Protect passwords
of privileged accounts

The solution based on Indeed PAM excludes unauthorized administrative access to the company’s IT systems

schedule demo
prew-product

Task

Privileges to manage or configure target resources and applications are assigned to specific accounts. The traditional approach implies that passwords or other authenticators for such privileged accounts are provided to authorized personnel, i.e. privileged users.

These privileges can include the rights to:

  • Clear logs
  • Install additional software
  • Perform critical and potentially harmful operations that can disrupt the resource functionality
  • And other rights

These rights are often available to privileged users without any oversight. Such practice poses a threat of misuse or abuse of the privileges provided.

Privileged user activity is hard to monitor because these users get privileged access directly to a resource or through a console, circumventing security controls (when peripherals are connected directly to a hardware server). It applies if an administrator has the right to manage network devices and network communication.

Besides, password authentication is often the only control measure used for such accounts and it has a number of critical disadvantages:

  • Brute-force attacks
  • Unauthorized password disclosure
  • The need to promptly change passwords when employees leave the company
  • And others

The described privileged access problems expose the company to security threats. The best solution would be using specialized software suites for Privileged Access Management (a.k.a. Privileged User Management, Privileged Identity Management, Privileged Account Management).

Understanding this problem is an important step towards building a comprehensive information security system in the company.

Solution

The first step to solve the problem of protecting information when privileged access is provided is to implement automatic management of privileged account passwords. Indeed Privileged Access Manager (Indeed PAM) finds privileged accounts and monitors the way they are used. Its primary purpose is to prevent their unauthorized and unsupervised use.

Indeed PAM offers a comprehensive set of features that solve the password management problem:

  • Automatically searches for privileged accounts
  • Allows to manually enter application passwords and monitors them
  • Automatically changes passwords at specified intervals
  • Retrieves passwords from a vault
  • Maintains password history

All passwords for these accounts are stored in an encrypted form in the vault, and only the Indeed PAM server has access to the encryption key.

When a privileged user attempts to establish connection, the Indeed PAM server independently provides login credentials only to the target resource. The important thing is that privileged account passwords remain unavailable to employees.

This means that your personnel authorized to manage a specific server or business application will not be able to bypass the Indeed PAM system during authentication, since they do not know the password.

Intended use

Automatic account search

Indeed Privileged Access Management automatically searches for privileged accounts in Active Directory and on Microsoft Windows or Linux/Unix servers.

With the traditional approach you would have to find all account data and enter it into the vault manually to put the accounts under control and manage their passwords. It would require a lot of effort from operating personnel and escalate the risk of human factor errors where some accounts may be missed out.

Automatic search radically reduces the number of undocumented privileged accounts with access to critical resources in the IT infrastructure and does it quickly, with minimal involvement of IT and information security personnel.

Application password storage

The vault is populated with privileged account passwords for target applications published on the Indeed PAM access server. With this feature you can monitor not only standard remote administration protocols (RDP, SSH), but also proprietary applications for administering specialized target resources:

  • Virtualization infrastructure
  • Information protection tools
  • Consoles for centralized network device management
  • Business applications
  • DBMS
  • And others

Password management for other users

Indeed PAM’s password management functionality can be used not only to protect administrator accounts, but to ensure safety of any accounts, including the ones of unprivileged users, for example:

  • Auditors
  • Financial services operators
  • Developers
  • Sales managers
  • And others

Automatic password change

Password management is not limited to automatic search for passwords and their entry into the vault.

To prevent the privileged user activity monitoring system from being bypassed, Indeed PAM can automatically change privileged account passwords for target resources to random values. It means that privileged users can access critical resources only through Indeed PAM.

Indeed PAM checks the validity of passwords in the vault. It matters when an administrator managed to change a privileged account password for a critical IT infrastructure resource.

Password recovery in case of exceptions

If an exception occurs (for example, if a target resource cannot be accessed via network), Indeed PAM provides a privileged account password for direct access and further resource management. And once network connection is restored, the previously provided password will be replaced with a random one again.

When a target server is down and the only way to get it up and running again is to recover it from a backup, Indeed PAM provides an easy solution to the problem of mismatching passwords to access privileged accounts of the recovered resource. The platform maintains password history, so you can recover any password as of a specified date (prior to a backup date) and continue working with your target resource.

Technical parameters

Password management:

  • Automatic search for privileged accounts
  • Manual entry of application passwords and their monitoring
  • Automatic change of passwords at specified intervals
  • Retrieval of passwords from a vault
  • Maintaining of password history

Supported account types (search, management):

  • Microsoft Active Directory
  • Windows accounts
  • Linux/Unix accounts (passwords and SSH keys)
  • Accounts providing access to network hardware (based on Linux/Unix)
  • DBMS accounts: Microsoft SQL, MySQL, PostgreSQL, Oracle DB

Supported account types (management only):

  • Application software accounts
  • Web application accounts

Supported access protocols:

  • RDP
  • SSH
  • RemoteApp

Get the budget estimation of your project

get questionnaire
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Indeed Identity. With Indeed Identity, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Indeed Identity’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Indeed Certificate Manager provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Indeed Identity quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Indeed Identity software as a Distributor for the EU and beyond. Often I met Indeed Identities CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Indeed Identity, like Indeed Access Manager, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Indeed Identity and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Indeed Identity products should certainly be on the Turkish market. Thanks to our partnership with Indeed Identity, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Indeed Identity products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Indeed Identity for more than 2 years already. I can confidently say that Indeed CM is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Indeed AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Indeed CM brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Indeed Access Manager is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.