Control and Audit Privileged Access to the Hybrid Cloud
Xceedium’s Xsuite® seamlessly controls, monitors, and audits everything privileged users do across the hybrid cloud. It’s built on a zero trust model that expressly denies access to all systems and resources except those permitted by policy.
Xceedium Xsuite delivers robust access controls for privileged users across the widest range of enterprise IT infrastructure. You can protect multiple Linux distributions, Microsoft Windows, popular versions of Unix, networking devices including routers and switches, a comprehensive range of databases and business applications, and more. And optional Xsuite extensions provide enhanced integration, and superior protection, for hybrid-cloud infrastructure technologies including mainframes, Amazon Web Services (AWS), VMware vSphere, and Microsoft Online Services.
Comprehensive Privileged Identity Management Controls
Hybrid Cloud Protection
Hybrid-cloud computing exacerbates long-standing privileged identity management issues, while adding new challenges to the mix. With Xsuite, you seamlessly define, and enforce privileged identity management controls across the full range of IT infrastructure: enterprise data centers, virtualized infrastructure, and public or private clouds.
Consistent privileged user controls, based on defined roles leveraging existing identity and access management (IAM) infrastructure, are ensured regardless of where resources are running, or where you’ve implemented management capabilities. You’ll save time, money, and administrative overhead while enhancing the quality and consistency of controls. And a single source for policy definitions—along with comprehensive records of activity—ensures audit reporting is easier and faster.
Learn more about Xsuite’s comprehensive hybrid cloud protection.
Protect Sensitive Credentials
Xsuite manages and protects sensitive administrative credentials. Safely stored in a powerful vault, credentials are encrypted at rest, in transit, and in use, limiting the risk of theft or disclosure. Xsuite vaults and manages all types of credentials, such as SSH keys, not just traditional passwords. Xsuite can even eliminate the risks of passwords hard-coded into scripts and applications. Xsuite provides its own FIPS 140-2 Level 1 compliant encryption solution, and offers both Level 2 and Level 3 FIPS solutions through integrations with partner SafeNet.
Read about Xsuite’s Credential Safe™ and password management capabilities.
Privileged User Authentication
Privileged users control the most sensitive IT resources in your organization. Xsuite ensures these powerful individuals (or, increasingly, the scripts and programs written and deployed to perform administrative tasks on their behalf) are accurately authenticated.
Xsuite fully leverages your existing identity and access management infrastructure, with integration to Active Directory and LDAP-compliant directories, as well as authentication systems like Radius. Xsuite fully supports enabling technologies like PKI/X.509 certificates and security tokens. Support for Personal Identity Verification/Common Access Cards (PIV/CAC) ensures compliance with U.S. Federal Government HSPD-12 and OMB M-11-11 mandates.
Read more about authentication and federation.
Single Sign-On and Federated Identity
Xsuite separates authentication from access control, dynamically presenting lists of authorized resources and access methods to users after they successfully authenticate. Once authenticated to Xsuite, privileged users are presented with a customized list of systems they are authorized to access, and approved access methods (RDP, SSH, etc.). Xsuite automatically retrieves passwords from a secure Credential Safe™ where they’ve been encrypted, and presents them to the target system on behalf of the user. Individuals never see or possess credentials, so they’re not exposed to the risk of compromise or theft by individuals or malware.
Xsuite also provides sophisticated federated identity capabilities for privileged users, matching authorized individuals to specific accounts and credentials on target systems or–with environments like Amazon Web Services–dynamically creating ephemeral users with specific permissions based on policies.
Read more about controlling privileged user access.
Control Privileged User Access
Xsuite provides highly granular, role-based access control for the hybrid cloud. Xsuite controls access by network administrators, trusted insiders, third parties, and other privileged users. Control begins when privileged users initially authenticate to the system, as Xsuite implements a deny all, permit by exception (DAPE) approach to least privilege access controls. Users are able to see only those systems and access methods to which they’ve expressly been provided access.
Once they’re logged into a system, Xsuite policies provide an additional level of control by selectively filtering commands issued. Unauthorized commands are blocked, with optional user warnings and policy violation alerts to security teams and logs. In addition, Xsuite limits privileged users to authorized systems through “leapfrog” prevention that limits the ability to use one system as a launch point for additional attacks.
Read more about controlling privileged user access.
Protect Cloud Management Consoles
Xsuite can secure, monitor and audit extremely powerful new management consoles and APIs that virtualization and cloud providers are implementing as the rapid move to software defined datacenters and software defined networking takes place.
Read more about protecting cloud management consoles.
Monitor, Alert, and Enforce
Xsuite examines everything privileged users do while logged in to protected resources, regardless of the access method. Actions are compared with policies before execution, delivering proactive protection from unauthorized activities, malicious activity, and simple mistakes. Xsuite monitors and protects graphical sessions, terminal and shell access, and even Amazon Web Services API interactions. Events can be logged for later review or forensic analysis, and alerts garner the attention of Security Operations Center teams while individuals are warned or their sessions terminated.
With Xsuite, there’s never a question about who performed an action. Xsuite provides full attribution of actions taken to specific individuals, even when they’re using shared administrative accounts such as root. Xsuite eliminates anonymous administrator activity.
Read more about how Xsuite can monitor commands and enforce policies.
Record and Analyze Privileged Sessions
Xsuite provides complete capture and playback capabilities for privileged user sessions, and generates detailed logs of Amazon Web Services Management API-based interactions.
Xsuite provides full resolution capture of privileged user sessions. DVR-like playback controls allow auditors and investigators to review everything that happened during a session, with the ability to jump directly to attempted policy violations. Recording and playback capabilities are provided for graphical RDP sessions, SSH links (including the use of native SSH clients), and web-based applications and cloud management consoles.
Read more about Xsuite’s continuous session monitoring and recording capabilities.
A common attack technique exploits the rich mesh of network connectivity to move ever closer to sensitive assets. Starting from less critical resources, privileged users can exploit their position of trust to “leapfrog” from one system to another. A trusted user can take intermediate steps–connecting to servers via SSH, Telnet, or other means–to reach sensitive servers they can’t reach directly.
With Xsuite, a small footprint on your network can’t be exploited to gain roundabout access to unauthorized resources. Xsuite provides trusted users with a list of only those systems to which they’re expressly permitted access. And Xsuite actively blocks attempts to connect to systems and resources other than those expressly permitted.
Read more about Xsuite’s privileged user containment capabilities.
Automate Discovery, Protection, and Scale
Classic approaches to defining and provisioning policy will fail in today’s hybrid cloud environments. It’s that simple–when operators can create hundreds of new systems with a single command, there’s no way traditional provisioning and policy management approaches can keep pace.
Xsuite overcomes these limitations with the unique ability to automatically discover and provision virtualized and cloud resources with appropriate policies. Xsuite automatically establishes–and begins enforcing–desired policies on these dynamic resources. Infrastructure is never exposed, regardless of how rapidly it may appear. New resources are automatically added or removed from individual users’ access portals based on individual policies and group memberships.
Read more about how Xsuite is uniquely prepared to address fast moving, dynamic hybrid-cloud environments.