Privileged Access Management (PAM)

• Discover privileged accounts on systems, devices and applications for subsequent management.
• Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.
• Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.
• Isolate, monitor, record and audit privileged access sessions, commands and actions.

• Provide single sign-on (SSO) for privileged sessions, commands and actions securely to not reveal account credentials (passwords, cryptographic keys, etc.).
• Delegate, control and filter privileged operations that an administrator can execute.
• Ensure required levels of trust and accountability for privileged access by providing robust authentication capabilities or integrating with external authentication products or services.

Eliminate hardcoded passwords by making them available on- demand to applications. Two distinct tool categories have evolved as the predominant focus for security and risk management leaders considering investment in PAM tools:

• Privileged account and session management (PASM) : Privileged accounts are protected by vaulting their credentials. Access to those accounts is then brokered for human users, services and applications. Privileged session management (PSM) functions establish sessions with possible credential injection, and full session recording. Passwords and other credentials for privileged accounts are actively managed, such as being changed at definable intervals or upon occurrence of specific events. PASM solutions can also provide application-to-application password management (AAPM).
• Privilege elevation and delegation management (PEDM) : Specific privileges are granted on the managed system by host-based agents to logged in users. This includes host-based command control (filtering) and privilege elevation, the latter in the form of allowing particular commands to be run with a higher level of privileges.