Analytical IS Systems
Privileged Account Management
Growth of the number of information technologies used in organization makes task of account and access right management more and more relevant.
Open Technologies implements complex projects on automation of account and access right management and integration of accounts into information security assurance systems.
Automation level improvement means that more and more business processes are executed with special corporate applications. Consequently, the number of operation-relevant corporate multi-user applications grows at large and medium enterprises. From the point of view of information security the most important task of such a heterogeneous environment is management of access rights to information assets.
Nowadays the heterogeneous environments mostly use separated access right management practices. With this approach the access right policy is created separately for every application, and administrators are held responsible for the policy implementation. This approach has several minuses:
- it is difficult (or even impossible) to check compliance of user's corresponding duties to access right policy;
- it is not possible to manage user's rights in all applications at once (for example, create or delete all accounts of one user);
- access to information assets rights receipt are often not automated and thus very labor-intensive which leads to administrators' and users' performance degradation because they cannot receive necessary access;
- access right receipt procedures are often "informal" which leads to risks of wrong authority allocation.
Open Technologies offers solutions on support of the whole life cycle of the organization privileged accounts. The solution has the following advantages and possibilities:
- Privileged account management and protection allows using possibilities of safe privileged account Digital Vault of network devices, operation systems and applications on the basis of pre-installed and adjustable policies.
- Transparent agent-free integration with basic information systems and possibility to add new devices and systems.
- Control of access to privileged accounts. Our product is an easy-to-use interface for detailed access control and allows easy detection who, when and why received access to privileged accounts and who granted it. Unified access point for all privileged sessions allows centralized control and record of all actions executed within these sessions (including videos).
- Strong product internal security. Digital Vault® technology allows creation of multi-layer security system implementing safe methods of storage, transfer of critical information, clear mechanisms of access isolation and reliable audit facilities.
- Application and services authentication data control. Solutions are provided to ensure security and control of applications and application server accounts eliminating use of coded and built-in passwords, their leak via developers and support service channels.
- Privileged account management systems having strong security system and developed account generation functions allows construction of systems satisfying requirement of regulating documents on registration of activities of privileged users (Sarbanes-Oxley, PCI DSS, STO BR IBBS, etc.).
- Readiness to be integrated with the infrastructure. The product ensures support of known directories (LDAP, IAM, etc.), authentication products (RSA, Radius, PKI, LDAP, etc.), IS Security Information Management (SIM), integration with Service Desk subsystems.
- Readiness to be installed in High availability and Disaster Recovery configurations. This is important bearing in mind high availability of the service work with privileged accounts.
Thus our privileged account management solution ensures reliable and controllable management of privileged accounts. Possibility to be integrated with existing IT infrastructure, flexibility and simplicity of the system control ensure low cost of ownership (TCO) and contribute to earliest possible return of investment (ROI). The solution is first of all aimed to large companies with developed IT infrastructure and large number of privileged accounts and to companies activities of which are subject to regulations.
Network Infrastructure Protection Control System
Open Technologies offers a range of solutions in the field of IS risk/threat control in the developed distributed network, network infrastructure monitoring and control of compliance to requirements of corporate information security.
Usually the following components are used to solve the mentioned tasks:
- Possibility of fast collection and analysis of settings of all organization firewalls. Visualization of results in the unified interface allows fast response to collisions (non-compliance with rules) of access into certain network sections, reduce number of excessive and unused rules. Possibility to check compliance of firewall settings to internal policies and regulatory documents thus saving time wasted for support and reducing firewall infrastructure cost of ownership (TCO).
- Possibility to collect configurations of the network hardware and network topology analysis and afterwards create network topology map and network model allows detecting real access routes and compare them to policies established in the company. Joined with firewall analysis, this allows receiving detailed information about route between any network points (connectivity, protocols, services). Possibility appears to significantly (up to 80%) reduce time for search and elimination of the network collisions.
- Possibility to collect information from the corporate security scanners combined with existing subscription to vulnerability dictionaries and in connection with the aforementioned possibilities allows assessment of the real IS threats. Risks are allocated from the most relevant to permissible (reduction of costs of patch management). Possibility to emulate attack allows evaluation of damage from attacks to both existing infrastructure and infrastructure with further changes ("what-if" analysis).
Qualified consultants and engineers of Open Technologies provide whole range of services on construction of IS analytical systems - from inspection and updating of access policy to choice of software products, designing, installation and commissioning of the system, trainings for personnel and technical support of the solution implemented.