Indeed Privileged Access Manager

This product manages privileged access to the IT systems of a company

get presentation
prew-product

Relevance

Proper operation of the IT infrastructure and business applications is key to success for any government agency or private company.

However, the performance of a corporate IT system depends not only on its hardware and software characteristics. To ensure its smooth operation, all components of the IT infrastructure must be managed by professionals.

The IT components are managed by privileged users — external and internal personnel with higher access rights to corporate resources and applications, including their installation, setting up, and maintenance.

The list of privileged users includes:

  • System administrators
  • Security specialists
  • Contractors and outsourcers
  • Financial services operators
  • Auditors
  • Other external or internal employees

In view of the higher access rights of privileged users and the special nature of IT resources they handle, companies need to have in place a proper privileged access management system that would ensure, among other things, minimal privileges for users, as well as monitoring and analysis of user activity.

Furthermore, hackers gaining access to the authentication data of a privileged identity may cause more serious damage to the organization than if the login credentials of ordinary users are compromised.

Administrator accounts can be used to disable the security system, stop the operation of information systems and gain access to confidential information.

Protection of privileged access rights is a more sophisticated task if compared to ensuring the security of ordinary accounts. It cannot be achieved by relying exclusively on standard approaches to the protection of login credentials and requires specialized solutions.

These vulnerabilities can be addressed by setting up a comprehensive privileged access management system. A PAM system must ensure the following:

  • Centralized management of connections to critical servers and applications
  • Reinforced authentication for privileged identities
  • Transparent use of privileged identities on authorized resources, without revealing the password
  • Recording of privileged user activity
  • Analysis of recorded user activity and investigation of incidents related to controlled resources

Platform overview

The Indeed Privileged Access Manager (Indeed PAM) platform is a class of specialized solutions that goes by many names, including:

  • Privileged Access Management (PAM);
  • Privileged Account Management (PAM);
  • Privileged User Management (PUM);
  • Privileged Identity Management (PIM).

This platform draws on our company’s long-term expertise in the development of information security products, specifically those that have to do with access management.

The Indeed PAM platform is a dedicated group of servers that implements centralized policy for monitoring and managing privileged user access.

The key strong point of this platform is that all connections to target resources and applications are made via the Indeed PAM server.

Privileged users can use the client web application to view the available resources and connect to them.

In addition to connecting via the web application, you can also use one of the traditional ways and connect directly to the Indeed PAM network address via RDP and SSH protocols.

The administrator console is a convenient web tool designed for setting up and managing the PAM system, as well as performing relevant audits. An administrator can use this console to manage the privileged access policies, view connection logs, and make recordings of administrative sessions.

The easy-to-use role-based model incorporated with the Indeed PAM platform will allow you to assign appropriate access rights to personnel with different job responsibilities. For example, among other things, you can clearly delimit the responsibilities of security administrators and auditors of privileged sessions.

You can also use two-factor authentication to reinforce the security of access to the administrator console and connections to target resources.

Access management

User activity management is a complex task that requires a number of technical and organizational solutions.

In most cases, Employee Monitoring Products and Services (EMPS) or Data Leak Prevention (DLP) solutions are sufficient for monitoring non-privileged user activity, since these tools include a server component responsible for analysis and monitoring of communication channels and a client component used for workstation operations analysis. However, these solutions may prove insufficient or useless for monitoring privileged user activity.

We will name a few special features that may apply to the work of privileged users:

  • Higher access rights (including the right to delete client software or assign additional access rights to themselves)
  • Uncontrolled workplace (relevant for contractors, outsourcers, or remote administrators)
  • Specific target servers where monitoring software cannot be installed (network devices; isolated software environments; exotic, rare, and outdated operating systems)

An intermediary access control and management host (so-called «jump server») allows to monitor all privileged sessions from a single point without having to install additional software, which can significantly reduce the costs related to PAM management.

Drawing on the principle of minimal user privileges right from the start, PAM policies imply that access rights to a target resource (a server or an application) should be expressly assigned to a specific user. Additional options can help to set up separately the allowed connection time and permission to use privileged accounts for target resources.

Account password management

Privileges to manage or configure target resources and applications are assigned to specific accounts. The traditional approach implies that passwords or other authenticators for such privileged accounts are provided to authorized personnel, i.e. privileged users.

However, such practice poses a threat of misuse or abuse of the privileges provided. For example, personnel may gain access to tools allowing them to clear logs, install additional software, or perform critical and potentially harmful operations that can disrupt the resource functionality or cause financial damage to the company. These and other permissions are often available to privileged users without proper oversight.

The Indeed PAM software suite allows you to have all privileged accounts under control, thereby ensuring their safe use. This way you can prevent unauthorized use of privileged accounts and record all user activity on a dedicated server.

