Overview Privileged Access Management
The exploitation of privileged, usually administrative, user accounts are very often at the heart of known cyber-attacks, as hackers and malware often seek to exploit privileged accounts as an entry point into your IT infrastructure. Eliminating admin rights and protecting privileged accounts has thus long been at the forefront of any risk mitigation strategy for organisations of all sizes. Compliance requirements and protection against insider attacks are also most effectively achieved by securing and managing administrative privileges.
Existing solutions in this area are often complex, inefficient in management, have too many functions, restrict employees and come with huge identity and access management consulting projects.
Made in Germany, amitego has been concentrating since 2003 on developing an industry-independent portfolio in the field of Privileged Access Management (PAM),Remote Support and secure data transfer on an ongoing basis. amitego portfolio focuses on the seamless documentation of internal and external privileged user activities and provides central control functions and visibility, as well as control over the privileged access rights of all accounts and users.
Advantages of the amitego cyber security portfolio
Protection against malicious attacks
The majority of all successful attacks are due to the deliberate exploitation of high, i.e. privileged, rights. Root-cause analyses of current cyber incidents show that so-called "privileged escalation", i.e. the maximum extension of administrative authorisations of certain users on desktops and servers, is often the gateway and thus bidirectionally also the non-closed exit for cyber criminals. Prevent the execution of malware by managing which applications are allowed to run in your environment, by which users and at what time. This technically prevents access outside your own set of rules.
Prevent insider attacks and data leakage
The principle of the smallest possible allocation of rights is the bottom line. Zero Trust is top notch. Immediately remove the administrator rights of all users, even those of the system administrators and root users in the data centre, and control the assignment of rights via groups or individually, linked to the respective application, process or internal organisational requirements.
If each employee is only given the access rights they need to complete their tasks, these can normally be used for nothing else. In this way, both unintentional and intentional insider threats can be mitigated. On the other hand, functionalities such as session recording offer employees with increased rights the possibility to document their activities in critical areas or to their external service providers as proof of performance for work performed.
Adherence to compliance requirements and industry-specific security standards
amitego helps you to meet the strictest requirements in terms of verifiability of access controls and enforcement of the principle of least privilege as well as access management, thus also third party management. VISULOX supports organisations by centrally controlling privileged rights to meet compliance requirements. With the help of the VISULOX portfolio, flawless and audit-proven reports and evidence can be generated at the push of a button to demonstrate compliance with ISO 27001, NIST, TISAX, BSI-G KRITIS, HIPAA, PCI DSS, EU DS-GVO, BSI Grundschutz and many other standards.
The VISULOX portfolio: PAM, Remote Support and Data Transfer Control.
Cyber Security Solutions from a single source.
VISULOX Privileged Access Management
Take control of all privileged users and seamlessly document every critical activity to protect your assets, through Multi Factor Authentication, session recording and other functionalities.
VISULOX Remote Support
Provide documented, fully automated and personalised access to your infarstructure for all external users and your internal privileged employees, centrally.
VISULOX Data Transfer Control
Control the input and output of all data transfers within your organisation. Integral, secure and authentic transport of data, by specified users to specified endpoints, according to your fixed parameters.
VISULOX Proof of Concept
All parts of the VISULOX portfolio can be implemented seamlessly during operation without any interruptions. The installation of VISULOX does not require any modification of clients or servers. From an IT security perspective, we do not touch your assets that need protection and do not install agents on endpoints.
VISULOX Privileged Access Management
Revoke privileges, defuse threats. Create a modern working environment and fend off attacks without affecting the productivity of your employees. Malware often enters the corporate network through accounts with elevated privileges. Therefore, the removal of high administrator rights is one of the most important strategies for companies that want to reduce their risk. VISULOX Privileged Access Management is modular and can be adapted to any requirement:
The central control centre for easy management and monitoring of all internal and external user activities within IT and OT.
- Historical user data and activities can be viewed and exported at any time
- Rights and roles can be adjusted and viewed
- If necessary, all users can be removed from the IT infrastructure ad hoc
- Set parameters according to which external and internal access is granted, such as multi-factor authentication, standard working hours, locations or session recording.
Recording of all or individual user interactions, unavoidable or on demand. As indexed film with optional key-stroke recording. The films have a definable storage period according to legal or organisational requirements.
- Storage volume of only approx. 5 megabytes per recorded hour of film
- Automatic encryption and password protection with lifetime definition
- Recording can be forced at the start of a session or is started voluntarily
- A user cannot be secretly recorded under any circumstances.
Flexible, documented and secure application sharing without merging separate security zones.
Application sharing has become commonplace in IT operations. However, the architecture of many sharing solutions often creates hidden security gaps that connect previously separate security zones between client and internal infrastructure.
- Users can work in two different modes, interactive or guest mode for purely observing activities.
- Sessions can be recorded, whereby it is always logged which user has made which entry.
- It is possible to force a digital "dead man's switch".
