for is whether you're seeing many orgs perform this level of review or whether they're just using an IAM governance tool to periodically review who has access at a set point in time?


The comments to this entry are closed.