PAM Solution Background
SCHEDULE A CONSULTATION

Secure, Task-Based Privileged Access Management

PAM Solution

PAM Solution

Secure, Control, Manage, and Monitor Privileged Account Usage

PAM Solution

Our PAM Solution enables secure, task-based administrative access, delivered just-in-time and with just-enough privilege. 

Organisations are empowered to reduce their risk footprint through a task-based approach to PAM.

Administrators are provided the exact level of privileges needed, when they’re needed, for as long as they’re needed, and returns the environment to a no-access-by-default state, immediately upon completion.

Many Privileged Access Management (PAM Solution) vendors focus on controlling access to accounts and their passwords rather than the actual activities the administrator needs to perform.  In this scenario, accounts typically remain active, with all their permissions, when they are not being used.

The result is excessive privileged accounts and privileged access control groups with ‘standing privileges’ to the resources they’re meant to secure, leading to a minimal reduction of an organisation’s attack surface.

Instead of focusing on controlling access to accounts and their passwords, we concentrate on enabling administrators to perform the activities they need to – without unnecessary risk.

PAM Solution

How it works …

  • 1

    User/Account

    Requests Access.

  • 2

    PAM Solution

    Access is authorised via zero trust security.
    An ephemeral account is created/enabled in AD.
    Account is added to Domain Admins.

    2

  • 3

    Active Directory

    Account credentials passed to Proxy.

  • 4

    RDP Session

    User automatically logs onto Domain Controller via Proxy as Domain Admin.

    4

  • 5

    RDP Session

    User session is recorded.

  • 6

    Session Ends

    Logged out of the session.
    Privileges removed from the account.
    Ephemeral account is disabled.

    6

PAM Solution

Key Features

Attack Surface Reduction

Privileges are only applied to accounts when they are being used, removing Standing Privileges rather than managing them. This also reduces the overhead and attack surface of traditional privileged account management.

Zero Standing Privileges

Permissions to perform a requested activity are allocated at the time it is required and then immediately removed on activity completion for Zero Standing Privilege.

Ephemeral Account Support

Unique accounts for privileged access can be provisioned dynamically for use in Activities then de-provisioned when not actively in use.

BYOV – Bring Your Own Vault

Contains a built in vault for credential management, but can uniquely map to vaults from other vendors in order to capitalise on exiting PAM investments.

Built-in Proxy

Security best practices dictate that user workstations should be segmented from critical server infrastructure. Transparent proxies allow secure administrative connection with playback and record capability for secure access and administrator accountability.

Ensuring a lowered attack surface …

PAM Solution

The PAM solution automatically generates ephemeral accounts for each administrator then dynamically provisions and de-provisions ‘just-in-time permissions’ that are appropriate for the requested activity.

This removes the ‘standing privilege’ attack surface when accounts are at rest and removes the overhead of maintaining complex access control groups.

  • Adaptive Zero Trust security architecture with multi-tier approval capability ensures all privileged access is contextually authorised.

  • Rights dynamically provisioned to perform the activity at the time it is required, and then removed on completion.

  • Supports Microsoft best practice of separate privileged access accounts for admin vs. productivity tasks.

  • Advanced proxy for contextual recording and playback of all administrative activity over RDP and SSH.

  • Just-in-time permissions may be provisioned to single user accounts, dual accounts (ephemeral or namesake) and shared service accounts.

  • Automatically purge Kerberos tickets after administrative session access to mitigate pass-the-hash and golden ticket attacks.

What else can we help you with?

Looking for 24×7 Managed Cyber Security
Find it here
Find out where you are most vulnerable
Learn more

Would you like to see our PAM Solution in action?

Sign Me Up

This contact form is deactivated because you refused to accept Google reCaptcha service which is necessary to validate any messages sent by the form.