Privileged Access Management (PAM) Solutions
Secure the modern enterprise by granting both internal and outsourced IT secure, privileged access to hybrid infrastructure.
What is Privileged Access Management?
Privileged Access Management enables organizations to reduce the risk of security breaches by minimizing the attack surface. Centrify’s Privileged Access Management solutions help you consolidate identities, deliver cross-platform, least-privilege access and control shared accounts, while securing remote access and auditing all privileged sessions.
Comprehensive privileged identity management for Infrastructure-as-a-Service (IaaS)
Cross-platform least-privilege access and control of shared accounts
Detailed session recording and comprehensive compliance reporting
Why Privileged Access Management?
The modern enterprise is a blended on-premises and cloud infrastructure, including Infrastructure-as-a-Service environments, with an increasing reliance on outsourced IT. This exposes a greater attack surface, increasing the risk of a data breach. Because the risk of compromised credentials is the single greatest threat to your infrastructure, a new approach to privileged identity management is required — an approach aligned with the realities of the modern enterprise.
Benefits of Unified Privileged Access Management
Benefits for Executives
Secure privileged access to the hybrid enterprise
Privileged users are no longer entirely inside the perimeter, nor is your infrastructure. Consistently control access to hybrid infrastructure for both on-premises and remote users.
Reduce complexity with an integrated solution
Control access to infrastructure and privileges, enforce individual accountability where you can, share privileged accounts where you must — and audit across both.
Comprehensive access control compliance
Leverage a single source for internal auditors to prove access controls are in place and working across individual and shared administrative accounts.
BENEFITS FOR IT LEADERS
Minimize the attack surface with just-in-time privilege
Built-in access approval workflows provide just enough privilege when needed for password checkout, privileged sessions and administrative roles.
Enable intelligent, automated, real-time decisions for granting privileged access
Combine risk-level with role-based access controls, user context and multi-factor authentication (MFA).
Save cost with an integrated solution for privileged identity management (PIM)
Simplified, true cross-platform least privilege access and shared account password management — both fully integrated with detailed auditing — using your existing directory infrastructure.
Enable cost-effective compliance and auditing
Reduce audit costs through combined access and activity reporting across both individual and shared accounts, on-premises and in the cloud – with full video capture of all privileged sessions.
BENEFITS FOR IT USERS
Improve IT productivity
Internal users continue to perform their job without disruption, and external (including third party) users leverage secure remote privileged access.
Get the access you need
Centrally managed access assigned through roles provides IT users with fast, secure access to the resources you need to manage.
Easily access servers and network infrastructure
Secure access to specific servers and network devices without the hassle of establishing a VPN connection.
Next Dimension Security Reduces Risk
Gain Initial Access Into Target
Detect threats in real-time with risk-based access controls for privileged accounts —
Stop in-progress attacks with MFA at Server Login
Establish partner eco-system without creating identities
Provide secure remote access for privileged users without VPN risk
Increase security and accountability by having fewer shared accounts using least-privilege
Keep control of privileged sessions and password checkouts with request and approval workflows, time-bound access and session monitoring
Provide just-in-time privilege with self-service role requests
Proxy-Level Session Recording
Detect malicious activity despite obfuscation through aliasing, prevent device mounting including USB drives —
Identify suspicious activity quickly with integrated SIEM alerting
Track high-risk activity back to the individual with host-level session recording
Strengthen Position within Target
Secure, encrypt and manage application passwords —
Increase security and accountability by having fewer shared accounts using role-based access control for least-privilege
Provide just-in-time privilege with self-service role requests —
Detect Creation of Backdoor —
Identify suspicious activity quickly with integrated SIEM alerting
Steal Valid User Credentials
Prompt for a second factor when elevating privilege to run highly privileged commands
Maintain individual accountability when switching users (su command) —
Stop in-progress attacks with real-time monitoring of malicious aliasing and scripting —
Mitigate risk by neutralizing hash impact
Increase security and accountability by having fewer shared accounts using least-privilege
Maintain integrity of local audit files
Provide just-in-time privilege with self-service role requests —
Restrict access rights of privileged roles to specific systems, services or apps with restricted shell
Report on who did what, where and when, who has access to what and how they can use that access
IDENTIFY TARGET DATA
Prompt for second factor when elevating privilege to run highly privileged command
Secure, encrypt and manage application passwords —
Enforce Group Policies for firewall settings & RDP/SSH sessions
Federate privileged access and VPN-Less remote access
Leverage Zone technology to manage user or server roles to prevent lateral movement and enforce segregation of duties
Restrict access and dynamically segmenting network with tiered access and tighter control
Secure sensitive information by dynamically isolating and protecting cross-platform systems for IPSec
Monitor privileged sessions that leverage Telnet, SCP, FTP, SSH
Track high-risk activity back to the individual with host-level session recording
Identify suspicious activity quickly with integrated SIEM alerting
PACKAGE AND STEAL TARGET DATA
Monitor privileged sessions that leverage Telnet, SCP, FTP, SSH
Restrict access rights of privileged roles to specific systems, services or apps with restricted shell, whitelisting or App Locker
Detect malicious activity despite obfuscation through aliasing, prevent device mounting including USB drives —
Identify suspicious activity quickly with integrated SIEM alerting
* Source: Mandiant, A FireEye Company
Benefits
Get users to login as themselves, while maximizing control over privileged accounts
Control access to infrastructure and privileges and enforce individual accountability
Consistently control access to hybrid infrastructure for both on-premises and remote users
Provide a single source for internal auditors to ensure controls are in place across all accounts
BEST PRACTICES
Get Users to Log in as Themselves, while Maximizing Control over Privileged Accounts
Privileged Access Management Solutions
Federated Privileged Access
Enable secure remote access for outsourced IT administrators and third-party developers to your infrastructure through federated authentication.
Windows Server Protection
Establish granular user privilege and auditing of access to Windows infrastructure.
MFA Everywhere
Prevent compromised credentials by implementing multi-factor authentication across every user and every IT resource. Block cyberattacks at multiple points in the attack chain.
Least Privileged Access
Establish a ‘least privileged access’ model with granular, role-based access to individual commands.
Centrify SailPoint IdentityIQ Integration
The integration between Centrify Privileged Access Service and SailPoint IdentityIQ allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture.
Centrify Identity Platform
Protect against the leading cause of cyberthreats — compromised credentials — with a complete set of solutions to secure the modern enterprise.
- All Users: Employees, contractors, privileged users, partners, customers
- All Apps: Cloud or on premises
- All Resources: Network infrastructure, outsourced IT, Mac and mobile devices
