Indeed Privileged Access Manager (Indeed PAM) 1.1
Posted by anna.vlasenko on 10 June 2019 01:54 PM
Less than a year ago, we introduced a new software suite to manage access to privileged accounts – Indeed Privileged Access Manager (Indeed PAM).
The pilot implementations of Indeed PAM 1.0 were performed in enterprise informational systems in the first months after release. As a result, we received positive customer feedback on the product and suggestions for its development.
The Indeed PAM 1.1 features planned addons and functions implemented according to customer suggestions.
An overview of the suite functionality extensions is given below.
Interoperation with *nix systems
The Indeed PAM 1.1 features support for templates of service operations in *nix systems. This allows to perform the following operations without any modifications of the system:
SSH key support
SSH keys can now be used to initiate sessions at resources running under *nix systems. The said keys can now be generated from the management console. This facilitates management of privileged accounts at resources running under *nix systems.
Batch administration operations
Managing a great number of privileged accounts and resources might be a routine task. Such operations performed separately for each element can be time consuming. To facilitate management of privileged accounts, resources, domains and permissions, batch operations are introduced.
We developed a mechanism of centralised distribution of settings to resources (servers, workstations and other equipment), domains and privileged accounts. This includes account policies and session policies.
The policies include the following settings.
1. Account policy:
2. Session policy:
Access to web applications
A new connection type makes it possible to log in to web applications automatically, if the latter use HTTP/HTTPs protocols. Sessions of such type now support video recording of session, as well as screenshot making.
Automation of access to web applications is implemented via Single Sign-On (SSO) technology, which is maintained with a separate component named Indeed Enterprise SSO (ESSO) Agent.
The described scenario does not require purchase of special system for SSO support, as all the components required already included into the Indeed PAM 1.1 delivery package.
The new version features a separate section to manage permissions. This section allows for creating new permissions, viewing the ones currently in force, as well as revoked ones.
Each permission contains the following:
The new version also allows for configuring the date and time of permission start and finish. The setting is configured during creation of permission to access the resource. The function makes it possible to configure the permission status flexibly.
New statuses of privileged accounts
The model of account lifecycle is modified. New statuses of privileged accounts are introduced:
“Pending”: this status means that the privileged account in question has been added to Indeed PAM via synchronization with resource or domain. Such accounts are to be approved by administrator, who is to either move the account to ignored ones or define/generate a password for it. The status makes it possible to filter out the accounts that require participation of administrator, who is to decide whether the account is to be managed with Indeed PAM or not.
“Ignored”: the status means that the account is stored without password and is not managed with Indeed PAM. The status allows for filtering out of accounts that do not require management.
“Error”: the status indicates that the account has an error and allows to eliminate its root cause promptly.
The Indeed PAM is the solution to enhance the informational security of an enterprise. The suite provides for control and audit of privileged user activities. This update is yet another step in the process of optimizing and enhancing the protection of business owners from important data leakage and illegal actions of privileged users.