With One Identity Safeguard for Privileged Sessions, you can issue privileged access for a specific period - or session - to administrators, remote vendors and high-risk users. And with Safeguard for Privileged Sessions’ full record and replay capabilities, you can easily meet your auditing and compliance requirements. In addition, it serves as a proxy to ensure that your critical assets are protected from any malicious software that might be lurking on an admin’s machine. Safeguard provides a single point of control for privileged session management from which you can authorize connections, limit access to specific resources, view active connections, record activity, receive an alert if connections exceed preset time limits and terminate connections.
Every packet sent and action taken — including mouse movements, clicks and keystrokes — is recorded and available for review. The time and content of the session are cryptographically signed for forensics and compliance purposes. Only actual activity is recorded, and recordings are compressed to a fraction of the size to minimize offline storage requirements.
Safeguard for Privileged Sessions proxies all sessions to target resources. Since users have no direct access to resources, the enterprise is protected against viruses, malware or other dangerous items on a privileged user’s system. Safeguard for Privileged Sessions can proxy and record Unix/Linux, Windows, network devices, firewalls, routers and more.
The One Identity Safeguard Appliance is built specifically for use with the Safeguard software, which is preinstalled and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. This approach protects the privileged management software from attacks, simplifies deployment and management, and shortens the time to value.
One Identity Safeguard for Privileged Sessions enables administrators to choose their client, tooling and preferences when gaining access to privileged sessions. This creates a frictionless solution that gives administrators the access they need while meeting compliance and security regulations.
One Identity Safeguard was designed for distributed clustering for true high availability. You can request passwords and sessions from any appliance which enables load balancing, and accelerated throughput and response times.
Create a searchable list of commands and programs that were run during the recorded session. Auditors have a quick and easy view to session activities.
When combined with our Privileged Passwords module, access can be configured for automatic login. Auto-login enhances security and compliance by never exposing the account credential to the user.
Full support for the SSH and RDP protocols. In addition, administrators can decide what options within the protocols they want to enable/disable.
You can quickly and easily view all activity with a query builder. Depending on who requested a report — such as IT operations or executives — you can add and remove data to get the information you need. In addition, you can schedule queries, and save or export the data in a variety of formats.
Use smartcard, 2FA or other strong authentication methods to gain access to systems. Because Safeguard acts a gateway or proxy to the system, it enables strong authentication to targets that cannot or do not support those methods natively.
Effectively managing privileged accounts is critical to security and compliance efforts. Read this paper to learn the risk associated with privileged accounts and solutions that can effectively mitigate those risks.
KuppingerCole provides and overview of Privileged Management and then a review of One Identity Safeguard
Privileged accounts are a necessity in any enterprise IT environment, since they enable administrators to manage the environment. But as news reports constantly remind us, granting privileged access increases the risk of a security breach.
On-demand webinar will show how the realm of privileged account management (PAM) is expanding horizontally and vertically and how this expansion is changing the functionality and integration of PAM solutions.
This document describes the security architecture of the One Identity Safeguard Appliance