e-DMZ Products Overview
Download as PPT, PDF2 likes2,844 views
The document outlines a comprehensive overview of a Total Privileged Access Management (TPAM) solution designed to address security and compliance challenges associated with privileged accounts and access. It details various components such as password management, session management, and command management, highlighting their modular design and integration capabilities. The TPAM suite is positioned as a scalable solution to manage complex compliance requirements across multiple industries, with proven deployments in numerous leading enterprises.
e-DMZ Products Overview
- 1. Solution Overview Best Regulatory Compliance Solution Best Password Management Solution Mach 2010
- 2. Company Overview Founded in 2001 Compliance Driven Security Solutions for…. Shared Account/Service Account Password Management (SAPM*) Remote Vendor Access Developer Access to Production Superuser Privilege Management (SUPM*) Proven Solutions Deployed Across ALL Market Verticals Over 350 installations world-wide including… 4 of top 10 Forbes Ranked Enterprises 3 of top 5 Largest Financial Services Leading enterprises in Manufacturing, Financial, Services, Telecommunications, Pharmaceutical/Chemical, Healthcare and more.. SC Awards 2010 “Best Regulatory Compliance Solution” Finalist Privately Held Profitable w/Organic Growth Headquartered in Delaware R&D Center in Raleigh NC 7x24x365 eDMZ Support Operations World-wide Partnerships * Gartner defined terms & markets
- 3. Introducing TPAM Total Privileged Access Management (TPAM) Suite A product Suite designed to solve security and compliance issues associated with privileged users and privileged access Modular design allows flexibility to grow Start with required base modules Add additional modules as needs change
- 4. Introducing TPAM TPAM is built on either or Password Auto Repository™ (PAR) or eGuardPost™ base appliances From either platform you can enable additional modules as needed Buy what you need today Expand if needed in the future
- 5. Privileged Password Management Privileged Accounts are typically UBIQUITOUS Unlike “User” accounts, no individual association Many times have known default passwords Privileged Accounts exist in every system, network device, database, etc. Privileged Accounts have extensive ACCESS and CONTROL Many times full system access and control Configuration and audit controls Regulatory and Compliance AUDIT ISSUES Privileged/Shared/Service/Application account management growing audit area What was acceptable yesterday is NOT accepted today Issues and Challenges
- 6. Privileged Password Management Enterprise Requirement Secure Dual release control Change Controls Enterprise Integration TPAM Suite/PPM Module Extensive built-in security Password encrypted via RSA Bsafe Full Disk encryption via Guardian Edge Embedded hardware firewall Purpose built appliance Dual or more release controls Extensive configurable change control Time based (every X days) Last-use based Force change Extensive integration with Strong authentication solutions Active Directory Ticketing systems
- 7. Privileged Password Management Enterprise Requirement Effective workflow Ease of deployment & integration TPAM Suite/PPM Module TPAM Workflow values Web-base client access Role-based Dual authorization controls eMail based notifications Robust small screen support Robust CLI/API Installed & configure in one day Drop-in appliance Client/agentless deployment Tight integration w/AD Import via .csv Full API/CLI Audit, SNMP, Syslog Small screen support example
- 8. Privileged Password Management Enterprise Requirement Individual Accountability TPAM Suite/PPM Module Assured via PPM Configuration options to limit password release to one admin at a time. Last-use change control assures unique passwords each release Dual authorization controls PPM delivers individual accountability to shared admin and other accounts
- 9. Workflow – Password Request Initiate Password Request Filter & Select Account(s) Enter Date/Time/Duration/Reason Password is needed Optional ticket field. Can be active (check ticket) or passive. Retrieve Password
- 10. Workflow – Small Screen Hyperlink Format Initiate Request * Small screen support configured on a per user basis Filter Request or view most recent Select Password. Quick Request automatically submits with default reason “Request from mobile device” Enter ticket number (if required) and submit to get password Password retrieved from handheld.
