Privileged Access Management Lite Features
Privileged Access Management Lite Features
The solution provides Single-Sign-On (SSO) feature to connect to a different category of systems and devices without entering the login credentials. It provides a seamless access mechanism to all underlying IT Infrastructure equipment including Windows, UNIX, Databases, Web Applications, Network Devices, Mainframes, etc. These are readily built connectors for all conventional industrial systems. Connectors for legacy applications/systems can also be developed.
Multi-factor Authentication functionality provides a robust and seamless validation mechanism. The solution’s MFA functionality acts as a strategic entry point to identity management systems and helps to manage system-based users. ARCON offers native Email and Mobile based One-Time-Password (OTP) validation to ensure correct authentication. The tool seamlessly integrates with disparate third-party biometric authentication solutions such as 3M Cogent(Gemalto), Morpho, Precision, eikonTouch, Globalspace, RSA, Vasco, 3M, Precision, SafeNet, and Safran. Alongside it also integrates with TOTP-based authenticators like Symantec VIP Access, Google Authenticator and Microsoft Authenticator.
Privileged User Management
Manage the accounts of users with elevated access to vital organizational resources in a secure manner. Access to critical components such as applications, databases, cloud services are granted as configured by the administrator and only to authorized privileged users. Access rights assigned to critical systems are automatically terminated after the conclusion of “temporary privilege” activities. ARCON | PAM Lite provides a dynamic group setting with virtual grouping where one can create functional groups of various systems. It helps in facilitating relationships, responsibilities, accountabilities and caters to dynamically changing organizational structures, roles and responsibilities.
User Privilege Access
In order to have a limit on the user’s accessibility, access rights to users can be configured by the administrator. User Privilege Access refers to the access or privileges assigned to an identity i.e. any user account that holds special or additional permissions within the enterprise systems. Privileges revolve around various features and functionalities of the PAM solution such as assigning privilege access to manage privileged identities, their authentication, authorization, allowing configurational changes, etc.
ARCON PAM Lite offers automated password management for a range of devices viz.: UNIX, Linux, AIX, Win2K, Win2k3, Oracle, MS SQL, Services, DCOM, etc. and is one of the strongest modules in the industry. There are features to set password dependencies for all the systems and services that ensure that passwords on multiple systems can be changed simultaneously. Also, the passwords can be sequentially changed for dependent systems and services. The password communication between the ARCON client and ARCON server is in AES-256 encrypted form. Password changelogs are produced automatically and are tamper-proof
On changing the passwords automatically by the engine, passwords are then stored in a highly secured electronic password vault. The solution provides a highly mature password vault that generates and stores strong and dynamic passwords. Password Vault secures all the passwords with its proprietary encryption methodology and is highly secured by several layers of protection that ensure a virtual fortress. The vault provides only authorized privilege access to view the passwords. Password Vault enables enterprises to handle complex and dynamic changes including evolving regulatory mandates.
The solution enables one to check if any passwords are ‘out of sync’ with the vault. Auto healing is the process of automatically changing the password of services using privileged accounts in case of password failure. Auto-Healing capability not only gives information about the credentials but also about the servers. The Auto-Heal feature enables Reports and Alerts the security team so that they can be notified of any password changes done outside the system. The details can also be sent to SIEM tools for further analyses.
SSH Key Management
ARCON | PAM Lite has a mature SSH Key Management Feature. SSH Key Management feature enables SSH Linux services to be managed by SSH Key. The single sign-on and key rotation for SSH Linux services are also managed by the feature. Key rotation is a similar concept to the password change process in ARCON | PAM. SSH Key rotation logs can be generated and users can also view SSH keys of services based on appropriate privileges.
Application Gateway (AGW) is the single point of access to the target systems. The AGW completely eliminates the need for downloads and installations on end-user machines and allows them to connect to the target device via the AGW Server using secure HTTPS Protocol. All the streaming can take place over any HTML5 compatible browser for all connections. This is completely integrated within the ARCON | PAM Lite solution and creates an added layer of security for open communication channels. The tool suffices the Zero Trust Network Access (ZTNA) framework. Access to systems is based on identity, along with other attributes and contexts such as IP address, geolocation, devices used, time and date. Overall operational efficiency is maximized by AGW along with robust access monitoring.
Session Recording / Text Logs
ARCON PAM Lite proactively secures all databases and applications as every command/query executed by end-users is captured for a security assessment. User session activities are captured in a correlated form of text and video logs, which further helps search for the correct event, use searchable keywords, and view activity timestamps in a video. ARCON PAM Lite offers unlimited concurrent session recording without any agent on the target devices. While the textual logs provide complete data of the windows sessions and commands fired on CLI interfaces.
Session monitoring provides fundamental auditing and monitoring of privileged activities around the enterprise IT network. The feature enables the IT security team to spot any suspicious activity around privileged accounts. Live Dashboard ensures that all critical activities performed by administrators across the IT infrastructure are viewed in real-time.
The regulatory standards mandate the IT risk management team to provide detailed comprehensive audit reports about every privileged user’s activities on critical systems. To meet this regulatory requirement, enterprises need to generate and maintain comprehensive audit trails of every privileged session. ARCON PAM Lite’s robust reporting engine makes your security team audit-ready by providing customized and detailed analytics of every privileged access to target systems. The solution enables managers and auditors to assess the organization’s regulatory compliance status at any given time.