Secure vendor
access to corporate
infrastructure

The solution based on Axidian Privilege provides secured scheduled access of contractors to the IT systems of a company

SCHEDULE DEMO
prew-product

Task

Today, it is almost impossible to imagine a company that does not use third-party contractors to meet some of its operational needs. No one would be surprised to learn that a company uses an external cleaning service to take care of its premises or outsources a portion of its accounting operations to third parties.

Outsourcers are often responsible for routine tasks such as deployment and configuration of components in a corporate IT infrastructure. In some cases, third-party contractors take care of a whole set of operational tasks.

After purchasing an IT product, your company may also need to grant follow-up access to the developer’s team as part of technical support.

Sometimes you may need to provide prompt remote access to a remote site for your vendor, while on other occasions you only allow on-site works. This may happen in the event of a serious failure, and the company simply does not have time to wait until a vendor’s representative arrives (not to mention the sophisticated logistical arrangements that may be required so that your vendor can visit your company at a geographically hard-to-reach location).

Companies also hire auditors who can, for example, assess the status and performance of their financial applications (including related financial statements). Auditors may also be put in charge of evaluating the performance of the company’s IT components.

All these arrangements can introduce various security threats to your organization:

  • Your company will have limited options in terms of monitoring of privileged user (vendor) activity, even if vendors work on site (you need to designate a staff member who will be responsible for controlling vendor activity throughout the duration of their work on your premises).
  • Your company will have limited options in terms of tools that can be used to record external user activity on your computers (because of the special features of target resources).
  • You will need to grant access (local and remote) to your company’s critical resources to third-party contractors.
  • If your company is large, it can also have a large number of uncontrolled third-party contractors working with your IT components at the same time.
  • You may not be able to assess the potential impact of the changes made by your vendors.
  • You may not be able to assess whether the factual changes that are critical in terms of information security meet the ones that had been declared.
  • You may lack understanding of the operations performed by auditors of the IT infrastructure and app performance.
  • Third-party vendors may insert logic bombs and other malicious pieces of code into your apps and web applications.
  • There is always a risk that contractors with admin rights may gain unauthorized access to your target servers and applications.
  • The privileged users at your company who are not in charge of network or information security may grant unauthorized remote access to third parties.
  • Privileged authentication data allowing remote access to critical resources may be subject to theft or unauthorized disclosure.
  • The IT environment of your third-party contractor who has privileged access rights to your company’s infrastructure cannot be controlled, and may, therefore, pose security threats.

In addition, your company may have to face other types of risks:

  • Your company may not be able to objectively determine whether or not the factual works comply with the stated scope of work and related requirements.
  • You need to spend additional time and money to cover the travel costs associated with the contractor’s visits to your company’s local sites.
  • In the event of failure, there may be conflicts between the third-party contractors and your IT/IS department.
  • You may face additional losses in terms of time and funding in the event of failure at a remote site in a hard-to-reach area.

When third-party personnel are granted privileged access rights to your company’s resources, it is bound to face escalated risks and vulnerabilities. The best solution would be to use specialized software suites for Privileged Access Management (a.k.a. Privileged User Management, Privileged Identity Management, Privileged Account Management).

These software solutions will allow you to streamline the user activity monitoring for your contractors and employees of third-party organizations while they deal with your company’s IT resources.

Solution

If you want to improve the quality of user activity monitoring and management for your third-party contractors, reduce information security threats, and save time and financial resources, you can use the administrator activity monitoring system. This system allows to control access privileges and track the contractor’s user activity.

The Axidian Privilege platform offers a single connection point with additional features for all third-party employees:

  • Video records and text logs of the contractors’ activity
  • Control of file transfer and command inputs
  • Tools for real-time monitoring of the contractors’ activity
  • Password management and secure storage of privileged accounts for target resources
  • A single «user-resource» tool for managing access rules
  • Supported protocols: RDP, SSH, and HTTP (S)
  • Launch support for published apps via the RemoteApp protocol (Microsoft RDS)
  • End-to-end authentication in published apps
  • Two-factor authentication for enhanced security
  • Scheduled access and access upon approval

For example, you can use Axidian Privilege to oversee the work of the following third-party user categories:

  • Contractors
  • Technical support personnel
  • Outsourcers
  • Auditors
  • Developers
  • Etc.

By using Axidian Privilege to monitor the external personnel activity, you can shrink the attack surface associated with their work in your company’s IT infrastructure. A single tool for managing privileged access rights will also allow you to reduce the workload for your own employees. Furthermore, the Axidian Privilege functionality designed for recording the contractors’ activity can empower an objective assessment of their performance and compliance with the stated requirements (in line with the service level agreement (SLA)).

