WALLIX Bastion
Privileged Access Management (PAM) is a cybersecurity framework aimed at managing and securing access rights to privileged accounts within an organization.
Our solution for PAM
WALLIX Bastion is a PAM solution that is delivered as a pre-configured virtual appliance that does not require the installation of additional components on the controlled systems.
All policies and complete settings are defined through the central web console, through which the administrator defines the accounts that have the right to access certain devices. This is the most important feature of this platform because it enables granular adjustment of rights at the level of an individual user or user group.
Key features
- Privileged Access Management (PAM): management and security of privileged accounts, which are often the target of cyber attacks.
Password management: centralized password management that provides strong and regularly rotated passwords for privileged accounts.
Session Monitoring and Recording: Monitor and record privileged user sessions in real time. This is critical for audit and compliance purposes, as well as forensic analysis.
Access control: detailed control over who has access to privileged accounts and what actions they can perform.
Integration: the ability to integrate with other security solutions, IT infrastructure components, active directories and other services within an existing IT environment based on Windows/Linux servers, network devices or applications.
For more information, see the case study from our magazine.
WALLIX Bastion implementation
Implementing a WALLIX Bastion solution involves several steps to ensure that the Privileged Access Management (PAM) solution is properly configured and integrated into your organization’s IT environment.
In the realization of this task, Coming relies on rich experience and established procedures that include:
- assessment and planning of the structure
software installation
defining and configuring user roles and access policy
- password management configuration
enabling monitoring and recording of sessions
integration with other security solutions
training and testing
What WALLIX Bastion enables
Monitoring: Acting as a proxy server, Bastion allows recording and saving of all sessions (in video and text formats), which can be useful in digital forensics. It is possible to define daily or weekly reports according to the set criteria.
Time Frame + Approver: The software enables the definition of time intervals in which it is possible to create a session, as well as the need for explicit administrator permissions. By combining these two functionalities, it is possible, for example, to set the system to allow sessions without approval during working hours, while outside of working hours it requires administrator approval.
Session control: The administrator is able to define processes, that is, commands that will automatically terminate the session (say, he can ban RDP/SSH sessions from the server). The administrator can also monitor active sessions in real time and terminate them if necessary.
Password rotation: Through the function for periodic password rotation, the administrator defines the complexity of new passwords and the time of periodic changes. Updated passwords are delivered to selected administrators via secure (encrypted) messages.
Access: The system allows the use of native clients for direct access (putty, winscp, mstsc, openssh and similar). After a successful login, the user selects a system from a menu with a list of allowed servers or applications and the session is then established.