Axidian Privilege

Privileged access manager for on-premise and hybrid environment. Securely manage privileged accounts, enforce strong authentication, track user activity, enjoy convenient UX and modern interface.

SCHEDULE PRODUCT DEMO
prew-product

Relevance

Proper operation of the IT infrastructure and business applications is the key to success for any government agency or private company. To ensure the smooth operation of a corporate IT system, you need to make sure that your software and hardware are managed by professionals.

The IT components are managed by privileged users—external and internal personnel with higher access rights to corporate resources and applications, including their installation, setting up, and maintenance.

The list of privileged users includes:

  • System administrators
  • Security specialists
  • Contractors and outsourcers
  • Financial services operators
  • Auditors
  • Other external or internal employees

Since privileged users have higher access level companies need to have a system to manage privileged accounts that ensures monitoring and analysis of user activity.

Furthermore, breaching a privileged user account may cause greater damage to an organization than compromising an ordinary account. Administrator accounts can be used to disable the security system, stop the operation of information systems and gain access to confidential information.

Protection of privileged access rights is a more sophisticated task if compared to ensuring the security of ordinary accounts. It cannot be achieved by relying exclusively on standard approaches to the protection of login credentials and requires specialized solutions.

These vulnerabilities can be addressed by setting up a comprehensive privileged access management system. A PAM system must ensure the following:

  • Centralized management of connections to critical servers and applications
  • Reinforced authentication for privileged accounts
  • Transparent use of privileged accounts on authorized resources, without revealing the password
  • Recording of privileged user activity
  • Possibility of analyzing recorded user activity and investigation of incidents related to controlled resources

Product overview

Axidian Privilege belongs to a class of specialized solutions that goes by many names, including:

  • Privileged Access Management (PAM)
  • Privileged Account Management (PAM)
  • Privileged User Management (PUM)
  • Privileged Identity Management (PIM)

This platform draws on our company’s long-term expertise in the development of information security products, specifically those that have to do with access management.

The Axidian Privilege platform is a dedicated group of servers that implement centralized policy for monitoring and managing privileged user access.

The main strong points of this platform are:

  • Axidian Privilege server which handles all connections to target resources.
  • User Console allows privileged users to view and connect to available resources. In addition, users can connect directly via RDP and SSH protocols.
  • Admin console allows admins to set up and manage Axidian Privilege and perform relevant audits. It’s an all-in-one tool for managing privileged access policies, viewing connection logs and recording user sessions.
  • Two-factor authentication ensures access security to the admin console and to target resources.

Access management

User activity management is a complex task that requires a number of technical and organizational solutions.

In most cases, Employee Monitoring Products and Services (EMPS) or Data Leak Prevention (DLP) solutions are sufficient for monitoring non-privileged user activity since these tools include a server component responsible for analysis and monitoring of communication channels and a client component used for workstation operations analysis. However, these solutions may prove insufficient or useless for monitoring privileged user activity.

Let’s name a few special features that may apply to the work of privileged users:

  • Higher access rights (including the right to delete client software or assign additional access rights to themselves)
  • Uncontrolled workplace (relevant for contractors, outsourcers, or remote administrators)
  • Specific target servers where monitoring software cannot be installed (network devices; isolated software environments; exotic, rare, and outdated operating systems)

An intermediary access control and management host (so-called «jump server») allows to monitor all privileged sessions from a single point without having to install additional software, which can significantly reduce the costs related to PAM management.

Drawing on the principle of minimal user privileges right from the start, PAM policies imply that access rights to a target resource (a server or an application) should be expressly assigned to a specific user. Additional options can help to set up separately the allowed connection time and permission to use privileged accounts for target resources.

Account password management

The traditional approach when password or other authenticators are provided to authorized personnel poses a threat of misuse or abuse of the provided privileges. For example, personnel may gain access to tools allowing them to clear logs, install additional software, or perform critical and potentially harmful operations that can disrupt the resource functionality or cause financial damage to the company. These and other permissions are often available to privileged users without proper oversight.

