Hitachi ID Privileged Access Manager secures privileged access with:
Privileged Access Manager integrates with corporate directories to identify users. It can either leverage existing 2FA solutions, such as tokens or smart cards, or introduce its own 2FA, via a smart-phone app.
Users may request access to shared or personal administrator accounts or membership in security groups. Access may be pre-authorized or require approval using the included workflow. Access rules are normally based on membership in groups on the corporate directory.
Privileged Access Manager can randomize up to 2 million passwords daily. These are stored in an encrypted, replicated vault that protects against data loss and service interruption.
While Privileged Access Manager can disclose passwords, it more commonly connects authorized users to login sessions. These can be established directly from the user's PC, or via two kinds of proxy ("jump") servers -- VDI or HTML5. Any kind of administrator program can be launched with these mechanisms.
Privileged Access Manager can secure access to sensitive accounts on most servers, directories, network devices, databases and applications.
Privileged Access Manager discovers SSH trust relationships and analyzes this graph when granting access. It can grant access on Unix/Linux systems by creating temporary trust relationships.
Privileged Access Manager uses a local agent to secure access to PCs that are sometimes turned off, unplugged from the network, change IP addresses or taken off-site.
When Privileged Access Manager is configured to launch login sessions and inject vaulted passwords, it can also record user activity. Video capture, keylogging, copy buffer integration and more support detailed forensic audits.
Privileged Access Manager can randomize Windows service account passwords. It notifies the Service Control Manager, Scheduler, IIS and other OS components of the new password, to ensure uninterrupted service after each password change.
Privileged Access Manager provides an API that allows one application to securely acquire a password that will then be used to connect to another. This eliminates plaintext passwords in source code or configuration files.
Privileged Access Manager can automatically discover systems, lookup appropriate credentials, connect to them and scan for accounts, groups and services. Discovered systems and accounts are automatically assigned to policies based on import rules.
Privileged Access Manager includes a variety of built-in reports and dashboards, to monitor the behaviour of individual users, access to systems and load on the system as a whole. A risk model identifies unusual patterns -- high risk or out-of-pattern behaviour and can trigger additional approvals or trigger post-facto reviews.