About the company:
One Identity is a proven global leader in Identity and Access Management (IAM) and Privileged Access Management (PAM). One Identity’s solutions help organizations around the world increase operational efficiency, reduce risk and administrative costs, and improve their overall cybersecurity. The company manages over 500 million identities for more than 11,000 organizations worldwide.
Solutions:
One Identity’s Unified Identity Security platform integrates best-in-class Identity Governance and Administration, Access Management, Privileged Access Management and Active Directory Management capabilities, enabling organizations to move from an isolated to a holistic approach.
One Identity SafeGuard Privileged Access Management (PAM)
Privileged access management is an information security mechanism that protects identities with special access and capabilities beyond those of ordinary users. Privileged accounts are treated with special care as they pose a risk to the technical environment, and with One Identity’s Privileged Access Management (PAM) solution, customers protect and control privileged access across environments and platforms.
IT administrators have difficulty managing privileged users for a number of reasons, some of which include:
- There are too many administrators;
- Shared passwords for root accounts;
- Continuous escalation of privilege;
- Lack of centralised access policies;
- Lack of visibility into access rights;
- The Principle of Least Privilege has not been applied;
- Need for accountability of actions and auditability on demand.
With One Identity Safeguard (PAM), you reduce security risks and get a solution to challenges:
- Discontinue the practice of shared accounts;
- Access control and introduction of workflows to grant/revoke/change permissions;
- Control the actions of privileged users;
- Identify and terminate risky behavior and unusual events;
- Reducing the potential damage from a security breach;
- Reducing the potential damage from a security breach;
- Full accountability of actions and investigation of incidents;
- Fast ROI with simplified deployment and management;
- Effective creation of audit reports;
- Compliance with external and internal security requirements;
- Compliance to standards and regulations.
One Identity Safeguard for Privileged Sessions
One Identity’s privileged session protection solution offers control, monitoring and recording of privileged sessions of administrators, remote providers and other high-risk users. By implementing the Safeguard for Privileged Sessions solution, organizations gain:
- Full session control, recording and playback - all session activity is captured, indexed and stored for tamper-proof data tracking.
- Real-time alerting and blocking - the solution monitors traffic in real-time to catch and block suspicious activity.
- Analysis Readiness - All privileged access and user behavior analysis information is collected and analyzed to detect threats.
- Full Text Search - Built-in OCR allows auditors to search any text entered or viewed by users. engine auditors can search for any text entered or seen by the user.
- Support for a wide range of protocols - administrators decide which protocols and network services to enable - SSH, Telnet, RDP, HTTPS, ICA, VNC, etc.
- Privileged Access Management - Centralizes management and allows users to request, grant and authorize privileged and user access.
Safeguard for Privileged Passwords
One Identity’s Privileged Password Protection solution automates, protects and simplifies the provisioning of privileged certificates. By implementing the Safeguard for Privileged Passwords solution, organizations gain:
- Activity Center - ability to create your own queries, view all activities and easily generate audit reports.
- Workflow mechanism - ability to create your own workflows with time constraints, emergency access, etc.
- Approval Anywhere - approve/reject every access request received using a cloud platform.
- Discovery - automatically searches for privileged accounts on your network, supporting host, directory and network discovery.
- Personal repositories - creates and stores secure passwords for all employees.
- High performance - designed for distributed operation with load balancing and faster throughput.
- Privileged Access Governance
One Identity Safeguard for Privileged Passwords 6.7 is Common Criteria certified against the NIAP-approved Network Device Security Profile, version 2.2e.
Safeguard for Privileged Analytics
The Privileged User Threat Analytics solution enables you to identify high-risk privileged users, monitor for suspicious behavior, and uncover previously unknown threats from inside and outside your organization. The One Identity solution detects anomalies and categorizes them by risk, allowing you to prioritize and take appropriate action, resulting in data breach prevention. By implementing the Safeguard for Privileged Analytics solution, organizations gain:
- Real-time threat analytics for privileged users - Safeguard for Privileged Analytics monitors and graphs user behavior in real-time.
