Predict | Protect | Prevent

Privileged
Access
Management

www.arconnet.com
Overview

ARCON | Privileged Access Management (PAM) / Privileged Identity Management (PIM) redefines the
essence of information security with its path-breaking risk-solution sought by most security professionals
in the genre of digitization.

The IT infrastructure of any organization is never static. As it grows, the IT systems are reinforced, leading to
proliferation of privileged identities of super-user accounts that enjoy an elevated authorization, enabling
them to access advanced system configuration.

These privileged identities are spread across the enterprise, touching every aspect of IT fabric like operating
systems, databases, servers and network devices; and hence are in position to access highly-classified data.

To summarize, privileged identities hold master-keys to an organization's network of devices and databases.
As a result, privileged identities are always vulnerable of being misused by malicious insiders, disgruntled
employees or even external malefactors.

Organizations tend to ignore or pay scant attention to the number of privileged identities that exist in the IT
ecosystem. Moreover, in many cases, the administrative rights to access critical databases (privileged
identities) keep changing, resulting in a complicated situation for IT personnel as they find very difficult to
keep a tab on possible misuse of privileged identities particularly when logon details are infrequently
rotated and extensively shared.

ARCON's Privileged Access Management (PAM)/ Privileged Identity Management (PIM) solution is a
unique risk-control software, appliance (physical or virtual), and service provider in private cloud which
helps safeguarding privileged identities by monitoring and securing database assets from malefactors. It is
delivered as a set of different modules that are licensed separately.

Find out how our unique PAM features can help you Predict, Protect and Prevent unauthorized access into
your privileged identities.
 Predict | Protect | Prevent

Key Features

Single Sign On
IT infrastructure comprises of multiple layers of devices or endpoints to access systems, which in turn leads
to multiple sysadmins. Therein lays a problem. Multiple sysadmins mean multiple users ids, multiple
passwords and multiple approval process. The Single Sign On feature allows overcoming the challenge. It
provides the largest connector stack. It relieves the difficulty for sysadmins from managing multiple
passwords on different devices such as networking devices, databases etc. When sysadmins use connectors
to connect all these components it makes it easier and simpler for the admin to use single- sign- on without
having to remember individual user-id and password. It even allows seamless access across technologies
with just one click.

Dual Factor
The solution that ARCON provides, has single click access to multiple technologies, however since the
access is for privilege user-ids it is imperative that a dual factor authentication is used to protect from
unauthorized access. ARCON comes with inbuilt dual factor authentication ARCON | PAM OTP. ARCON |
PAM OTP is a mobile based app which works on all mobile devices. ARCON also integrates with all available
dual factor devices viz: Bio- Metrics, RSA tokens, VASCO tokens etc.

Password Vault ****

Privilege User-ID passwords are very cri cal. There are many privilege users within any IT setup and the
fact that they are shared makes them vulnerable to compromise. It is extremely difficult to establish a
manual control around password change process. In addi on, their safe keeping is a challenge. ARCON
provides a highly mature password vault which generates strong and dynamic passwords and the engine
can automa cally change passwords for several devices or systems at one go. The passwords are then
stored in a highly secured electronic vault. The storage methodology is proprietary and is highly secured
by several layers of protec on that ensures a virtual fortress. The electronic vault integrated with ARCON
| PAM workflow to provide authorised access to these passwords. Password Vault enables enterprises to
handle complex and dynamic changes including evolving regulatory mandates.

www.arconnet.com
 Predict | Protect | Prevent

Granular Access
Control
ARCON has a unique technology framework which provides granular access control for privilege users,
inspite of being na vely super users. It is not possible to restrict their access to any system. This is possible
for several technologies i.e opera ng systems, databases, network and security devices etc. The access
control feature helps organiza ons protect their systems from unauthorized access and uninten onal
errors if any. ARCON | PAM provides a secured ARC around the en re IT stack for any organiza on.

S.M.A.R.T.
Audit Trails
It is interes ng to note that the na ve audit trails available for any system may not be comprehensive or
complete. Also it is known that enabling audit trails on systems mostly creates overheads which leads to
severe performance degrada on and in real world may not be a good business solu on. The issue around
audit trails is further compounded mostly for privilege users as these users are in total control (read, write
and delete) of all na ve audit logs. ARCON provides comprehensive audit trails and session recordings to
ensure that all ac vi es are tracked and these logs are encrypted and separately stored crea ng
a legal hold.

One Admin
Control
This feature enables centralized control over all administra ve tasks. It serves as a policy engage for
privileged users and tasks whilst ensuring access control to target systems.

