Computer Identity Management

Local Computer Privileged Identity Management

Attackers frequently target local computer administrator accounts as a first step in order to gain privileged access to an organization’s IT network. Local admin accounts effectively “own the machine” having full access to all local resources including any databases. This access represents a potential audit risk for regulations such as SOX, HIPPA, PCI-DSS, FINMA, MAS, FISMA, and NERC. Local admin accounts can also serve as a steppingstone to a company’s most valuable network data. EmpowerID inventories your servers to discover, monitor, and control local users and groups including local administrators. Role and attribute-based access control policies control membership to the local administrators group and allow for access requests through the IT Shop.

All privileged identities can be assigned to policies that automate the rotation of their passwords. The EmpowerID system through its connectors resets the passwords in the managed system and update the vaulted information.

Privileged Account Discovery and Password Rotation

EmpowerID Computer Identity Management automatically discovers and manages local privileged accounts and groups on all your server systems. EmpowerID discovers local privileged identities on Windows, Linux and Unix, and VMware ESXi. Once identified, these privileged identities can be recertified, assigned to owners, and managed through their lifecycle. Passwords can be set to rotate on a schedule thereby reducing the window of opportunity for hackers to compromise a password.

Windows Service and IIS App Pool Identities

All privileged identities can be assigned to policies that automate the rotation of their passwords. The EmpowerID system through its connectors resets the passwords in the managed system and updates the vaulted information. For Windows servers, EmpowerID can go a level deeper and inventory and manage the identities that are used for Windows Services and IIS Application Pools. These identities are typically undermanaged with static passwords due to the challenge of knowing on which systems they are being used and the effort required to update these systems when the password changes. EmpowerID handles these special identities by automating the system updates required each time their password is rotated. Admins can assign vaulted privileged identities to Services and IIS App Pools through web-based workflows and set them on a rotation schedule to close this critical vulnerability.

Getting Started