{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"ru":"Продукты","_type":"localeString","en":"Products","de":"die produkte"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"_type":"localeString","en":"partners","ru":"партнеры"},"update-profile-button":{"ru":"Обновить профиль","_type":"localeString","en":"Update profile"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"en":"Hide","ru":"Скрыть","_type":"localeString"},"user-implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"ru":"Описание","_type":"localeString","en":"Description"},"role-user":{"ru":"Пользователь","_type":"localeString","en":"User"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"ru":"Партнерство с поставщиками","_type":"localeString","en":"Partnership with suppliers"},"reference-bonus":{"_type":"localeString","en":"Bonus 4 reference","ru":"Бонус за референс"},"partner-status":{"ru":"Статус партнёра","_type":"localeString","en":"Partner status"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"en":"Partner types","ru":"Типы партнеров","_type":"localeString"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"en":"number of employees","ru":"количество сотрудников","_type":"localeString"},"partnership-programme":{"ru":"Партнерская программа","_type":"localeString","en":"Partnership program"},"partner-discounts":{"en":"Partner discounts","ru":"Партнерские скидки","_type":"localeString"},"registered-discounts":{"_type":"localeString","en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"ru":"Требования к уровню партнера","_type":"localeString","en":"Partner level requirements"},"certifications":{"en":"Certification of technical specialists","ru":"Сертификация технических специалистов","_type":"localeString"},"sales-plan":{"_type":"localeString","en":"Annual Sales Plan","ru":"Годовой план продаж"},"partners-vendors":{"ru":"Партнеры-производители","_type":"localeString","en":"Partners-vendors"},"partners-suppliers":{"_type":"localeString","en":"Partners-suppliers","ru":"Партнеры-поставщики"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"_type":"localeString","en":"Supplied products","ru":"Поставляемые продукты"},"vendored-products":{"en":"Produced products","ru":"Производимые продукты","_type":"localeString"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"en":"Supplied deployments","ru":"Поставляемые внедрения","_type":"localeString"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString"},"schedule-event":{"_type":"localeString","en":"Events schedule","ru":"Pасписание событий"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"register":{"ru":"Регистрация ","_type":"localeString","en":"Register"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"auth-message":{"_type":"localeString","en":"To view company events please log in or register on the sit.","ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт."},"company-presentation":{"en":"Company presentation","ru":"Презентация компании","_type":"localeString"}},"header":{"help":{"en":"Help","de":"Hilfe","ru":"Помощь","_type":"localeString"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"en":"FAQ","de":"FAQ","ru":"FAQ","_type":"localeString"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"en":"ROI calculators","ru":"ROI калькуляторы","_type":"localeString"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"ru":"О компании","_type":"localeString","en":"My Company","de":"Über die Firma"},"about":{"_type":"localeString","en":"About us","de":"Über uns","ru":"О нас"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"de":"Tarife","ru":"Тарифы","_type":"localeString","en":"Subscriptions"},"contact":{"en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"ru":"Salestools","_type":"localeString","en":"Salestools","de":"Salestools"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators","de":"ROI-Rechner"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"en":"Price calculator","ru":"Калькулятор цены","_type":"localeString"},"boosting":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"en":"Email","ru":"Email","_type":"localeString"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"_type":"localeString","en":"This field is required","ru":"Это поле обязательное"},"subscribe__notify-label":{"en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"_type":"localeString","en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик."},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"_type":"localeString","en":"Send","ru":"Отправить"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}],"translatable_meta":[{"translations":{"ru":"Компания","_type":"localeString","en":"Company"},"name":"title"},{"translations":{"ru":"Описание компании","_type":"localeString","en":"Company description"},"name":"description"},{"name":"keywords","translations":{"ru":"Ключевые слова для компании","_type":"localeString","en":"Company keywords"}}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"xton-technologies":{"id":5816,"title":"XTON Technologies","logoURL":"https://old.roi4cio.com/uploads/roi/company/xton.png","alias":"xton-technologies","address":"Trevose, PA","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":" <span style=\"font-weight: bold; \">Xton Technologies</span> builds, markets and distributes enterprise privileged identity and access management software including identity vault that enables permission based sharing of secret information like passwords and security certificates for employees, contractors and scripts, policy driven password reset and centralized script execution for Windows, Unix and IoT devices as well as provides agentless access to network resources without disclosing passwords or keys to end users capable to record and monitor RDP, VNC, SSH and Telnet sessions.<br />Source: https://www.linkedin.com/company/xtontech/about/","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"44":{"id":44,"title":"IAM - Identity and Access Management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances. \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png","alias":"iam-identity-and-access-management"},"78":{"id":78,"title":"PAM - privileged access management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault), isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png","alias":"pam-privileged-access-management"},"437":{"id":437,"title":"PSM - Privileged Session Management","description":" Session management is a comprehensive IT Security process to control, monitor and record administrative access to servers, databases, and network devices. Properly implemented RBAC controls should include lock down based on day, date, time and location. Monitoring and recording should be fine-grained enough to capture keystrokes, text/graphical screen output, and mouse movements.\r\nOrganizations use session management to improve oversight and accountability over privileged accounts and credentials. Privileged session management refers to the monitoring, recording, and control over privileged sessions. IT needs to be able to audit privileged activity for both securities and to meet regulations from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISMA and more. Auditing activities may also include capturing keystrokes and screens (allowing for live view and playback).\r\nWhile you can manually implement some processes – such as screen recording – integrated solutions allow you to accomplish it seamlessly and at the scale of hundreds or thousands of concurrent sessions. Moreover, some third-party solutions can provide automated workflows giving IT granular control over privileged sessions, such as allowing them to pinpoint an anomalous session, and terminate it, or alternatively pause/lock it until a determination is made that the activity is appropriate.","materialsDescription":" <span style=\"font-weight: bold;\">What is Privileged Session Management?</span>\r\nPrivileged session management allows security administrators to monitor, control, and audit work sessions of privileged users. The session manager provides proxy-access to all critical resources and therefore prevents direct access to those resources. A session manager is central to privileged access management (PAM) and is generally integrated with an access manager and a password manager.\r\nPrivileged session management allows you to identify suspicious or unauthorized actions and stop them in their tracks. What’s more, session management provides an unimpeachable audit trail that allows for compliance and incident investigation.\r\n<span style=\"font-weight: bold;\">What features has Privileged Session Management?</span>\r\nThe key features of a privileged session management solution include:\r\n<ul><li>Real-time monitoring and alerting.</li><li>Real-time control systems.</li><li>RDP/SSH access control.</li><li>Authorization workflow.</li><li>Compliance and audit systems.</li></ul>\r\n<span style=\"font-weight: bold;\">Session Management: Why do you want it?</span>\r\nPrivileged session management will allow security teams to:\r\n<ul><li>Monitor, audit, and control privileged sessions across on-premises and cloud-based applications and resources.</li><li>Prevent insider attacks, privileged account escalation, and third-party access problems.</li><li>Prove regulatory compliance for HIPAA, GDPR, PCI, SOX, NYCRR 500, and other regulations.</li><li>Provide an easy-to-utilize workflow that enables the easy provisioning and de-provisioning of privileged credentials while creating 100% accountability for those privileged users.</li><li>Revolutionize incident response by enabling both automatic response and mitigation while at the same time providing a searchable database and video record that allows for a start-to-finish post-mortem analysis.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_PSM_Privileged_Session_Management.png","alias":"psm-privileged-session-management"},"834":{"id":834,"title":"IoT - Internet of Things Security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png","alias":"iot-internet-of-things-security"}},"branches":"Information Technology","companySizes":"1 to 50 Employees","companyUrl":"www.xtontech.com","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"XTON Technologies","keywords":"","description":" <span style=\"font-weight: bold; \">Xton Technologies</span> builds, markets and distributes enterprise privileged identity and access management software including identity vault that enables permission based sharing of secret information like passwords and se","og:title":"XTON Technologies","og:description":" <span style=\"font-weight: bold; \">Xton Technologies</span> builds, markets and distributes enterprise privileged identity and access management software including identity vault that enables permission based sharing of secret information like passwords and se","og:image":"https://old.roi4cio.com/uploads/roi/company/xton.