® 
PAM (Privileged Access Management)
Definition
Privileged Access Management (PAM) is a security solution that manages and monitors the access of users with elevated privileges (administrators, root accounts).
Privileged Access Management (PAM) is a security solution that manages, monitors and secures access for users with elevated privileges such as administrators, root accounts and service accounts. According to CyberArk, 80% of all security breaches involve misuse of privileged credentials.
How does PAM work?
PAM solutions centralise management of all privileged accounts in a secure vault. When an administrator needs access, they request it via the PAM platform. The platform verifies identity, checks authorisation policy and grants time-limited access (just-in-time). All activities during the admin session are recorded and logged. After completion, the password is automatically rotated. PAM solutions also provide automatic service account password rotation, session recording and monitoring, and approval workflows for sensitive access.
Components of PAM
Password vaulting stores privileged credentials encrypted in a central vault. Session management records and monitors admin sessions in real-time. Just-in-time (JIT) access grants time-limited rights that are automatically revoked. Just-enough-access (JEA) limits rights to the minimum needed for the specific task. Service account management automatically manages and rotates service account passwords.
Impact on organisations
Admin accounts are the primary target of advanced attackers. A compromised admin account gives the attacker full control over systems and data. Credential dumping tools like Mimikatz extract admin passwords from memory. Pass-the-Hash attacks reuse stolen credential hashes. NIS2 requires adequate protection of privileged accounts. PCI DSS mandates PAM measures for payment card data access. ISO 27001 sets requirements for privileged access control.
Protection
Implement a PAM solution for all privileged accounts. Eliminate shared admin passwords. Implement JIT access and automatic password rotation. Monitor and record all admin sessions. Conduct regular privileged access audits. Notable PAM solutions: CyberArk, BeyondTrust, Delinea.
How DEFION helps
DEFION tests PAM implementations as part of pentests and red teaming. The team attempts to obtain privileged credentials and escalate rights, validating the effectiveness of PAM measures.