Traditional privileged access management (PAM) solutions involve complex architectures, lengthy deployment times and onerous management requirements. In nearly every recent high-profile breach, privileged accounts have been compromised to gain access to critical systems and data. But you can limit the damage from a breach by adopting a SaaS solution that provide a secure, efficient and compliant way to access to privileged accounts. One Identity Safeguard On Demand combines a secure password safe and a session management and monitoring solution with threat detection and analytics all managed and delivered from the cloud. It securely stores, manages, records and analyzes privileged access.
Key Benefits
Safeguard On Demand is a powerful cloud-delivered privileged access management (PAM) solution that automates, controls and secures the granting of privileged credentials with role-based access management and workflows. You lose no PAM, cybersecurity or compliance functionality . The user centered design of Safeguard On Demand means a reduced learning curve. Plus, the solution enables you to manage privileged passwords and privileged sessions from anywhere and using nearly any device. The result is that you can operate with privileged access management best practices. Plus, your enterprise is secure while your privileged users enjoy a new level of freedom and functionality.
Full-strength PAM with SaaS delivery
Mitigate potential damage of a security breaches
Meet compliance requirements
Realize ROI quickly with simplified deployment
Satisfy auditors with efficient audit-report creation
Identify and stop risky behaviors and unusual events
Simplify privileged account management
Features
The One Identity Approach to Privileged Access Management
The One Identity Safeguard portfolio includes the industry’s most comprehensive set of privileged access management (PAM) solutions. You can build on the capabilities of One Identity Safeguard On Demand with solutions for granular delegation of the UNIX root account and the Active Directory administrator account; add-ons to make open-source sudo enterprise-ready; and keystroke logging for UNIX root activities – all tightly integrated with the industry’s leading Active Directory bridge solution.
Policy-based Release Control
Using a secure web browser with support for mobile devices, you can request access and provide approval for privileged passwords and sessions. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So, whether your policies consider the requestor’s identity and level of access, the time and day of the request attempt, and the specific resource requested—or all of these — you can configure One Identity Safeguard On Demand to meet your customized needs. Plus, you can input reason codes and/ or integrate with ticketing systems.
Full-session Audit, Recording and Replay
All privileged session monitoring – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.
Instant On
Safeguard On Demand operates in transparent mode, requiring no changes to user workflows. Acting as a proxy gateway, Safeguard On Demand can operate like a router in the network—invisible to the user and to the server. Admins can keep using the client applications they are familiar with, and can access target servers and systems without any disruption to their daily routine.
User Behavioral Biometrics
Each user has an idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard On Demand inspect these behavioral characteristics. Keystroke dynamics and mouse movement analysis help identify breaches and also serve as a continuous, biometric authentication, thus strengthening the cybersecurity of privileged access.
Approval Anywhere
Leveraging One Identity Cloud Assistant, you can approve or deny requests from anywhere — and with nearly any device.
Personal Password Vault
All your organizations employees can store and generate random passwords for non-federated business accounts in a free personal password vault. This enables your organization to use a sanctioned tool with the ability to securely share and recover passwords providing much needed security and visibility into business accounts.
Favorites
Quickly access the passwords that you use most often right from the login screen. You can group several password requests into a single favorite so you can get access to all the accounts you need with a single click.
Discovery
Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.
Real-time Alerting and Blocking
Safeguard On Demand monitors traffic in real time, and executes various actions if a certain pattern appears in the command line or on screen. Predefined patterns could be a risky command or text in a text-oriented protocol, or a suspicious window title in a graphical connection. In the case of detecting a suspicious user action, Safeguard On Demand can log the event, send an alert or immediately terminate the session.
Command and Application Control
Safeguard On Demand supports both black listing and white listing of commands and windows titles.
Wide Protocol Support
Full support for SSH, Telnet, RDP, HTTP(s), ICA and VNC protocols. In addition, security teams can decide which network services (e.g. file transfer, shell access, etc.) within the protocols they want to enable/disable for administrators.
Full-text Search
With its Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. It can even list file operations and extract transferred files for review. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.
RESTful API
Safeguard On Demand uses a modernized API based on REST to connect with other applications and systems. Every function is exposed through the API to enable quick and easy integration regardless of what want to do or which language your applications are written.
Change Control
Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.