SSH.COM PrivX®

Zero Trust Access Management

SSH.COM PrivX®

Zero Trust Access Management

PrivX® Free - Zero Trust for zero bucks!

Replace your in-house jump hosts, VPN or native AWS, GCP or Azure tools with our true multi-cloud solution.

Gartner research

“The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high. Security and risk management leaders engaged in IAM must implement a zero standing privileges strategy through a just-in-time model.” - Gartner

Zero Trust access for robots with PrivX®

Find out how robotic process automation (RPA) specialists, MOST Digital, use PrivX to handle automated access to customer environments.

Zero Trust Access Management

PrivX is an access management gateway that is fast to deploy and simple to maintain. PrivX advances your security by allowing connections for only the amount of time needed, removing dependency on passwords, controlling access to both cloud-hosted and on-premises applications, and interfacing directly with your identity management system.

Try it now in your browser!

Lean and fast

Light on its feet, PrivX provisions administrative access for just the duration needed – no permanent access and no passwords to handle. Quick integration with ID management systems, and no agents to install.

Across hybrid and multi-cloud environments

Control and consolidate access to workloads in AWS, GCP, Azure and on-premises hosts from a single user interface.

Automated administrative access

Reduce errors and save time by connecting with existing AD/LDAP infrastructure, unifying user/role management and enabling SSO (single sign-on) logins. Set it and forget it – PrivX stays in sync and automatically discovers new hosts.
 
gartner_logo_small

Download Gartner’s ‘Remove Standing Privileges Through a Just-in-Time PAM Approach’, courtesy of SSH.COM.

“PAM basics like vaulting and session management help mitigate the risk of the existence of privileged accounts. JIT (just-in-time) reduces the risk of privileged access abuse, and ZSP (zero standing privileges) reduces the attack surface of the privileged accounts themselves. “ - Gartner

Download the Gartner research
 
 

How PrivX works

 

privx_how_big

1. Identities automatically mapped from directory services.

PrivX integrates with LDAP, Microsoft AD, AWS Cognito and OpenID Connect. User/group ID data is automatically updated as people join, move or leave. When you set up PrivX you define access to target hosts for each appropriate role (e.g. quality engineer, developer, sysadmin etc.) and map the roles to existing AD/LDAP user groups. Any change in your user directory is updated immediately in PrivX, so there’s no separate privileged user directory.

2. Privileged access via ephemeral certificates.

Users log in to PrivX via their browser using SSO/MFA and can see all their available hosts. They can then access their hosts in one click. It’s “credentialess” because access is not granted by user passwords. This is possible because PrivX validates each secure SSH/RDP connection in real time with unique, short-lived certificates that are invisible to the user and automatically expire unless authorized by PrivX. There are no agents required on the client or host. PrivX acts as the only centralized certification authority for the target hosts. If required, native Mac and Linux SSH clients can be configured with PrivX Agent software.

3. Access elevation and 3rd parties.

Privileged access elevations and access for non-directory users is managed via request/approval workflows with the option of 4-eyes authorization. Access for 3rd parties can be managed according to policies defined in PrivX and access can be granted or revoked instantly.

4. Monitor and audit connections.

PrivX administrators can monitor and control the access lifecycle, including revocation and modification, down to granular access per host. SSH/RDP sessions can be recorded and played back with full audit log.

5. Multi-cloud, private cloud or hybrid.

PrivX admins have control over access to all on-premise and global cloud assets in one view. PrivX auto-discovers changes in your host environments. To integrate with standard software provisioning tools, like Chef and Ansible, PrivX provides deployment scripts. Users can then make SSH connections to target hosts according to your Ansible playbook via PrivX without the need for passwords. PrivX Extender software is also available to manage privileged access to VPCs (Virtual Private Clouds).

Privileged access re-imagined

PrivX stands apart from traditional privileged access management (PAM) tools by delivering a lean, cost effective solution. Compared to legacy PAMs, PrivX helps you to:

  • Cut the costs of password lifecycle management and vaulting by granting short-lived authentication to users only when they need it.
  • Economize on deployment and maintenance efforts by avoiding the use of agents on your client workstations and hosts.
  • Fortify your cost-saving cloud deployments by controlling access to your AWS, GCP and Azure-host servers, on-premises – or any combination

Download the PrivX datasheet

The problems faced by today’s IT security professionals

IT environments are increasingly complex and they require security tools that can be both expensive to deploy and burdensome to use and maintain. Below are a few examples.

Security is costly

Today’s complex environments require enhanced security

Security tools can be a hurdle to operations

PAMs are expensive to deploy and maintain
Traditional PAMs require heavy resources to deploy and manage. Tasks include installing and updating agents on workstations as well as vaulting and rotating passwords. PAMs can take months and even years to install, and some are abandoned before full deployment.
As workloads move to the cloud, security concerns rise.
As organizations take advantage of the economy that cloud hosting offers, security concerns also mount. Chief among these is managing access to sensitive data that reside in the cloud.
People will find ways to avoid difficult systems
You need your access management tool to be easy so people will use it. Astute users can find ways to bypass heavier tools, like traditional PAMs.
Compliance can be burdensome
Meeting internal and regulatory requirements can be onerous. You need to demonstrate that your systems are under control and that unwarranted users are kept out of your servers.
Need to control access inside the network
Not only are insider attacks a threat, but the clever hacker who does gain access to your network can move among your systems if un-checked at access points. It’s not enough to control your perimeter; you need to control access inside network.
Need to conserve resources
Your administrators have a lot on their plates. They need easy-to-use security tools so they can spend their time on more productive activities.

