BeyondTrust: Privileged Access Management (PAM)

Privileged Access Management is a solution that manages privileged access across an organization and ensures privileged accounts are audited, managed, controlled and protected from abuse. A privileged account provides a higher level of access rights than a regular user account. Examples include administrator accounts for access to systems, networks and security solutions, applications, or user accounts that have been granted special or elevated privileges. For these reasons, it is important to protect privileged accounts from misuse. According to Gartner, BeyondTrust's solutions have long been among the highest rated products in their category (the "leaders" quadrant).

Product description

The PAM solution from BeyondTrust is a modular system consisting of the following elements:

  • Privilege Password&Session Management (Pasword Safe) - Stores and manages privileged account passwords, including automatic password rotation functionality. Automatically locates assets and applications with automatic privileged account attachment. Manages privileged access across the organization, logging and tracking all activity for given privileged accounts.
  • Endpoint Privilege Management - Removes and eliminates redundant administrative privileges on Windows, Mac, Unix, Linux, and network devices (IoT, ICS, SCADA), giving all users the level of permissions they need to do their jobs.
  • Secure Remote Access (Privileged Remote Access) - Provides secure and controlled remote access for internal employees and third parties to your infrastructure with integrated session monitoring, secure password storage, two-factor authentication and intuitive controls that your employees and contractors will love!

The BeyondTrust platform serves as a central interface for organizations to centrally manage all access permissions, passwords and SSH keys across the organization with the ability to set, control and enforce their chosen corporate security policy in one tool. Using the tool, users authenticate against the system with a single login and password, without knowing access permissions to endpoint systems. Once access is granted and established, password rotation to that system occurs automatically without the need for further intervention. All passwords are securely stored in a secure password store. Once access is granted, session monitoring is automatically initiated, which can be live monitored or stopped by authorized individuals or audited back and used as evidence in incidents or litigation.


Features

Automatic account detection

Central secure password storage (FIPS 140-2 standard)

Secure password use with SSO (Single-Sign-On) support

Applications - Applications (A2A) password management

Secure SSH key management

Agentless privileged session management


Výhody

Central management of all privileged accounts and access across the organisation

Set up corporate policy enforcement in one integrated platform

Granular Access Policy

Integrated session monitoring (recording of access sessions) across all privileged accesses in the organization with playback and auditing capabilities

Accelerate the process of consolidating all privileged accounts, passwords, assets and SSH keys through automated scanning and dynamic categorization into Smart Groups

Secure encrypted central storage of all passwords (Password Vault) including automatic password and SSH key rotation after each login

Why Alef?

  • Strong technical team specialising in remote collaboration
  • Unique know-how in the areas of solution design, implementation and subsequent management
  • Dozens of satisfied customers

Who is BeyondTrust PAM for?

The management and protection of privileged login data is essential to reduce the risks associated with the management of privileged accounts, but it is also essential to comply with applicable regulations, standards and laws (ZoKB, GDPR, Personal Data Protection Act, Copyright Act, eIDAS). The importance of PAM solutions is currently growing and will grow especially with the development of new systems, applications, process automation (password exchange between applications/robots), types and numbers of cloud providers, hybridity of infrastructures, global collaboration by connecting third parties and vendors to internal networks and systems, etc.