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[{"id":3648,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/xton.png","logo":true,"scheme":false,"title":"XTAM’s Hybrid Access Security Broker","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"xtams-hybrid-access-security-broker","companyTitle":"XTON Technologies","companyTypes":["supplier","vendor"],"companyId":5816,"companyAlias":"xton-technologies","description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only those trusted personnel. Layered with Audit Trails, Video Recording and Notifications, you can be confident that your infrastructure will remain secure from threats.\r\nWith <b>XTAM’s Hybrid Access Security Broker</b> you can:\r\n<ul> <li>Maintain your infrastructure safely behind your firewall</li> <li>Ensure your employee and contractor access is secure with AD, SSO or MFA</li> <li>Monitor, join, terminate and record access to your systems</li> <li>Access Windows, Unix, AWS, Azure, Network Devices, Web Portals, Mainframes, Privileged and Shared</li> <li>Accounts and Applications</li> <li>Configure notifications when your systems are accessed</li> <li>Continue using native SSH clients like PuTTY or SecureCRT</li> <li>Generate and share audit logs and reports about user access and activity</li> <li>Enable approval, time or location based workflows to limit remote access</li> <li>Use a simple, intuitive web portal with no agent requirements</li> <li>Retire your slow, aging VPN for a secure, modern Web Access & Management Portal</li> </ul>\r\n<b>XTAM’s Hybrid Access Security Broker</b> functions:\r\n<b>Audit Trails and Reporting to Ensure Compliance</b>\r\nFully embedded auditing for all access and activity events. Understand exactly what, when and by whom your systems, computers and devices were accessed. In addition, simple integration with 3rd party SIEM systems using the syslog protocol is available.\r\n<b>Access Controls for Cloud-based Datacenters</b>\r\nWhen transitioning to a Cloud datacenter the traditional concepts involving firewall and perimeters disappear. All IP addresses are either public or shared with someone else in the boundaries of your huge datacenter. Access Broker is the way to recreate this perimeter. Simply block access to all resources from all locations and all people, but permit only XTAM to access your critical endpoints. This forces employees, contractors and vendor to use XTAM to access your cloud infrastructure which enforces security, control and auditing.\r\n<b>Access Recording</b>\r\nRecord all remote access activity including video, keystroke and file transfers to remote computers for regulatory compliance. \r\n<b>Alerts & Notifications</b>\r\nNever be left in the dark again. Setup alerts and notifications to be aware when users are sharing, accessing or working with your systems.\r\n<b>Monitor, Observe, Join or Terminate Active Sessions in Real-Time</b>\r\nJoin live sessions to observe user activity on remote computers, share knowledge, assist with troubleshooting or simply monitor user activity.\r\n<b>Access Support includes RDP, SSH, VNC, Telnet and HTTPS</b>\r\nConnect to remote computer and WEB endpoints using a variety of the most popular and standard protocols.\r\n<b>Iron Clad Security</b>\r\nA fully secure AES-256 encrypted Identity Vault maintains total control over all your accounts, secrets and records. A provided master password ensures a “break glass” operation can be performed in an emergency. Your sleep just became a lot more peaceful.","shortDescription":"XTON Access Manager helps you maintain much needed control, access and security of your privileged accounts and systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"XTAM’s Hybrid Access Security Broker","keywords":"","description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only ","og:title":"XTAM’s Hybrid Access Security Broker","og:description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/xton.png"},"eventUrl":"","translationId":3647,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":417,"title":"Product Life-Cycle Management Applications","alias":"product-life-cycle-management-applications","description":"","materialsDescription":"","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Product_Life_Cycle_Management_Applications.png"},{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances. \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":437,"title":"PSM - Privileged Session Management","alias":"psm-privileged-session-management","description":" Session management is a comprehensive IT Security process to control, monitor and record administrative access to servers, databases, and network devices. Properly implemented RBAC controls should include lock down based on day, date, time and location. Monitoring and recording should be fine-grained enough to capture keystrokes, text/graphical screen output, and mouse movements.\r\nOrganizations use session management to improve oversight and accountability over privileged accounts and credentials. Privileged session management refers to the monitoring, recording, and control over privileged sessions. IT needs to be able to audit privileged activity for both securities and to meet regulations from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISMA and more. Auditing activities may also include capturing keystrokes and screens (allowing for live view and playback).