Secured password vaulting

Store credentials, keys, and other secret information in the Enterprise Credential Vault.

Advanced authentication for privileged accounts

Create a layered defense for your sensitive assets and resources with multi-factor and step-up authentication.

Database privileged account monitoring

Know what your privileged users are doing with the rights they have to business-critical databases.

Comprehensive privileged account management

Securely delegate privileged account authority across database, application and cloud environments.

Single sign-on to Linux and UNIX servers

Authorized users can access servers without entering additional credentials or complex commands.

Secure remote desktop proxy (RDP)

Privileged Account Manager allows administrators to execute privileged commands on a UNIX host from a Windows desktop, without requiring users to start an SSH session from the Windows desktop.

Single configurable port

All agent traffic is encrypted and directed through a single port for easy product configuration and deployment in multi-firewall environments.

Database encryption

The Privileged Account Manager credential vault is a secure embedded database with two levels of encryption. The passwords are encrypted with AES 256 bit keys, and the database is encrypted with a separate AES 256 bit key.

Web-based console

Privileged Account Manager is managed via an intuitive web-based console which can be accessed throughout your intranet and extranet zones. The interface includes a command control console that enables the configuration of all privileged user management policies.

Task-based wizards & drag-and-drop interface

Privileged Account Manager stores Windows administrative passwords in a credential vault that resides within Command Control.

Windows group and policy enforcement

A GUI-based, drag-and-drop user interface greatly simplifies the rule-creation process and virtually eliminates the need for complex, manual scripting.

Reusable script and command libraries

Privileged Account Manager includes sample libraries of policy objects that can be simply dragged and dropped to build powerful, yet visually easy to understand, security rules.

Hierarchical rule structure

Rules can be visually constructed without scripting then dragged and dropped to create rule hierarchies that determine the processing order.

Intuitive failover and load balancing

Host agents can be visually configured in hierarchical domain structures that automatically determine load-balancing and failover between components.

Risk-based privileged session control

Powerful risk-analysis tools record and play back user activity—down to the keystroke level. You define high-risk activity controls and enforce them with automatic session termination or access revocation.

Privileged analytics

Risk analysis engine examines user activity in real time and applies color-coded security risk ratings so that you can detect and address threats faster.

Real-time keystroke logging

Keystroke logs are updated in real time throughout the duration of a user's session on any UNIX, Linux or Windows host.

Windows auditing service

The Windows audit service enables administrators to view real-time and historical user activity performed on local or remote Windows hosts. Audited activity includes all actions performed during a privileged session—the user inputs as well as the resulting processes.

Automatic data filtering for continuous compliance

Create pre-defined rules to pull events from your audit log files using comprehensive filters and schedules.

Automatic notifications

Users can be automatically emailed a daily summary of events awaiting approval.

Indelible audit record

All auditor activity is indelibly recorded on the event record, including the viewing of keystroke log activity, status changes and any notes recorded during the analysis.

Workflows

For events that require further analysis, a workflow process escalates events to the appropriate reviewers—either by sending an email notification or flagging the event in the compliance auditor console.

FTP auditing

Add an additional layer of security to your FTP transactions by using this replacement daemon for fully audited and authenticated FTP transactions.