SlideShare a Scribd company logo

Hitachi ID Privileged Access Manager Features at a Glance

Hitachi ID Systems, Inc.
Hitachi ID Systems, Inc.

Privileged Access Manager is a system for securing privileged passwords across many servers and workstations. It periodically randomizes them, stores the resulting values in a replicated database and - when appropriate - discloses passwords to administrators, applications and services.

TechnologyBusiness
1 of 4
Download to read offline
Hitachi ID Privileged Access Manager Features at a Glance FEATURE: Infrastructure auto-discovery Description Benefit Privileged Access Manager periodically extracts a list of systems from a directory such as AD or from a source such as an IT inventory database. It then applies rules to decide which of these systems to manage. Managed systems are probed to find accounts, groups and services on each one. Rules determine which of these accounts should be controlled by Privileged Access Manager. This process is normally run every 24 hours. Auto-discovery is essential for deploying Privileged Access Manager in medium to large organizations, where there may be thousands of systems with accounts to secure and where hundreds of systems may be added, moved or retired daily. FEATURE: Randomize passwords on privileged accounts Description Benefit Privileged Access Manager periodically randomizes passwords on every privileged account within its scope of authority. This is normally done daily. Frequent password changes eliminate the possibility of password sharing or of access being retained by administrators after work is completed. Former IT staff lose access automatically. FEATURE: Encrypted, replicated credential vault Description Benefit Randomized passwords are encrypted and stored in a database. The database is replicated between at least two servers, installed in at least two physical locations. Encryption and replication protects against inappropriate disclosure of sensitive passwords or loss of access to privileged accounts, even in the event of media theft, server crash or physical disaster at a data center. FEATURE: Access control policies Description Benefit IT users sign into Privileged Access Manager to request access to privileged accounts. These requests are subject to access control rules, typically associating groups of users to groups of managed systems. Requests may also carry other data, such as incident numbers, which can be validated before access is granted. Policies allow IT security to control who can sign into each system. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
Privileged Access Manager Features at a Glance FEATURE: One-time access request workflow Description Benefit Users without pre-approved login rights can nonetheless request access to privileged accounts. These requests are subjected to a workflow authorization process which may involve one or more approvers and which supports reminders, escalation, delegation, approval by multiple people and more. Workflow approvals supports a range of business processes, including production migration, a flexible workforce and emergency access. FEATURE: Single sign-on and other access disclosure methods Description Benefit Privileged Access Manager does not normally display passwords to privileged accounts from its vault. Instead, it may launch a login session automatically and inject credentials, or temporarily place a user’s AD domain account into a security group or create a temporary SSH trust relationship. Users benefit from single sign-on to privileged accounts while security is enhanced by avoiding password display and even knowledge of passwords by administrators. FEATURE: Audit logs and reports Description Benefit Privileged Access Manager records every attempted, authorized and completed login to a privileged account. E-mail notifications, incident management integration and built-in reports create accountability for access to privileged accounts. Accountability motivates users to act appropriately and creates a forensic audit trail. FEATURE: Session recording and forensic audits Description Benefit Privileged Access Manager can deploy an ActiveX control to an authorized user’s desktop to record login sessions to managed systems. These recordings include screen capture, web cam video, keyboard events and more. Recordings are archived indefinitely and can be searched and played back, subject to access controls and workflow approvals. Session recording is useful both for knowledge sharing and forensic audits. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
Privileged Access Manager Features at a Glance FEATURE: Integration with Windows service accounts Description Benefit Privileged Access Manager can periodically change the passwords on Windows service accounts. It then notifies Windows OS components including SCM, IIS, Scheduler and DCOM of the new password values. This feature eliminates static passwords on Windows services, which often run with significant privileges. FEATURE: API to eliminate embedded application passwords Description Benefit Privileged Access Manager can frequently scramble and vault the passwords on accounts used by one application to connect to another. Applications can then be modified to call the Privileged Access Manager API to fetch current password values, eliminating passwords stored in scripts and configuration files. Plaintext passwords stored in scripts and configuration files are a major security risk. Eliminating them significantly improves the security posture of an organization. FEATURE: Support for laptop passwords Description Benefit A laptop service can be deployed to Windows and Linux laptops. This service periodically contacts the central Privileged Access Manager server cluster, requesting a new password for local administrator accounts. This process makes it possible to secure privileged passwords on mobile devices, which would otherwise be unreachable because they are powered down, disconnected from the network, protected by firewalls and assigned different IP addresses. FEATURE: Identity management features included Description Benefit In a typical deployment, user rights to access privileged accounts depend on user membership in AD or LDAP groups. Privileged Access Manager includes workflow processes to request such group membership, to apply segregation of duties policies to these groups, to detect unauthorized changes to these groups and to periodically invite group owners to review their membership. Effective group membership management ensures that security policies are based on reliable data. This is especially helpful for organizations that have not deployed effective identity management process to manage fine-grained security entitlements. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
Hitachi ID Privileged Access Manager Features at a Glance FEATURE: Many included integrations Description Benefit Privileged Access Manager includes connectors for over 110 systems and applications, plus flexible agents designed to integrate new ones. Including connectors in the base price and providing a rich set of connectors lowers both the initial and ongoing cost of the system. FEATURE: Multi-master, replicated architecture Description Benefit Privileged Access Manager includes a data replication layer and can be deployed to multiple servers, at multiple locations, at no extra cost. Built-in support for high-availability and fault-tolerance make Privileged Access Manager suitable for enterprise deployments. FEATURE: Multi-lingual user interface Description Benefit Privileged Access Manager ships with multiple user interface languages and additional ones can be added easily, both by Hitachi ID Systems and customers. A multi-lingual user interface makes Privileged Access Manager suitable for international organizations. www.Hitachi-ID.com 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: / pub/ wp/ documents/ features/ hipam/ hipam-features-short-5.tex Date: 2011-05-05

