For VendorsBlog
Login

PAM - privileged access management

PAM - privileged access management

Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources. Subcategories of PAM include shared access password management, privileged session management, vendor privileged access management and application access management.

Privileged user accounts are significant targets for an attack as they have elevated permissions, access to confidential information and the ability to change settings. If compromised, a large amount of damage could be made to organizational operations. Types of accounts that implement PAM can include emergency cybersecurity procedure, local administrative, Microsoft Active Directory, application or service and domain administrative accounts.

PAM software and tools work by gathering the credentials of privileged accounts, also known as system administrator accounts, into a secure repository to isolate their use and log their activity. The separation is intended to lower the risk of admin credentials being stolen or misused. Some PAM platforms do not allow privileged users to choose their own passwords. Instead, the password manager of the platform will tell admins what the password is for a given day or issue one-time passwords each time an admin logs in.

Compare of products in the category PAM - privileged access management

Please turn the screen for optimal content display

Compare: PAM - privileged access management

Characteristics

Multi-factor Authentication

Password Vault

Password Management

Account Management

Sessions Recording

Detailed Access Control

Audit

User Activity Monitoring

Privilege Management

Threat Analytics

Free Trial

Found mistake? Write us.

The most popular products in category PAM - privileged access management All category products

Suppliers PAM - privileged access management

Balabit

Balabit

Balabit is a leading provider of Privileged Access Management (PAM) and Log Management solutions that help businesses reduce the risk of... Read more
Vendor, Supplier
BeyondTrust

BeyondTrust

BeyondTrust is a global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking... Read more
Vendor, Supplier
Centrify

Centrify

Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern... Read more
Vendor, Supplier

F.A.Q about PAM - privileged access management

What is Privileged Access Management (PAM)?

Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. By dialing in the appropriate level of privileged access controls, PAM helps organizations condense their organization’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.

Privileged user accounts are high-value targets for cybercriminals. That’s because they have elevated permissions in systems, allowing them to access highly confidential information and/or make administrative-level changes to mission-critical applications and systems.

What are the PAM software features?

Privileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.

PAM tools and software typically provide the following features:

  • Multi-factor authentication (MFA) for administrators.
  • An access manager that stores permissions and privileged user information.
  • A password vault that stores secured, privileged passwords.
  • Session tracking once privileged access is granted.
  • Dynamic authorization abilities. For example, only granting access for specific periods of time.
  • Automated provisioning and deprovisioning to reduce insider threats.
  • Audit logging tools that help organizations meet compliance.

How do privileged access management systems work?

A PAM administrator uses the portal to define methods to access the privileged account across various applications and enterprise resources. The credentials of privileged accounts (such as their passwords) are stored in a special-purpose and highly secure password vault. The PAM administrator also uses the portal to define the policies of who can assume access to these privileged accounts and under what conditions.

Privileged users log in through the PAM and request or immediately assume access to the privileged user account. This access is logged and remains temporary for the exclusive performance of specific tasks. To ensure security, the PAM user is usually asked to provide a business justification for using the account. Sometimes manager approval is required, as well. Often, the user isn’t granted access to the actual passwords used to log into the applications but instead is provided access via the PAM. Additionally, the PAM ensures that passwords are frequently changed, often automatically, either at regular intervals or after each use.

The PAM administrator can monitor user activities through the PAM portal and even manage live sessions in real time if needed. Modern PAMs also use machine learning to identify anomalies and use risk scoring to alert the PAM Administrator in real time of risky operations.

What are the benefits of a PAM?

Increased security is the obvious benefit of implementing a PAM system. However, it’s not the only one. PAM helps:

Protect against cyber criminals. Privileged users, such as administrators, face the same challenges as other users with regard to remembering multiple passwords—and have the same tendency to use the same password across multiple accounts. Yet, these users are also more likely to be the target of cybercriminals. A PAM system can reduce the need for administrators to remember many passwords and avoid privileged users creating local/direct system passwords. Session management and alerts help the superadmin identify potential attacks in real time.

Protect against inside attacks. Sadly, a significant number of attacks come from bad actors inside the organization. Or employees who have left but haven’t been fully de-provisioned to prevent access after departure.

Greater productivity. A PAM is a boon for privileged users. It allows them to log in faster to the systems they need and relieves the cognitive burden of remembering many passwords. It also enables the superuser to easily manage privileged user access from one central location, rather than a slew of different systems and applications.

Ensure compliance. Many regulations require granular and specific management of privileged user access and the ability to audit access. You can restrict access to sensitive systems, require additional approvals, or use multi-factor authentication for privileged accounts. The auditing tools in PAM systems record activities and enable you to provide a clear audit trail. PAM helps organizations comply with regulations like SOX, HIPAA, PCI DSS, GLBA, ISO 27002, ICS CERT, FDCC, FISMA.

How is PAM Different from Identity Access Management (IAM)?

Privileged access management is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.

PAM focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and secure the access of these users to critical resources.

Organizations need both tools if they are to protect against attacks.

IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but PAM is important because while it covers a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording).