Stealthbits Privileged Activity Manager®
Privileged Access Management
Reduce opportunity for lateral movement attacks through privileged account reduction.
Stealthbits Privileged Activity Manager enables secure, task-based administrative access delivered just-in-time and with just-enough privilege.
Why Stealthbits Privileged Activity Manager?
2019 Verizon DBIR: Credential misuse comes from every angle – 69% from outside & 34% from inside.1
Despite significant investments in Privileged Access Management (PAM) technologies, privileged accounts are still massively overexposed. Traditional PAM providers have focused on controlling access to accounts and their passwords, not on the activities the administrator needs to perform. The result is an overabundance of privileged accounts and privileged access control groups with standing privileges to the resources they’re meant to secure, leading to minimal reduction of an organization’s attack surface. The overabundance of privilege accounts provide would-be attackers plenty of opportunity for lateral movement attacks.
With Stealthbits Privileged Activity Manager (SbPAM), organizations are empowered to reduce their risk footprint through a task-based approach to Privileged Access Management. SbPAM provides Administrators the exact level of privileges needed, exactly when they’re needed, for only as long as they’re needed, and returns the environment to a no-access-by-default state, immediately upon completion.
Just-in-Time, Temporary Privilege Accounts
Use SbPAM “Activity Tokens” to provide temporary permission and access that are auto-provisioned when needed and de-provisioned when not, reducing your attack surface and potential for lateral movement attacks.
Built-in access certification facilities allow unique ability to approve or deny who should and should not have access to SbPAM and privileged activities.
Session Recording & Playback
Enforce accountability or gain evidence during investigations with the ability to record and playback sessions. Live monitoring with lock, block, and remote terminate functions.
Delegate administrative tasks to less-technical personnel safely to alleviate administrative burden. Develop Connection Profiles with policies to govern activities. Profile changes are made centrally and apply everywhere automatically.
Don’t change the way you have grown accustomed to working. With DirectConnect sessions, Admins can launch SbPAM activities from their tool of choice (e.g. Remote Desktop Connection Manager; MobaXterm) with no need to log into SbPAM.
Bring Your Own Vault™ (BYOV)
Support for existing, alternative, or multiple Remote Secret Stores allow for fast & easy integration. Use your existing vault, our vault, or no vault…choice is yours.
Regardless if 10 or 10,000 systems, we bring under management with a few clicks. For further convenience, we have a policy inheritance engine so no need to define accounts per-device.
Federation & Smart Card Authentication
For user convenience saving authentication time, SbPAM can consume pre-authenticated identities from identity providers like Okta, Ping Identity, ADFS, & more. We can also accept smart cards instead of typical log-in.