We’re launching our PAM Bundle Program! Learn More

Privileged Access Manager (PAM)

Fálaina’s Privileged Access Manager (PAM) is designed to secure privileged users’ identity and accounts, while enabling practical session management from a single, integrated portal. This portal enables single sign-on for all privileged accounts via a centralised authentication method, typically Microsoft Active Directory Server or any LDAP server.

Privilege Access Manager (PAM)

Privileged access request management and approval workflow

Fálaina’s PAM leverages access request management integrated with workflow technology from ILM. Privileged users can request access to any privileged account on any critical asset based on the policies and rules created.

Rules may be configured to:

  • Limit the requestor to request only accounts within the group or set of servers the requestor is allowed to see and request
  • Limit day and time of access, especially after office hours access or location of access.
  • Configure if concurrent session is allowed
  • Require 2FA or second authentications

The access to each of these privilege or shared accounts are based on the policies and integrated as part of the on-line access request form and approvals via workflow.

The approver is allowed to approve, reject or override the request items such as limiting time or locations or even a set of accounts requested. Other features include pre-approved access by systems owner themselves without approval process, but the session will be monitored and recorded.

Privileged session - RDP, SSH and application access

Fálaina’s PAM enables any session to be initiated with privileged access including Microsoft Remote Desktop (RDP), Unix Secure Shell (SSH), typical client/ server and HTTP(S) based applications management tools. Client/ server applications for privileged access includes Oracle PL/ SQL Developer and Oracle Enterprise Manager for Oracle Database, Management Studio for Microsoft SQL Server, and so on.

These sessions can be initiated from Universal SSO Workspace² from any device or computers. Privileged session login doesn’t require password to be shared with the requestor,  eliminating the need for password management. If an organisation requires password to be reset, policies can be applied on how frequently these password resets should happen.

Session recording and keystrokes logging

Fálaina’s PAM logs user sessions with both video recording and keystroke logging. These videos and keystrokes are encrypted and stored securely in the PAM server, and can be viewed only by authorised personnel based on RBAC security policies, via the administration web interface.

Fálaina’s PAM also provides flexibility to record or log selected user sessions only, based on preconfigured policies. These include user account, time, grouping of servers etc. For instance, a user logging into Office 365 portal for email access may not recorded but the same user using Office 365 administration will be video recorded and keystroke logged.

Integration with SIEM solution allows correlation of security events and further actions can be taken for auditing and investigation purposes.

Fálaina’s PAM provides threat intelligence and if enterprises adopt this threat-aware privileged access model, integrated processes can be implemented to quickly remove privileged credentials associated with a particular attack or device.

Fálaina Universal SSO Workspace²

Fálaina’s PAM Universal SSO Workspace² provides portal for users to access their privileged sessions securely from any web browser and any device.

Users need to login to a centralised authentication server, typically Microsoft Active Directory Server or any LDAP server. Upon login, users can select the session and accounts available in their Universal SSO Workspace² by clicking the icons – providing a better user experience and improving productivity.

Real-time session monitoring and access termination 

Fálaina’s PAM provides real-time session monitoring and access termination. The session is made available for remote monitoring via video streaming and only viewing is allowed. The viewer, based on their authorisation, is able to terminate the session remotely.

This feature enables systems owners or security personnel to monitor vendor (for system administration/ maintenance work) sessions remotely instead of having to be physically present.

Simplify identity & access management with the right tools

Rapid ROI, integrated solutions, with
modern flexible licensing