PrivX: A modern solution for modern problems

PrivX helps you solve your access management problems cost effectively, securely, and in a package that your administrators will find easy to use.
FeatureBenefit
Ephemeral certificate-based authorization
 
Leave passwords in the dust by using just-in-time, temporary access to target hosts. Reduce your threat surface, and the money you spend on credential lifecycle management.
 
Agentless*Benefit from fast deployment by avoiding the need to install traditional agents on client workstations and/or host servers. You’ll also be more likely to stay current with PrivX’s version updates when you only need to centrally update your software.
 
Integration with existing identity management systems
 
Economizing on time and effort, PrivX stays in sync with the role-based users in your identity management system. Employees come and go and change roles, while PrivX stays up to date. Expedite access to target hosts with SSO; users log in once and gain one-click entry.
 
Hybrid and multi-cloud support
 
PrivX manages access to target hosts whether they’re in AWS, Azure, GCP cloud environments, or all three, as well as private cloud and on-premises.
 
Recorded sessions with playback
 
Make easy work of preparing for audits, as well as post-event forensics. All access traffic is recorded and stored for review.
 
Additive for scalability and high availability
 
PrivX lets you add instances as your needs grow while providing high availability for disaster recovery. Your multiple, distributed PrivX instances can be dispatched through a common load balancer and connected to a database at the backend to run as a unified, highly available system.
 

PrivX pricing options

PrivX Free

Perfect for companies or individuals looking for access management for small environments. No credit card required.

Free
  Start now!

PrivX Enterprise

More than 500 servers. Talk to our experts about how PrivX can meet your specific needs.

Contact us

Read more about how PrivX fits your business

PrivX is perfect for large enterprises, SMEs and start-ups across different industries. Check out some typical use cases...
privx_product_download

PrivX under the hood

Get tech specs and details on integrations and compatibility.

Get the PrivX datasheet
privx_product_download

PrivX for Ops

Find out how to save valuable R&D time for productive work.

Download the 1-pager
privx_product_download

Faster software development in the enterprise

Learn how to master compliant cloud access management for distributed teams.

Download the enterprise use case
privx_product_download

Admins love PrivX

Learn how to radically reduce your privileged access workload.

Download the admin 1-pager
privx_product_download

Agile multi-cloud DevOps

The fastest way to provision and audit access to all your AWS, GCP and Azure servers.

Download the multi-cloud use case
privx_product_download

Compliant 3rd party access

See how to easily manage access for 3rd party IT admins and software developers.

Get the 3rd party use case

PrivX FAQ

How does PrivX handle onboarding and offboarding of 3rd parties, contractors and employees?
PrivX fetches user groups automatically and admins simply map groups to the appropriate access roles e.g. HR manager, quality engineer, access administrator, IT manager etc. Every joiner, leaver or mover’s context is immediately updated in PrivX, and access is granted, revoked or modified instantly!
Why is PrivX leaner than typical PAM?
PrivX helps you avoid duplicate work. You use your existing user identities from your AD/LDAP and PrivX fetches user groups for you automatically. It’s not like PAM where you have to duplicate your users manually or worry about keeping two separate systems up-to-date!
What’s so special about host auto-discovery?
PrivX gives you a real-time view to all your global cloud and on-premise server instances automatically. No need to switch screens or apps to find and configure hosts in different regions or different CSPs. No need to configure access per host: PrivX updates your access roles to the hosts automatically!
Why is PrivX faster than traditional PAM?
Every second your developers wait for secure access to critical resources during production, testing and deployment is downtime. Every lost password, rotation, or request for credentials slows down your processes. PrivX grants privileged access on-demand and in the right context for each and every developer. Developers see their list of servers and access them in 1-click.
How does PrivX handle access termination?
Poorly managed credentials can be exploited, forgotten, become obsolete or be misconfigured. With PrivX, access expires automatically after it is no longer necessary. Admins can also terminate access instantaneously, or easily set time limits in advance.
Say no to vaults and password rotation.
They are a growing risk factor and slow you down. Now, you can safely and securly provision access in rapidly changing enterprise and outsourced multi-cloud environments, and demonstrate compliance. It's time to go credentialess.

PrivX integrations

  • 1280px-Microsoft_Azure_Logo
  • active-directory-logo
  • aws-logo-300x138
  • google
  • openid-logo-wordmark
  • Splunk-logo
  • Forgerock_Logo_190px
  • 1200px-Fujitsu-Logo

Want to get a PrivX demo?

Get in touch. We treat every request with the highest urgency and integrity.

Request a PrivX demo

 
Ephemeral_Certificates-white_paper

What is Ephemeral Access?

From permanent credentials to ephemeral certificates.
Download the white paper to learn about ephemeral certificates and credentialess access. Find out how you can streamline operations, increase business velocity and improve security.

Learn more about Ephemeral Access
 
Need more information about PrivX?

Get in touch. We treat every request with the utmost urgency and integrity.

 
kuppinger_social

KuppingerCole recognizes PrivX as an innovative solution for the PAM market

The new Executive View Report states that PrivX is a unique and agile alternative to standard password vaulting and session management.

Download the report