WIXLIB

Privileged Access Management forms the foundation of GDPRSecurity Risks Mitigated byPassword Manager ProProduct Features Vs Risks MitigatedPrivileged Account ManagementAccounts Discovery, Password Protection & ManagementPassword Manager Pro automatically discovers the IT assets in thenetwork (Windows, Linux, network devices & virtual machines) andenumerates the privileged accounts associated with them, thushelping enterprises to quickly secure all their privileged identities.Identify unauthorized accounts or services:Password Manager Pro lists all theprivileged accounts found in your critical ITassets. You can easily conduct an internalaudit and identify the unauthorized ones.Minimize the number of privilegedaccounts: The discovery process also helpsyou identify the obsolete accounts. You canchoose to retain only the accounts that areabsolutely needed.www.passwordmanagerpro.com“Password Manager Prois a simple andeasy-to-deploy productfrom ManageEngine.It allows administratorsto monitor and auditall access through asingle pane of glass,by offering a greatfeature set at a veryreasonable cost.SC MAGAZINE,“The discovery process mitigates thefollowing risks:Product Group Test(Privileged access management)13

Privileged Access Management forms the foundation of GDPRPrevent unauthorized access: By randomizing passwords ofprivileged accounts upon discovery, you can prevent unauthorizedaccess by present or past administrators who had access to thosepasswords previously.Centralized Password VaultPassword Manager Pro consolidates, stores, and organizes allyour passwords in a secure, centralized repository.Centrally consolidating the privileged accounts enables you tocombat the following risks:Prevent passwords falling into the wrong hands due to insecurestorage: Network and IT administrators tend to store sensitivecredentials in text files and spreadsheets – and even on stickynotes. These insecure storage practices make organizations aparadise for hackers. Password Manager Pro eliminates thevulnerabilities by establishing a secure, centralized repository ofpasswords.Overcome system lockout due to outdated passwords: Withmultiple copies of electronic files containing sensitive passwordsfloating around the organization, there will be increased instancesof outdated passwords and coordination issues, impactingoperational efficiency. With Password Manager Pro serving as thecentralized repository, you can eliminate the coordination issuesand system lockout issues due to outdated passwords.www.passwordmanagerpro.com14

Privileged Access Management forms the foundation of GDPRAccess Provisioning and ControlsPassword Ownership and Granular SharingThe basic design of Password Manager Pro revolves around theconcept of password ownership and sharing. One who adds apassword to the repository becomes the owner of the passwordand the owner alone will have access to that password. If theowner wants others to view it, the password has to be shared.At any point, all users (including administrators) will only see thepasswords that are owned and shared.Eliminate orphan accounts: Orphaned accounts are privilegedaccounts that remain active but have no associated owner. Theseaccounts are usually the result of an employee movingdepartments or leaving the organization. Failing to shut down ortransfer ownership of these accounts can lead to access controlgaps. Password Manager Pro solves this problem by allowing anydeparting resource owner to transfer ownership of their resourcesto another authorized employee.www.passwordmanagerpro.com15

Privileged Access Management forms the foundation of GDPROvercome security risks due to employee turnover: When an ITstaff member having privileged access to IT resources leaves theorganization, all access to critical IT systems possessed by thedeparting member should be immediately disabled. In theabsence of a password management system, it becomes tough toidentify the list of passwords accessed by that user and changeall of them. Password Manager Pro allows transferring ownershipand randomizing passwords after the departure of the IT staff,thus completely eliminating security issues that could arise due toemployee turnover.Avoid password leakage due to insecure sharing: IT staff tendto share common passwords among team members by word ofmouth, email, or phone calls, which lead to passwordcompromise. Password Manager Pro offers secure, granularsharing based on job functions and helps avoid passwordexposure or compromise.Prevent unnecessary access: Password Manager Pro enforcesstrict access controls and ensures that administrators get accessonly to the passwords that they require for their job functions. Forexample, Windows administrators will get access only to Windowspasswords and not to database passwords. This way,organizations can prevent unnecessary access.Eliminate displaying passwords in plain text: Even while sharingpasswords with others through the most secure means,passwords may be memorized or noted down, which may in turnlead to unauthorized access. For ultimate security, Passwordwww.passwordmanagerpro.com16

Privileged Access Management forms the foundation of GDPRManager Pro empowers admins to provide access to ITresources as needed, without disclosing the resource passwordsin plain text. Users will be allowed to launch direct RDP, SSH,Telnet, SQL console connections with remote resources andautomatically login to websites and applications without seeingpasswords.AD and LDAP IntegrationPassword Manager Pro integrates with corporate identity storessuch as Active Directory or LDAP for user provisioning andauthentication. It continuously synchronizes with the directory andautomatically updates the user database whenever users areadded or removed in AD. In addition, Active Directory’sauthentication capabilities can be extended to Password ManagerPro, letting users log on with their AD credentials.www.passwordmanagerpro.com17

