What's brewing in PAM360?

This module helps admins enforce least privilege access across multi-cloud environments by providing continuous visibility, improved risk assessment, cleanup the excessive privileges.

Using EPM, IT administrators can enforce application access controls and manage privileged application access based on user requirements, establish detailed allow-lists and deny-lists for authorized users or applications. This also helps IT admins enable temporary privileged application access during critical situations. These features are powered by ManageEngine's native application control solution, Application Control Plus.

With the help of the SCIM API protocol, IT administrators can integrate PAM360 with any IAM or IGA tool to perform user management actions like user provisioning and deprovisioning, user role association, and user group allocation. These actions, once triggered in your IAM console, will then reflect within PAM360.

Administrators will make use of the SDK in various languages such as Java, Python and C# to pull the password from PAM360 vault for their legacy or internal or external applications to get the latest updated password of their privileged accounts. Apart from password retrieval, operations for managing accounts and managing resources will be provided in the SDK.

PAM administrators will be able to create access policies based on the user and device trust score, conditions and criteria. Based on the criteria, administrators can configure actions such as setting a warning message or email, terminating a session, preventing the users from taking sessions in future, and more.

This integration is aimed at enabling administrator to fetch the latest passwords from the PAM360 vault without breaking or changing the workflows created in the XSOAR platform.

This integration helps you to fetch secrets stored in the Kubernetes clusters and manage them from the PAM360 interface—you can fetch, manage, and periodically rotate secrets obtained from multiple Kubernetes clusters. Through the integration, you can achieve collaborative management of the Kubernetes secrets used in your enterprise.

Administrators and users of PAM360 are able to take RDP and SSH sessions in a single click via a native client from a windows operating system.

Intending to provide uninterrupted access to passwords, we have introduced another functionality - the Read-Only (RO) server for the PostgreSQL database. Unlike the concept of High Availability, where there will be one Primary server and one Secondary server, the Read-Only server can be configured in multiple. The Read-Only servers function as mirror servers, synchronizing all of the Primary server's operations.

Enables administrator to create a periodic account and resource discovery such that he will set a time such as every 5 days, monthly, etc., to discover the new accounts and feed them into PAM360 automatically.

Administrators can configure a set of commands/applications such that lesser privileged users can execute/run them in an elevated privilege without knowing the password of that privilege account.

PAM administrators will have an option to authorize a set of commands for a particular resource, and users will be allowed to execute only the authorized commands during a remote SSH session. If the user executes any commands other than the configured one, it will throw an error.

Administrators will be able to configure their legacy web applications in PAM360, where they can add layers of PAM authentication before accessing the web application via PAM web console without providing direct access to the end users.

The Security Hardening Score feature validates the customer environment with security options given from PAM360 on a periodical basis to ensure whether the security measures are handled. Security Hardening Score would help the customers to ensure how securely they are using the privileged access management tool in order to avoid external security threats and unforeseen data losses.