Pronoesis

Privileged Access Management (PAM)

Privileged Access Management (PAM)

Privileged Access Management (PAM) solution will protect organization crown jewels to secure, control and monitor access to an organization's critical information and resources. It provides visibility and controls across your privileged accounts. Subcategories of PAM include shared access password management, privileged session management, vendor privileged access management and application access management.

Solution Features

Privileged & Service Account Discovery

Privileged Identity / Super User Management

Password Vault

Privileged Session Monitoring and Recording

Shared / Service Account Management

Role Based Access Control for Privileged Accounts

Credential Management

Privileged & Service Account Discovery

Identifying underlying critical privileged identities in an IT organization infrastructure is important first step to secure accesses. These identities include but not limited to super user accounts, local and domain administrative accounts, service accounts, credentials, and keys. Discovery solutions provide capability to find and bring in these privileged accounts and credentials into PAM tool for secure access management.

Benefits

  • Strengthen security controls across organization
  • Increased system, application, and services availability
  • Increase vault integrity

Privileged Identity / Super User Management

Superuser accounts are highly privileged accounts used for administration by specialized IT users. These users/accounts may have unlimited privileges over a system to perform read/write/execute operations, create/modify/delete files, software, users or data. The potential misuse or abuse of privilege by insiders or outside attacker present organization with formidable security risk. ProNoeis solution will protect superuser accounts using security best practices:

  • Establish and enforce a comprehensive privileged management policy
  • Enforce least privilege and granular controls
  • Enforce separation of privileges and SOD
  • Enforce superuser password rotation and security
  • Monitor and audit all superuser sessions

Benefits

  • Meet compliance mandates
  • Centralized managed and audit privileged accounts

Password Vault

Password vault provides an extra layer of control over administrator and password policies, as well as monitoring trails of privileged access to critical systems. Vault store credentials securely with complex encryption. Access to vaults are controlled with secure authorization and all activities are tracked and audited.

 

Vault includes additional security features such as scheduled password rotation, workflow-based access request and approval mechanism to support just-in-time access control model.

Benefits

  • Reduce the risk of passwords being abused by internal or external threat actors
  • Controlled access and auditing

Privileged Session Monitoring and Recording

Privileged Session Management enables activities of every privileged user, third-party vendors, connected systems and consoles are managed, monitored and audited from the start to the end of the session.

Kye features includes:

  • Remote Session monitoring: Session management can be enabled to watch active sessions in real time, possibly uncovering suspicious or unauthorized activities
  • Session Isolation: Isolate remote sessions to track and audit activities
  • Session Recording and Auditing: Privileged sessions can be recorded for future analysis, including all keystrokes and activities taken during a session
  • Web Session Management: governs interactions between a web-based application and users of that application

Benefits

  • Improve over oversight and accountability over privileged accounts and credentials
  • Audit privileged activities and meet regulations

Shared / Service Account Management

Service accounts are typically used by operating systems to execute applications, run programs, script, and/or web services. Hard-coded password embedded in configuration files or vulnerable storage of these credentials are at risk of being used by threat actors. ProNoesis PAM solutions provide capability to discover these accounts and credentials and vault to manage and protect.

Benefits

  • Improved administration over non-interactive privileged accounts and credentials
  • Effective Shared / Service Account Management

Role Based Access Control for Privileged Accounts

Privileged users can have different level of permissions and privileges on systems. It is a risk to grant default super privileged accesses. Roles based access controls provide better control to segregate different privileged roles for effective governance and compliance. A role may represent a person, a group, a non-human user such as robot, virtual machine, process or a group of other roles.

Benefits

  • Least Privileges – Eliminate risk of granting higher privileges to user
  • Better Governance and Compliance – Provide better control govern user access and review those per compliance requirement

Credential Management

Some of the most common types of secrets includes Privileged Account Credentials, Passwords, Certificates (e.g. TLS, SSL), SSH keys, API keys, Encryption keys. A non-human user with access to a secret automatically gains real-time access and permissions to any resources belonging to the owner of the secret. These secretes are widespread and immensely powerful. Credential Management allows organizations to consistently enforce security policies for non-human identities. It provides assurance that resources across tool stacks, platforms and cloud environments can only be accessed by authenticated and authorized entitles

Benefits

  • Automate management of secrets by removing secrets from code, configuration files and other unprotected areas
  • Apply consistent access policies to avoid data breaches, data and identity theft or manipulation
  • Enable to securely store, transmit, and audit secrets

Get in touch with your trusted IAM partner today

Contact Us