The Privileged Session Manager helps to secure access, controls configurations, monitors in real-time and indisputably records all activities in a datacenter or network infrastructure.
Ensure access to critical systems is only for legitimate business purposes. The Privileged Session Manager (PSM) runs as a gateway between users and the target end points, enabling the control, monitoring and auditing of encrypted administrator sessions.
Tracks and records all privileged sessions and configuration changes. Provides VCR-like replays of privileged sessions including IT and Network admin users. All commands, either failed or successful, are logged. Indisputable logging of which user attempted to run which command on which device and when.
Reduces risks by restricting authorizations assigned to business units and departments by granting access only to the systems that they oversee. “Separation of duties” and “least privilege” practices are achieved, regardless of the role/profile capabilities of the target device. Any custom policies (allowed command sets, blocked command sets) can be defined and applied to any user group, ensuring that only the “required set of commands” can be executed by a user in order to fulfill his/her tasks, restricting standard user accounts from having over-privileged access.
When a user is connected to a device, a supervisor can monitor the session in real-time and can also take/release the control of the session. This is particularly useful when real- time monitoring is required for emergency accounts or to monitor someone who is in training.
The Kron PAM Privileged Session Manager enables users to connect to enterprise applications without knowing the application’s username/password.
Helps to eliminate password sharing and shared account usage. Users always log in with their own username/password, even if a shared account is used to connect to the device. For example, I connect to Kron PAM with username=Frank and then select a device to connect. The Kron PAM Privileged Session Manager establishes a session towards the target device, but may be using username=admin. As a user, I never see/know the real username/password used to connect to the target device, all I know is my own username/password.
Enables the definition of time-based access limitations, based on time of day, day of the week, maintenance window hours, etc.
Detects and prevents malicious attacks before they occur.
Users continue to use the same applications they are used to on their computers.
Provides logs and reports required for audits and compliance with regulations.