Solutions

• Overview
• Vendor Access Control
• Network Segmentation
• PCI DSS Compliance
• HIPAA Compliance
• FISMA Compliance
• NERC CIP Compliance
• Password Management
• Remote Access Control

Privileged User & Application Password Management

Many organizations apply state-of-the-art controls and technologies to the passwords employed by their end users. But when it comes to extremely sensitive root or administrative user (privileged user) credentials, and the passwords used by applications to gain access to IT resources, those same organizations are forced to rely on simplistic, insecure approaches.

It’s not uncommon for privileged account IDs and passwords (for IT infrastructure components, for example) to be shared among multiple individual administrators. Even more troubling, those credentials are often stored in insecure and easily compromised places like spreadsheets.

Similarly, passwords needed by applications and scripts for accessing databases, other applications, and system services are often hard-coded directly into code or scripts. There, they can be easily accessed—and abused—by virtually anyone in the group of operators, privileged users, and even contractors or vendors who have ready access to the environment. These passwords also are a major target for hackers.

The subsequent risk of security breaches isn’t the only problem with these traditional approaches to privileged user and application password management. Since it’s hard to coordinate changes in and to deploy passwords, they generally aren’t changed on a regular basis, which increases the likelihood of a breach. Passwords are more often selected for ease-of-use and simplicity, rather than for strong security. And because passwords are shared or easily retrieved, establishing accountability for specific actions and events is often impossible.

Xceedium’s Privileged User & Application Password Management Benefits:

• Eliminate shared passwords – Because privileged passwords are no longer shared, and individuals gain access to only the specific systems needed to perform their responsibilities, the probability and potential scope of a breach is reduced. And one-to-one associations between individuals and their actions means that accountability is restored

• Improve security team productivity – Role-based access controls and built-in workflows make the job of administering privileged access control easier and less time-consuming. Security teams can focus on high-value, high-impact activities—instead of day-to-day administrative functions

• Improve privileged user productivity – Single-sign-on access to administrative systems and devices makes it easier to access needed resources. Individuals can work faster and respond to issues immediately

• Prevent application password exposures – By removing hard-coded passwords and user IDs and storing them in a highly secured password vault, the probability of unintentional disclosure is dramatically reduced. Learn more about our Application Password Management module

• Manage passwords end-to-end – Passwords are protected in storage, in transit and in use with a powerful password vault, encrypted transmission, and a secure password cache. Temporary root passwords can be released directly to individuals, or connections can be brokered without ever disclosing sensitive information.

• Ensure compliance with privileged password management best practices – Establish and enforce policies for password complexity, frequency of password changes and password re-use. For especially sensitive systems, dual-release protocols may be necessary, requiring authorization for use by more than one person

• Audit and report – Maintain comprehensive records on privileged user activities and actual use of privileged passwords, including access logs, command-line session keystroke logging and capture, and full-screen session recording. Integrated tags provide direct access to policy violations and significant events

• Protect organization from rogue administrators – Eliminate the ability of a single individual to control access to systems and the risk that a disgruntled employee will hold resources hostage

• Leverage existing identity management infrastructure – Comprehensive integration with enterprise directories like Active Directory and LDAP, support for Kerberos, X.509 Certificates, two-factor tokens and more.

Learn more about our Password Management module.