The Axidian Privilege software suite allows you to have all privileged accounts under control, thereby ensuring their safe use. This way you can prevent unauthorized use of privileged accounts and record all user activity on a dedicated server.

As part of its management functionality, the platform can perform an automatic search for privileged accounts in Active Directory and on Microsoft Windows or Linux/Unix servers. This will help you make sure that you don’t have any undocumented privileged accounts with access to critical resources in your company’s IT infrastructure.

All passwords in the account data vault are encrypted, and only the Axidian Privilege server has access to the encryption key.

Furthermore, all passwords are automatically updated and by design will not be accessible by privileged users. When a privileged user attempts to connect to a target resource, the Axidian Privilege server will automatically insert their login and password. This means that your personnel authorized to manage a specific server or business application will not be able to bypass the Axidian Privilege system during authentication, since they do not know the password.

Record and analysis of users activities

Even if we disregard possible malicious actions, hacker attacks and clear sabotage, we still need to consider one of the important potential threats that privileged user may pose—the so-called «human factor».

Let’s imagine a server failure resulting from employee error. Whether or not the company has a backup copy and a fail-safe protocol, the cause still needs to be identified. There may be no access to event logs, as the server is down, so you can deploy a Security Information & Event Management (SIEM) protocol and perform network traffic analysis to find out that there has been an incident and a specific employee is potentially responsible. However, this information is not enough to determine the details and prevent similar cases.

Axidian Privilege will provide you with comprehensive information about the causes of the incident.

When privileged users work via Axidian Privilege, their actions are recorded in different formats, including video and text recording, command interception, shadow copies of transmitted files—easy to access in the management console. In addition to the actual records of user activity, Axidian Privilege captures a large amount of metadata—user name, protocols, target resources, connection time, etc.

After analyzing the records you can gain a prompt understanding of the causes of the incident and plan your immediate response in order to minimize the consequences, thereby preventing further financial and reputational losses.

Application-to-Application Password Management

Application to Application Password Management (AAPM) is a utility in Axidian Privilege system that allows you to use privileged accounts in applications that are installed on target resources.

The utility complements the functionality of Axidian Privilege by enhancing protection when you need two sets of credentials—one for the application itself and the other for accessing a target resource that hosts this application.

In most cases, users store their authentication data for applications in a text file on their computer, which may pose security threats to your company because these credentials are not managed via PAM.

The AAPM utility allows you to solve this problem—with AAPM, you can store application credentials in PAM and retrieve this data after connecting to a resource.

Technical parameters

  • Supported protocols: RDP, SSH, HTTP (s), and any other proprietary protocols by publishing relevant applications
  • Supported types of authentication data: username + password, SSH keys
  • Privileged accounts search and password management: Windows, Linux, and user directory
  • Supported user directories: Active Directory, FreeIPA, OpenLDAP
  • Two-factor authentication technologies: password + TOTP (Time-based One-Time Password, algorithm of password generation)
  • Supported session record types: text log, video recording, and screenshots
  • Remote access technologies: Microsoft RDS, SSH Proxy

Licensing models

You can choose the option that works best for you:

  • Package Based on Privileged Users gives you the right to use Axidian Privilege for a stated number of users. Each employee who gets access to resources with the help of privileged credentials must have a PAM user license.
  • Package Based on Privileged Sessions gives you the right to have a limited number of concurrent sessions in Axidian Privilege. The number of PAM users and registered resources is not limited.
SCHEDULE PRODUCT DEMO

Unlock the Power of PAM

Dive Deeper: Get the Axidian Privilege Presentation. Explore the Intricacies of a Privileged Access Manager Engineered for Cost-Conscious Organizations. Discover How Efficiency and Flexibility Redefine Privileged Access Security.

GET PRESENTATION
prew-product-work

Documents

Learn how multiple industries enjoy benefits from implementing our products

Axidian Privilege WP
5 Steps PAM Guide
KuppingerCole Report — Executive View Axidian Privilege 2022

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.