Maximum protection of sensitive data against unauthorized access
Protect your most critical resources from compliance breaches and data leaks - with our PAM tool, you can now easily close sensitive security gaps.
We support you from the adaptation of your existing rights and roles concept to the implementation and safeguarding of your new PAM tool.
// What is PAM?
Outdated and poorly maintained accounts are an enormous security risk. Users that no longer exist, incorrect access rights or neglected password guidelines - they all open the door to unauthorized access.
Critical user groups with admin rights or security classifications are particularly at risk. This is exactly where Privileged Access Management (PAM) comes in. PAM is a security concept that controls and monitors the access and activities of users with privileged access rights.
Privileged rights go beyond the powers of an average user account and are therefore particularly susceptible to fatal data breaches. The PAM tool specializes in protecting high-risk identities.
// What are the benefits of the PAM tool?
- Avoidance of over-privileging of users
- Rights are only granted temporarily for a certain period of time (2 - 10 h)
- Enforcement of the principle of minimum rights (least privilege)
- Detailed monitoring and logging of user activities
- Prevention of insider threats and external attacks
- Simplification of the administration of complex IT structures
- Support for adherence to compliance regulations
How our PAM tool works
Our PAM tool is operated as a local web service within your intranet. Access is comprehensively secured by single sign-on (SSO) and additional multi-factor authentication (MFA).
Authorizations are assigned dynamically as required and can be limited in time. By default, all users work with predefined basic rights. Adjustments can be requested directly via the tool.
The assignment and use of elevated rights is logged automatically and seamlessly. This means that it is always possible to trace which users had which access rights at which time. Extended monitoring and protection mechanisms are available for particularly sensitive user groups - including email-based dual control to reliably prevent unauthorized access.
- Web browser-based on standard Windows components (IIS server)
- Integration in Active Directory via service account with delegated authorizations
- Connection to any identity provider via standard authentication protocols
- Active Directory, AD FS, Azure MFA, Okta, RSA, OneSpan and many more.
- Protocols: Kerberos, SAML
- Saving the settings and protocols in the SQL server database
- High-availability configuration via redundant servers with load balancing if required
- Management of authorizations via Active Directory groups
- Notification and confirmation workflow by e-mail