- Integration of a real 4-eyes principle
- Administration of server farms and client networks without issuing sensitive passwords and resources
- Central allocation of administration rights to personalised and identifiable users
- VISULOX Host Control offers the possibility of using an integrated upload function for large script files into a transit zone. This allows the execution of checks of defined parameters
- VISULOX Host Control checks commands against whitelists or blacklists before sending them to check user entries before execution.
Multi Factor Authentication
Securing access to IT and OT systems through uniform Multi Factor Authentication(MFA)
VISULOX MFA offers a customised solution that realises the optimal use of a second or any registration factor.
- VISULOX MFA is adaptable to internal organisational requirements
- The following options can be selected by default:
- TicketID / Service Session ID
- Verbal, through integration of a HelpDesk
- LastPass, MS / Google Authenticator
- SMS / e-mail
- Biometric identifiers
- Physical tokens
Automated and unavoidable backup of all audit-relevant data and information. All actions, including changes and deletions of audit-relevant data, are visible via an audit log in VISULOX Cockpit and are subsequently traceable.
- VISULOX Revision Server offers a separate area to separate generated audit data from administrators and involved user groups
- Thanks to the distribution of access rights to several users, a single user can never access the secured data in VISULOX Revision Server, regardless of access rights.
- VISULOX Revision Server automatically backs up all audit-relevant data in encrypted form and guarantees ad hoc availability
- At no time is it possible for a third party to draw conclusions from this information or to assign it to individual user sessions or persons.
VISULOX Remote Support
Who did what, when, where and how? These are all key questions for the protection of critical assets that are administered by external parties for remote maintenance. With VISULOX Remote Support you provide secure and documented access and Support for any device or system - always and everywhere.
VISULOX Remote Support pursues the goal of providing external users with the resources they need just-in-time and provides external users with access only when they need it. Based on groups or individually, at least the following parameters can be set:
- fixed periods of time, e.g. core working hours,
- permitted geo-locations, e.g. registered office of the service provider,
- shared IP addresses,
- Multi factor authentication,
- Specification of the Four Eyes Principle,
- Duty to visually document activities
VISULOX Remote Support does not make any demands on the end device and does not require any changes to the server or the clients.
- Deploy powerful Support
Detached from operating systems, devices, platforms, industrial control equipment, administer remotely instantly and reliably. Provide immediate and reliable remote support to end users and customers running Windows, Mac, iOS, Linux or any other operating system on or off their network. Focus on solving problems instead of worrying about connectivity, so you get more done.
- Provide efficient service
Improve service levels and increase customer satisfaction through seamless and high-quality remote support, as well as automated logging and traceability of activities performed, e.g. through session recording, for each end user. Offer scalable Remote Support for enterprise organisations without impacting operations. Whether you have a Linux server on the other side of the world or a Windows terminal server in maintenance in the local data centre.
- Protect your organisation
Support teams always need administrative rights to endpoints and full access to critical systems, such as SCADA systems, control centres or Active Directory servers, to do their work. The security of the remote access solution used for this purpose is crucial to protect your network from threats and to meet compliance requirements. VISULOX Remote Support guarantees that the security zones of your organisation are never merged with those of the support service provider. The service provider will not have direct access to your internal systems. Multi-factor authentication, state-of-the-art encryption, granular authorisation assignments, comprehensive audit trails and much more make VISULOX Remote Support the most secure remote maintenance software on the market, developed in Germany.
VISULOX Data Transfer Control
VISULOX Data Transfer Control works like the well-known security check at airports and scans every file to be transferred. Without exception, every data transfer - in or out - goes through this scan. VISULOX Data Transfer Control allows you to define fixed rules and thus control the entire data transfer . The connection is made from the application to VISULOX Data Transfer Control and only then to the server and vice versa, so that the security zones are maintained at all times.
In every organisation there are various requirements for secure data transfer. VISULOX Data Transfer Control VISULOX offers the possibility to easily and flexibly define rules on how, what and by whom data may be transferred to which destination and according to which criteria. At least the following parameters have to be defined:
- Authorised users and groups
- Source & destination of the files to be transferred
- Direction: in / out / bidirectional
- File size
- Name of the files
- Type of file or signature
In practice, this is done in a safe way:
An authorised user moves data into a specific "transit zone" using drag & drop. This is the core of VISULOX Data Transfer Control. Within this zone, the corresponding parameters are checked ad hoc and files are either released, forwarded or rejected directly. Each transfer generates an event that can trigger a further action if required.
To ensure that activities carried out can be traced at any time to fulfil audit requirements, for root cause analysis or for improvement purposes, all movements are archived via shadow copies in a verifiable and audit-proof manner. These files are never accessible to the operational administrators or users involved.
Stored and archived, the information collected does not allow any direct conclusions to be drawn about transactions that have been carried out. Access to it is logged in the VISULOX Cockpit logged.
As a leading manufacturer, amitego has been offering protection for external privileged users and internal employees as well as the complete and traceable documentation of user activities and moved data with VISULOX since 2003. VISULOX is used worldwide by small to medium-sized companies, including DAX30 companies, across all industries.