logo

Get the Privileged Access Management You Need — Without All the Pain

A brief history of PAM

The term is not as straightforward as most people think. It has evolved over the years in parallel with the ever-changing security landscape. To understand why vaults have taken such an unwarranted central position, let’s quickly review how the market has evolved over the last two decades.

  • In the early 2000s, PAM meant privileged account A surge in compliance mandates in the first decade of this century forced organizations to improve their account password management practices. This was low-hanging fruit, since many organizations did not require complex passwords and did not rotate them regularly, which has become almost be unthinkable today.
  • Around 2012, PAM began to mean privileged access As legislation started to require better segregation between user and server environments, the practice of using session proxies to connect users to servers gained mainstream acceptance. This approach offered multiple benefits: The user’s password never got exposed, the user did not have to have direct access to the server, and the activity through the proxy could be recorded and played back. Accordingly, the focus shifted from privileged accounts to privileged access.

Privileged Access Management

The problem with traditional PAM solutions

Indeed, the PAM market is still dominated by solutions that have a password vault at their core. But this approach adds layers of complexity to what is actually a very simple problem: Providing administrators with secure access to servers to do their job. Vaults map people to accounts, and accounts to systems, and systems to applications. This many-to-many-to-many approach makes implementation and use of the solution complicated and costly. Moreover, it actually fails to address the core security issue — each account under management still retains its privileges even when it’s not in use, leaving the organization with a large attack surface area that hackers are eager to exploit.

But the idea that a PAM solution must come wrapped around a password vault is actually a misconception. Today, there is a better way to deliver secure privileged access management.

A modern approach delivers security without all the cost and complexity

Netwrix Privilege Secure is a next-generation solution built from the ground up to solve the fundamental PAM challenge: enabling administrators to safely and securely access the systems and data they require to do their jobs. A patented 3-step process supports any access control use case, for any platform:

  • Grant — Provide just enough permissions, just in time, to perform a necessary task
  • Connect — Empower the admin to perform the task (for example, by logging into a server or automatically starting an application)
  • Remove — Delete the account and all associated artifacts so that there are no elevated privileges for attackers to compromise

Privileged Access Management

This approach enables organizations to remove nearly all standing privileges, which dramatically reduces their attack surface area. Moreover, there is far less complexity, since the solution does not rely on mapping privileged accounts to upstream security groups.

In short, Netwrix Privilege Secure enables administrators and helpdesk professionals to perform their day-to-day activities easily without the cost and complexity of traditional PAM tools.

Martin is Vice President of Product Strategy at Netwrix. Martin is an experienced technologist, with over 30 years in the Privileged Access Management and security space. Prior to Netwrix, Martin led the privileged access team at BeyondTrust where he took their password management solution from unknown to a recognized leader in the industry within 3 years. At BeyondTrust he also drove the development of their first SaaS PAM product as well as a new micro service-based platform for DevOps security. Prior to BeyondTrust, Martin held key management positions at Quest/Dell, Novell, Fortefi and Symantec. He is a recognized expert and a regular speaker for security events and webinars.