Iraje Privileged Access Manager

Product Focus

Privileged accounts exist everywhere. There are many types of privileged accounts and they can exist on-premises and in the cloud. They differ from other accounts as they have rights for read, write, alter, and modify.

Privileged Access Management (PAM) refers to systems that secure, control, manage and monitor the accounts of users who have elevated permissions to critical, corporate assets.

Problem Statement

Enterprises have a host of critical assets that include Operating Systems, Databases, Database Management Tools, Routers, Switches, Firewalls, Applications, Cloud Infra, Client Server Applications, Browser consoles and others. These assets are managed by using generic superuser accounts like root, admin, ora, sys, enable and others. These superuser accounts are privileged accounts primarily used for administration by specialized IT employees. These superuser accounts generally have virtually enabled unlimited privileges, or ownership, over a system. Superuser account privileges may allow:

  • Read, copy, alter data, change security settings, delete accounts, run programs

  • Enable or remove file shares, switch off the logs, run programs

  • Change configuration and schemas

  • Alter config settings, change user privileges

Anyone inside an organization with superuser privileges has the potential to crash your enterprise systems, destroy data, delete or create accounts and change password and cause havoc, either through carelessness, incompetence or perhaps through malicious intent. The trouble is that accounts with superuser privileges, Including shared accounts, are necessary. One cannot run the enterprise IT systems without granting some people the privileges to do system-level tasks.

Organization Assets Account Types Actions that may go untraced
Operating Systems:

Windows, Unix, Linux, AIX, Sun Solaris, Mainframe

Administrator, Root, Services, Super User

Read, copy, alter data, change security, changes security, create and delete accounts run programme enable & remove files shares

Database:

Oracles, MS-SQI, MySQI, DB2, Ingress

Root, Sys, Sysdba, Ora, SA

Access transaction data, switch on-off the logs edit-delete the logs, modify DB records change DB configuration and schema modify stored procedures

Databases Tools:

Toad, MS SQL, PL/SQL, QEM, SQL Developer, B2 admin

System, Sys, App owner, Services accounts SA

Access transaction data, edit- delete DB logs Modity DB records change DB configuration and schema, modify stored procedures

Network & security Appliances:

Cisco, Juniper, Nortel, Watchguard, Checkpoint, etc

Root, Enable, Admin, Cisco

Alter config settings give access or deny to users access data packets enable or disable monitoring change policy setting

Backup, Storage & Services Infrastructure

Service, Root, Super User, Administrator

Access transaction data, modify, delete or transfer saved files. changes config settings save and transfer archived data

Directory Services

Administrator,Root

Read, copy, alter data add & delete users change user privileges enable remote access

Application Layers

Services, Config files, Run as DB connection

Modify backend applications alter web pages changes records from backend

Key Challenges

There are a number of challenges that the enterprise faces, like

Identity and Access Governance of privileged users

Enterprise Password Management

Role Based Access and Time Restricted Access

Visibility and Control on all privileged accesses

Audit and Compliance gaps

Insider Threat

Iraje Privileged Access Manager

Iraje PAM protects enterprise assets from the growing risk of cyber security and data breaches through password compromises. Iraje PAM helps business manage, monitor, and control privileged users to avoid super user password compromises which can lead to massive cyberattacks and data breaches for enterprises.

Key Features of Iraje PAM

  • Why Iraje PAM

    Iraje PAM is the most feature rich solution at the most reasonable price.

  • Proven Solution

    Iraje has a pedigree of over two decades in the security space

    Read More
  • Continuous Innovations

    Iraje has innovated in the security space over the years

    Read More
  • Solution Roadmap

    Iraje has always been on the forefront of innovations

    Read More
  • Better Support

    PAM is a mission critical solution that the operations

    Read More
  • Scalable and Secure Architecture

    Two big challenges with

    Read More
Solution Architecture

Iraje PAM solution is very simple and easy to deploy. Its agentless and completely browser based that makes it browser neutral [runs on any browser] as well as desktop neutral [can be used to access from Windows, Linux, MAC desktops].

There are 2 key components of the solution:

  • • Application Layer
  • • Vault Layer

The solution can be scaled horizontally or vertically with thousands of users and unlimited set of devices.

Architecture Highlights

  • Zero Trust Security

    This solution being a single point of compromise, extreme care is taken in hardening the OS, encrypting the communication and ensuring Zero Trust Security in true sense. The PAM OS is completely locked and its admin credential changes automatically every hour which ensures that no one has access to the PAM OS and its safe and secure. In all other PAM solutions, the PAM OS credential is with the PAM super admin. This undermines security of the solution completely and consolidates all the power of the superusers in the hands of few super admins of the PAM solution. This real Zero Trust Security differentiates Iraje PAM from the other solutions.

  • Fail Safe Architecture

    The solution architecture has to be fail safe in order to ensure the 24*7 user access is seamless and uninterrupted. The software is designed to ensure availability at all times and redundancy in terms of HA server for failover and DR server for site outage as well.

    The solution is also available in active-active architecture which is robust and fail safe. The solution can scale horizontally with a load balancer for parallel application nodes or vertically with more capacity in terms of CPU, memory, and storage.

  • Application Server

    Application Server – This is the first point of access for users to login, do the 2-factor authentication and get role-based access to target devices through Single Sign On. The session recording, discovery and collaboration features are available on this.

  • Vault Server

    This is where all the passwords are securely vaulted in the database and all the configuration are stored along with the text logs and the BCP configuration. This server can be on Linux or Windows environment and is hardened. The passwords are encrypted using a mix of standard and proprietary encryption method.

Iraje PAM OS and DB Security

The application server OS is completely hardened and locked. No user including the PAM super admin has the access to the PAM OS. All the activities done on PAM OS are done through secure val codes with maker checker process.

Safety features of PAM OS
  • No user can access the OS of PAM directly or indirectly.
  • The OS is completely hardened and locked.
  • OS password changes automatically every hour. In case of troubleshooting and patching an admin with limited rights is provided by Iraje helpline team to troubleshoot.
  • Only in case of major troubleshooting that requires admin access, the password is provided by security team which is generated dynamically based on date/time seed algorithm. During troubleshooting also, when remote access is taken by Iraje team the superadmin credential, the password is valid for 1 hour only for security reasons. After that it disconnects the session.
  • So, the OS access is extremely restricted and unavailable to anyone including Iraje Support Team.
Safety features of PAM DB
  • No user has direct access to DB of PAM. Neither Iraje team nor customer team has access to Iraje DB.
  • DB is handled only through the front end provided by Iraje PAM dashboard.
  • The DB passwords are all vaulted industry standard algorithm & Iraje proprietary algorithm.
  • Iraje DB is extremely sensitive and no user has access to it as such. This is to ensure the encrypted passwords are safe and secure in the password vault.

Key Benefits of Iraje PAM Solution

  • Improve Identity and Access Governance

  • Secure Enterprise Privileged Passwords

  • Get complete Audit Trails

  • Simplify Audits and improve Compliance

  • Manage, Monitor & Control privileged accesses

  • Get better Visibility and Control

  • Prevent Internal Frauds

  • Improve overall Governance, Risk and Compliance of the organization

Vertical Presence