Failure to control privileged identities could lead to security breaches by both insiders and external parties, resulting in data loss or destruction, malicious damage, fines, lawsuits and a loss in shareholder value. In addition, auditors are requiring their clients to proactively demonstrate that they have ability to control privileged users and report on their activities.Privileged Identity Management lies at the heart of any cyber-defense whether focused on insiders or external parties.
While security breaches can occur from many sources both inside and outside the organization, the most damaging attacks have something in common: use of privileged accounts. By their nature, these accounts have permissions- or privileges- to significantly change a system, application, or database. Actions using these accounts have the potential to be uniquely destructive.
A common starting point that organizations deploy in order to reduce threats posed by their privileged accounts is to control their passwords. While important, this approach fails to sufficiently reduce the risks posed by privileged accounts. Controlling access to privileged accounts by only controlling the password does not limit what malicious users can do once they are logged in to the privileged account. Without further controls, an organization is still at significant risk.
CA ControlMinder products offer a comprehensive and mature solution for privileged identity management in both physical and virtual environments. CA ControlMinder is a scalable solution that provides privileged user password management, fine-grained access controls, user activity reporting and UNIX authentication bridging across servers, applications and devices from a central management console. CA ControlMinder for Virtual Environments brings privileged identity management and security automation to virtual environments from infrastructures to virtual machines. CA ControlMinder Shared Account Management brings password management to privileged user account identities.
Shared Account Management (Privileged User Password Management): Provides secure access to privileged accounts, manages password complexity, and enables accountability through issuance of passwords on a temporary, one-time use basis and secure auditing.
Fine-Grained Access Controls: Analyzes all actions taken by a shared account and determine whether to allow a command to be executed or a directory or file accessed based on individual using that shared account.
UNIX Authentication Bridging: Manages UNIX users from Microsoft Active Directory, enabling the consolidation of authentication and account information.
User Activity Reporting / Video Session Recording: Provides a deep understanding of what truly is taking place on corporate servers and desktops.
Reduce the risks associated with privileged users from inside and outside the network
Enable accountability for privileged users. By controlling access to shared accounts, and recording all activities at the individual user level, organizations can ensure accountability for even their most powerful administrators
Improve auditing and facilitate compliance. Track user activity actions by individuals, even those using shared accounts, helping to facilitate compliance
Reduce Costs and Complexity. Centrally administer server access policies, user accounts, UNIX authentication and automated management of privileged user passwords to ease the burden of managing security across global, distributed, multi-platform enterprises