As part of its management functionality, the platform can perform an automatic search for privileged accounts in Active Directory and on Microsoft Windows or Linux/Unix servers. This will help you to make sure that you don’t have any undocumented privileged accounts with access to critical resources in your company’s IT infrastructure.

All passwords in the account data vault are encrypted, and only the Indeed PAM server has access to the encryption key. Indeed PAM also supports the storage of authentication data (usernames and passwords) for target applications, primarily, privileged accounts.

Furthermore, all passwords are automatically updated and by design will not be accessible by privileged users. When a privileged user attempts to connect to a target resource, the Indeed PAM server will automatically insert their login and password. This means that your personnel authorized to manage a specific server or business application will not be able to bypass the Indeed PAM system during authentication, since they do not know the password.

Record and analysis of users’ activities

One of the main reasons why privileged users activity deserves special attention is the potential threat it may pose to the proper operation of the company’s IT infrastructure. Even if we disregard possible malicious actions, hacker attacks and clear sabotage, we still need to consider a relatively large number of incidents related to the so-called «human factor».

For example, let’s imagine a situation where an employee has made a series of errors, which resulted in a server failure. Whether or not the company has a backup copy and a fail-safe protocol, managers still need to identify the cause of this failure. Often, if the server is down, its event logs are also unavailable. In this case, if you deploy a Security Information & Event Management (SIEM) protocol, you will learn that there has been an incident and a specific employee is potentially responsible (for example, after performing network connection analysis), but you are not likely be aware of what actually happened.

The Indeed PAM platform will provide you with comprehensive information about the causes of the incident and the presence of malicious intent.

When a privileged user works via Indeed PAM, their actions are recorded in different formats, including video and text recording, command interception, shadow copies of transmitted files, etc. You will have immediate access to the list of user operations in the management console. In addition to the actual records of user activity, the system captures a large amount of metadata, i.e. information about the connections (user name, protocols, target resources, connection time, etc.).

After analyzing the records, instead of voicing ungrounded accusations to your personnel, you can gain a prompt understanding of the causes of the incident and plan your immediate response in order to mitigate it (minimize the consequences), thereby preventing further financial and reputational losses.

Technical parameters

  • Supported protocols: RDP, SSH, HTTP (s), and any other proprietary protocols by publishing relevant applications
  • Supported types of authentication data: username + password, SSH keys
  • Privileged accounts search and password management: Windows, Linux, and Active Directory
  • Supported user directories: Active Directory
  • Two-factor authentication technologies: password + TOTP (password generation algorithm)
  • Supported session record types: text log, video recording, and screenshots
  • Remote access technologies: Microsoft RDS, SSH Proxy
GET TECHNICAL DESCRIPTION

Watch product in work

  • Are you planning to strengthen security and administrative access control?
  • Do you need to take under control the contractors’ access to enterprise systems and equipment?

Request a free demonstration of our product to learn how we help companies take control over the privileged access in corporate environment.

SCHEDULE PRODUCT DEMO
prew-product-work

Best practice solutions

cb-9
cbi-2
Protect passwords of privileged accounts
cbi-arrow
cb-10
cbi-2
Log events and investigate incidents
cbi-arrow
cb-11
cbi-2
Secure privileged remote access to corporate resourses
cbi-arrow
cb-12
cbi-2
Secure vendor access to corporate infrastructure
cbi-arrow

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next
ci-1

Finance

read more
ci-2

Telecom

read more
ci-3

manufacturing

read more
ci-4

Retail

read more
ci-5

government

read more
ci-2

Transport

read more

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Indeed Identity. With Indeed Identity, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Indeed Identity’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Indeed Certificate Manager provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Indeed Identity quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Indeed Identity software as a Distributor for the EU and beyond. Often I met Indeed Identities CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Indeed Identity, like Indeed Access Manager, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Indeed Identity and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Indeed Identity products should certainly be on the Turkish market. Thanks to our partnership with Indeed Identity, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Indeed Identity products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Indeed Identity for more than 2 years already. I can confidently say that Indeed CM is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Indeed AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Indeed CM brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Indeed Access Manager is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.

Indeed PAM news

Prev
Next
news-2 Interview With Konstantin Krasovskij: Staying Ahead Of IT Security Risks In 2023 read more
news-2 Indeed PAM 2.7: Empowering Enterprises With Advanced Privileged Access Protection read more
news-3 Indeed Identity Presented Best PAM Practice At Cyber Security World Asia In Singapore read more
news-3 Indeed Identity At IDC Roadshow — Keep Privileged Access On The Radar read more
news-1
MAY 11, 2022
 5 Important PAM Features You Need to Understand read more
news-3
MARCH 5, 2022
 Indeed PAM in KuppingerCole Executive View: a well designed and easy to deploy platform read more
show all news