Zero Trust Access Management
PrivX is an access management gateway that is fast to deploy and simple to maintain. PrivX advances your security by allowing connections for only the amount of time needed, removing dependency on passwords, controlling access to both cloud-hosted and on-premises applications, and interfacing directly with your identity management system.
Lean and fast
Light on its feet, PrivX provisions administrative access for just the duration needed – no permanent access and no passwords to handle. Quick integration with ID management systems, and no agents to install.
Across hybrid and multi-cloud environments
Control and consolidate access to workloads in AWS, GCP, Azure and on-premises hosts from a single user interface.
Automated administrative access
Reduce errors and save time by connecting with existing AD/LDAP infrastructure, unifying user/role management and enabling SSO (single sign-on) logins. Set it and forget it – PrivX stays in sync and automatically discovers new hosts.
Download Gartner’s ‘Remove Standing Privileges Through a Just-in-Time PAM Approach’, courtesy of SSH.COM.
“PAM basics like vaulting and session management help mitigate the risk of the existence of privileged accounts. JIT (just-in-time) reduces the risk of privileged access abuse, and ZSP (zero standing privileges) reduces the attack surface of the privileged accounts themselves. “ - Gartner
How PrivX works
1. Identities automatically mapped from directory services.
PrivX integrates with LDAP, Microsoft AD, AWS Cognito and OpenID Connect. User/group ID data is automatically updated as people join, move or leave. When you set up PrivX you define access to target hosts for each appropriate role (e.g. quality engineer, developer, sysadmin etc.) and map the roles to existing AD/LDAP user groups. Any change in your user directory is updated immediately in PrivX, so there’s no separate privileged user directory.
2. Privileged access via ephemeral certificates.
Users log in to PrivX via their browser using SSO/MFA and can see all their available hosts. They can then access their hosts in one click. It’s “credentialess” because access is not granted by user passwords. This is possible because PrivX validates each secure SSH/RDP connection in real time with unique, short-lived certificates that are invisible to the user and automatically expire unless authorized by PrivX. There are no agents required on the client or host. PrivX acts as the only centralized certification authority for the target hosts. If required, native Mac and Linux SSH clients can be configured with PrivX Agent software.
3. Access elevation and 3rd parties.
Privileged access elevations and access for non-directory users is managed via request/approval workflows with the option of 4-eyes authorization. Access for 3rd parties can be managed according to policies defined in PrivX and access can be granted or revoked instantly.
4. Monitor and audit connections.
PrivX administrators can monitor and control the access lifecycle, including revocation and modification, down to granular access per host. SSH/RDP sessions can be recorded and played back with full audit log.
5. Multi-cloud, private cloud or hybrid.
PrivX admins have control over access to all on-premise and global cloud assets in one view. PrivX auto-discovers changes in your host environments. To integrate with standard software provisioning tools, like Chef and Ansible, PrivX provides deployment scripts. Users can then make SSH connections to target hosts according to your Ansible playbook via PrivX without the need for passwords. PrivX Extender software is also available to manage privileged access to VPCs (Virtual Private Clouds).
Privileged access re-imagined
PrivX stands apart from traditional privileged access management (PAM) tools by delivering a lean, cost effective solution. Compared to legacy PAMs, PrivX helps you to:
- Cut the costs of password lifecycle management and vaulting by granting short-lived authentication to users only when they need it.
- Economize on deployment and maintenance efforts by avoiding the use of agents on your client workstations and hosts.
