Axidian Privilege

Empower your security strategy: Axidian Privilege — the prudent privileged access manager for mid-sized and large enterprises. Securely manage privileged accounts, enforce strong authentication, track user activity and achieve efficient security without unnecessary costs.

Take control of your privileged accounts today!

SCHEDULE PRODUCT DEMO
prew-product

Relevance

Proper operation of the IT infrastructure and business applications is key to success for any government agency or private company.

However, the performance of a corporate IT system depends not only on its hardware and software characteristics. To ensure its smooth operation, all components of the IT infrastructure must be managed by professionals.

The IT components are managed by privileged users — external and internal personnel with higher access rights to corporate resources and applications, including their installation, setting up, and maintenance.

The list of privileged users includes:

  • System administrators
  • Security specialists
  • Contractors and outsourcers
  • Financial services operators
  • Auditors
  • Other external or internal employees

In view of the higher access rights of privileged users and the special nature of IT resources they handle, companies need to have in place a proper privileged access management system that would ensure, among other things, minimal privileges for users, as well as monitoring and analysis of user activity.

Furthermore, hackers gaining access to the authentication data of a privileged identity may cause more serious damage to the organization than if the login credentials of ordinary users are compromised.

Administrator accounts can be used to disable the security system, stop the operation of information systems and gain access to confidential information.

Protection of privileged access rights is a more sophisticated task if compared to ensuring the security of ordinary accounts. It cannot be achieved by relying exclusively on standard approaches to the protection of login credentials and requires specialized solutions.

These vulnerabilities can be addressed by setting up a comprehensive privileged access management system. A PAM system must ensure the following:

  • Centralized management of connections to critical servers and applications
  • Reinforced authentication for privileged identities
  • Transparent use of privileged identities on authorized resources, without revealing the password
  • Recording of privileged user activity
  • Analysis of recorded user activity and investigation of incidents related to controlled resources

Platform overview

The Axidian Privilege (Axidian Privilege) platform is a class of specialized solutions that goes by many names, including:

  • Privileged Access Management (PAM);
  • Privileged Account Management (PAM);
  • Privileged User Management (PUM);
  • Privileged Identity Management (PIM).

This platform draws on our company’s long-term expertise in the development of information security products, specifically those that have to do with access management.

The Axidian Privilege platform is a dedicated group of servers that implements centralized policy for monitoring and managing privileged user access.

The key strong point of this platform is that all connections to target resources and applications are made via the Axidian Privilege server.

Privileged users can use the client web application to view the available resources and connect to them.

In addition to connecting via the web application, you can also use one of the traditional ways and connect directly to the Axidian Privilege network address via RDP and SSH protocols.

The administrator console is a convenient web tool designed for setting up and managing the PAM system, as well as performing relevant audits. An administrator can use this console to manage the privileged access policies, view connection logs, and make recordings of administrative sessions.

The easy-to-use role-based model incorporated with the Axidian Privilege platform will allow you to assign appropriate access rights to personnel with different job responsibilities. For example, among other things, you can clearly delimit the responsibilities of security administrators and auditors of privileged sessions.

You can also use two-factor authentication to reinforce the security of access to the administrator console and connections to target resources.

Access management

User activity management is a complex task that requires a number of technical and organizational solutions.

In most cases, Employee Monitoring Products and Services (EMPS) or Data Leak Prevention (DLP) solutions are sufficient for monitoring non-privileged user activity, since these tools include a server component responsible for analysis and monitoring of communication channels and a client component used for workstation operations analysis. However, these solutions may prove insufficient or useless for monitoring privileged user activity.

We will name a few special features that may apply to the work of privileged users:

  • Higher access rights (including the right to delete client software or assign additional access rights to themselves)
  • Uncontrolled workplace (relevant for contractors, outsourcers, or remote administrators)
  • Specific target servers where monitoring software cannot be installed (network devices; isolated software environments; exotic, rare, and outdated operating systems)

An intermediary access control and management host (so-called «jump server») allows to monitor all privileged sessions from a single point without having to install additional software, which can significantly reduce the costs related to PAM management.

