Technical Feature Highlights

ILLUSTRATION technical architecture GREY

Client, Host and Access Options

  • Supports SSH, RDP, HTTP(S) and SFTP protocols.

  • Integration with directory services for role-based access control to target hosts. Microsoft AD, Azure AD via Graph API, Google G Suite, LDAP and OpenID Connect providers (e.g. AWS Cognito, Okta, Ubisecure)

  • Sign-in to PrivX

    • Single sign on (SSO) through directory services applications

    • Username & password for local and directory service users

    • Multi-factor authentication (MFA), time-based one-time password (TOTP), e.g. Google Authenticator, Duo, Authy

  • Authentication to target hosts through PrivX

    • Ephemeral certificate-based authentication to hosts for SSH and RDP connections (OpenSSH and Windows Virtual Smart Card) 

    • PrivX removes dependency on passwords through credentialess access to target hosts. Cut the costs of password vaulting and rotation and minimize your threat surface. 

    • Authentication based on vault-stored credentials also available for all connections including HTTP(S) 

  • Cloud support

    • Automatically scan and add tagged cloud hosts: AWS, Google Cloud, OpenStack, Azure. Connect to VPC using PrivX Extender (reverse proxy).

ILLUSTRATION PrivX autodiscover

Deployment, Scaling and High Availability

  • Automated deployment. Compatible with Ansible and Chef automated deployment tools.

  • Capacity, scaling and high availability

    • 100k users and 10k target hosts per instance. Horizontal scaling by adding nodes.

    • High availability through active-active cluster nodes

    • Load balancing with sticky-session support

  • PrivX management through web-based admin UI, HTTP REST API and API end-point and service status page.

ILLUSTRATION solutions

Monitoring and Auditing

  • Viewable and stored audit events - Audit events visible in the PrivX UI and can be stored to syslog default location.

  • Session recording and playback for SSH, RDP and HTTP(S) connections. SSH recordings can additionally be indexed and searched.

  • Audit logs and alerts can be sent to SIEMs or external log collectors including Splunk, IBM Qradar, AWS CloudWatch or Azure Event Hubs.

ILLUSTRATION arcihtecture

Security

  • Communications between directory services and PrivX secured viaTLS

  • Information stored in the PrivX vault encrypted with AES128 or AES256 GCM

  • PrivX secrets can be secured using hardware security modules (HSMs)

ICON Jump host