Granular Access Control

Achieve your security goals with granular access control from Core Privileged Access Manager (BoKS)

 

Bridge the Gap with Granular Privileged Access Management

IT security teams are challenged to protect sensitive data, while also enabling users across the organization to maintain productivity. Core Privileged Access Manager (BoKS) empowers you to bridge this gap with granular privileged access management. As a result, your organization can become more secure, simplify its approach to meeting compliance requirements, and increase overall operational efficiency.

Implement Fine-Grain Security Controls 

Core Privileged Access Manager (BoKS) improves your security posture by enabling you to implement fine-grain security controls across your Linux/Unix infrastructure.

  • Define and enforce who is granted elevated privileges, when, from where, and how
  • Control which commands can be executed by privileged users, (“SUDO”) and audit privileged activity
  • Implement granular assignments for who can switch sessions ("SU”)
  • Assign groups of commands instead of giving open root access to all commands
  • Use policy to define which SUDO sessions are keystroke logged based on risk and user
  • Remove the need for distribution of sudoers files with configuration management solutions or scripts

Types of Access Control

 

Core Privileged Access Manager (BoKS) provides separate access policy control choice definitions for the following access types:

  • Console login
  • Secure shell (SSH)
  • Secure file transfer (SFTP)
  • Secure command execution (SSH Exec)
  • Secure remote command execution (SSH REXEC)
  • SSH proxy
  • SSH tunneling
  • SSH X11
  • Privileged switch user (SU)
  • Privileged command execution (SUEXEC): a functional equivalent of SUDO

The solution also features legacy support for unsecure access types, to be enabled with control mitigations:

  • Serial Port login
  • Telnet
  • FTP
  • RSH
  • REXEC
  • RCP

How You Can Gain Control 

Leverage an Easy-Access Web Portal

Implement TLS Encryption

Utilize Web-Based Task Management

Benefit from Sub-Administration Controls

Access Control Constraints

 

All granular access control rules include the ability to put constraints in place for each rule based on how they operate:

  • Which host group or host to connect to
  • From which host or network the user can attempt to connect from
  • Time of day range
  • Day of the week range
  • Which authentication method(s) should be in place to verify the user
  • The depth of keystroke logging, if applicable
privileged-access-management-lock

Authentication Methods 

 

Core Privileged Access Manager (BoKS) can be used with a wide variety of authentication methods. However, not all methods apply to all access rule types.

  • User password
  • Password of target account (e.g., when using SU or SUEXEC)
  • SSH user key
  • SSH host key (secure and auditable)
  • SSH X.509 user certificate authentication
  • SSH X.509 host certificate authentication
  • Kerberos session key authentication
  • X.509 certificate authentication (soft token)
  • PKI certificate-based authentication with SMART CARD or USB token
  • Biometric API authentication unlocking PKI SMARTCARD token
  • Radius user password/pin authentication

What Granular Access Controls Means to You

 

Meet Compliance Quickly

Quickly meet the access/authorization regulations required by SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA.

Reduce Administrative Overhead

Achieve efficiency, reduce administration costs, and increase scalability in how your team assigns access controls.

Prevent Breaches

Access control definitions must be explicitly defined or access attempts will be blanket-denied and terminated in a Core Privileged Access Manager (BoKS) domain.

Ready to Start Protecting Your Privileged Accounts?

View our on-demand demo of Core Privileged Access Manager (BoKS) to learn how you can increase security for the privileged accounts in your organization.

 
Watch On-Demand Demo