Secure and share administrative credentials for cloud service providers such as AWS and OpenStack.
Record and monitor sessions carried out within an X Session.
Privileged Account Manager features an Enterprise Credential Vault, or an encrypted password “vault,” that provides secure storage of your system, application and database passwords.
Create a layered defense for your sensitive assets and resources with multi-factor authentication, step-up authentication, and Smart-card support.
Know what your privileged users are doing with the rights they have to business-critical databases.
Securely delegate privileged account authority across database, application and cloud environments.
Authorized users can access servers without entering additional credentials or complex commands.
Privileged Account Manager creates a secure Remote Desktop Proxy (RDP) tunnel to the target Windows host, without exposing the administrative password to the user.
Privileged Account Manager supports authentication against both Active Directory and LDAP identity stores—including NetIQ eDirectory—for accessing Windows servers.
Privileged Account Manager allows administrators to execute privileged commands on a UNIX host from a Windows desktop, without requiring users to start an SSH session from the Windows desktop.
All agent traffic is encrypted and directed through a single port for easy product configuration and deployment in multi-firewall environments.
The Privileged Account Manager credential vault is a secure embedded database with two levels of encryption. The passwords are encrypted with AES 256 bit keys, and the database is encrypted with a separate AES 256 bit key.
Quickly identify privileged accounts across Windows, Unix, Linux, and Active Directory.
Leverage existing LDAP directories, including Active Directory, as a secure credential vault.
Leverage third party software deployment solutions to easily deploy and manage agents where required.
Privileged Account Manager is managed via an intuitive web-based console which can be accessed throughout your intranet and extranet zones. The interface includes a command control console that enables the configuration of all privileged user management policies.
Privileged Account Manager stores Windows administrative passwords in a credential vault that resides within Command Control.
A GUI-based, drag-and-drop user interface greatly simplifies the rule-creation process and virtually eliminates the need for complex, manual scripting.
Privileged Account Manager includes sample libraries of policy objects that can be simply dragged and dropped to build powerful, yet visually easy to understand, security rules.
Rules can be visually constructed without scripting then dragged and dropped to create rule hierarchies that determine the processing order.
Host agents can be visually configured in hierarchical domain structures that automatically determine load-balancing and failover between components.
Risk-analysis tools record and play back user activity—down to the keystroke level. You define high-risk activity controls and enforce them with automatic session termination or access revocation.
Risk analysis engine examines user activity in real time and applies color-coded security risk ratings so that you can detect and address threats faster.
Keystroke logs are updated in real time throughout the duration of a user’s session on any UNIX, Linux or Windows host.
Playback recorded user-session keystrokes in an intuitive interface that is indexed and highly searchable.
The Windows audit service enables administrators to view real-time and historical user activity performed on local or remote Windows hosts. Audited activity includes all actions performed during a privileged session.
Create pre-defined rules to pull events from your audit log files using comprehensive filters and schedules.
Users can be automatically emailed a daily summary of events awaiting approval.
All auditor activity is indelibly recorded on the event record, including the viewing of keystroke log activity, status changes and any notes recorded during the analysis.
For events that require further analysis, a workflow process escalates events to the appropriate reviewers—either by sending an email notification or flagging the event in the compliance auditor console.
Add an additional layer of security to your FTP transactions by using this replacement daemon for fully audited and authenticated FTP transactions.
Privileged commands can be executed on-demand with a ‘usrun’ statement or the user shell replaced to provide command authentication and/or total session auditing.
Determine which records individual auditors are allowed to view and prevent users from authorizing their own activity.