- Fortify your cost-saving cloud deployments by controlling access to your AWS, GCP and Azure-host servers, on-premises – or any combination
The problems faced by today’s IT security professionals
IT environments are increasingly complex and they require security tools that can be both expensive to deploy and burdensome to use and maintain. Below are a few examples. Security is costly |  Today’s complex environments require enhanced security |  Security tools can be a hurdle to operations |
|---|---|---|
| PAMs are expensive to deploy and maintain Traditional PAMs require heavy resources to deploy and manage. Tasks include installing and updating agents on workstations as well as vaulting and rotating passwords. PAMs can take months and even years to install, and some are abandoned before full deployment. | As workloads move to the cloud, security concerns rise. As organizations take advantage of the economy that cloud hosting offers, security concerns also mount. Chief among these is managing access to sensitive data that reside in the cloud. | People will find ways to avoid difficult systems You need your access management tool to be easy so people will use it. Astute users can find ways to bypass heavier tools, like traditional PAMs. |
| Compliance can be burdensome Meeting internal and regulatory requirements can be onerous. You need to demonstrate that your systems are under control and that unwarranted users are kept out of your servers. | Need to control access inside the network Not only are insider attacks a threat, but the clever hacker who does gain access to your network can move among your systems if un-checked at access points. It’s not enough to control your perimeter; you need to control access inside network. | Need to conserve resources Your administrators have a lot on their plates. They need easy-to-use security tools so they can spend their time on more productive activities. |
PrivX: A modern solution for modern problems
PrivX helps you solve your access management problems cost effectively, securely, and in a package that your administrators will find easy to use.| Feature | Benefit |
|---|---|
| Ephemeral certificate-based authorization | Leave passwords in the dust by using just-in-time, temporary access to target hosts. Reduce your threat surface, and the money you spend on credential lifecycle management. |
| Agentless* | Benefit from fast deployment by avoiding the need to install traditional agents on client workstations and/or host servers. You’ll also be more likely to stay current with PrivX’s version updates when you only need to centrally update your software. |
| Integration with existing identity management systems | Economizing on time and effort, PrivX stays in sync with the role-based users in your identity management system. Employees come and go and change roles, while PrivX stays up to date. Expedite access to target hosts with SSO; users log in once and gain one-click entry. |
| Hybrid and multi-cloud support | PrivX manages access to target hosts whether they’re in AWS, Azure, GCP cloud environments, or all three, as well as private cloud and on-premises. |
| Recorded sessions with playback | Make easy work of preparing for audits, as well as post-event forensics. All access traffic is recorded and stored for review. |
| Additive for scalability and high availability | PrivX lets you add instances as your needs grow while providing high availability for disaster recovery. Your multiple, distributed PrivX instances can be dispatched through a common load balancer and connected to a database at the backend to run as a unified, highly available system. |
PrivX pricing options
PrivX Free
Perfect for companies or individuals looking for access management for small environments. No credit card required.
PrivX Enterprise
More than 500 servers. Talk to our experts about how PrivX can meet your specific needs.
Contact usRead more about how PrivX fits your business
PrivX is perfect for large enterprises, SMEs and start-ups across different industries. Check out some typical use cases...
PrivX under the hood
Get tech specs and details on integrations and compatibility.
Get the PrivX datasheetFaster software development in the enterprise
Learn how to master compliant cloud access management for distributed teams.
Download the enterprise use caseAdmins love PrivX
Learn how to radically reduce your privileged access workload.
Download the admin 1-pagerAgile multi-cloud DevOps
The fastest way to provision and audit access to all your AWS, GCP and Azure servers.
Download the multi-cloud use caseCompliant 3rd party access
See how to easily manage access for 3rd party IT admins and software developers.
Get the 3rd party use casePrivX FAQ
How does PrivX handle onboarding and offboarding of 3rd parties, contractors and employees?
Why is PrivX leaner than typical PAM?
What’s so special about host auto-discovery?
Why is PrivX faster than traditional PAM?
How does PrivX handle access termination?
Say no to vaults and password rotation.
PrivX integrations
Want to get a PrivX demo?
Get in touch. We treat every request with the highest urgency and integrity.
What is Ephemeral Access?
From permanent credentials to ephemeral certificates.
Download the white paper to learn about ephemeral certificates and credentialess access. Find out how you can streamline operations, increase business velocity and improve security.
Get in touch. We treat every request with the utmost urgency and integrity.
KuppingerCole recognizes PrivX as an innovative solution for the PAM market
The new Executive View Report states that PrivX is a unique and agile alternative to standard password vaulting and session management.
