- Privileged Access Management - The Definition
- The Challenges in Privileged Access Management
- The Goal
- Why PAM360?
- PAM360 - The 360 Degree Approach to Securing Privileged Access
- Unique Capabilities of PAM360
- Password Management in PAM360
1. Privileged Access Management - The Definition
Privileged access management (PAM), a subdivision of Identity and Access Management (IAM), is a solution that provides organizations with better control and monitoring capabilities that decide who can have privileged access to critical assets, say, a computer or information system.
The solution should include the following functionalities:
- Defining user roles
- Granting required privilegesor access rights for the roles defined
- Distributinguser information and access grants to all devices and systems that enforce access rights in organizations
- Monitoringprivileged user activities andanalyzingthe same to detect anomalies
2. The Challenges in Privileged Access Management
In this modern age of IT revolution, infrastructure setups are comprised of an ever-growing mix of critical assets spanning across physical, virtual, and cloud platforms. Apart from that, every enterprise also runs numerous business applications that deal with sensitive intellectual property and strategic information.
But, cyber risks grow along with businesses and there will be constant attempts to gain access to sensitive IT resources in enterprises by compromising privileged accounts. Once an attacker manages to acquire a privileged account credential, breaking in to the enterprise's IT network becomes a child's play. To thwart such threats and stay in control, we need to put tighter locks on privileged accounts and also keep a round-the-clock check on privileged access by employees and third parties likewise.
So, proper management of privileged accounts ultimately lies in protecting the administrative passwords of those accounts. However, in large organizations with extensive infrastructure, it is a tedious task to keep track of all administrative passwords. Also, users tend to store user names and passwords locally in their systems, or some central location when multiple administrators need to use the information.
3. The Goal
The primary goal of any PAM solution is to primarily lock the credentials of privileged accounts, i.e., the admin accounts, inside a secure vault, thus confining the use of those accounts, thereby reducing the risk of those credentials getting robbed. Administrators can access the credentials inside the vault only via the PAM system, provided they are well authorized and their access is logged in. Once a credential is checked back in, it is reset, and for subsequent access, the administrators have to use the PAM system again.
On the whole, the PAM system unites all privileged credentials at a single point. This results in a high level of security, gives good control of who is accessing what, and logs all accesses, and monitors for suspicious activities.
4. Why PAM360?
The best way to overcome the above challenges is to use a secure privileged access management solution that guides enterprises in establishing strict control and direction over administrative access and permissions for users, systems, and applications across their IT infrastructure. So, we have come up with PAM360, a complete privileged access management softwarethatuses a set of policies to secure, control, and monitor privileged activities and sessions on critical enterprise systems without compromising the business productivity. PAM360 encompasses the following capabilities into a single platform:
- Credential Vaulting
- Privileged Account Governance
- Remote Access Management
- Remote Session Management
- Privileged User Monitoring
- ThreatAnalytics
- Comprehensive Reporting
- Audit and Compliance
- Web-based SSH Key and SSL Certificate Management Solution
5. PAM360 - The 360 DegreeApproach to Securing Privileged Access
ManageEngine PAM360 is a complete solution to control, manage, and audit the entire life cycle of privileged accounts and their access. It fully encrypts and consolidates all your privileged accounts in one centralized vault, reinforced with granular access controls. It also mitigates security risks related to privileged access and pre-empts security breaches and compliance issues.
Using PAM360, IT administrators can centrally create users, assign them with specific roles and define access levels. Only authorized users will get access to view, edit or manage the permitted 'resources' (the resources assigned to them) based on their role. Moreover, the comprehensive auditing mechanism of PAM360 helps in tracking who accessed what and when, thereby ensuring accountability in a multi-member environment.
6. Unique Capabilities of PAM360
- A highly secure and easy-to-use PAM solution for IT administrators that enables admins to create accounts, grant and revoke access, and handle urgent situations, like user account, lockout as quickly and as easily as possible.
- Allows easy discovery of privileged accounts on systems, devices, and applications for effective control and management.
- Establishes transparency and control of all privileged access to critical data.
- Provides secured access to your Active Directory environment and other endpoints such as Linux/Unix and Windows.
- Provides strong access controls that restrict access to critical systems by demanding approvals from administrators and automatically check-in and reset the access credentials after the stipulated period.
- Provides role-based access, i.e., it has a built-in user and role management system that provides each user with the required level of access for the required time frame, thus providing the ability to configure access with utmost granularity.
- Provides uninterrupted access to passwords in mission-critical environments, thus offering more uptime and High Availability.
- Provides an effective point of control and management for audit and compliance, thereby ensuring that the required security controls are in place.
7. Password Management in PAM360
Ensuring the secure storage of passwords and offering high defense against intrusion are the mandatory requirements for privileged account security. The following measures in PAM360 provide the required security levels:
- Establish and enforce strict password policies, such as rotating the passwords regularly so that users do not use default passwords, changing the privileged account passwords regularly to lessen the risk of any old employees compromising the systems, and securing privileged accounts with Two-Factor Authentication.
- Ability to scan networks and discover critical assets to automatically onboard privileged accountsinto a secure vault that offers central management, AES-256 encryption, and role-based access permissions.AES functions have been adopted and also recommended as an encryption standard by the U.S. Government.
- Role-based, fine-grained user authentication mechanism ensures that the users are allowed to view the passwords based on only the authorization provided.
- All transactions through the PAM360's browser take place through HTTPS.