- 11. Application Password Management Embedded/Hard-coded passwords represent an often “hidden” exposure Accounts/passwords known to programmers Back-door accounts Application requirements can vary widely Continuous A2A connectivity Transaction A2A connectivity Issues and Challenges
- 12. Application Password Management Enterprise Requirement Replace Embedded Passwords Support “High Demand” transaction type applications TPAM Suite/APM Module Full API/CLI C/C++ Java .NET Perl PAR Cache Add-on capability Available as Cache appliance or VM Supports central or distributed needs Over 500 requests/second
- 13. Privileged Session Management Compliance often drives the need to know WHAT was done during certain privileged or sensitive access – do you need to know exactly what as done by: Remote Vendors? Outsourced service providers? Developers granted access to production systems? Fire-call activities? Users or admins accessing sensitive resources or applications (Financial/Sox servers, HR, etc.) Certain access demands higher audit and control Need to restrict direct resource access Issues and Challenges
- 14. Privileged Session Management Enterprise Requirement Fine grain access control Connection controls Session Audit TPAM Solution/PSM Module User control point Limits resource view based on role Full control over connections Dual authorization controls Session time limits Alarm notification session overrun Manual session termination options Unmatched session audit Audit/log all connection requests, approvals FULL session recording with DVR replay
- 15. Privileged Session Management Enterprise Requirement Strong Audit TPAM Suite/PSM Module Unmatched session audit Audit/log all connection requests, approvals FULL session recording with DVR replay DVR Style Replay Control Full Session Recording and Replay of ALL activities
- 16. Workflow – Session Request Request a session connection Select from a list of systems and accounts the specific user has authorization to request connections too. Enter date/time/duration of connection request. Can request for future date/time to allow advanced approval if under dual authorization control. Once connection approved (or auto approved) simply CONNECT!
- 17. Workflow – Session Request User connected and performs required work Session can be configured for interactive or auto-login EVERY action on the target system will be recorded (Keystrokes, mouse, links, etc.) If user session extends beyond requested time, configurable alert notifications of session overrun can be sent Active sessions can be manually terminated by authorized administrators Connection proxy created to selected System and Account
- 18. Workflow – Session Replay Session recordings are kept local or can be automatically archived. Stored sessions can be searched based on date, system, account, user and/or ticket number Once selected, REPLAY SESSION will retrieve session and replay.
- 19. Workflow - Session Replay All session activity is recorded and viewable Via session replay. Recording are NOT AVI type files – recording size is compressed and VERY manageable. DVR- Style controls allow control of replay of Recorded sessions.
- 20. Privileged Command Management Strong compliance need to restrict Superuser privilege access Need to grant superuser rights without full superuser control Need to restrict what remote vendors or services providers can do Reduction in staff driving a need to “do more with less” Need to delegate certain privileged functions without granting total privileged control Need support across both Unix and Windows platforms Issues and Challenges
- 21. Privileged Command Management Enterprise Requirement Superuser Privilege Management (SUPM) Support multi-platform environments TPAM Solution/PCM Module SUPM Values Command level access controls No ability to execute outside of command limit Record all activity TPAM supports PCM for: Unix Windows Others (coming in future release) Session Restricted to Single Command (this example Computer Management) No other Windows functions available
- 22. Workflow – Command Management Commands are added via the Privileged Command Management Tool.
- 23. Workflow – Command Limited Session Same workflow as normal session request. Same workflow as normal session request
- 24. Workflow – Command Limited Session Session is to back-end target/account (Windows A3/e22egp) via PCM, user session is established and user is placed into the specific “command”. In this example, Computer Management. No access to other target commands, menu’s, etc. is allowed. The session will only exist within the context of the specific command (eg. Computer Management). Once the user exits the command, the session is immediately terminated.
- 25. TPAM Summary
- 27. Deployment Options Central deployment of all TPAM management functions Configuration Release controls Change controls Audit Central TPAM Deployment
- 28. Deployment Options Business Unit/Geographical control License flexibility – can support central or BU license purchase agreements De-centralized TPAM Management
- 29. Deployment Options Central configuration control and audit Distributed (local) password check/change via DPA Only require SSH from PAR to PAR DPA All check/change connectivity (SSH, RDP, etc.) internal to the datacenter/location* Distributed Privileged Password Management
- 30. Sample Customers
- 31. Sample Customers