Iraje Privileged Access Manager

Product Focus

Privileged accounts exist everywhere. There are many types of privileged accounts and they can exist on-premises and in the cloud. They differ from other accounts as they have rights for read, write, alter, and modify.

Privileged Access Management (PAM) refers to systems that secure, control, manage and monitor the accounts of users who have elevated permissions to critical, corporate assets.

Get in Touch

Problem Statement

Enterprises have a host of critical assets that include Operating Systems, Databases, Database Management Tools, Routers, Switches, Firewalls, Applications, Cloud Infra, Client Server Applications, Browser consoles and others. These assets are managed by using generic superuser accounts like root, admin, ora, sys, enable and others. These superuser accounts are privileged accounts primarily used for administration by specialized IT employees. These superuser accounts generally have virtually enabled unlimited privileges, or ownership, over a system. Superuser account privileges may allow:

Read, copy, alter data, change security settings, delete accounts, run programs

Enable or remove file shares, switch off the logs, run programs

Change configuration and schemas

Alter config settings, change user privileges

Anyone inside an organization with superuser privileges has the potential to crash your enterprise systems, destroy data, delete or create accounts and change password and cause havoc, either through carelessness, incompetence or perhaps through malicious intent. The trouble is that accounts with superuser privileges, including shared accounts are necessary. One cannot run the enterprise IT systems without granting some people the privileges to do system-level tasks.

Organization Assets Account Types Actions that may go untraced
Operating Systems: Windows, Unix, Linux, AIX, Sun Solaris, Mainframe Administrator, Root, Services, Super User Read, copy, alter data, change security, changes security, create and delete accounts run programme enable & remove files shares
Database: Oracles, MS-SQI, MySQI, DB2, Ingress Root, Sys, Sysdba, Ora, SA Access transaction data, switch on-off the logs edit-delete the logs, modify DB records change DB configuration and schema modify stored procedures
Databases Tools: Toad, MS SQL, PL/SQL, QEM, SQL Developer, B2 admin System, Sys, App owner, Services accounts SA Access transaction data, edit- delete DB logs modify DB records change DB configuration and schema, modify stored procedures
Network & security Appliances: Cisco, Juniper, Nortel, Watchguard, Checkpoint, etc Root, Enable, Admin, Cisco Alter config settings give access or deny to users access data packets enable or disable monitoring change policy setting
Backup, Storage & Services Infrastructure Service, Root, Super User, Administrator Access transaction data, modify, delete or transfer saved files, changes config settings save and transfer archived data
Directory Services Administrator,Root Read, copy, alter data add & delete users change user privileges enable remote access
Application Layers Services, Config files, Run as DB connection Modify backend applications alter web pages changes records from backend

Key Challenges

There are a number of challenges that the enterprise faces, like

Identify and Access Governance of Privileged Access

Identity and Access Governance of privileged users

Enterprise Password Manager Iraje

Enterprise Password Management

Role BasedAccess Iraje

Role Based Access and Time Restricted Access

Visibility And Control Iraje

Visibility and Control on all privileged accesses

Audit And Compliance Gaps Iraje

Audit and Compliance gaps

Insider Threat Iraje

Insider Threat

Iraje Privileged Access Manager

Iraje PAM protects enterprise assets from the growing risk of cyber security and data breaches through password compromises. Iraje PAM helps business manage, monitor and control privileged users to avoid super user password compromises which can lead to massive cyberattacks and data breaches for enterprises.

Key Features of Iraje PAM

Manage

AD integration on the fly
SSO to all assets out of box without any connector/adaptor
MFA and Role Based Access
Time Restricted Access on portal and on devices | API integrations

Monitor

Live session viewing and live termination
Command search within videos
SIEM Integration with REST APIs
PAM Bypass alerts

Control

PAM Bypass alerts
Command restrictions on Linux/Unix/AIX
Alerts on remote login to Windows
Restriction on Windows for SOD

Discover

Discover hidden admins on servers
Discover hidden devices
Discover active ports
Discover password sync

Comply

Scheduled reports
Compliance reports
GRC reports
Analytical reports

Secure

Completely hardened OS
PAM OS password changes every hour
No access to PAM OS to anyone
No one can delete the logs/recordings

Why Iraje PAM?

