Privilege Identity management platform
Security control of privileged accounts and device access
PIM
  • Sharing risk for privileged accounts

    Sharing risk for privileged accounts

    A large number of devices have account passwords that do not meet the requirements of the security system. Administrators cannot effectively remember and use these account passwords.


  • Complex permissions control

    Complex permissions control

    When enterprises entrust vendors or outsourced personnels to manage devices, it is difficult to assign corresponding device management rights to these personnels as well as to control and supervise their maintenance behaviors.


  • Difficult to audit centrally

    Difficult to audit centrally

    There are some devices that lack audit functions or are difficult to view visually, and the operation audits of different devices are independent of each other, making it difficult to conduct centralized audits and behavior tracing for all devices.


INTRODUCTION

PIM

PIM aims to improve the management process of various types of enterprise equipment resources and strengthen the security of equipment access and management process through the unified management of privileged account life cycle, centralized authentication of resources, unified authorization, single sign-on, password synchronization, operation audit and other technical means; realize the centralized security management of equipment in the machine room and also realize the centralized security management of the identity, authority and operation of the personnel using the equipment in the machine room.


FEATURES

PIM
  • Centralized equipment management platform

  • Separation of privileged account usage

  • Lifecycle management of privilege account

  • Unified authorization and access control

  • Multi-factor authentication

  • Centralized audit

APPLICATION SCENARIOS

PIM
  • Single sign-on for devices

    01

    Operation and maintenance staff in the platform login authentication once, without the second authentication can use the authorized resources equipment. Doesn't change the user's original use habit, support a variety of client for operation and maintenance tools.


  • Secondary authentication for sensitive resources

    02

    For the operation and maintenance resources with the high-security level, the secondary authentication policy can be configured, and the operation and maintenance personnel need to carry out secondary authentication when accessing, such as using SMS, certificate, etc. to authenticate and confirm again.


  • Built-in approval process

    03

    The platform has a built-in workflow engine through which users can increase workflow approval for important functions and operations. For example, users can apply for resource access rights by themselves, and the administrator will review and approve it, then grant the user access rights to the resources after the approval.


  • A/B corner operation and maintenance

    04

    For the operation and maintenance resources with high-security level, it can use the way of A/B corner to login for operation and maintenance, that is, two people with two posts, A corner operation, B corner approval. B corner can approve the operation of A corner remotely. At the same time, B corner can also view the operation and maintenance process of A corner in real time through online monitoring. When the illegal operation is found, the operation can be blocked.


  • Support for various device types

    05

    Support various versions of Windows, General Unix, General Linux, AS400, OS390 and other host systems; support VT100, VT102, VT220, ANSI, XTERM, Windows CE and other terminal equipment; support Huawei, H3C, Cisco, Juniper and other network equipment and security equipment; support Oracle, DB2, Informix, Sysbase, SQL Server, Mysql and other databases; support Telnet, SSH, Rlogin, FTP/SFTP, SCP, RDP, X-Windows, 5250/5250SSL, 3270/3270SSL HTTP/HTTPS, SqlPlus, dbaccess and other protocols.


  • Multi-dimensional auditing

    06

    Record all kinds of audit logs such as login logs, session logs, command logs, playback logs, etc., conduct audit analysis from multiple dimensions such as users, resources, operations and maintenance, and generate corresponding audit reports and statistical reports.


ARCHITECTURE

PIM

PIM.jpg

ADVANTAGES

PIM
  • Both human and machine use of privileged credentials can be recorded and audited

    Cut off the network connection between people and target passwords, supporting the workflow such as password application approval, application/tool/script password extraction can also be certified audit and recorded.


    Both human and machine use of privileged credentials can be recorded and audited
  • Wide range of credentials and passwords supported

    Regardless of the form of credential passwords, they can be published by using self-published password change Plug-in and tools to achieve hosting, which can deeply cover credential security management for cloud, DevOps, containers, etc.


    Wide range of credentials and passwords supported
  • Built-in password management capabilities

    Whether it is an application, tool, script or special code, it can replace the existing built-in plaintext/ciphertext password to achieve credential security management of the application.


    Built-in password management capabilities
  • Data behind the account can be masked and masking

    Allow people with privileged accounts to access only the data values or formats needed for their work, reducing the risk of data leakage.


    Data behind the account can be masked and masking