Intended use

Recording user activity and assessing the quality of work

The PAM system supports recording of the contractor’s operations for subsequent use during the user activity audits. The basic functional principles of the system are designed to rule out the possibility for the privileged users (contractors) to bypass the established protocols when connecting to the system.

In addition, the Axidian Privilege platform can use published apps to support other proprietary protocols.

Axidian Privilege offers the following session recording functionality:

  • Text log
  • Video records
  • Keylogger
  • File transfer control
  • Command input control
  • Connection metadata

You can use the session records to form an objective opinion about the quality of actual services rendered by the contractor vis-a-vis the requirements with respect to the quality and scope of work stated in the SLA. This way you will only pay for the services that have been provided to you and get a clear idea about the professional capability of your third-party contractors.

Limited scheduled access and limited access upon approval

It’s no secret that the requirements governing third-party contractor access to any components of your IT infrastructure must be stricter than those than apply to your in-house personnel.

Axidian Privilege in-built mechanisms offer multiple options for managing privileged user access to target resources. We can name a few key rules that are commonly used for managing privileged access rights of third-party contractors:

  • Scheduled access
  • Temporary access
  • Access upon approval

You can use these settings to preconfigure user access rights and maximize user restrictions, which will rule out the possibility of any operational disruptions initiated by your vendors.

Ensuring secure remote access to critical resources

Sometimes companies are reluctant to provide external remote access to their most critical IT infrastructure, and they have a good reason to do so. First and foremost, they do this for security reasons since it is almost impossible to control such connections.

Axidian Privilege functionality will allow you to monitor vendor activity at all times, including real-time monitoring.

Along with remote access security tools relying on two-factor authentication and filtration of commands, this mechanism will maximize the security of remote access to your critical resources for your external personnel.

All user activity will be recorded, which will allow you to perform expert audits of vendor activity at any time, not only when their work is in progress. Furthermore, in some cases you will no longer need to have the contractor’s specialists physically visit your premises to do their job.

Monitoring auditor operations

The Axidian Privilege platform allows you to monitor any user category, including special categories like auditors. Auditors are external experts hired to perform the following tasks:

  • Analyze financial statements and transactions in financial apps
  • Control the functionality of information security tools and run internal penetration tests
  • Monitor the functionality of other IT tools
  • Analyze organizational, administrative and other documents

The auditor’s key task is analysis rather than active manipulation of any components of your IT infrastructure (except for scenarios involving penetration testing). However, it may still be useful to understand what the auditors actually check and how they do it. You will find this information especially relevant if your company has failed an audit and needs to correct errors and address implicit concerns.

Monitoring developer operations

The PAM system enables activity monitoring for third-party developers of your internal software and web resources.

Malicious users often see code as their first priority for breaching security. Due to large volumes of written code and lack of specialized internal tools for code analysis and version control, an intruder can easily insert malicious or dangerous pieces of code into a corporate application.

However, the PAM tools designed for recording and subsequent analysis of changes will allow you to test all new changes for malicious activity and take timely measures to mitigate their impact.

Saving your financial resources

The key advantage of the Axidian Privilege system is that it can help you save both your time and money while dealing with your third-party contractors.

First, the system’s broad functionality designed for user session recording will allow you to determine whether the actual scope and quality of work meet the requirements stated in the SLA. You can download session details from the PAM system and use them to pay only for the works that have been actually performed. Furthermore, you can send these records to third-party experts and ask them to assess the professional capability of your contractor. If your contractor is incompetent, this will inevitably affect the stable operation of your resource and the actual workload of your contractor.

The PMA tools designed for remote access security and user activity monitoring will also allow you to minimize the potential damage from uncontrolled remote operations. And this, in turn, means that the vendor’s personnel will no longer need to visit your premises to do their job (their activity can be controlled online, both manually and automatically). This way, you can save money, since you no longer need to cover the contractor’s travel costs.

Technical Parameters

Supported protocols:

  • RDP
  • SSH
  • HTTP (s)
  • Any other proprietary protocols by publishing relevant applications

Activity recording functionality:

  • Video records of sessions (video quality can be adjusted)
  • Text logs of sessions
  • Periodical screenshots of sessions (image quality can be adjusted)
  • Supported protocols: RDP, SSH, published web, and fat clients
  • Shadow file copies

Supported user directories:

  • Active Directory.

Two-factor authentication technologies:

  • Password + TOTP (one-time password − password generation algorithm)

Remote access technologies:

  • RemoteApp (Microsoft Remote Desktop Server);
  • SSH Proxy.

Get the budget estimation of your project

GET QUESTIONNAIRE
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.