Password checkout for cloud services
Secure and share administrative credentials for cloud service providers such as AWS and OpenStack.
X11 Protocol support
Record and monitor sessions carried out within an X Session.
Secured password vaulting
Privileged Account Manager features an Enterprise Credential Vault, or an encrypted password “vault,” that provides secure storage of your system, application and database passwords.
Advanced authentication for privileged accounts
Create a layered defense for your sensitive assets and resources with multi-factor authentication, step-up authentication, and Smart-card support.
Database privileged account monitoring
Know what your privileged users are doing with the rights they have to business-critical databases.
Comprehensive privileged account management
Securely delegate privileged account authority across database, application and cloud environments.
Single sign-on to Linux and UNIX servers
Authorized users can access servers without entering additional credentials or complex commands.
Secure remote desktop proxy (RDP)
Privileged Account Manager creates a secure Remote Desktop Proxy (RDP) tunnel to the target Windows host, without exposing the administrative password to the user.
AD and LDAP authentication
Privileged Account Manager supports authentication against both Active Directory and LDAP identity stores—including NetIQ eDirectory—for accessing Windows servers.
Secure remote privileged command execution
Privileged Account Manager allows administrators to execute privileged commands on a UNIX host from a Windows desktop, without requiring users to start an SSH session from the Windows desktop.
Single configurable port
All agent traffic is encrypted and directed through a single port for easy product configuration and deployment in multi-firewall environments.
The Privileged Account Manager credential vault is a secure embedded database with two levels of encryption. The passwords are encrypted with AES 256 bit keys, and the database is encrypted with a separate AES 256 bit key.
Auto discovery of privileged accounts
Quickly identify privileged accounts across Windows, Unix, Linux, and Active Directory.
LDAP Credential Vault
Leverage existing LDAP directories, including Active Directory, as a secure credential vault.
Simplified agent deployment and management
Leverage third party software deployment solutions to easily deploy and manage agents where required.
Privileged Account Manager is managed via an intuitive web-based console which can be accessed throughout your intranet and extranet zones. The interface includes a command control console that enables the configuration of all privileged user management policies.
Task-based wizards and drag-and-drop interface
Privileged Account Manager stores Windows administrative passwords in a credential vault that resides within Command Control.
Windows group and policy enforcement
A GUI-based, drag-and-drop user interface greatly simplifies the rule-creation process and virtually eliminates the need for complex, manual scripting.
Reusable script and command libraries
Privileged Account Manager includes sample libraries of policy objects that can be simply dragged and dropped to build powerful, yet visually easy to understand, security rules.
Hierarchical rule structure
Rules can be visually constructed without scripting then dragged and dropped to create rule hierarchies that determine the processing order.
Intuitive failover and load balancing
Host agents can be visually configured in hierarchical domain structures that automatically determine load-balancing and failover between components.
Risk-based privileged session control
Risk-analysis tools record and play back user activity—down to the keystroke level. You define high-risk activity controls and enforce them with automatic session termination or access revocation.
Risk analysis engine examines user activity in real time and applies color-coded security risk ratings so that you can detect and address threats faster.
Real-time keystroke logging
Keystroke logs are updated in real time throughout the duration of a user’s session on any UNIX, Linux or Windows host.
UNIX, Linux and Windows session playback
Playback recorded user-session keystrokes in an intuitive interface that is indexed and highly searchable.
Auditing and Reporting
Windows auditing service
The Windows audit service enables administrators to view real-time and historical user activity performed on local or remote Windows hosts. Audited activity includes all actions performed during a privileged session.
Automatic data filtering for continuous compliance
Create pre-defined rules to pull events from your audit log files using comprehensive filters and schedules.
Users can be automatically emailed a daily summary of events awaiting approval.
Indelible audit record
All auditor activity is indelibly recorded on the event record, including the viewing of keystroke log activity, status changes and any notes recorded during the analysis.
For events that require further analysis, a workflow process escalates events to the appropriate reviewers—either by sending an email notification or flagging the event in the compliance auditor console.
Add an additional layer of security to your FTP transactions by using this replacement daemon for fully audited and authenticated FTP transactions.
Drop in UNIX/Linux shell replacement
Privileged commands can be executed on-demand with a ‘usrun’ statement or the user shell replaced to provide command authentication and/or total session auditing.
Determine which records individual auditors are allowed to view and prevent users from authorizing their own activity.