- March 25, 2018
- Posted by: admin
- Category: IT Security
Identity Access Management (IAM) is the necessary element of any reliable security control, allowing companies to know who exactly accessed their sensitive data and when, as well as secure access to information preventing unauthorized sessions. In addition to user activity monitoring, Ekran System features several in-built identity and access management software capabilities in order to help you organize strong authentication and thus provide better insider threat detection and prevention.
Manage Access to Your Endpoint with Ekran System
Ekran System provides its customers with three main Identity Access Management tools:
Two-factor authentication – is available for any Windows server endpoint under all Ekran System licenses, including the Free one. This in-built tool allows combining user credentials (knowledge factor) and a time-based one-time password sent to an authorized user device (possession factor) to build a really strong identity confirmation process for your critical endpoints.
One-time passwords – available for any Windows server endpoint under our Enterprise license, it allows us to generate a unique temporary password granting server access to any user that filled up a request form during the login procedure. All requests are logged and manually processed by security experts, who decide whether to deny temporary access or not.
Secondary authentication – this feature is a part of all our licenses and is available for every Ekran System user. When turned on, with each log in procedure, if a generic login is used, the system will require a set of additional unique credentials, that should be assigned beforehand to each individual user.
Identity Access Management Benefits
Being focused on insider threat detection, Ekran System provides several in-built easy to use user access management tools, thus empowering your security strategy.
When enabled, these access control capabilities allow you to
- Protect critical end-points with advanced authentication
- Add transparency to all monitoring logs with forced individual credentials and reasoning request
- Enable live remote monitoring of all critical sessions
- Benefit from the combination of comprehensive monitoring and simple access control tools
Unlike many identity access management solutions, Ekran System has flexible and extremely cost-effective licensing and thus can strengthen the security profile of a company of any size.
One-time passwords
Our one-time password solution allows simplifying temporal credential management for large enterprises, while at the same time allowing Ekran System to clearly associate each recorded session with the individual user that initiated it. It serves as an additional layer of protection for your data and an additional prevention tool for any insider threats that may exist within your organization.
The main benefits of using Ekran System one-time password are:
- Strong endpoint protection with temporary access on a session-by-session basis
- No credential management required
- Each user session is approved and then can be monitored in the real-time mode (upholding four-eyes principle)
- Each video recording is clearly associated with an individual user who requested credentials
- Great for third-parties and remote subcontractors
Secondary authentication
The main purpose of our additional authentication tool in identity access management is to provide a way to clearly associate each session recording with an individual user that initiated the session.
Often a single administrator account is shared between several employees in an organization. Knowing who exactly initiated each individual session allows you to quickly investigate incidents and gives complete data that can be used for audit purposes, and as evidence in official investigations.
The main benefits of using Ekran System secondary authentication are:
- Ability to distinguish between users of a shared account
- Complete information for user action audit and monitoring
- An additional layer of protection for sensitive data
- Optional forced user actions acknowledgment
When to use Ekran System Identity Access Management
Use our server access management features to:
Identify users of shared accounts
No more faceless “admin” sessions on your critical end-points – know exactly who was working behind the generic credentials.
Add advanced access control layer to the critical end-points
Simple yet efficient Ekran System identity access management tools, such as one-time passwords, allow you to add one more protection layer – and control point – into your servers. With this option selected, each session will be explicitly approved and can be directly controlled.
Verify why the user session was initiated
Add one more detail layer to each recorded session forcing users to explain the task for the session before it begins. It will not only strengthen your identity management system but also facilitate identity tracking and audit.
Organize work with the third-party contractors providing temporal credentials
The principle of least privilege in identity access management is especially important when regulating the work of “external insiders” – third-party service providers and other contractors. One-time password technology is a simple and efficient way to organize their purpose-based access to your infrastructure without sharing permanent credentials.
Build your SME security strategy in a cost-efficient way
Ekran System combines comprehensive activity monitoring features and in-built access management solutions with flexible licensing and beneficial pricing, thus giving you an integrated solution to build your security strategy within your budget.
Integrate Identity Access Management to your security profile without thinking of the budget limitations!