ARCON | Privileged Access Management (formerly Known as ARCOS) is a highly effective solution that helps in managing, controlling and monitoring privileged user activities. The solution provides IT security team with a centralized policy framework to authorize the privileges based on role and responsibilities and provide rule-based restricted access to privileged accounts.
What is Privileged Access Management?
Privileged Access Management (PAM) is a practice of managing, monitoring and controlling activities of privileged users. Privileged users are super admins who have elevated permission to access critical information.
Why Privilege accounts are vulnerable?
Privileged accounts are the gateway to confidential information. Hence, these accounts are vulnerable to breaches. These accounts are spread across the enterprise touching every aspect of IT infrastructures like operating systems, databases, applications, and network devices. Hence, malicious insiders are always on a lookout to target these accounts for gaining access to the confidential information.
What are the Challenges?
In a typical use case scenario, malicious insiders and compromised third party elements can take advantage when organizations pay scant attention to the rising number of privileged users in an enterprise IT environment.
Unaccounted surge in the number of endpoints and privileged accounts, consequently, provides potential ways to the compromised insiders and malicious third parties to gain access to enterprise networks and critical systems.
The threat is compounded by the fact that that these privileged accounts are often created in a ad-hoc manner. In this backdrop, there is a complete mismanagement and no tracking of privileges.
Absence of authorization, authentication, audit trails, monitoring and controlling of privileges puts the entire IT infrastructure under grave risk.
A modern-day enterprise requires a centralized and role and rule based privileged access management policy that automates the entitlement and validation process.
How ARCON PAM helps in reinforcing the IT security posture?
IT Security, Risk and Compliance management team requires a robust Privilege Account Lifecycle Management. ARCON Privileged Access Management enables them to seamlessly manage, monitor and control the lifecycle of Privileged Accounts. This highly-scalable feature rich solution provides an additional security layer to safeguard your enterprise’s confidential data.
Let’s have a look at how ARCON Privileged Access Management enables the IT risk management pros to manage the life cycle of privilege account.
Privilege Account Life Cycle Management with ARCON PAM
ARCON PAM provides a unified policy engine to offer a rule and role-based restricted privileged access to target systems. Authorization ensures implementation of access control framework around people and policies. This way, the privileged access is granted only on “need-to-know” and “need-to-do” basis, the foundation for a robust identity and access control management.
One Admin Control
N number of privileged users, N number of devices. No matter how big is your enterprise’s IT infrastructure, each and every access to critical systems is made through one ADMIN console. The secured gateway server provides centralized control point through which all network connections and traffic is routed for management and monitoring.
As organizations scramble to comply with cost cutting IT initiatives and shared IT management, it becomes imperative to align data center teams according to business hierarchies and business locations to ensure efficient Privileged Access Management. ARCON Privileged Access Management segregates your privileged users according to role, server, team, department and functionality.
Fine-Grained Access Control
Fine-grained access control / granular user control allows to restrict and control privileged users through a rule and role based centralized policy. The functionality provides the IT risk managers command restricting and filtering capabilities for ensuring secure, authorized and controlled access to target systems.The solution minimizes the risk surface by providing deepest levels of granular control over data controllers and data processors.
Privileged account access requires a well established identity references (validation) for users accessing critical IT components. Multi-factor authentication (MFA) provides a robust validation mechanism. The solution’s MFA functionality acts a strategic entry point to identity management systems and helps managing system based users. ARCON offers native software based One-Time-Password (OTP) validation to begin a privileged session and the tool seamlessly integrates with disparate third-party biometric authentication solutions such as Gemalto, RSA, Vasco, 3M, Precision, SafeNet and Safran.
ARCON Password Vault is a robust engine that allows the enterprise IT security team to frequently randomize and change passwords. The electronic vault, which stores privileged passwords in a highly secure manner uses AES-256 bit encryption. It is further wrapped with a proprietary encryption algorithm. The electronic vault has release request workflow including secured printing to support emergency password retrieval in breakglass scenarios.
No more tedious and long approval process. Workflow matrix makes administrators life easy. It enables to configure the approval process for privileged users, user-groups and service groups. Service and password request workflow mechanism speeds-up the process of assigning target servers to privileged users.
Session monitoring enables IT security team to spot any suspicious activity around privileged account. Live Dashboard ensures that that all critical activities performed by administrators across the IT infrastructure is viewed in real-time.
Text and Video Logs
ARCON PAM proactively secures all databases and applications as every command/query executed by end users are captured for a security assessment. This way, the Security and Risk Assessment team seamlessly manages the lifecycle of privileged account as every activity performed by privileged users is captured in both video and text format.
Privileged Elevation and Delegation Management (PEDM)
The PEDM tool controls escalation of privileged accounts. This tool enables to elevate and delegate privilege tasks to non-admin users that require temporary access to target systems. After the privilege tasks are completed, access rights are revoked. The tool essentially helps in implementing the principle of least privilege.
Single- Sign- On (SSO)
Shared privileged accounts often results in security vulnerability. Malicious actors can target confidential information by abusing shared privileged identities and passwords. Single- Sign-On provides administrative one-time access to target systems. The tool enables to avoid sharing of all important privileged credentials to non-administrative users. Thus, SSO prevents possible abuse of privileged accounts whilst help implementing the principle of least privilege.
User onboarding allows administrators to seamlessly add new server groups, users accounts with associated privileges to map new users on boarded on ARCON | PAM.
IT infrastructure faces a huge risk in a shared and distributed privileged account environment. It’s a big challenge for the security and risk management team to identify and track the ownership of privileges. To overcome this challenge, ARCON auto-discovery enables the risks management team to discover shared accounts, software and service accounts across the IT infrastructure. Identification and tracking of privilege ownership mitigates risks associated with the lifecycle of a privilege account.
The regulatory standards mandate the IT risk management team to provide detailed information about access control policies needed for safeguarding critical information. Moreover, regulators demand comprehensive audit reports about every privileged user activities on critical systems. To meet this regulatory requirement, enterprises need to generate and maintain comprehensive audit trails of every privileged session. ARCON’s robust reporting engine makes your security team audit-ready by providing customized and detailed analytics of every privileged access to target systems. It helps them to a make better IT privileged user decision making. The solution enables managers and auditors to assess the organization’s regulatory compliance status at any given time.
Misuse of Privileged IDs is a key reason for security breaches. Gaining access to privilege accounts, an attacker becomes a part of the internal network and is able to access key resources with ease.Privilege IDs are present across the entire gamut of Infrastructure components, but traditional security solutions can only protect these within a limit. ARCON|PAM leverages on the concept of Just-in-Time access permissions to prevent misuse of privilege IDs, thereby reducing enterprise-wide risk. ARCON|PAM removes standing access and provisions privilege IDs on a need to have basis, using a workflow following certain approvals and for defined time periods. Additionally, ARCON|PAM is capable of creating accounts for an one time use and then discards such accounts after the purpose is met. In specific scenarios, ARCON|PAM maintains shared privilege accounts but access permissions are only granted to them only when exclusively requested
In today's ever-changing landscape, DevOps is not just a mindset but an important aspect of everything between Development and Deployment. Given the various touchpoints, DevOps covers, security becomes a key aspect.
ARCON|PAM addresses the following:
- Manage credentials used by applications, container platforms, automation tools and other non-human identities
- Tackle human and non-human access to CI/CD consoles
- Leveraging native application attributes and role-based access controls to authenticate applications and containers
- Accelerate ARCON PAM implementation/deployment through containerization