Easy privileged access for employees and service providers

Hackers started working for unfriendly governments, which increased the refinement of their actions. Both the public and private sector are exposed to hostile activity.

The events of the recent years – first the pandemic and then Russia’s invasion of Ukraine – changed the world irreversibly in terms of safety and IT. Importantly, today’s attacks of cybercriminals are not motivated by greed only. Hackers started working for unfriendly governments, which increased the refinement of their actions. They may involve more people and take more time, because they are centrally funded and do not feel law the enforcement breathing down their necks. They are equipped with state-of-the-art high performance hardware. Thus, their attacks are prepared to avoid the omnipresent security measures, such as UTMs and anti-virus utilities.

The purpose of such attacks is to cause chaos. On the national level, this may be achieved by attacking a ministry or major bank. On a smaller company level, it is enough to block access to online services or cause data theft or leak. This is why it is worth taking action to minimise the risk of attack. This is supported by solutions like PAM (Privileged Access Management), designed to supervise privileged sessions, monitor and manage high rights accounts. The systems in this class enable, for example, tracking changes and automatically interrupt the session in case of any activities that could cause danger to the company.

Agent-free and password-free secured access

To help standing up to the present attack threats, Senhasegura provides the PAM solution designed to supervise the activity of privileged access users and manage them. It enables defining access groups and assigning users to them, which allows downloading the password or using remote access to the given system or device. It also facilitates granting access to the employees network in a controlled manner to third parties, including service providers by granting them access only to specific devices and services in a precisely defined time range.

The security layer created by Senhasegura can be extended to a new module, Domum, which provides safe remote access to assets based on the Zero Touch model, with no need for using agents or VPN tunnelling. When an employee or third party needs to connect to a system, device or web console managed by Senhasegura, they send an access request to the PAM admin. If they approve, they send a link, which enables signing into the target system quickly and safely, without signing into the PAM platform.

Every session initiated in this manner can be recorded or monitored live and logs are generated that include every press of a button. It is also possible to restrict access based on geolocation, time range and session duration.

Senhasegura products are regarded as very friendly and efficient by the customers – the users rated them at 4.9 on a five-point scale in the Gartner Peer Insights ranking. These solutions are also used in Poland, with Bank Spółdzielczy w Staszowie as a reference customer. For more information, see senhasegura.eu/pl.

As distributor of Senhasegura solutions in Poland, we support our partners in investigating customers’ needs and selecting the right set of products and services. Free trial versions are available, as well as workshops and webinars for the customers and partners.

Using the Privileged Access Management system enables keeping order in the company by access control and no need for meticulous actions of the administrator. PAM is perfect as a monitoring utility for third party IT service providers. When working, they very often have access to high-impact data of the customer, who has no control over the actions of their subcontractors. In case of data theft, PAM will not merely notify the company, but also provide the evidence of the crime. This system also enables elevating the IT environment safety level by protecting and updating passwords, as well as caring for their complexity and diversity in all systems, to which the users sign in.

The source of the article is a special release of magazine CRN “Vademecum VAR-ÓW I INTEGRATORÓW”, June 2022.