Let the community know what you think. Share your opinions now!
First: Make sure it has all the functionality your company absolutely requires right out of the box. Waiting for "the next version" is not a game you want to play.
Second: Make sure that when your needs change in the future, the tool will still be a good choice and had the capability to grow with your scaling and increased functionality needs.
Third: Make sure it can integrate with world class Two Factor and Multi Factor Authentication Software Solutions, like those provided by SyferLock Technology Corporation. (Some bias :)
We are partial to Lieberman Software, Open IAM, and CyberArk depending on your needs.
integration with IGA, GRC
Few key aspects I would look for in the PIM solution are,
1.Functionalities to achieve the defined scope, e.g. protect, control and monitor privileged accounts (Operating systems / Application / Database)
2.Availability of OOTB integration functionalities with other systems (SIEM / Monitoring Tools / 2 Factor Authentication)
3.Should provide high availability / failover to DR environment with no data loss.
5.Easy to use GUI
6.Availability of OOTB connectors to manage password and sessions of devices.
7.Ability to establish concurrent sessions to the target devices with least amount of time.
Question 1: do I need a on-premises or cloud solution ?
Question 2: is my project included or not non-classic-OS items ? - like router, switch, firewall, etc.
Question 3: do i need to get advanced and accurate reports ?
Question 4: is my project a compliance project or a security project ?
Question 5: is the shared admin account management is key in my project ?
Depending the answer, you will get the short list of potencial suppliers which fit with your needs.
Speed and coverage. You need to change privileged passwords faster than attackers can exploit them. And, you need to change all privileged credentials across your entire network quickly - not just domain passwords but local admin passwords as well as passwords on routers, switches, etc. If you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days and that’s assuming that you can detect them. If you can’t detect them, they’ll be in there 90 days, 120 days, 200 days… years. So, find a solution that can change passwords as often as every couple of hours. That way, you're able to stop zero days in their tracks. Keep the bad guys out and prevent malicious insiders from having continuous access. Lieberman Software can help!
Thanks for reaching out to me.
Some of the aspects are
- Richness in the functionalities that the tool provides.
- Support for basic functionalities like Password Vaulting, Passwod Checkout, Session Checkout, Session or Keystroke recording, Auto Discovery of the privileged accounts on the end points and privileged members
- Support for break glass and approval system
- Support for API based integration with applications
- Ease of integration with Identity Management systems
- Ease of integration with SIEM
These are some of the aspects I could think of at this moment. There could be many more.
Can someone explain the difference between PAM and PAS?