Software products to address privileged access have been around for 20 years. From Password Vaulting to Proxy Servers to Dedicated Administrative Accounts, popular Privileged Access Management (PAM) products are overly expensive and complicated. Many of the current PAM solutions available were first developed more than a decade ago and are based on antiquated architectures and years of code bloat that over-complicate even the simplest of tasks. Don’t get me started on the time and effort required to actually implement a traditional PAM product into a customer’s environment – the stories I hear from companies we speak with (insert something based on the challenges and effort required). And yet, 20 years later we continue to pay a king’s ransom for these overly complex PAM solutions which perpetuate the problem – creating standing privileged access accounts which are the single most targeted entry point by cyberattackers
Credential misuse comes from every angle – 69% from outside & 34% from inside according to the 2019 Verizon Data Breach Investigations Report. Thousands of data breaches happen every year and tens of thousands have already happened in 2020, and in nearly every breach, privileged access is sought to expedite and simplify the exfiltration of valuables.
Now we have come full circle. Attackers are continually seeking to exploit privileged access and organizations do the best they can with complicated and expensive solutions to protect these accounts. There has to be a better way. The good news – there is!
Stealthbits has developed a third-generation PAM solution, Stealthbits Privileged Activity Manager® (SbPAM), that takes a different approach. The approach is simple; we focus on not just granting access to accounts, we instead grant access based on the specific activity that needs to be performed. This approach is getting the attention of industry influencers and customers alike. KuppingerCole proclaimed the following about SbPAM in its latest PAM Leadership Compass:
In the latest release of SbPAM v3.0, we continue to approach PAM differently:
Credential Management – Whether you have 10 or 100,000 systems, built-in accounts can immediately be brought under management with the click of a button. Through policy inheritance at the platform level, organizations no longer need to define and set accounts on a per-device basis.
Real-Time Service Account Management – To save time, SbPAM produces a list of dependent services and scheduled tasks for each Service Account, along with real-time updates on change status. If errors occur, users are immediately alerted and given the option to pause, stop, and roll-back any changes.
Enhanced Live Session Monitoring – We not only provide live session monitoring capabilities, but the ability to selectively lock and terminate sessions at three different levels, including the current session, for future sessions on the same resource, or globally to prevent the user from performing any activity.
Session Command Indexing and Search – An enhanced indexing engine allows keystrokes to be easily searched across a range of session parameters including date, time, user, activity, and resource. Once sessions are identified, they can be played back within seconds, collapsing the time between event investigation and analysis.
Webpage Platform Support and Browser Extension – SbPAM has been enhanced with a new browser extension, conveniently enabling webpage logon and recording to occur directly from the user’s browser.
Other significant improvements in previous releases include:
Reduce Standing Privileges and Attack Surface – Traditional PAM vendors add to the standing privilege problem, creating multiple privileged accounts per single administrator. Stealthbits focuses on privilege activity, not the account. We provision temporary access to perform a task, then remove it when task is completed. Access ONLY exists while the task is being performed.
Password Vault Options – Nearly all PAM vendors require use of THEIR vault, making switching difficult and expensive. Stealthbits provides vault options: Bring Your Own Vault (we’ll integrate with any 3rd party), use ours, or perform vault-less operations. It’s your choice.
Built-in access certification / attestation – All organizations need to check/certify access rights and privilege access is most critical. No one likes big spreadsheets that get passed around with endless rows of system access for review. Stealthbits makes approving your most critical access convenient and less time consuming by enabling electronic workflow and approval directly form the console.
Reduced Total Cost of Ownership – Most PAM vendors charge for high availability, additional databases, proxies, and more, including multiple add-on modules. The result is a solution that cost significantly more than anticipated and switching costs prohibit a change. Stealthbits includes everything…no expansion costs for databases, appliances, networking, and add on modules.
Maybe you’re reading this thinking you’ve just renewed your subscription or maintenance with your traditional PAM product, and missed an opportunity to look at SbPAM. SbPAM can complement (vs replace) your existing PAM solution. Because we integrate with any vault, we can simply hook into your existing one. We can remove the standing privileges attackers exploit (even if just for your most critical infrastructure to begin with) and deliver privileged access at time of request, and remove it when privileged task is completed. Or maybe you want the ability to monitor privileged sessions and take preventative measure if you see something you don’t like.
SbPAM really does take a refreshingly new approach to a common problem. The results speak for themselves
Stealthbits Privileged Activity Manager® – 2020 GOLD WINNER for Best Privileged Access Management by Cybersecurity Excellence Awards.
Damon is the Director of Product Marketing at Stealthbits responsible for Active Directory and Privileged Access Management solutions. He has over 20 years of experience addressing marketing challenges of all kinds for many notable, B2B software companies, including Red Hat, Quest Software, Sterling Commerce, and most recently SecureAuth. Damon has a passion for cybersecurity software and improving the defenses of organizations against cyber-attacks. Damon resides in Columbus, Ohio.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.