Page Comparison

Local Computer Privileged Identity Management

Attackers frequently target local computer administrator accounts to gain privileged access to an organization's IT network. These local admin accounts possess full access to all local resources, including databases, and pose potential audit risks concerning regulations such as SOX, HIPAA, PCI-DSS, FINMA, MAS, FISMA, and NERC. Moreover, local admin accounts can serve as a gateway to a company's most valuable network data. EmpowerID helps protect your organization by inventorying servers to discover, monitor, and control local users and groups, including local administrators. Role and attribute-based access control policies are employed to manage membership in the local administrator's group and facilitate access requests through the IAM Shop.

EmpowerID automatically rotates passwords for all privileged identities by assigning them to relevant policies. It resets passwords in the managed system through its connectors and updates the vaulted information. For Windows servers, EmpowerID delves deeper by inventorying and managing identities used for Windows Services and IIS Application Pools. Typically undermanaged, these identities' passwords often remain unchanged due to challenges in identifying their usage across systems and updating these systems when passwords change. EmpowerID automates the necessary system updates each time a password is rotated.

Managing and Recording Privileged User Sessions

Privileged accounts are crucial for daily IT operations but also represent a liability, with 62% of security breaches resulting from privileged account abuse. In a Zero Trust model, access should be minimal, granted for only short periods, proxied, and monitored if possible.

EmpowerID's Privilege Session Manager serves as a web-based gateway, offering authorized users RDP access to on-premise or cloud Windows servers without exposing the servers to actual network access. This best-practice approach prevents malware and hacking exploits that rely on network connectivity to targeted servers. Additionally, strong adaptive identity verification is enforced, and sessions can be optionally recorded as videos for later compliance investigation or verification. The privileged credential's password remains hidden from the end-user, eliminating the potential for sharing or misuse.

Windows Server Compliance and Recertification

EmpowerID streamlines the audit process for your infrastructure team. The sprawling and dynamic nature of virtual machine environments can pose significant challenges for auditors, making it difficult to demonstrate who has local system access to critical systems during a certification process. EmpowerID simplifies this proof by maintaining an up-to-date audit and offering complete control over Windows Server access across all cloud and on-premise environments. Built-in attestation policies enable rapid periodic recertification of local computer group memberships, expediting the auditing process. Risk-based separation of duties policies also allows you to define toxic combinations of access, facilitating detection and remediation if discoveredDesigned to enhance IT security and streamline the management of local computer administrator accounts, the EmpowerID Local Windows Server Connector addresses the critical challenge of protecting these frequently targeted accounts.

The connector offers seamless integration with both on-premise and cloud-based Windows servers. Its core functionality lies in its ability to efficiently identify, monitor, and manage local users and groups. It places a special emphasis on local administrators, employing a refined inventorying function to comprehensively track user access across servers, thus aiding organizations in upholding compliance with key regulations like SOX, HIPAA, and PCI-DSS.

A pivotal feature of the connector is its automated password management system. Tailored for Windows servers, this system takes charge of rotating and resetting passwords for privileged identities. It extends this management reach to include identities linked to Windows Services and IIS Application Pools, ensuring all such identities align with stringent security protocols.

With the ability to integrate attestation policies, organizations can streamline audit and compliance tasks associated with identities and resource access on the local Windows server. Further enhancing its capabilities, the connector seamlessly pairs with EmpowerID's Privileged Session Manager, delivering adaptive identity verification and offering the functionality to record sessions in the interest of regulatory compliance.

...