Recommended

Beyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningBeyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningHitachi ID Systems, Inc.
 
Cloud Computing For IAM Providers
Cloud Computing For IAM ProvidersCloud Computing For IAM Providers
Cloud Computing For IAM Providersguest4b81cf
 
Integrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsIntegrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsHitachi ID Systems, Inc.
 
Single Logout
Single LogoutSingle Logout
Single LogoutAndreas Åkre Solberg
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing ValueHitachi ID Systems, Inc.
 

Recommended

Beyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningBeyond Roles: A Practical Approach to Enterprise User Provisioning
Beyond Roles: A Practical Approach to Enterprise User ProvisioningHitachi ID Systems, Inc.
 
Cloud Computing For IAM Providers
Cloud Computing For IAM ProvidersCloud Computing For IAM Providers
Cloud Computing For IAM Providersguest4b81cf
 
Integrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsIntegrating Hitachi ID Management Suite with WebSSO Systems
Integrating Hitachi ID Management Suite with WebSSO SystemsHitachi ID Systems, Inc.
 
Single Logout
Single LogoutSingle Logout
Single LogoutAndreas Åkre Solberg
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing ValueHitachi ID Systems, Inc.
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication ManagementHitachi ID Systems, Inc.
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity ManagementHitachi ID Systems, Inc.
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationHitachi ID Systems, Inc.
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access ManagementHitachi ID Systems, Inc.
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Systems, Inc.
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?Hitachi ID Systems, Inc.
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Systems, Inc.
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Systems, Inc.
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

More Related Content

More from Hitachi ID Systems, Inc.

Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?Hitachi ID Systems, Inc.
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 

More from Hitachi ID Systems, Inc. (20)

Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management Suite
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and Technology
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Hitachi ID Privileged Access Manager Features at a Glance

