“Regulation has become the stimulus for the strategy of Cyber-Security businesses.” CXP Group Research Report Pierre Audoin Consultants (PAC) in 2015
Can you prove
your compliance with an audit trail?
Organisations have never been more prone to high profile internal cyber-attacks due to disgruntled employees or even human error by a third party service provider with privileged access to core information systems. Today, more than ever, companies are exposed to a variety of risks related to the use of privileged accounts.
Privileged Access Control and Compliance:
IT Security and Compliance!
With the volume of sensitive data exploding, regulatory compliance helps protect users and provides full transparency of information security. The pressure to achieve and maintain regulatory compliance is becoming more and more important in today’s information driven age.
Regulatory standards that have emerged in recent years (ISO 27001, Basel, SOX, Arjel, audit of computerised accounting) systematically integrates traceability of privileged user activities (administrator, root, etc.) on core information systems. Visibility and control of these administrative sessions has become the natural solution to ensure compliance.
What Are The Issues Around Privileged Accounts
Via New Regulatory Constraints?
Most businesses use a variety of devices to provide authenticated user access to privileges on core information systems (IPSEC or SSL VPN, leased lines, internal developments etc.). However, these solutions have many disadvantages such as low granularity of rights, the need to systematically transmit user’s passwords for the account used on the target device, reporting failure, critical to the demands of regulatory reporting. Indeed, these solutions are mostly to provide a log of connections but do not know exactly what actions are performed during each session.
Faced with this issue, Privileged Access Management is an essential alternative. It protects the sensitive daily activity of user’s access rights by providing visibility, control and the ability to predict the activity of users privileges. It therefore secures access privileges and the accounts they use.
An effective and robust approach should involve
|√||Securing passwords in a certified vault|
|√||Their management, create, hide, reveal them, renew|
|√||The definition of access to each target system for each target user and revocation|
|√||The real-time monitoring of connections and each user’s activities|
|√||The generation of events or alerts|
|√||Recording and the review of video recordings of sessions privileges|
|√||The creation of a reliable and enforceable audit trail|
|√||The provision of statistical reports and behavioural analysis|
Meeting Regulatory Compliance
with The Wallix AdminBastion Suite
At WALLIX, we believe that the value of the solution lies as much in its functional and technological coverage as in its ability to be effortlessly deployed and adopted. This is why our WAB Suite is designed to cover all of the risks associated with access privileges in the shortest time possible. The optimal combination of 2-D “risk coverage” and “coverage period” makes the WAB Suite from WALLIX an essential tool for achieving the required level of compliance.
WAB Suite reduces risk by not disclosing a passwords target system (particularly to external service providers), granular access rights, but also tracks administrative users via recorded sessions and administration plus the complete traceability of actions including alerts when accessing critical servers. These features correspond to recurring audit recommendations. Deployed in just days, WAB Suite allows IT professionals to provide evidence of their precise and exhaustive knowledge of all movements across core information systems, protecting them from abuse.
Wallix AdminBastion Suite,
an award winning certified platform
ANSSI (FR) and FSTEK (RU) have certified WAB Password Manager Vault, following an audit by an approved assessment centre. These certifications are awarded only to solutions that pass their vulnerability tests and whose cryptographic modules comply with their framework, which is an essential criterion for public authorities and public companies.
Certification is a useful benchmark for IT Directors, Information Security Managers and Risk & Compliance Managers who, in order to choose from the many commercially-available solutions, need to asses a product’s security and compliance with the standards defined by the manufacturer’s independent governing bodies.