Secure passwords, protect endpoints and control privileged access

Privileged access management (PAM) plays an important role in keeping your business secure. Whether you oversee IT compliance, ensure that IT infrastructure is performing, or protect endpoints from malicious activity, PAM is a top of mind concern.

Click through the demo to see how IBM Security’s PAM portfolio can help you protect your organization from privileged credential abuse.

C-Level Security

Empower security and IT operations teams to keep privileged accounts safe.

C-level security professionals struggle with protecting the rapidly expanding attack surface from breaches while still providing immediate access to applications, systems and services that support business growth. To combat the misuse of compromised accounts, the C-suite recognizes how important securing privileged access is across the enterprise for all service, application, administrator and root accounts.

IT and security admins

Readily deploy and maintain PAM as an automated routine in your daily operations.

IT and security admins must ensure optimal IT infrastructure performance, correct configuration, availability and security, and they must work fast without interruption. End-to-end PAM helps accomplish these tasks efficiently through easy installation, set up and management. Once deployed, privileged password protection automatically becomes a routine part of daily operations.

Endpoint security

Block malware based attacks with least privilege and application control.

Endpoint security teams handle the day-to-day management of privileged access. In supporting endpoints such as laptops and desktops, they must lock down end user admin access to prevent the installation of malicious software and protect the broader IT environment. At the same time, end users need to install and update approved applications without contacting the helpdesk. PAM allows business users to work securely without burdening IT teams with constant policy change requests.

Reduce risk

Enterprise password protection

Administrators don't need to be exposed to passwords to do their jobs. Instead, they can access systems through a remote session while the password or key remains securely hidden. If a task is password dependent, check out functionality automatically rotates the password after use.

Minimize attack surface

Role based access security

Discovery quickly scans your network to find and take over unmanaged privileged, shared and service accounts. Once the accounts are discovered, roles and permissions can be customized to meet your organization's security requirements. Role Based Access Control for Active Directory enables IT administrators to control what individual users can do, ensuring they can't accidentally or intentionally change administrative settings they shouldn't have rights to.

Improve accountability

Session monitoring and recording

Session monitoring and recording allows you to maintain a full audit trail for your critical systems. These capabilities give you an additional layer of oversight and help hold users accountable for their actions when accessing privileged accounts.

Detect threats

Privileged behavior analytics

Privileged behavior analytics (PBA) analyzes all privileged account activity to help detect anomalies so you can take action before a cyber threat becomes a catastrophe. When risk scores pass acceptable thresholds, you will be instantly alerted so that you can protect privileged accounts by rotating passwords, requiring additional authentication, or increasing session monitoring.

Remove excessive privileges

Least privilege policy model

Local administrative privileges are too dangerous to give to everyone as they provide access to sensitive data, operating systems, and powerful controls. Under a least privilege model, local admin accounts are restricted to only those who need them. All others operate as everyday users with an appropriate set of privileges.

Authenticate seamlessly

Secure vault and password manager

Login to the encrypted password vault quickly and easily with your personal Active Directory or single sign on-account. After passing a two-factor check, you’ll only see the folders and passwords necessary for your work, no scrolling through hundreds of accounts. Each user is provided with a personal folder to track their own day-to-day passwords.

Enforce proper workflows

Access approval and ticket validation

Workflow features allow users to submit password requests which are then automatically routed to the correct approver. Requesters can specify the amount of time needed and access will be automatically revoked upon expiration. This process can be connected to ticket systems to ensure validity. Requiring approval with a reason maintains accountability and guarantees that approvers know why users need access.

Reduce password proliferation

Remote sessions without exposing passwords

Administrators can remotely access the systems they need through remote session launchers while the password or key remains securely hidden. Passwords can even be changed when the session is done, and a recording saved for auditing purposes. Remote session launchers reduce password proliferation and allow administrators to easily get access to the privileged credentials they need to get the job done.

Save time

Automatic password rotation

Privileged password changes can be scheduled to meet compliance mandates. This automaton ensures that critical passwords are changed without wasting time on manual rotation. By automating the process, you can ensure that there is no application downtime or interruption of service for users.

Keep endpoints safe

Restrict local admin group membership

Enforce local administrator group membership policies on every endpoint. Review and manage local groups, including group membership. This powerful capability ensures all group membership changes are made via the single console and prevents changes from being made on an endpoint.

Remove excessive privileges

Least privilege policy model

Local administrative privileges are too dangerous to give to everyone as they provide access to sensitive data, operating systems, and powerful controls. Under a least privilege model, local admin accounts are restricted to only those who need them. All others operate as everyday users with an appropriate set of privileges.

Avoid malicious code

Application control

Enforce least privilege through policies for application control and remove the need for local admin rights on users' Windows or Mac devices. Layered policies create the parameters that dictate precisely how privileges are accessed across your network. They define what actions people can run and where. When policy conditions are met, an action is automatically applied (e.g. blacklisting, whitelisting, application elevation, etc.) on one or multiple assets. In this example, when someone clicks on a suspicious email attachment, malicious code will not run as an administrator.

Increase productivity

Simple user interface

Enable users to perform pre-approved actions on endpoints as if they were administrators, even when they are not. Allow them to install printers, change the time and date or run a whitelisted application without ever contacting the helpdesk, freeing you up to focus on more serious issues.

Streamline requests

Approval workflow policy

If users try to run unauthorized applications they are given a chance to request access with the click of a button. The requests are streamlined, so you can easily review, approve or deny within the dashboard. Integration with ServiceNow enables requests to be managed alongside other tickets for maximum productivity.

View reports

Review applications in event discovery

Deliver clear reports for information answering questions like: “What applications did users try to run that required admin rights?” These detailed reports show what needs to be reviewed for whitelisting or denial and help inform policies to automate similar future requests.