Iraje PAM is the most feature rich solution at the most reasonable price.

Proven Solution

Proven Solution

Iraje has a pedigree of over two decades in the security space

Read More
Continuous Innovations Iraje
Continuous Innovations

Iraje has innovated in the security space over the years

Read More
Solution Roadmap Iraje
Solution Roadmap

Iraje has always been on the forefront of innovations

Read More
Better Support Iraje
Better Support

PAM is a mission critical solution that the operations

Read More
Scalable And Secure Architecture
Scalable and Secure Architecture

Two big challenges with PAM

Read More

Solution Architecture

Iraje PAM solution is very simple and easy to deploy. Its agentless and completely browser based that makes it browser neutral [runs on any browser] as well as desktop neutral [can be used to access from Windows, Linux, MAC desktops].

There are 2 key components of the solution:

  • Application Layer
  • Vault Layer

The solution can be scaled horizontally or vertically with thousands of users and unlimited set of devices.

Architecture Highlights

Zero Trust Security Iraje
Zero Trust Security

This solution being a single point of compromise, extreme care is taken in hardening the OS, encrypting the communication and ensuring Zero Trust Security in true sense. The PAM OS is completely locked and its admin credential changes automatically every hour which ensures that no one has access to the PAM OS and its safe and secure. In all other PAM solutions, the PAM OS credential is with the PAM super admin. This undermines security of the solution completely and consolidates all the power of the superusers in the hands of few super admins of the PAM solution. This real Zero Trust Security differentiates Iraje PAM from the other solutions.

Fail Safe Architecture Iraje
Fail Safe Architecture

The solution architecture has to be fail safe in order to ensure the 24*7 user access is seamless and uninterrupted. The software is designed to ensure availability at all times and redundancy in terms of HA server for failover and DR server for site outage as well. The solution is also available in active-active architecture which is robust and fail safe. The solution can scale horizontally with a load balancer for parallel application nodes or vertically with more capacity in terms of CPU, memory, and storage.

Application Server Iraje
Application Server

Application Server – This is the first point of access for users to login, do the 2-factor authentication and get role-based access to target devices through Single Sign On. The session recording, discovery and collaboration features are available on this.

Vault Server Iraje
Vault Server

This is where all the passwords are securely vaulted in the database and all the configuration are stored along with the text logs and the BCP configuration. This server can be on Linux or Windows environment and is hardened. The passwords are encrypted using a mix of standard and proprietary encryption method.

Iraje PAM OS and DB Security

The application server OS is completely hardened and locked. No user including the PAM super admin has the access to the PAM OS. All the activities done on PAM OS are done through secure val codes with maker checker process.

Safety features of PAM OS

  • No user can access the OS of PAM directly or indirectly.
  • The OS is completely hardened and locked.
  • OS password changes automatically every hour. In case of troubleshooting and patching an admin with limited rights is provided by Iraje helpline team to troubleshoot.
  • Only in case of major troubleshooting that requires admin access, the password is provided by security team which is generated dynamically based on date/time seed algorithm. During troubleshooting also, when remote access is taken by Iraje team the superadmin credential, the password is valid for 1 hour only for security reasons. After that it disconnects the session.
  • So, the OS access is extremely restricted and unavailable to anyone including Iraje Support Team.

Safety features of PAM DB

  • No user has direct access to DB of PAM. Neither Iraje team nor customer team has access to Iraje DB.
  • DB is handled only through the front end provided by Iraje PAM dashboard.
  • The DB passwords are all vaulted industry standard algorithm & Iraje proprietary algorithm.
  • Iraje DB is extremely sensitive and no user has access to it as such. This is to ensure the encrypted passwords are safe and secure in the password vault.

Key Benefits

Improve Identity and Access Governance
Secure Enterprise Privileged Passwords
Get complete Audit Trails
Simplify Audits and improve Compliance
Manage, Monitor & Control privileged accesses
Get better Visibility and Control
Prevent Internal Frauds
Improve overall Governance, Risk and Compliance of the organization