IAM, PIM and PAM:

What is Application-to-Application Password Management (AAPM)?
Privileged account passwords aren’t used only by people. They are also used by software applications that need to run scheduled tasks and services. Enterprise-class privileged account management solutions can give applications access to privileged accounts. This access is carefully controlled and logged. An audit trail is provided so you know exactly what application accessed a credential, and when.

IT teams have a headache on their hands when they need to change privileged account passwords for security reasons because they must then update all applications using those passwords so the application doesn’t break. This manual process is time consuming and error prone. Privileged account management software should be able to automatically update applications with the new password or use APIs to let the applications retrieve passwords dynamically.

What is Endpoint Detection and Response (EDR)?
Originally known as Endpoint Threat Detection and Response (ETDR), Endpoint Detection and Response addresses the need for continuous monitoring and response to advanced threats, with a focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. EDR looks deep into your system and records and analyzes ALL activity.

What is Endpoint Privilege Management (EPM)?
Endpoint Privilege Management eliminates risks on the endpoint by using a combination of least privilege (users get ONLY the access they need) and application control (unauthorized applications are restricted or blocked). EPM ensures that end users run trusted applications with the lowest possible privilege, and determines whether an application can run, and how (under what privilege conditions) it can run. EPM enables organizations to block and contain attacks on desktops, laptops and servers thereby reducing the risk of information being stolen or encrypted, and held for ransom.

What is Endpoint Protection Platform (EPP)?
Also known as EPPs, an Endpoint Protection Platform is a set of software tools that combine endpoint device security functionality into one software product. EPP core functionality includes protecting the endpoint device from viruses, spyware, phishing and unauthorized access, but may also include a personal firewall, data protection features—such as disk and file encryption—data loss prevention, and device control. Advanced EPP solutions can integrate with vulnerability, patch and configuration management capabilities. An EPP is primarily designed for protecting endpoint devices in an enterprise IT environment.

What is Identity and Access Management (IAM)?
PAM, PIM and PSM all fall under the discipline known as IAM, or identity and access management. IAM as defined by Gartner is: The security discipline that enables the right individuals to access the right resources at the right times for the right reasons. With IAM you can create and manage identities for the human users in your organization and furthermore, the access they should have.

Some of your users, like your IT administrators, will receive privileged identities—identities that are given higher levels of access on the network—while your sales team and other employees will receive standard user identities that do not allow them to customize network settings, access servers, or use any sort of network privilege.

What is Privileged Account Management (PAM)?
Privileged account management is the process of using software to control who gets the “keys to the kingdom.” In other words: Who can unlock a door, enter, and affect what’s inside? Who can use a privileged account and access a sensitive server, adjust permissions, make backdoor accounts, or change or delete critical data?

This can be done within a privileged account management tool. When you add users to your privileged account management software you are provisioning their user accounts (making them available for use); and while setting up those accounts within the PAM tool you are deciding what they will be able to access. Most organizations do not give full access to everyone within their PAM tool.Instead, they are allowed to see only privileged accounts related to their tasks. Many organizations add users to their PAM tools manually, but more sophisticated ones use an API to connect their privileged account management software to their identity and access management software. This way, when a new IT admin employee comes onboard, they are automatically set up as a privileged user with the correct level of access within the PAM tool.

Privileged account management includes managing the passwords of a privileged account. You can read about privileged password management a little further on.

What is Privileged Access Management (again, PAM)?
Gartner defines privileged access management as managing privileged passwords and delegating privileged actions. It’s a broader category than privileged account management because it includes both privileged account management and privileged session management. It concerns who can access a privileged account and what they can do once logged in with that privileged account.

What is Privileged Account and Session Management (PASM)?
Privileged account and session management is the same as privileged access management. It specifically includes shared account and password management, privileged session management, and can include application-to-application password management.

What is Privilege Elevation and Delegation (PEDM)?
In Gartner’s most recent Privileged Access Management Market Guide they changed terminology from SUPM to Privilege Elevation and Delegation (PEDM). They mean the same thing.

What is Privileged Identity Management (PIM)?
Privileged identity management refers to how people are given access to privilege. In technical terms, it is how people are provisioned into user accounts to give them access to a higher level of network privilege.

What is Privileged Session Management (PSM)?
Privileged session management refers to managing what someone is allowed to do after they’ve logged in with a privileged account. There are several ways organizations use software to manage access on systems, or manage a server session.

Session Monitoring is a useful feature of privileged session management. It typically includes the ability to record videos of privileged sessions and log keystrokes of what’s typed. It even makes it possible for someone to review sessions live or shut the session down if the user is doing something harmful.

