Privileged Access Management (PAM)

Privileged Access Management (PAM)

Manage access. Audit activity. Respond to incidents.


Privileged access and session management via a jump box

With the PAM features in Ekran System, you can:

  • Secure access to your Active Directory environment as well as to Linux/Unix and Windows endpoints
  • Secure your web-based access
  • Specify endpoints that can be accessed by particular privileged users
  • Limit the time for which access is granted
  • Deliver temporary credentials to specific users and groups
  • Automatically generate, encrypt, and manage the credentials of privileged users

You can also use Ekran System’s PAM capabilities to ensure secure remote access to your critical endpoints for third-party vendors, contractors, and remote employees.

EKRAN SYSTEM® INTEGRATIONS: Ekran System privileged access management software integrates with your infrastructure, including with the leading SIEM and ticketing systems.

Password management

Forget about having to deploy extra privileged password management software. Ekran System includes a sophisticated privileged password management solution with all the capabilities you need to properly handle and protect your secrets:

  • Password Vault for securely storing and delivering secrets
  • Automated and manual password rotation for Windows and AD accounts
  • Role-based access control
  • SSH key management
  • Password management for shared accounts (Windows, Linux)
  • Web account password management

Ekran System provides military-grade data encryption and uses only FIPS 140-2 compliant encryption algorithms. All data and connections, including privileged account credentials and client–server connections, are encrypted with AES-256 keys and an RSA-1024 or RSA-2048 algorithm.

Multi-factor authentication

  • Strengthen the protection of your critical assets with Ekran System’s two-factor authentication (2FA) tool. This tool is part of our rich set of identity and access management features.
  • Ekran System’s multi-factor authentication tool enhances the user verification process by combining user credentials and time-based one-time passwords. This privileged identity management solution is included with any Ekran System license and runs on Windows Server and Windows and macOS endpoints.

Access request and approval workflow

Minimize cybersecurity risks and control the number of simultaneously active accounts with Ekran System’s just-in-time PAM capabilities:

  • Manual access approval for determining who can access what and when
  • One-time passwords (OTP) for securing temporary access to specific endpoints, including emergency access
  • Monitor, record, and manage user activity in all sessions started under temporary credentials.
  • Integration with leading ticketing systems including SysAid and ServiceNow for cross-checking and validating the reasons for privileged access requests
  • Time-based user access restrictions for enhancing the protection of critical data and systems

Continuously monitor all privileged accounts

Monitoring is an essential part of privileged account management. With Ekran System, you can continuously monitor, record, and audit all privileged sessions on endpoints. If a server connection is temporarily limited or lost, the lightweight Ekran System Client will continue recording the session in offline mode. Once the connection is restored, all information will be uploaded to the Ekran System Application Server. 

In addition, Ekran System can automatically generate a large set of user activity reports, allowing you to get a close-up view of every user action and analyze overall user activity.

Real-time alerts and incident response

Enable proactive privileged activity monitoring with the help of Ekran System’s actionable alert system. Use the extensive library of template rules or set custom targeted alerts for detecting abnormal user behavior. Block users, terminate applications, and send real-time notifications to pinpoint privileged access abuse in near real time.

For each alert, you can optionally assign an automated incident response action that will be executed along with notifying security staff: show a warning message to the user, kill an application, or block the user.

Ekran System® manages privileged access to ensure compliance: Ensuring a proper level of privileged account management and access management is one of the main requirements of major compliance regulations and standards. With Ekran System’s privileged access management security solution, you can meet compliance requirements with ease: PCI DSS, SWIFT CSP, HIPAA, NIST, GDPR