- Baseline for "normal" behavior - Safeguard for Privileged Analytics uses data collected from your IT environment to build a baseline for "normal" behavior. This data is used by the threat analysis solution for privileged users to detect anomalies, through 13 different machine learning algorithms.
- Screen content analysis - the solution enables monitoring and analyzing the screen content of privileged sessions, issued commands and window titles, which can enrich the baseline profile of privileged users' behavior. This in-depth analysis can identify "typical" behavior and detect theft or abuse of privileged identities.
- Behavioral biometrics - each user has a unique pattern of behavior, even when performing identical actions, such as typing or moving the mouse. The algorithms built into Safeguard for Privileged Analytics verify these behavioral characteristics (captured by Safeguard for Privileged Sessions). Analyzing keystroke and mouse movement dynamics helps identify violations and also serves for continuous biometric authentication.
- Reduce alerting noise - the solution categorizes user events based on risk and deviation levels and highlights the most suspicious events. Alerts can be sent to the SIEM or your security analysts can view a prioritized list of events in an intuitive user interface, allowing them to focus on the most important events.
- Automated response - In most attack scenarios, there is usually an intelligence phase prior to the high-impact event. Detection and response at this stage is therefore critical to preventing malicious activity, and seamless integration with Safeguard for Privileged Sessions enables automated session termination when a highly suspicious event occurs or malicious behavior is detected.
Safeguard Authentication Services
The One Identity Safeguard Authentication Services Integrate solution enables users to log into non-Windows systems using their AD credentials. By deploying the Safeguard Authentication Services solution, organizations gain:
- Active Directory authentication capability for UNIX, Linux and Mac;
- Change control, signalling and monitoring;
- Group Policy for UNIX, Linux and Mac;
- SingleSign-On (SSO);
- Simplified identity and access management;
- Deployment flexibility;
- Support for two-factor authentication.
Safeguard On Demand
This SaaS-based Privileged Access Management (PAM) solution provides a secure, efficient and compliant way to manage privileged accounts.
One Identity’s SaaS solution is ISO/IEC 27001:2013 certified and aligned with the additional control implementation guidelines in ISO/IEC 27017:2015 and ISO/IEC 27018:2019.
By implementing the Safeguard On Demand solution, organizations gain:
- Discovery - automatically finds privileged accounts on your network with host, directory and network discovery capabilities.
- Security - stores privileged credentials in a secure device for greater security and faster deployment.
- Record - records all activities during the session, from keystrokes to mouse movements and windows viewed.
- Monitoring - monitors traffic in real time, and automatically performs predefined actions under certain conditions.
- Comprehensive audit
- View - playback or search for recorded events.
- Privileged Access Management.
Let us illustrate the concept of privileged access with an example from a real bank:
"A typical bank has customers, tellers and managers. Each "user" has a different level of privileged access to the bank's cash:
- Customers only have access to the money in their own bank account;
- Cashiers have greater rights than ordinary customers as they have access to all the money in their own drawers. ,
- Managers have even greater access than tellers, as they have access to the money stored in the bank vault.
In this banking example, tellers and managers are privileged users. Because these roles have access to a greater portion of the bank’s cash than customers, the bank must implement additional security measures before granting access to tellers and managers.”
Best practices for managing privileged access:
A privileged access management solution is only effective if it is implemented. Organisations should therefore consider the following best practices:
- Privileged accounts cannot be managed without applying the Principle of Least Privilege. Locking down the environment so that only privileged accounts can access certain resources is a prerequisite for a successful PAM solution deployment.
- Track all privileged accounts - it is not possible to manage privileged accounts that are not part of the PAM solution.
- Consider temporarily elevating privileges - instead of granting users permanent privileged access rights, consider granting access rights only when necessary and then removing them.
- Use role-based access control - Privileged access management will only work if there are different levels of role-based access in the system. For example, if everything were administrators, it could be much more difficult to secure and manage.
- Automate - Automation reduces the risk of human error and increases the efficiency of the information security environment.
- Monitoring, logging and auditing - it is essential that all privileged account activity is continuously monitored and logged proactively to protect the information the organization needs to protect its environment. However, it is also important that registers are regularly audited. If this is not done, the organisation will not have the necessary information to identify potential risks and implement measures to mitigate them.
