Providing remote access to your most sensitive systems is necessary, but introduces risk. VPNs typically provide too much access, especially for contractors, vendors and occasional use employees.
Exposing credentials introduces even more risk. Domain accounts may be able to access far more than they should be. Even if an account is local only, how are access credentials stored, shared or used? Typically, this is done through email, messaging systems, or local key stores, all of which require credential exposure.
Keeper Connection Manager – a component of KeeperPAM – allows administrators to provide access to privileged systems without having to share credentials. Access can be revoked at any time, and a robust audit trail identifies when and how the system was used.
Keeper Connection Manager is built on a foundation of both zero-knowledge and zero-trust security, with granular access rules. Administrators can provide each user with just the right amount of access, whether that’s the whole system or just one component.
Nearly all compliance frameworks address the risks associated with privileged systems access by mandating zero trust, zero knowledge, least privilege access, or both. For example, here’s PCI DSS Requirement 7:
All systems within the Cardholder Data Environment should have sufficiently configured access control to ensure only authorized internal individuals have access to the environment, systems and sensitive cardholder data. All other access by non-authorized individuals must be denied.
Most frameworks contain additional controls regarding protecting credentials, not using default credentials, recording sessions, and more. Keeper Connection Manager helps you meet compliance requirements from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISM, GDPR and more.
Implementing a Privileged Access Management (PAM) solution should be as painless as possible.
Keeper Connection Manager is easy to deploy. Simply install a gateway, and it supports SSH, VNC, Kubernetes, databases and RDP right out of the box. There are no agents, your web browser is the client and there is no impact on your domain controllers or other services.
Other solutions require custom clients to be installed for all privileged users, and agents to be installed on all privileged endpoints, in addition to one or more bastions to broker the connections. Some require changes to your Active Directory or direct access to your domain controllers.
The Keeper Connection Manager gateway can be completely locked down to the customer's infrastructure to limit access between the client device and target server. Secrets that are used to connect to target servers can be managed within the Keeper Secrets Manager encrypted vault. Pass-through credentials also provide users with dynamic access to target instances without secret storage anywhere in the gateway.
Keeper offers extensive reporting on privileged user behavior. In addition to providing aggregate security audits, Keeper also provides event logging for over 200 event types, event-based alerts and integration with popular third-party SIEM solutions such as Splunk and LogRhythm. Keeper’s compliance reporting functionality allows admins to monitor and report on access permissions for privileged accounts across the entire organization, in a zero-trust and zero-knowledge security environment.
Keeper holds the longest-standing SOC2 attestation and ISO 27001 certification in the industry. Keeper utilizes best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.
Privileged Session Management (PSM) is a cybersecurity control wherein companies record, monitor and control user sessions initiated by privileged accounts. PSM ensures that organizations have complete visibility and control over privileged access, which is integral to both data security and compliance.
A privileged account, also known as an "admin account", is a set of login credentials used to access highly sensitive network and digital assets, including firewalls, servers and administrative accounts.
Privileged activity monitoring is a broad term encompassing the process of monitoring, auditing and controlling network activity by privileged users. PSM is a form of privileged activity monitoring.
Privileged Access Management (PAM) is an umbrella term that refers to the process of safeguarding accounts used by privileged users, meaning those with access to admin accounts. PAM involves a combination of people, processes and technology. Privileged Session Management (PSM) is a subset of PAM that refers specifically to recording, monitoring and auditing login sessions by privileged users.
Choose Language