  • 1. Hitachi ID Privileged Access Manager Features at a Glance FEATURE: Infrastructure auto-discovery Description Benefit Privileged Access Manager periodically extracts a list of systems from a directory such as AD or from a source such as an IT inventory database. It then applies rules to decide which of these systems to manage. Managed systems are probed to find accounts, groups and services on each one. Rules determine which of these accounts should be controlled by Privileged Access Manager. This process is normally run every 24 hours. Auto-discovery is essential for deploying Privileged Access Manager in medium to large organizations, where there may be thousands of systems with accounts to secure and where hundreds of systems may be added, moved or retired daily. FEATURE: Randomize passwords on privileged accounts Description Benefit Privileged Access Manager periodically randomizes passwords on every privileged account within its scope of authority. This is normally done daily. Frequent password changes eliminate the possibility of password sharing or of access being retained by administrators after work is completed. Former IT staff lose access automatically. FEATURE: Encrypted, replicated credential vault Description Benefit Randomized passwords are encrypted and stored in a database. The database is replicated between at least two servers, installed in at least two physical locations. Encryption and replication protects against inappropriate disclosure of sensitive passwords or loss of access to privileged accounts, even in the event of media theft, server crash or physical disaster at a data center. FEATURE: Access control policies Description Benefit IT users sign into Privileged Access Manager to request access to privileged accounts. These requests are subject to access control rules, typically associating groups of users to groups of managed systems. Requests may also carry other data, such as incident numbers, which can be validated before access is granted. Policies allow IT security to control who can sign into each system. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
  • 2. Privileged Access Manager Features at a Glance FEATURE: One-time access request workflow Description Benefit Users without pre-approved login rights can nonetheless request access to privileged accounts. These requests are subjected to a workflow authorization process which may involve one or more approvers and which supports reminders, escalation, delegation, approval by multiple people and more. Workflow approvals supports a range of business processes, including production migration, a flexible workforce and emergency access. FEATURE: Single sign-on and other access disclosure methods Description Benefit Privileged Access Manager does not normally display passwords to privileged accounts from its vault. Instead, it may launch a login session automatically and inject credentials, or temporarily place a user’s AD domain account into a security group or create a temporary SSH trust relationship. Users benefit from single sign-on to privileged accounts while security is enhanced by avoiding password display and even knowledge of passwords by administrators. FEATURE: Audit logs and reports Description Benefit Privileged Access Manager records every attempted, authorized and completed login to a privileged account. E-mail notifications, incident management integration and built-in reports create accountability for access to privileged accounts. Accountability motivates users to act appropriately and creates a forensic audit trail. FEATURE: Session recording and forensic audits Description Benefit Privileged Access Manager can deploy an ActiveX control to an authorized user’s desktop to record login sessions to managed systems. These recordings include screen capture, web cam video, keyboard events and more. Recordings are archived indefinitely and can be searched and played back, subject to access controls and workflow approvals. Session recording is useful both for knowledge sharing and forensic audits. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
  • 3. Privileged Access Manager Features at a Glance FEATURE: Integration with Windows service accounts Description Benefit Privileged Access Manager can periodically change the passwords on Windows service accounts. It then notifies Windows OS components including SCM, IIS, Scheduler and DCOM of the new password values. This feature eliminates static passwords on Windows services, which often run with significant privileges. FEATURE: API to eliminate embedded application passwords Description Benefit Privileged Access Manager can frequently scramble and vault the passwords on accounts used by one application to connect to another. Applications can then be modified to call the Privileged Access Manager API to fetch current password values, eliminating passwords stored in scripts and configuration files. Plaintext passwords stored in scripts and configuration files are a major security risk. Eliminating them significantly improves the security posture of an organization. FEATURE: Support for laptop passwords Description Benefit A laptop service can be deployed to Windows and Linux laptops. This service periodically contacts the central Privileged Access Manager server cluster, requesting a new password for local administrator accounts. This process makes it possible to secure privileged passwords on mobile devices, which would otherwise be unreachable because they are powered down, disconnected from the network, protected by firewalls and assigned different IP addresses. FEATURE: Identity management features included Description Benefit In a typical deployment, user rights to access privileged accounts depend on user membership in AD or LDAP groups. Privileged Access Manager includes workflow processes to request such group membership, to apply segregation of duties policies to these groups, to detect unauthorized changes to these groups and to periodically invite group owners to review their membership. Effective group membership management ensures that security policies are based on reliable data. This is especially helpful for organizations that have not deployed effective identity management process to manage fine-grained security entitlements. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
  • 4. Hitachi ID Privileged Access Manager Features at a Glance FEATURE: Many included integrations Description Benefit Privileged Access Manager includes connectors for over 110 systems and applications, plus flexible agents designed to integrate new ones. Including connectors in the base price and providing a rich set of connectors lowers both the initial and ongoing cost of the system. FEATURE: Multi-master, replicated architecture Description Benefit Privileged Access Manager includes a data replication layer and can be deployed to multiple servers, at multiple locations, at no extra cost. Built-in support for high-availability and fault-tolerance make Privileged Access Manager suitable for enterprise deployments. FEATURE: Multi-lingual user interface Description Benefit Privileged Access Manager ships with multiple user interface languages and additional ones can be added easily, both by Hitachi ID Systems and customers. A multi-lingual user interface makes Privileged Access Manager suitable for international organizations. www.Hitachi-ID.com 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: / pub/ wp/ documents/ features/ hipam/ hipam-features-short-5.tex Date: 2011-05-05