Osirium

Privileged Access Management

PERMANENTLY SEPARATE PEOPLE FROM PASSWORDS

Every IT infrastructure is managed by privileged users – users granted elevated control through accessing privileged accounts to ensure that the uptime, performance, resources and security of the computers meet the needs of the business. Our Privileged Access Management solution addresses both security and compliance requirements by defining who gets access to what and when.

Privileged account abuse presents one of today’s most critical security challenges. Uncontrolled access by insiders or even contractors to these privileged accounts leaves an organisation vulnerable to data leaks and cyber-attacks – ultimately causing irreparable damage to both the business and its’ reputation.

The PxM Platform’s Password Lifecycle Management ensures that all managed passwords are as strong as possible. Additionally, full break glass and rollback features allow the platform to cope seamlessly with devices that leave the network or are restored from backups.

 

Key product features include:

  • Granular Control
    Granularly incorporate security and compliance through mapping who can use these accounts, and what happens to the passwords used to access them. 

  • Password Lifecycle Management
    Generated passwords meet the maximum complexity permitted by each device to mitigate brute-force attacks. Password cycling can be both scheduled or event-based. Rules can be defined per-device; ensuring that password compliance policies are not only met but exceeded. Individual passwords are used for every managed account, meaning users cannot move laterally without permission

  • End-to-end Accountability
    A full audit trail is maintained to show who has accessed what, where, when and how, along with a full detail of the identity to role mapping used. This includes an archivable video playback of user sessions. 

  • Strong Authentication
    Two factor and token based authentication available via RADIUS integration in addition to username and password authentication.

  • Least Privilege Model
    Each privileged role, particularly 3rd party service providers are given no more privilege than is necessary for them to fulfil their jobs

  • Multi-Active Directory Support
    The platform handles access to Windows Workstations and Servers within multiple domains - provisioning accounts into the correct AD domain and utilising Single Sign-On with the correct domain account.

  • Agentless 
    No agents need be installed, nor is any reconfiguration necessary on devices, servers or within desktop applications.

  • Password Rollback
    In the event of a system restore, password rollback ensures that device access is possible at all times by simply rolling back the password schedule to match the restored schedule.

  • Change Ticket 
    When enabled, any connection or task will require a valid change or incident ticket before execution, allowing further integration with ServiceNow’s ticket validation services.

  • Template-based Device Support
    Many devices are supported out of the box, but additional device support can be easily implemented through the creation of template files from directly within the platform.

Additional information