Privileged access, accounts and credentials are core, critical assets for enterprises that must be highly protected through a defense-in-depth strategy that utilizes a combination of technology and processes, which is enabled by privileged access management. Capable of providing multiple layers of defense around privileged users, accounts and credentials—both at the network and host layers, CA Privileged Access Management helps:
Privileged User Authentication
CA Privileged Access Manager fully leverages your existing identity and access management infrastructure, with integration to Active Directory and LDAP-compliant directories, as well as authentication systems like Radius. Integrated with advanced authentication tools like CA Advanced Authentication and others, it facilitates stronger or multi-factor authentication for privileged users. In addition, CA Privileged Access Manager fully supports enabling technologies like PKI/X.509 certificates and security tokens. Its ability to provide support for Personal Identity Verification/Common Access Cards (PIV/ CAC) ensures compliance with U.S. Federal Government HSPD-12 and OMB M-11-11 mandates.
CA Privileged Access Manager protects and manages sensitive administrative credentials. Safely stored in a powerful vault, credentials are encrypted at rest, in transit and in use, limiting the risk of theft or disclosure. All types of credentials, such as SSH keys, not just traditional passwords are vaulted and managed. CA Privileged Access Manager mitigates the risks of passwords hard-coded into scripts and applications, providing its own FIPS 140-2 Level 1 compliant encryption solution and offering integrated FIPS Level 2 and Level 3 solutions.
CA Privileged Access Manager provides network-based, highly granular and rolebased access control for the hybrid cloud. It controls access by network administrators, trusted insiders, third parties and other privileged users. Control begins when privileged users initially authenticate to the system, as CA Privileged Access Manager implements a deny all, permit by exception approach to least privilege access controls. Users are able to see only those systems and access methods to which they’ve expressly been provided access.
CA Privileged Access Manager provides full resolution capture of privileged user sessions. DVR-like playback controls allow auditors and investigators to review everything that happened during a session, with the ability to jump directly to attempted policy violations. Recording and playback capabilities are provided for graphical RDP sessions, SSH links (including the use of native SSH clients) and Web based applications and cloud management consoles.
Application Password Management
CA Privileged Access Manager eliminates hard-coded, hard-tochange passwords from applications and scripts, providing effective protection and management of these “keys to the kingdom”. Application-to-application passwords and other credentials are stored in an encrypted vault, authenticating requesting applications before passwords are released from the vault. Other capabilities include: automation of application password management, encryption of application passwords (in storage, in transit and in use), rapid deployment and integration with application and system infrastructure and detailed password audits and activity reporting.
Hybrid Enterprise Protection
CA Privileged Access Manager delivers tightly integrated privileged identity management capabilities for widely deployed hybrid-cloud computing platforms and traditional systems including: Amazon Web Services (AWS), VMware vSphere and NSX, Microsoft® Online Services and traditional data center systems, including mainframes, servers, databases, networking devices and other infrastructure.