What is Privileged User Management (PUM)?
Whereas PAM is a user-specific process in which users can request elevated access with their existing account, PUM is account-specific and involves the management of a system’s existing accounts, such as administrator, root, or other administrative service accounts. PUM is also referred to as PAM and PIM, but as you’ll learn from other definitions in our cyber dictionary—there are subtle differences. PUM accounts are often shared, a second authentication factor is rarely added, and typically, authorized users access the PUM accounts by simply using passwords.

What is a Privileged Account?
A privileged account is a login credential to a server, firewall, or other administrative account. Often, privileged accounts are referred to as admin accounts. Your Local Windows Admin accounts and Domain Admin accounts are examples of admin accounts. Other examples are Unix root accounts, Cisco enable, etc.

When we talk about privileged accounts we’re talking about the actual username and password; these two things together make up the account. A privileged account is allowed to do more things (i.e. it has more privileges) than a normal account.

Privileged accounts are doorways to an organization’s “kingdom”—the place where sensitive information is stored—and as such they need to be very secure. Examples of sensitive information include medical records, credit card details, social security numbers, government files, and more.

What is a Privileged Identity?
Within an organization “identities” are essentially digital versions of real people or in other words, an account used by a human. A privileged identity is when an identity has been granted access to sensitive systems, data, etc.

What is Privileged Password Management?
Privileged passwords are passwords used to access privileged accounts. Privileged password management is the same as privileged account management. Both refer to the practice of protecting privileged accounts, managing them, sharing them, and being accountable for them. Privileged account management software not only controls who can access the account itself, but also manages the account’s password according to customized policies, such as automatically generating strong passwords, changing passwords on a schedule, and even automatically changing privileged account passwords with a single click. This enables you to limit your organization’s vulnerability risk when an employee or contractor leaves.

What is Shared Account Password Management (SAPM)?
Shared account password management is the same as privileged account management, but it can be problematic. For simplicity, many IT teams sidestep best practice and create one privileged account per server, or even one username and password to use for multiple privileged accounts. These are shared accounts. The problem with sharing accounts is that you never know precisely who is using them at any given time. So if you have a server failure, you cannot tell who logged in before the system went down.

What is Software Change and Configuration Management (SCCM)?
Gartner defines Software Change and Configuration Management as the implementation of a set of disciplines used to stabilize, track and control the versions and configurations of a set of software items using tools designed for this purpose. SCCM may include development change management, defect tracking, change automation, development release management, integrated test management, integrated build management and other related processes. SCCM tools are designed to support version and configuration management of software source code and supporting artifacts.

What is Security Information and Event Management?
Security Information and Event Management system, used to manage critical assets including software applications. These systems can be integrated into application control systems as part of privilege management, for example software applications in a SIEM system could be used to build a whitelist.

What is Superuser Privilege Management (SUPM)?
On Unix systems, superusers are users who gain privileged access for a limited period of time. Unix allows certain users to elevate their privilege to superuser status for a specific task, and when they’ve completed their task they revert to being a standard user. Superuser privilege management controls when users are allowed to elevate to superuser status, and what commands they can run in superuser mode.

Also sometimes listed under SUPM, is application and command whitelisting, blacklisting, and greylisting. This controls what Windows applications or Unix commands someone can run while logged into a server or device as an administrator or superuser. Whitelisting means you have a list of approved commands, and anything on that list can be used. If it’s not on the list, it won’t work. Blacklisting is the opposite. It’s where users can do anything they want, as long as it is not on the blacklist. Greylisting is more flexible. It often includes integrations into lists of known risks, or the ability to review and approve requested application elevation on the fly. Application whitelisting, blacklisting, and greylisting is also frequently referred to under the categories of Application Control or Privilege Elevation.

What is User Account Control (UAC)?
User Account Control is a security feature of Microsoft Windows which helps prevent unauthorized changes (which may be initiated by applications, users, viruses or other forms of malware) to an operating system. UAC improves the security of Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.

What is User and Entity Behavioral Analytics (UEBA)?
User and Entity Behavior Analytics is the use of sophisticated algorithms to create a baseline for the activity of entities such as users, apps, devices, servers, etc. Once baseline behavior is established an organization can calculate its risk based on deviations from the baselines in order to identify security anomalies. UEBA recognizes that entities other than users are regularly profiled in order to more accurately pinpoint threats, in part by comparing the behavior of these other entities with user behavior. UEBA software correlates both user activity and other entities such as managed and unmanaged endpoints, applications, networks, and also external threats.