Top Features Added the Second Half of 2020

January 7, 2021

Ephemeral Accounts and Just-In-Time Permission Elevation

Back in September, we added an ephemeral account option and a just-in-time (JIT) permission elevation option designed to promote increased security using the principle of no standing trust.

Ephemeral accounts are one-time use accounts created on the host at the time of approval and are subsequently deleted upon expiration.

JIT permission elevation can take an existing account with limited permissions, temporarily elevate using the principle of least privileged, and de-escalate when its use has expired.

Why this is important: Security and risk management leaders are moving towards a zero standing privileges strategy using a just-in-time model.

A just-in-time privileged access model is designed to limit the time a privileged account exists on a critical system, especially with enabled special access.

It is not just about limiting time. The goal is to have a zero standing privilege strategy on users and servers.

Ephemeral accounts and just in time (JIT) permission elevation help customers implement these strategies and reduce the number of privileged accounts in their network and control access to active privileged accounts.

Transparent Perimeter

System now includes a Transparent Perimeter deployment option. This provides access to closed isolated networks behind a firewall based on a reverse tunnel architecture.

Why this is important: Using the Transparent Perimeter option improves the security of an isolated network by allowing external access to internal resources without requiring additional open ports in the firewall.

This can be useful for all deployments including Cloud deployments with access requirements to multiple (or hybrid) data centers. It is especially helpful for MSPs looking to manage their client networks without reconfiguring firewall rules.

Amazon AWS CLI Proxy

You can now configure the system to support zero trust connections for the Amazon AWS command-line tool.

Additionally, the System AWS CLI Proxy respects role-based permissions, configured access request workflows including time-, location- and approval-based access as well as API Token expiration and location validation for greater control and auditing of its use.

Why this is important: This new proxy allows for the secure sharing of privileged access to an AWS infrastructure without sharing the AWS keys.

Temporary Amazon Web Services API access keys

PAM can now generate AWS STS Temporary AWS API access keys (Access Key Id and Secret Key pair) for a specified duration based on the provided superuser access keys, those of which are stored safely in the PAM Identity Vault.

Why this is important: The option enables Just-in-Time access for users, applications, command-line utilities and automation software to communicate with Amazon Web Services with the least possible standing privileges.

RDS Farms for RDP Proxy

Easily access Remote Desktop Services (RDS) farms using a native desktop or mobile RDP clients. RDS Farm is a method to deploy shared Windows Server resources in high availability configuration.

Why this is important: By extending the application of native RDP clients to connect to RDS Farms, PAM is enabling the efficient implementation of best Privileged Access Management practices while allowing IT administrators to continue using familiar tools and workflows.

Administrator Dashboard

System Administrators and Auditors can now access a Dashboard screen featuring visual representations of aggregated key metrics about assets, sessions, jobs, and user activity. System dashboard displays hourly or weekly aggregated statistics by day of the week.

Why this is important: The Dashboard allows Admins and Auditors to quickly evaluate how users interact with PAM and how it maintains privileged credentials and access throughout the network.

New Online Documentation and Help Center

As part of our quest to provide more, easily locatable documentation on the features and options in our products, we are releasing a new online Help Center in October. This new Help Center serves as the central hub to find all documentation, guides, articles, and PDFs related to PAM.

Why this is important: Having one place to access all valuable resources is critical to any software implementation. The new Help Center makes it easy to find PAM documentation and information on installation, using specific features and PAM best practices.