\r\nWhile you can manually implement some processes – such as screen recording – integrated solutions allow you to accomplish it seamlessly and at the scale of hundreds or thousands of concurrent sessions. Moreover, some third-party solutions can provide automated workflows giving IT granular control over privileged sessions, such as allowing them to pinpoint an anomalous session, and terminate it, or alternatively pause/lock it until a determination is made that the activity is appropriate.","materialsDescription":" <span style=\"font-weight: bold;\">What is Privileged Session Management?</span>\r\nPrivileged session management allows security administrators to monitor, control, and audit work sessions of privileged users. The session manager provides proxy-access to all critical resources and therefore prevents direct access to those resources. A session manager is central to privileged access management (PAM) and is generally integrated with an access manager and a password manager.\r\nPrivileged session management allows you to identify suspicious or unauthorized actions and stop them in their tracks. What’s more, session management provides an unimpeachable audit trail that allows for compliance and incident investigation.\r\n<span style=\"font-weight: bold;\">What features has Privileged Session Management?</span>\r\nThe key features of a privileged session management solution include:\r\n<ul><li>Real-time monitoring and alerting.</li><li>Real-time control systems.</li><li>RDP/SSH access control.</li><li>Authorization workflow.</li><li>Compliance and audit systems.</li></ul>\r\n<span style=\"font-weight: bold;\">Session Management: Why do you want it?</span>\r\nPrivileged session management will allow security teams to:\r\n<ul><li>Monitor, audit, and control privileged sessions across on-premises and cloud-based applications and resources.</li><li>Prevent insider attacks, privileged account escalation, and third-party access problems.</li><li>Prove regulatory compliance for HIPAA, GDPR, PCI, SOX, NYCRR 500, and other regulations.</li><li>Provide an easy-to-utilize workflow that enables the easy provisioning and de-provisioning of privileged credentials while creating 100% accountability for those privileged users.</li><li>Revolutionize incident response by enabling both automatic response and mitigation while at the same time providing a searchable database and video record that allows for a start-to-finish post-mortem analysis.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_PSM_Privileged_Session_Management.png"},{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault), isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[{"id":3648,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/xton.png","logo":true,"scheme":false,"title":"XTAM’s Hybrid Access Security Broker","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"xtams-hybrid-access-security-broker","companyTitle":"XTON Technologies","companyTypes":["supplier","vendor"],"companyId":5816,"companyAlias":"xton-technologies","description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only those trusted personnel. Layered with Audit Trails, Video Recording and Notifications, you can be confident that your infrastructure will remain secure from threats.\r\nWith <b>XTAM’s Hybrid Access Security Broker</b> you can:\r\n<ul> <li>Maintain your infrastructure safely behind your firewall</li> <li>Ensure your employee and contractor access is secure with AD, SSO or MFA</li> <li>Monitor, join, terminate and record access to your systems</li> <li>Access Windows, Unix, AWS, Azure, Network Devices, Web Portals, Mainframes, Privileged and Shared</li> <li>Accounts and Applications</li> <li>Configure notifications when your systems are accessed</li> <li>Continue using native SSH clients like PuTTY or SecureCRT</li> <li>Generate and share audit logs and reports about user access and activity</li> <li>Enable approval, time or location based workflows to limit remote access</li> <li>Use a simple, intuitive web portal with no agent requirements</li> <li>Retire your slow, aging VPN for a secure, modern Web Access & Management Portal</li> </ul>\r\n<b>XTAM’s Hybrid Access Security Broker</b> functions:\r\n<b>Audit Trails and Reporting to Ensure Compliance</b>\r\nFully embedded auditing for all access and activity events. Understand exactly what, when and by whom your systems, computers and devices were accessed. In addition, simple integration with 3rd party SIEM systems using the syslog protocol is available.\r\n<b>Access Controls for Cloud-based Datacenters</b>\r\nWhen transitioning to a Cloud datacenter the traditional concepts involving firewall and perimeters disappear. All IP addresses are either public or shared with someone else in the boundaries of your huge datacenter. Access Broker is the way to recreate this perimeter. Simply block access to all resources from all locations and all people, but permit only XTAM to access your critical endpoints. This forces employees, contractors and vendor to use XTAM to access your cloud infrastructure which enforces security, control and auditing.\r\n<b>Access Recording</b>\r\nRecord all remote access activity including video, keystroke and file transfers to remote computers for regulatory compliance. \r\n<b>Alerts & Notifications</b>\r\nNever be left in the dark again. Setup alerts and notifications to be aware when users are sharing, accessing or working with your systems.