For VendorsBlog

PAM - privileged access management

PAM - privileged access management

PAM - Privileged Access Management tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. Privilege management tools offer features that enable security and risk leaders to:

  • Discover privileged accounts on systems, devices and applications for subsequent management.
  • Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.
  • Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.
  • Isolate, monitor, record and audit privileged access sessions, commands and actions

To achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault)  isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.

Privileged Access Management software by Gartner has the following subcategories:

  1. Shared access password manager (SAPM)
  2. Superuser password manager (SUPM)
  3. Privileged session manager (PSM)
  4. Application access password manager (AAPM)

PAM password vaults (SAPM)  provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veraity of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level , ensuring that administrators never see the passwords,  their hardened proxy servers such as jump servers also monitor active sessions, and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.

 

 

The most popular products in category PAM - privileged access management All category products

CENTRIFY Privileged Access Management Solution
20
17
Gurucul Identity Analytics
18
16
HITACHI ID Privileged Access Manager
16
12
XTAM’s HYBRID ACCESS SECURITY BROKER
11
17
PREEMPT Platform
15
12
BALABIT PRIVILEGED ACCESS MANAGEMENT
16
10
THYCOTIC Secret Server Platinum
18
5
ARCON Privileged Access Management Platform
4
18
WALLIX Bastion Enterprise
3
18
FUDO PAM
8
10
The PANASEER Platform
13
4
Lieberman RED Suite
14
1

Compare of products in the category PAM - privileged access management

Please turn the screen for optimal content display

Compare: PAM - privileged access management

Characteristics

Multi-factor Authentication

Password Vault

Password Management

Account Management

Sessions Recording

Detailed Access Control

Audit

User Activity Monitoring

Privilege Management

Threat Analytics

Free Trial

Found mistake? Write us.

Vendors PAM - privileged access management

Wallix
ARE...
  • ARE
  • DEU
  • FRA
  • GBR
ARCON
AUS...
  • AUS
  • IND
  • USA
P3KI
All countries

F.A.Q about PAM - privileged access management

What are privileged accounts?

In a least privilege environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:

Standard user accounts have a limited set of privileges, such as for internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.

Guest user accounts possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and internet browsing.

A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts / non-privileged users. Here are examples of privileged accounts commonly in use across an organization:

  • Local administrative accounts. Non-personal accounts providing administrative access to the local host or instance only.
  • Domain administrative accounts. Privileged administrative access across all workstations and servers within the domain.
  • Break glass (also called emergency or firecall) accounts. Unprivileged users with administrative access to secure systems in the case of an emergency.
  • Service accounts. Privileged local or domain accounts that are used by an application or service to interact with the operating system.
  • Active Directory or domain service accounts. Enable password changes to accounts, etc.
  • Application accounts. Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.

What are the Privileged Access Management features?

Privileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.

Privileged access management tools and software typically provide the following features:

  • Multi-factor authentication (MFA) for administrators.
  • An access manager that stores permissions and privileged user information.
  • A password vault that stores secured, privileged passwords.
  • Session tracking once privileged access is granted.
  • Dynamic authorization abilities. For example, only granting access for specific periods of time.
  • Automated provisioning and deprovisioning to reduce insider threats.
  • Audit logging tools that help organizations meet compliance.

How is PAM Different from Identity Access Management (IAM)?

Privileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.

PAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.

Organizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording).