Indeed PAM 2.5: user experience is a key to resilient cybersecurity
Indeed Identity presents a new version of Indeed Privileged Access Manager. Indeed PAM 2.5 offers enhanced access policy mechanisms, new features and improvements in the user and administrator interface, as well as additional connectors to target resources. Please see below for an overview of the new release.
New access policy mechanism
Indeed PAM relies on proprietary policies for customizing access settings for specific target resources and privileged accounts. But real-life applications and the growing number of scenarios dictate new requirements. We present a new, more flexible mechanism where restrictions to individual policy settings no longer apply, and policies can be assigned to all types of Indeed PAM objects (resources, user accounts, domains, or users).
Now, your solution administrators have at their disposal a special kit that can generate unique settings for specific Indeed PAM objects. The new version also includes a default policy for all operating Indeed PAM parameters that can be applied to all objects. This will make the administrators’ job much easier if they do not require individual settings for different user groups or resources.
New connectors to target resources
Indeed PAM 2.5 supports new types of user and service connections:
- Telnet – user connections intended for monitoring telnet sessions initiated via Indeed PAM.
- Cisco – service connections for Cisco network equipment intended for monitoring user accounts in IOS XE.
- Inspur BMC – service connections intended for managing user accounts in the Inspur IPMI module.
Multiple user connections to one resource
New features also apply to the resources being added to Indeed PAM. The new version supports different types of connections to the same target resource. When assigning permissions, your PAM administrator can specify the connection methods that will be available to users.
Passwords to privileged accounts can be viewed upon approval (confirmation) by Indeed PAM administrator
Users who already had a chance to use the previous versions of Indeed PAM must be familiar with the procedure that involves the approval (or confirmation) of all new privileged sessions by the administrator. In Indeed PAM 2.5, the scope of operations requiring the administrator’s approval has been expanded. You can now make the Indeed PAM administrator confirmation mandatory for all attempts to view privileged account passwords.
Passwords / SSH keys will be automatically reset upon session termination or stored password mismatch
Each new version of our software suite features essential improvements designed to ensure the security of your privileged user accounts and PAM servers. This release is no exception as it includes two important updates:
- All passwords / SSH keys of your privileged user accounts will be immediately reset after the session is terminated.
- All passwords / SSH keys will be reset whenever the system detects that the stored password differs from the actual privileged account password.
The new features can help you improve the rotation of your privileged authentication data and introduce one-time password (session key) authentication, with new credentials required for each new session.
The new version of Indeed PAM features a series of updates designed to improve privileged user / PAM administrator experience:
- In the user console you can get a connection string for the Indeed PAM SSH Proxy server. All you need to do is click the Copy button, and the relevant SSH client invocation command will be saved in your clipboard.
- The lines containing requests to initiate sessions or view passwords are now highlighted in color, making the system more user-friendly for Indeed PAM administrators.
- Kiosk mode will be used for all HTTP(S) sessions launched via Indeed PAM. This can help you strengthen the overall security levels for all thin-client connections to various target resources.
- The new release also features CEF and LEEF event formats for the Syslog server.
- Most tables in the Management Console now support data sorting.