PrivX™ lean PAM

Why do customers choose PrivX?

PrivX is a great fit for businesses looking to reduce the operational friction, maintenance overhead and complexity of secure access management.

Customer casesTry free now

hert-niks-vlHiGpVOTDc-unsplash

Who saves the most time and money with lean PAM software?

  • Organizations transitioning IT workloads, applications and services to multi-cloud environments and/or operating in the hybrid cloud.
  • Companies looking to decrease the numbers of credentials, privileged passwords or digital keys that they need to manage.
  • Enterprises with in-house engineers and admins, agile DevOps teams, outsourced software developers or IT teams.
  • Managed Service Providers (MSP) Managed Hosting Providers (MHP) and businesses in operational technology (OT).
  • Regulated enterprises that need to demonstrate compliance. 

PrivX adapts to various use cases

PrivX_hosts2

Secure interactive access to servers using SSH, RDP or VNC

In this example, a privileged user needs to complete a maintenance task on the target server. 

With PrivX:

  • the user gets just enough access to complete the task.
  • the user can easily establish a SSH (Secure Shell), RDP (Remote Desktop Protocol) or VNC (Virtual Network Computing) connection to targets using a browser.
  • User accounts on the target can be shared or personal.
  • Connections are established with one click via SSO from an up-to-date list of resources in PrivX.
  • If needed, native clients can be used.
  • There are no secrets to remember or handle.
SCREEENHSHOT_PrivX_hosts2

Protect interactive access to web applications (HTTPS)

Examples of web applications include IT tools, like AWS management console, portals for managing network devices and also the company’s systems for e.g. social media, human resources or finance.

In PrivX, users can easily make connections to web services from a list of available targets. The list is always up-to-date based on the user’s role. Passwords are stored in PrivX so users never handle them or need to remember them. 

The admin has full visibility into who made connections to which targets, even if shared accounts are being used. The user’s access rights are automatically revoked if their role changes.

SCREENSHOT_PrivX_connections2

Interactive access session auditing for forensics

IT admins need to make sure that only authorized (privileged) users can access targets.

PrivX employs role-based access controls (RBAC). With integration to IDM/IAM systems it is possible to automate the joiners, movers and leavers process so that users have access only to their available resources at a given time. They are granted access just-in-time (JIT) and and only get just-enough-access (JEA) to get the job done.

Administrators get full visibility into who accessed which target even if shared accounts are being used.

User access rights are automatically revoked if their role changes. Sessions can be recorded for further analysis. Audit events can be sent to external systems, like SIEMs (Security information and event management systems) to provide a 360-degree view of activities.

SCREENSHOT_PrivX_vault

Secure and audited machine-to-machine access

Machine-to-Machine (M2M) or Application-to-Application (A2A) access can also be secured with PrivX.

For SSH access, SSH client hosts authenticate to the PrivX bastion using SSH public key authentication or by using pre-configured PrivX-specific credentials. The connection from the PrivX bastion to the target host can be authenticated using any supported authentication method.

Since the connection goes through the PrivX bastion, it is audited, and the trace of connections and file transfers is retained in PrivX logs.

Regardless of the authentication method clients use to authenticate to the PrivX bastion or the bastion uses to authenticate to the target host, the client host never acquires credentials to directly access the target host.

For any other machine-to-machine use cases, PrivX provides a Vault that can store access credentials. The Vault is accessible through a REST API and PrivX provides a command line interface (CLI) client, as well as Golang and Python SDKs (software development kit), for storing and retrieving these secrets.

Learn more about PrivX Secrets Vault here>>>

SCREENSHOT_PrivX_vault

PrivX Secrets Vault for secrets management

We always encourage customers to use just-in-time and  ephemeral certificate-based authentication. For systems that cannot be configured for certificate access, PrivX provides a Vault API and a Vault UI for storing and retrieving secrets. 

PrivX comes with a CLI  client, as well as Golang and Python SDKs, for storing and retrieving secrets. The privileges to access and modify stored secrets are granted via PrivX roles.

PrivX supports storing any kind of secrets encapsulated in JSON (JavaScript Object Notation) format. You can also use ready-made templates that allow PrivX to be used as a shared and collaborative password manager through the UI. 

Learn more about PrivX Secrets Vault here>>>

Hills

Key-less Gitlab and GitHub access

As repository access to Gitlab and GitHub is made over SSH, developers traditionally have to upload their SSH public keys to the service and authenticate their Git actions against the repositories using an SSH private key.

With PrivX, those connections can be configured to use ephemeral certificates. This means that developers authenticate to PrivX using their company credentials and, if context restrictions such as location and time are met, they get mapped to a role that enables repository access. When a developer opens a connection to the repository, PrivX issues an ephemeral certificate containing the access secrets needed to authenticate the connection. The developer does not handle or see any keys or secrets during this process.

You no longer have developer-owned private keys in unknown locations!

See PrivX for yourself

Start the browser-based PrivX Test Drive right now or get in touch about an enterprise demo or POC.
 
PrivX Test DriveContact sales

Customer quotes

 

It took us four hours to set up the test environment from start to finish. And the amazing part was when we connected to Azure, we could retrieve all the VMs right away without any kinds of hassle.”

sami_saisa

Sami Säisä, Director, Head of Strategic Development, MOST Digital

PrivX makes life easier.”

