Security firm CyberArk has released a whitepaper to help financial institutions (FIs) address the Technology Risk Management (TRM) guidelines set by the Monetary Authority of Singapore (MAS).
THE MAS TRM guidelines have been extended to cover a broader set of systems, including all IT systems across all FIs. The enhanced guidelines include several requirements related to privileged account security. Privileged accounts include IT administrator or superuser accounts, as well as hard-coded, embedded credentials found in every piece of hardware and software across an organisation.
Titled "Addressing the MAS TRM Guidelines with CyberArk Solutions", the whitepaper highlights the importance of protecting privileged access. "Security privileged accounts should be a critical strategy for FIs, said Dan Dinnar, vice president of Asia Pacific for CyberArk. "If such accounts are left unprotected, attackers will gain high levels of access, allowing them to conduct malicious activities such as information theft, deleting audit logs, and altering transactions. Attackers could even gain control over an organisation's infrastructure [through this vulnerability]," he added.
To help FIs address this security need, CyberArk offer controls that:
- Locate, manage and control all privileged accounts;
- Ensure only authorised users have access to privileged accounts ;
- Track, monitor and record all privileged access - to sensitive servers, databases or virtual machines by internal users, system resources, and third-parties;
- Uniquely identify all administrative users and restrict their use of privileged accounts to necessary job functions ;
- Ensure vendor-supplied default passwords are changed, and automate password changes for all privileged accounts;
- Eliminate hard-coded credentials, including passwords and encryption keys, from applications, service accounts, and scripts without impacting application performance or business processes; and
- Analyse, detect and alert on anomalous privileged user behaviour to enable quick response by incident response teams.
Sign up for Computerworld eNewsletters.