Live Dashboard
ARCON provides a real me dashboard to monitor server access ac vi es. With a facility to view the
commands being fired in real me, the dash board becomes an indispensable tool for vigilance. The dash
board also provides se ng alerts for cri cal commands as they are fired. The dashboard also provides a
good framework for customized reports.

www.arconnet.com
 Predict | Protect | Prevent

Session Recording
PAM solu on also has session recordings feature which allows the security and risk management group
to analyze all privileged sessions or forensic inves ga on, if required. Session Recordings ensure that all
privileged ac vi es are recorded in real me.

Virtual Grouping
Managing various systems by different teams and yet retaining control within the teams is a complex
task. ARCON provides dynamic group se ng with one to many rela onships and virtual grouping. Thus
one can create func onal groups of various systems and help in facilita ng rela onships, responsibili es
and accountability. This feature caters very well to dynamically changing organiza onal structures and
roles and responsibili es and even allows managing mul ple subsidiaries and companies.

Privileged Elevation &

Delegation Management
(PEDM)
While ARCON | PAM technology allows an enterprise to build a security layer around privileged accounts
by gran ng access rights to full administra ve users based only on predefined access control policy,
Privileged Eleva on and Delega on Management (PEDM) supplements privileged user management by
controlling and monitoring non-admin user ac vi es that require temporary privileged access to
systems.

PEDM essen ally discards unnecessary escala on of privileged accounts. Excessive number of privileged
accounts, especially in a distributed IT environment, increase poten al threats to sensi ve informa on.

The tool is an extension to granular control approach that enables an enterprise to mi gate risks by
gran ng temporary administra on rights only on “need-to-know” and “need- to-do” basis. Access to
cri cal components such as applica ons, databases, cloud services is granted only a er a valid
automated approval process. Access rights assigned to cri cal systems are automa cally terminated
a er the conclusion of “temporary privilege” ac vi es. Further, just like every privileged session ac vity
is documented for audit purpose, audit trail of PEDM ini ated session can be also maintained through a
comprehensive repor ng.

PEDM thus allows an enterprise to gain opera onal flexibility whilst ensuring compliance and a robust
security framework.

www.arconnet.com
 Predict | Protect | Prevent

SSH Keys
SSH keys reinforce an enterprise's authen ca on control management. SSH keys are valuable
creden als to access privileged accounts. It provides addi onal access control security layer. SSH keys
are reliable and secure alterna ve to Passwords as the brute forcing a password protected account is
possible with modern processing power combined with automated scripts. SSH key pairs are two
cryptographically secure keys that can be used to authen cate a client to an SSH server.

AD Bridging

The main purpose of AD Bridging is to manage and connect to different opera ng system within the same
network infrastructure from Microso Ac ve Directory (MAD) console to connect data. MAD can accept
na vely ordinary and non-privileged accounts from non-Windows machines. AD Bridging tool in ARCON
| PAM allows organiza ons to use Microso AD as their authorita ve source of iden ty, while extending
it to the systems, apps, and protocols not na vely managed by Ac ve Directory. Once the primary users
are authen cated against AD Bridging, it supports Linux and Unix Opera ng Systems.

ARCON | PAM offers all the capabili es with Session Manager, Password Manager and Access Manager
Modules to transparently connect primary users of their OS exclusively. The users can even authen cate
with the help of a single entry even without modifying the configura on of Ac ve Directory (AD).

www.arconnet.com
 Predict | Protect | Prevent

Product
Architecture

www.arconnet.com
Conclusion

ARCON is a comprehensive solu on for Privileged Iden ty Management (PIM) / Privileged Access
Management (PAM), allowing monitoring and management of privileged iden es.

In addi on, for fying privileged iden es enable firms in fulfilling regulatory requirements from a single
pla orm. Guidelines provided by European Union (GDPR), PCI-DSS, SWIFT, ISO-27001, BASELIII, HIPAA,
SOX and host of many other regulatory agencies make it mandatory for firms to have a necessary
infrastructure in place, which would safeguard privileged iden es to prevent data breaches.

This solu on provides a layer of abstrac on over the underlying IT infrastructure fabric thus enforcing
users to logon by using user-id, passwords, and a unique OTP (One Time Password). Not only that,
ARCON | Privileged Access Management solu on has the ability to provide required access on “need-to-
have” basis and can track users' ac vi es dis nc vely even if they use privileged iden es or privileged
accounts.

Privileged Access Management (PAM)/ Privileged Iden ty Management (PIM) solu on not only provides
a secure umbrella to the underlying IT infrastructure and data but also maintains complete audit trail of
ac vi es linked to privileged iden es. This risk-control tool iden fies vulnerabili es and assesses risks
at various levels like the opera ng systems, databases and web servers.