ManageEngine PAM360 - An Overview
What is Privileged Access?
Any access to a computer with higher access rights such as root access, Administrator access, or access to service accounts is called Privileged access. Also, access to any server command line is considered privileged access, as maximum enterprises restrict their users to run applications only through their user interface.
What Is Privileged Access Management (PAM)?
Privileged access management (PAM), a subdivision of Identity and Access Management (IAM), is a solution that provides organizations with better control and monitoring capabilities that decide who can have privileged access to a computer or information system.
The solution should include the following functionalities:
- Defining user roles.
- Granting required privileges or access rights for the roles defined.
- Distributing user information and access grants to all devices and systems that enforce access rights in organizations.
- Monitoring privileged user activities and analyzing the same to detect anomalies.
Challenges in Privileged Access Management (PAM)
In this modern age of IT revolution, infrastructure setups are comprised of an ever-growing mix of critical assets spanning across physical, virtual, and cloud platforms. Apart from that, every enterprise also runs numerous business applications that deal with sensitive intellectual property and strategic information.
But, cyber risks grow along with businesses and there will be constant attempts to gain access to sensitive IT resources in enterprises by compromising privileged accounts. Once an attacker manages to acquire a privileged account credential, breaking in to the enterprise's IT network becomes a child's play. To thwart such threats and stay in control, we need to put tighter locks on privileged accounts and also keep a round-the-clock check on privileged access by employees and third parties likewise.
So, proper management of privileged accounts ultimately lies in protecting the administrative passwords of those accounts. However, in large organizations with extensive infrastructure, it is a tedious task to keep track of all administrative passwords. Also, users tend to store user names and passwords locally in their systems, or some central location when multiple administrators need to use the information.
The best way out to overcome the above challenges is to use a secure privileged access management solution that enables safe storage of administrative passwords and other types of sensitive data such as Digital Certificates, Licence Keys, Files, Documents, etc., in a centralized medium, offering the flexibility to share them among multiple users based on fine-grained user authorization. So, we have come up with PAM360, a complete privileged access management software that encompasses the following capabilities into a single platform:
- Credential Vaulting
- Privileged Account Governance
- Remote Access Management
- Remote Session Management
- Privileged User Monitoring
- Threat Analytics
- Web-based SSH Key and SSL Certificate Management Solution
PAM360 - The 360 Degree Approach to Securing Privileged Access
ManageEngine PAM360 is a complete solution to control, manage, and audit the entire life cycle of privileged accounts and their access. It fully encrypts and consolidates all your privileged accounts in one centralized vault, reinforced with granular access controls. It also mitigates security risks related to privileged access and pre-empts security breaches and compliance issues.
Using PAM360, IT administrators can centrally create users, assign them with specific roles and define access levels. Only authorized users will get access to view, edit or manage the permitted 'resources' (the resources assigned to them) based on their role. Moreover, the comprehensive auditing mechanism of PAM360 helps in tracking who accessed what and when, thereby ensuring accountability in a multi-member environment.
Password Management in PAM360: Ensuring the secure storage of passwords and offering high defense against intrusion are the mandatory requirements for privileged account security. The following measures in PAM360 provide the required security levels:
- Ability to scan networks and discover critical assets to automatically onboard privileged accounts into a secure vault that offers central management, AES-256 encryption, and role-based access permissions. AES functions have been adopted and also recommended as an encryption standard by the U.S. Government.
- Role-based, fine-grained user authentication mechanism ensures that the users are allowed to view the passwords based on only the authorization provided.
- All transactions through the PAM360's browser take place through HTTPS.
What is in this Guide?
The help documentation for PAM360 is broadly divided into the following sections. Each of the below topics explains to you the related concepts in detail:
- Resources & Groups
- SSH Keys & Certificates
- High Availability & Disaster Recovery
- Admin Actions
Once you have installed PAM360, refer 'Installation & Getting Started' under the 'Introduction' tab for steps to install PAM360 and steps to connect to the PAM360 web portal to start working with the solution. The 'Installation & Getting Started' section also allows you to know about different pre-requisites, browser settings, system requirements, agent details, license information, etc. The 'Introduction' tab has links to documents explaining the database migration procedure, important terminologies used in the product, etc. Rest of the other tabs provide information on different modules of PAM360, used to carry out various privilege management activities.