Drawing on the principle of minimal user privileges right from the start, PAM policies imply that access rights to a target resource (a server or an application) should be expressly assigned to a specific user. Additional options can help to set up separately the allowed connection time and permission to use privileged accounts for target resources.

Account password management

Privileges to manage or configure target resources and applications are assigned to specific accounts. The traditional approach implies that passwords or other authenticators for such privileged accounts are provided to authorized personnel, i.e. privileged users.

However, such practice poses a threat of misuse or abuse of the privileges provided. For example, personnel may gain access to tools allowing them to clear logs, install additional software, or perform critical and potentially harmful operations that can disrupt the resource functionality or cause financial damage to the company. These and other permissions are often available to privileged users without proper oversight.

The Axidian Privilege software suite allows you to have all privileged accounts under control, thereby ensuring their safe use. This way you can prevent unauthorized use of privileged accounts and record all user activity on a dedicated server.

As part of its management functionality, the platform can perform an automatic search for privileged accounts in Active Directory and on Microsoft Windows or Linux/Unix servers. This will help you to make sure that you don’t have any undocumented privileged accounts with access to critical resources in your company’s IT infrastructure.

All passwords in the account data vault are encrypted, and only the Axidian Privilege server has access to the encryption key. Axidian Privilege also supports the storage of authentication data (usernames and passwords) for target applications, primarily, privileged accounts.

Furthermore, all passwords are automatically updated and by design will not be accessible by privileged users. When a privileged user attempts to connect to a target resource, the Axidian Privilege server will automatically insert their login and password. This means that your personnel authorized to manage a specific server or business application will not be able to bypass the Axidian Privilege system during authentication, since they do not know the password.

Record and analysis of users’ activities

One of the main reasons why privileged users activity deserves special attention is the potential threat it may pose to the proper operation of the company’s IT infrastructure. Even if we disregard possible malicious actions, hacker attacks and clear sabotage, we still need to consider a relatively large number of incidents related to the so-called «human factor».

For example, let’s imagine a situation where an employee has made a series of errors, which resulted in a server failure. Whether or not the company has a backup copy and a fail-safe protocol, managers still need to identify the cause of this failure. Often, if the server is down, its event logs are also unavailable. In this case, if you deploy a Security Information & Event Management (SIEM) protocol, you will learn that there has been an incident and a specific employee is potentially responsible (for example, after performing network connection analysis), but you are not likely be aware of what actually happened.

The Axidian Privilege platform will provide you with comprehensive information about the causes of the incident and the presence of malicious intent.

When a privileged user works via Axidian Privilege, their actions are recorded in different formats, including video and text recording, command interception, shadow copies of transmitted files, etc. You will have immediate access to the list of user operations in the management console. In addition to the actual records of user activity, the system captures a large amount of metadata, i.e. information about the connections (user name, protocols, target resources, connection time, etc.).

After analyzing the records, instead of voicing ungrounded accusations to your personnel, you can gain a prompt understanding of the causes of the incident and plan your immediate response in order to mitigate it (minimize the consequences), thereby preventing further financial and reputational losses.

Technical parameters

  • Supported protocols: RDP, SSH, HTTP (s), and any other proprietary protocols by publishing relevant applications
  • Supported types of authentication data: username + password, SSH keys
  • Privileged accounts search and password management: Windows, Linux, and Active Directory
  • Supported user directories: Active Directory
  • Two-factor authentication technologies: password + TOTP (password generation algorithm)
  • Supported session record types: text log, video recording, and screenshots
  • Remote access technologies: Microsoft RDS, SSH Proxy
SCHEDULE DEMO

Unlock the Power of PAM

Dive Deeper: Get the Axidian Privilege Presentation. Explore the Intricacies of a Privileged Access Manager Engineered for Cost-Conscious Organizations. Discover How Efficiency and Flexibility Redefine Privileged Access Security.

GET PRESENTATION
prew-product-work

Documents

Learn how multiple industries enjoy benefits from implementing our products

Axidian Privilege WP
5 Steps PAM Guide
KuppingerCole Report — Executive View Axidian Privilege 2022

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.