Privileged Access Management forms the foundation of GDPROvercome user provisioning, de-provisioning issues: PasswordManager Pro maintains the same user group structure in theproduct as in AD. Since permission to access different passwordscan be granted based on AD groups, provisioning anddeactivating password access follow changes in AD itself. Thishelps overcome the security issues that normally arise due toprovisioning and deactivating access.Password Release Control and Advanced WorkflowPassword Manager Pro enforces an additional layer of security forpasswords by forcing users to go through a request-release workflow. Users requiring access to a password just have to raise arequest with the admin, along with a credible reason. This allowsthe admin to scrutinize access requests before approval andreject invalid requests. If needed, dual approvals can beconfigured, which necessitates two or more admins to approve arequest before the passwords are released.Avoid insecure, permanent access when people need temporaryaccess: Quite often IT staff or third-party contractors requiretemporary access to certain resources to perform troubleshootingoperations. In such cases, passwords are transmitted by email ortelephone and forgotten thereafter. As a result, IT staff will havepermanent access to those resources. Password Manager Proallows administrators to release passwords for a time-limitedperiod at the end of which the password will be automaticallyreset and access will be revoked.www.passwordmanagerpro.com18

Privileged Access Management forms the foundation of GDPRPrevent exploitation of privileged access by malicious insiders: Byenforcing dual controls on the request-release workflow, maliciousinsiders looking to exploit authorized privileged access will comeunder scrutiny.Eliminate coordination issues, conflicting changes: When morethan one administrator happens to access an IT resource, it couldpotentially lead to conflicting changes and coordination issues.Password Manager Pro eliminates this by providing exclusiveaccess to specific users for a specified time period.Eliminate lack of control over third-party access: Third-partyusers – including contractors, temporary staff, business partnersand vendors who require access to the passwords of critical ITassets – will have to raise a request for access to passwords.Administrators can grant time-limited access; and when the timelimit expires, access will be revoked and the password will bereset. This process grants absolute control over third-party accessto IT resources.www.passwordmanagerpro.com19

Privileged Access Management forms the foundation of GDPRRemote Password ResetsPassword Manager Pro resets passwords of remote IT resourcesautomatically at periodic intervals or anytime on-demand. Itassigns strong, unique passwords to each account and supports awide-range of endpoints and target systems across physical,virtual, and cloud environments.Eliminate weak, static passwords; overcome cracking attempts: Byrandomizing passwords of remote IT resources at periodicintervals and assigning strong, unique passwords, PasswordManager Pro helps eliminate static, unchanged passwords acrossthe network. This, in turn, prevents unauthorized access andcracking attempts.Eliminate static service accounts: The very powerful serviceaccounts used by the system programs to run applicationsoftware services or processes often possess high or evenexcessive privileges. Service account passwords are generally setto “never change,” due to the difficulty in discovering alldependent services and propagating the password change. Staticservice accounts make the enterprise a haven for hackers.Password Manager Pro automatically locates service accounts byidentifying the various Windows server components that are runusing domain accounts and mapping the services and scheduledtasks to respective accounts. When a service account passwordis reset, Password Manager Pro automatically propagates thechange across all dependent services associated with the accountto avoid any service stoppage.www.passwordmanagerpro.com20

Privileged Access Management forms the foundation of GDPRMitigate pass-the-hash attacks: Windows domain admin accountsprovide administrative privileges on all workstations, servers, anddomain controllers. Only a few, trusted administrators should usethe domain administrator accounts. And, they should use the account only to log on to the domain controller systems that are assecure as the domain controllers.This is because Windows systems are vulnerable to pass-the-hashattacks. The single sign-on functionality of Windows allows usersto enter credentials once and then never have to enter thepassword again. Windows actually caches the login details withinthe system in the form of password hashes. If an attackermanages to access a system where the domain administrator hadlogged on in the past using his domain admin credentials, theattacker could easily obtain the hash and perpetrate anunauthorized transaction.As a best practice approach, domain administrator accountsshould not be used to sign on to any system other than domaincontrollers. If there is a strong need to do so, the password accessshould go through a workflow for one-time usage, after which itshould be reset. Even if the domain admin accounts are prudentlyused from trusted systems, they should be periodically changed.Password Manager Pro periodically randomizes the domainadministrator credentials and mitigates pass-the-hash attacks.www.passwordmanagerpro.com21

Privileged Access Management forms the foundation of GDPRAPIs for Application-to-Application andApplication-to-Database PasswordManagementPassword Manager Pro provides three types of APIs forapplication-to-application password management - SSH-CLI, XMLRPC, and REST. Applications can programmatically queryPassword Manager Pro and get credentials.Eliminate hard-coded credentials: Normally, various applicationsrequire access to databases and other applications frequently toquery business-related information. This communication processis usually automated by embedding the application credentials inclear text within configuration files and scripts. Administratorsusually find it difficult to identify, change, and manage thesepasswords. As a result, the credentials are left unchanged, whichmay lead to unauthorized access to sensitive systems. Thus,hard-coded credentials may make technicians’ jobs easier, but thispractice creates an easy launch point for hackers.Password Manager Pro eliminates the practice of hard-coding ofpasswords with secure APIs for application-to-application andapplication-to-database password management. The accesscredentials don’t need to be embedded in configuration files butcan, instead, be stored in Password Manager Pro’s database.Whenever an application needs to connect with other applicationsor databases, it can query and retrieve passwords from PasswordManager Pro using the APIs. This way, the passwords can also bewww.passwordmanagerpro.com22

