Quick Links
Get started
Resources
PAM360 Literature
PAM Thought Leadership
Compare
Product Roadmap
Customer Request
Keystroke logging in PAM360 records every command entered during a privileged session and captures the processes executed on the remote device. This gives administrators clear visibility into user actions, making it easier to detect suspicious activity, investigate incidents, and maintain compliance.
This module helps administrators enforce least-privilege access across multi-cloud environments by providing continuous visibility into Entra ID (Azure) entitlements and permissions. It proactively identifies risks such as shadow admins, Non MFA, dormant identities, and excessive privileges to enable entitlement rightsizing.
This will allow endpoint users to elevate themselves to privileged groups with granular access controls. This enables users to perform approved privileged operations for a defined period without permanent admin rights. The approach enforces least privilege access while reducing operational dependency on IT teams.
Certificate discovery, provisioning, renewal, revocation, and application restarts will be fully automated, eliminating manual intervention. This will help ensure certificates remain valid and correctly configured, supporting continuous compliance and uninterrupted service availability. As a result, organizations can reduce outage risk, operational overhead, and certificate related security exposure across enterprise environments.
PAM360 will introduce a Bouncy Castle FIPS 140-2 validated build to enhance cryptographic security and compliance posture.
Allowing enterprises to define exactly what privileged users can access from one centralized control plane for granular access management. Through policy based approvals, Remote connection controls, JIT elevation, and fine-grained command and application controls, standing privileges are eliminated. The result is stronger least-privilege enforcement and reduced enterprise risk.
Administrators will be able to enable different two-factor authentication options for users based on their needs and preferences.
In addition to the existing Password Management API list, we are introducing the gRPC API. Using this support, PAM admins and users can perform password operations in Application-to-Application(A-to-A) and Application-to-Database(A-to-DB) with enhanced performance and interoperability.
Provides real time privileged session risk detection, identifying unauthorized privilege misuse, suspicious command execution, anomalous behavior, and potential data exposure. Risk visibility is enhanced through native agents and automated response playbooks that can terminate high-risk sessions in real time. This helps prevent lateral movement, insider threats, and breach escalation.
Standardize and secure the "Identity-First" interface between AI agents and privileged enterprise resources, ensuring that autonomous workflows operate within a governed Zero Trust framework. This roadmap focuses on enabling AI agents, copilots, and LLMs to interact with privileged resources safely, contextually, and with full governance through a protocol based architecture.
Eliminate the complexity of manual log analysis with a Natural Language Query (NLQ) interface that provides instant visibility into privileged behaviors and access trends. By transforming raw audit trails into actionable Identity Insights, administrators can now ask "Show privileged accounts that initiated connections to multiple critical systems within one session" to receive immediate, context-rich summaries. This AI-driven approach dramatically reduces Mean Time to Detect (MTTD).
Redefines incident response by combining identity intelligence with a human-in-the-loop conversational interface to significantly reduce Mean Time to Respond (MTTR). Real-time contextual insights enable administrators to trigger immediate remediation through agentic response actions directly within natural language conversations. This accelerates containment with one-click actions such as session termination, user lock and privilege revocation, minimizing attacker dwell time and breach impact.
AI-Powered Insights gives administrators quick visibility into remote sessions by summarizing activity and highlighting risky commands or over-privileged actions. It enhances visibility, strengthens risk assessment, and reduces manual review. As this capability evolves, it will address more use cases across PAM360, offering continuous security and intelligence improvements throughout the product.
Single-click direct access to desktop applications is intended to simplify the authentication process for end users but is also aimed at improving security by helping eliminate the exposure of credentials in hard-coded or plain-text formats. This way, end users can effortlessly gain secure access to desktop applications.
Administrators have an option to set up an application gateway server using which they can discover Linux resources from environments that are not directly connected to PAM360. Using this application gateway server, admins can also perform password resets for remote hosts.
PTA helps IT administrators automate repetitive privileged tasks across multiple endpoints and applications, improving operational efficiency. PTA helps perform administrative tasks in a sequence, in parallel, or as a batch in multiple endpoints, such as executing custom SSH and PowerShell scripts, through seamless workflows.
These enhancements to the PAM360 agent will feature self-upgrade and automatic installation, repair, and restart capabilities without human intervention.
We aim to extend agent-based features such as endpoint discovery, credential management, and more to all MAC-OS resources.
This update includes recording website connections launched on PAM360. The session recording will be instantly available under Audits after every session.
This module helps admins enforce least privilege access across multi-cloud environments by providing continuous visibility, improved risk assessment, cleanup the excessive privileges.
Using EPM, IT administrators can enforce application access controls and manage privileged application access based on user requirements, establish detailed allow-lists and deny-lists for authorized users or applications. This also helps IT admins enable temporary privileged application access during critical situations. These features are powered by ManageEngine's native application control solution, Application Control Plus.
With the help of the SCIM API protocol, IT administrators can integrate PAM360 with any IAM or IGA tool to perform user management actions like user provisioning and deprovisioning, user role association, and user group allocation. These actions, once triggered in your IAM console, will then reflect within PAM360.
Administrators will make use of the SDK in various languages such as Java, Python and C# to pull the password from PAM360 vault for their legacy or internal or external applications to get the latest updated password of their privileged accounts. Apart from password retrieval, operations for managing accounts and managing resources will be provided in the SDK.
PAM administrators will be able to create access policies based on the user and device trust score, conditions and criteria. Based on the criteria, administrators can configure actions such as setting a warning message or email, terminating a session, preventing the users from taking sessions in future, and more.
This integration is aimed at enabling administrator to fetch the latest passwords from the PAM360 vault without breaking or changing the workflows created in the XSOAR platform.
This integration helps you to fetch secrets stored in the Kubernetes clusters and manage them from the PAM360 interface—you can fetch, manage, and periodically rotate secrets obtained from multiple Kubernetes clusters. Through the integration, you can achieve collaborative management of the Kubernetes secrets used in your enterprise.
Administrators and users of PAM360 are able to take RDP and SSH sessions in a single click via a native client from a windows operating system.
Intending to provide uninterrupted access to passwords, we have introduced another functionality - the Read-Only (RO) server for the PostgreSQL database. Unlike the concept of High Availability, where there will be one Primary server and one Secondary server, the Read-Only server can be configured in multiple. The Read-Only servers function as mirror servers, synchronizing all of the Primary server's operations.
Enables administrator to create a periodic account and resource discovery such that he will set a time such as every 5 days, monthly, etc., to discover the new accounts and feed them into PAM360 automatically.
Administrators can configure a set of commands/applications such that lesser privileged users can execute/run them in an elevated privilege without knowing the password of that privilege account.
PAM administrators will have an option to authorize a set of commands for a particular resource, and users will be allowed to execute only the authorized commands during a remote SSH session. If the user executes any commands other than the configured one, it will throw an error.
Administrators will be able to configure their legacy web applications in PAM360, where they can add layers of PAM authentication before accessing the web application via PAM web console without providing direct access to the end users.
The Security Hardening Score feature validates the customer environment with security options given from PAM360 on a periodical basis to ensure whether the security measures are handled. Security Hardening Score would help the customers to ensure how securely they are using the privileged access management tool in order to avoid external security threats and unforeseen data losses.