2019 Verizon DBIR: Credential misuse comes from every angle – 69% from outside & 34% from inside1
Despite significant investments in Privileged Access Management (PAM) technologies, privileged accounts are still massively overexposed. Traditional PAM providers have focused on controlling access to accounts and their passwords, not on the activities the administrator needs to perform. The result is an overabundance of privileged accounts and privileged access control groups with standing privileges to the resources they’re meant to secure, leading to minimal reduction of an organization’s attack surface. The overabundance of privilege accounts provide would-be attackers plenty of opportunity for lateral movement attacks.
With Stealthbits Privileged Activity Manager (SbPAM), organizations are empowered to reduce their risk footprint through a task-based approach to Privileged Access Management. SbPAM provides Administrators the exact level of privileges needed, exactly when they’re needed, for only as long as they’re needed, and returns the environment to a no-access-by-default state, immediately upon completion.
Just-in-Time, Temporary Privilege Accounts
Use SbPAM “Activity Tokens” to provide temporary permission and access that are auto-provisioned when needed and de-provisioned when not, reducing your attack surface and potential for lateral movement attacks.
Built-in access certification facilities allow unique ability to approve or deny who should and should not have access to SbPAM and privileged activities.
Session Recording & Playback
Enforce accountability or gain evidence during investigations with the ability to record and playback sessions. Know exactly what actions are taken with proof.
Delegate administrative tasks to less-technical personnel safely to alleviate administrative burden. Develop Connection Profiles with policies to govern activities. Profile changes are made centrally and apply everywhere automatically.
Don’t change the way you have grown accustomed to working. With DirectConnect sessions, Admins can launch SbPAM activities from their tool of choice (e.g. Remote Desktop Connection Manager; MobaXterm) with no need to log into SbPAM.
Bring Your Own Vault™ (BYOV)
Support for existing, alternative, or multiple Remote Secret Stores allow for fast & easy integration. Use your existing vault, our vault, or no vault…choice is yours.
Regardless if 10 or 10,000 systems, we bring under management with a few clicks. For further convenience, we have a policy inheritance engine so no need to define accounts per-device.
Federation & Smart Card Authentication
For user convenience saving authentication time, SbPAM can consume pre-authenticated identities from identity providers like Okta, Ping Identity, ADFS, & more. We can also accept smart cards instead of typical log-in.
Real-Time Service Account Management
See updates and status changes as they happen. Immediate alerting if issues discovered, with options to pause and roll-back changes.
Don’t just MANAGE privileged accounts…REMOVE them!
Secure, Control, Manage, and Monitor Privileged Account Usage for Security & Compliance
Managing too many privileged accounts? Don’t have the budget to vault and manage all the privileged accounts you have? Looking for a more secure way to delegate administrative functions to all the people who need it in your organization? Stealthbits Privileged Activity Manager reduces your privileged account footprint while providing all the capabilities you need to manage and secure your most sensitive credentials.