Privileged Access Management forms the foundation of GDPRsubject to security best practices including rotating passwordsperiodically and assigning strong, unique passwords, without theneed for copious manual updates.Reduce security risks in DevOps environments: DevOpsenvironments span several stages such as sandbox, development,unit testing, integration, quality assurance, user acceptancetesting, production, and disaster recovery. They also requireautomated access to privileged identities by various stakeholders.Applications, scripts, and databases running in DevOpsenvironments require access to privileged identities without anyhuman intervention. Hard-coding credentials is the mostdangerous programming practice and invites security issues.Password Manager Pro’s APIs help grant automated access topasswords to authorized applications, besides enforcing standardpassword practices eliminating security issues in DevOpsenvironments.www.passwordmanagerpro.com23

Privileged Access Management forms the foundation of GDPRRemote Access & Privileged SessionManagementPassword Manager Pro allows authorized users to launch directRDP, SSH, Telnet, and SQL console sessions from any HTML5compatible browser without end-point agents, browser plug-ins,or helper programs. The connections are tunneled throughPassword Manager Pro’s server and require no direct connectivitybetween the user device and remote host.In addition to superior reliability, the tunneled connection providesextreme security as the passwords necessary to establish remotesessions do not need to be available locally on the user’s browser.The sessions launched from Password Manager Pro’s webinterface can be recorded, archived, and played back to supportforensic audits. In addition, Password Manager Pro allowsadministrators to shadow privileged sessions launched by otherusers.Reduce the risks in granting remote access to third parties: Bysecuring and periodically randomizing the credentials exposedto third parties, organizations can reduce the risks due to identitytheft in the supply chain.Reduce the risk of infection at end points with landing serverconfiguration: In highly secure environments such as data centers,remote access to sensitive end points can be granted through anintermediate jump server. Password Manager Pro centralizes themanagement of all the credentials, including the jump server andwww.passwordmanagerpro.com24

Privileged Access Management forms the foundation of GDPRhandles access. The landing server configuration prevents endpoints from getting infected through insecure connectingmachines at third-party locations.Prevent malicious or suspicious activities through dual controls:Track the highly sensitive privileged sessions launched by thirdparties or internal users in real time and terminate suspicioussessions.Eliminate repudiation issues: In the event of breaches or securityissues, third-party contractors or internal administrators cannotdeny performing an activity because Password Manager Prorecords privileged sessions in their entirety.Audit, Real-time Management, ReportsPassword Manager Pro records every user action using text-basedlogs in addition to recording sessions. It also raises real-time alertsand notifications on various password events, including access,modification, deletion, changes in share permissions, and otherspecific events. Password Manager Pro also generates syslogmessage and SNMP traps, which can be sent to SIEM tools andmonitoring systems respectively.www.passwordmanagerpro.com25

Privileged Access Management forms the foundation of GDPREliminate accountability issues: Administrative accounts arenormally not tied to an individual and are predominantly used inshared environments. This could lead to accountability issueswhen something goes wrong. When Password Manager Pro actsas the centralized password vault, administrators will have todepend only on Password Manager Pro for accessing ITresources. The audit trails generated by Password Manager Proenable tracing access to individuals.Combat advanced persistent threats: Password Manager Proraises syslog messages, which could be sent to SIEM tools forcorrelation with the events from the rest of the enterprise. Asadvanced cyber-attacks normally span a period of time,correlating data from various IT assets with the privileged accessdata from Password Manager Pro helps detect cyber-attacks thatare in progress or waiting to happen.Reduce exploitation of privileged access by insiders: Real-timealerts and notifications on privileged access from PasswordManager Pro help organizations detect unauthorized activitiesand exploitation of privileged access by malicious insiders.www.passwordmanagerpro.com26

Privileged Access Management forms the foundation of GDPRREVIEWSGreat product,World Class Support Team!SpecificationsDiscovery: AgentlessPassword resets: Agent-based, AgentlessAuthentication: Active Directory, LDAP, RADIUS, SAMLThe pricing model of the product is very good,the best I’ve seen. The product works great andwith issues you can count on the support teamof ManageEngine. They know their product andhelp you in every way they can. We even had acustom patch fixed for us in a day. Never seenthis kind of commitment to a customer everbefore.I am one happy and satisfied customer!Martijn Dirkx,System Administrat

Privileged Access Management forms the foundation of GDPR ManageEngine Password Manager Pro Automates Privileged Access Management, Helping You Get Ready for the GDPR Password Manager Pro is a complete solution for controlling, managing, monitoring, and auditing the entire life cycle of privileged access.