Privileged Identity Management
Transparently control privileged identities in your Secure Shell networks
Privileged identities often have the highest levels of access and lowest levels of business responsibility. That is a bad combination if you have a malicious insider or compromised identity in your networks
In unmanaged environments, privileged identities can easily create back doors, evade firewall and blind you as to what they are doing. Network based privileged identity management enables organization to transparently control what privileged identities can access and what they can do inside of your environment.
Recent high profile security breaches have shown us that organizations need ensure that their privileged identities are following policy and not making end-runs around your security controls. Whether your are defending against a malicious insider or a external attacker, by controlling what a privilege identity can do you can limit the size and scope of a potential exploit.
Think of it like an advanced firewall for your Secure Shell networks but with extended capabilities to enforce policy based on role.
- Advanced Secure Shell firewall. If an attacker gains access to your Secure Shell networks they can easily bypass your firewall policy controls by creating sub-channels such as FTP or TCP within a Secure Shell tunnel. This can allow an attacker to easily forward traffic that would otherwise be blocked by your firewall from leaving the organization or being sent to an unauthorized internal endpoint.
- Policy & role based access controls.Enterprises need to control who can access what systems as well as what those identities can do once they are authenticated. For instance, an administrator may need to have access to a server to perform her tasks and, based on her Active Directory profile, she can access a set of servers. But the administrator does not need to be able to transfer files as part of her job, and if she did that would be a policy violation.
CryptoAuditor functions as an advanced Secure Shell firewall by controlling which identities can utilize sub-channels. It also enables access controls at the network level to ensure your information remains secure – all without any interruption to your existing workflows.