\r\n<b>Monitor, Observe, Join or Terminate Active Sessions in Real-Time</b>\r\nJoin live sessions to observe user activity on remote computers, share knowledge, assist with troubleshooting or simply monitor user activity.\r\n<b>Access Support includes RDP, SSH, VNC, Telnet and HTTPS</b>\r\nConnect to remote computer and WEB endpoints using a variety of the most popular and standard protocols.\r\n<b>Iron Clad Security</b>\r\nA fully secure AES-256 encrypted Identity Vault maintains total control over all your accounts, secrets and records. A provided master password ensures a “break glass” operation can be performed in an emergency. Your sleep just became a lot more peaceful.","shortDescription":"XTON Access Manager helps you maintain much needed control, access and security of your privileged accounts and systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"XTAM’s Hybrid Access Security Broker","keywords":"","description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only ","og:title":"XTAM’s Hybrid Access Security Broker","og:description":"With <b>Xton Access Manager</b>, you can securely lock your systems and secrets behind your firewall and use XTAM (with secured Active Directory logins, Approval and Time-based Workflows as well as Multi-Factor Authentication) to safely provide access to only ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/xton.png"},"eventUrl":"","translationId":3647,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":417,"title":"Product Life-Cycle Management Applications","alias":"product-life-cycle-management-applications","description":"","materialsDescription":"","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Product_Life_Cycle_Management_Applications.png"},{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances. \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":437,"title":"PSM - Privileged Session Management","alias":"psm-privileged-session-management","description":" Session management is a comprehensive IT Security process to control, monitor and record administrative access to servers, databases, and network devices. Properly implemented RBAC controls should include lock down based on day, date, time and location. Monitoring and recording should be fine-grained enough to capture keystrokes, text/graphical screen output, and mouse movements.\r\nOrganizations use session management to improve oversight and accountability over privileged accounts and credentials. Privileged session management refers to the monitoring, recording, and control over privileged sessions. IT needs to be able to audit privileged activity for both securities and to meet regulations from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISMA and more. Auditing activities may also include capturing keystrokes and screens (allowing for live view and playback).\r\nWhile you can manually implement some processes – such as screen recording – integrated solutions allow you to accomplish it seamlessly and at the scale of hundreds or thousands of concurrent sessions. Moreover, some third-party solutions can provide automated workflows giving IT granular control over privileged sessions, such as allowing them to pinpoint an anomalous session, and terminate it, or alternatively pause/lock it until a determination is made that the activity is appropriate.","materialsDescription":" <span style=\"font-weight: bold;\">What is Privileged Session Management?</span>\r\nPrivileged session management allows security administrators to monitor, control, and audit work sessions of privileged users. The session manager provides proxy-access to all critical resources and therefore prevents direct access to those resources. A session manager is central to privileged access management (PAM) and is generally integrated with an access manager and a password manager.\r\nPrivileged session management allows you to identify suspicious or unauthorized actions and stop them in their tracks. What’s more, session management provides an unimpeachable audit trail that allows for compliance and incident investigation.\r\n<span style=\"font-weight: bold;\">What features has Privileged Session Management?</span>\r\nThe key features of a privileged session management solution include:\r\n<ul><li>Real-time monitoring and alerting.</li><li>Real-time control systems.</li><li>RDP/SSH access control.</li><li>Authorization workflow.</li><li>Compliance and audit systems.</li></ul>\r\n<span style=\"font-weight: bold;\">Session Management: Why do you want it?</span>\r\nPrivileged session management will allow security teams to:\r\n<ul><li>Monitor, audit, and control privileged sessions across on-premises and cloud-based applications and resources.</li><li>Prevent insider attacks, privileged account escalation, and third-party access problems.</li><li>Prove regulatory compliance for HIPAA, GDPR, PCI, SOX, NYCRR 500, and other regulations.</li><li>Provide an easy-to-utilize workflow that enables the easy provisioning and de-provisioning of privileged credentials while creating 100% accountability for those privileged users.</li><li>Revolutionize incident response by enabling both automatic response and mitigation while at the same time providing a searchable database and video record that allows for a start-to-finish post-mortem analysis.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_PSM_Privileged_Session_Management.png"},{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault), isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}