IT manager at a large industrial equipment company

SSH.COM is trusted by
PrivX customer story

How to achieve a great TCO with secure access

A specialist partner company deployed both our PrivX solution and a traditional PAM for comparison at a customer site. They made observations from the client perspective about PrivX Total Cost of Ownership (TCO) benefits.

Success

Lean software functionality

  • No client/host agents
  • No Remote Desktop Protocol (RDP) licenses required (built into browser access)
Finance

Low platform (HW) & license pricing

  • 3-5x lower platform costs
  • Cost savings: Log and storage requirements, native storage, (Security Information and Event Management) SIEM integration
Hourglass

Fast roll-out

  • 2-3x faster roll-out
  • Cost savings: Installation, configuration, onboarding, feature adjustments, access to network devices/IIoT
Checklist

Great user productivity

  • Speed of access (one click) vs. fetching passwords from a vault interface
  • No need to remember or search for target host names/accounts
Number-one

Minimal maintenance resources

  • 2x lower resources
  • Cost savings through minimal need for: Dedicated PAM personnel, training, keeping the environment up to date and "patching"
ROI

CAPEX replaced by small OPEX

  • No special internal resources/ capabilities required, no extra platform costs, easy and quick to deploy, no long commitment

Customer cases

Success

Demonstrate policy compliance and accelerate daily operations for RPA

Premise: MOST Digital, a Robotics-as-a-Service (RaaS) company, needed to access their clients’ critical production environment to automate their tasks.


Challenge: They relied on jump host, VPN tunneling and ad hoc processes that were difficult to manage, required time-consuming manual configurations and did not produce consistent audit trail of activities which was important for their customer.


Change: MOST Digital now uses PrivX to unify all access to a single UI, stay in sync with their Active Directory (AD) system for identities and generate reports of traffic into their clients’ environments for consistent traceability This resulted in greater operational efficiency and improved security and accurate reports for their customers.

Number-one

Implement multi-cloud-scale PAM for modernized IT

Premise: A stalwart telecoms is migrating to cloud. The incumbent PAM implementation was no longer the optimal solution for the hybrid IT environment.

Challenge: Limited scalability in a dynamic multi-cloud environment, problems in keeping up with the constantly changing cloud estate, limited scalability in service spikes.

Change: As new hosts are added, PrivX automatically discovers and on-boards them – and off-boards them when no longer needed – while providing oversight from a single UI. The solution’s cloud-native architecture can scale up fast without heavy investments into hardware.

Secure-file-transfer

Automate 3rd party and consultant access control

Premise: An international mining equipment company needed their vendors to retrieve CAD drawings – their most precious IP – from their production environment.

Challenge: Admins were burdened with manually granting permission while lacking the tools to track access.

Change: The company leverages their existing IAM to on-board and off-board vendors as needed. Our solution maps the user IDs to the right roles hosted in PrivX. Any change or update to a user ID is automatically reflected in privileged roles, making granting, changing or revoking access automatic. Admins can also time-restrict 3rd party access according to the task at hand, and monitor external traffic for auditing.

Hourglass

Deploy PAM in three days to meet tight deadlines

Premise: A network service provider in Asia wanted to control over access their system integrator who helped them design, develop, manage and maintain their wireless network solution.

Challenge: Without a PAM solution, consultants would directly log in to the customer’s virtual servers using simple user accounts and passwords – an acceptable risk. PAM would need to be installed fast, since the network solution was to be launched within a few months.

Change: PrivX was implemented in just three days to keep critical operations running. It also eliminated the risk of password sharing, since consultants no longer handled any privileged passwords or other permanent credentials. A solid audit trail fulfilled compliance and policy requirements.

Priviledged-access-management

Privileged Access for Fujitsu as a Managed Service Provider (MSP)

Premise: Fujitsu uses their CME environment to govern and manage access to their customers’ environments. Fujitsu has multiple large customers in their managed environment, providing hosting, network management, application services, SOC (Security Operations Centre) & SIEM (Security Incident & Event Management) services and development for their customers.

Challenge: Previously deployed traditional PAM solutions meant by managing multiple jump hosts and resorting to manual configurations. This was particularly demanding in dynamic, and ever-changing multi-cloud environments.

Change: Fujitsu was able to ensure access that is governed, controlled and audited in a Just-In-Time manner and without the risk of leave-behind credentials. This not only improved security but brought operational efficiency and lowered the cost of providing the services to customers. Fujitsu was also able to leverage their own IDM solution for identities simply by interfacing PrivX with it. PrivX automatically syncs identities with the right privileged roles no matter how often the identities change or are revoked.

MSP_hubspot_banner

 

THUMBS Most Digital case
PrivX Case Study

Secure access for robots to critical data

Find out why MOST Digital deployed PrivX to handle their robotic process automation (RPA) and secure developer access needs.

Read more

PrivX_case_study_COVER2_quick_to_deploy-copy
PrivX Case Study

3rd party risk mitigation in three days

Learn how a network service provider in Asia  deployed PrivX in just three days to keep their operations running while improving their 3rd party audit trail.

Read more

 

PrivX technologies

PrivX is built on modern microservices architecture, uses just-in-time ephemeral certificates and takes advantage of many cloud-native tools.
 

PrivX technologies