Privileged credentials are the key asset to enable attackers to easily gain access to an organization’s critical data by posing as a trusted insider. The endpoint is the targeted access point in every network and it is imperative to have endpoint device password security best practices in place to avoid security gaps.
ConsoleWorks secures privileged access credentials including administrator, endpoint password management against inside and outside threats.
ConsoleWorks automates the ability to changes access credentials on endpoints on a schedule, based on the defined security policy/password rules, eliminating the need for a privileged user to know endpoint access credentials. From one centralized location, a user can schedule automatic password changes and set-reset date warnings to meet compliance standards. ConsoleWorks can recover or change a password or export all passwords, securely.
A list of features includes:
- The ability for each device to have a unique (or same) password
- Access Control Rules controls which roles (Profiles) can access these features
- Flexible password complexity
- Detailed audit information
- Control of the password update frequency
- Ability to recover a device password, securely
- Ability to generate reports
ConsoleWorks can be configured to conceal all endpoint passwords for full automation of this function. Where full automation is not a requirement, ConsoleWorks can support that as well. As such, it eliminates issues regarding employee termination, role change, or ease of building access termination.
Password Management supports IT devices, network devices and ICS assets.
Access Management
In order to effectively secure electronic assets, access must be controlled and all activity must be automatically logged to provide a forensic record of activity performed of users, 3rd party vendors, and contractors.
ConsoleWorks controls access by allocating specific permissions/ privileges to a user based on the role-based permission model. The permission model specifies which assets a user, vendor, or contractor may access and at what level of privilege. ConsoleWorks supports command-by-command privilege grants for absolute control over electronic access.
The ConsoleWorks solution supports integration with Active Directory or LDAP server. The product was designed with the open ability to integrate its authorization/authentication services with multi-factor and other authentication technologies, as well.
Persistent Connection
ConsoleWorks maintains a persistent, secure connection to physical and logical infrastructure to monitor user actions, machine activity and all defined incidents worth knowing about. Various levels of physical and logical security are implemented to provide necessary – and often required – protective measures.
Standby, single user, and fault are common conditions where hardware and software are not in normal operating mode, yet those assets are still accessible through selected interfaces. In fact, these ‘abnormal’ but commonly occurring conditions almost always require someone to access a privileged interface to resolve the condition. Unlike traditional approaches to foundational security, ConsoleWorks retains its security and automatic documentation capabilities in all modes through its persistent connection capabilities.
Documentation
ConsoleWorks can control access, enforce permission models, and record down to the keystroke all privileged user activity for virtually any asset in the IT infrastructure. Automatically capturing all privileged user activity enables verification and acts as a powerful deterrent to out-of-policy behavior. ConsoleWorks empowers oversight of all changes, the instant they happen or on demand.
