Академический Документы
Профессиональный Документы
Культура Документы
2 Agenda
• Hitachi ID corporate overview.
• Hitachi ID Suite overview.
• Securing administrative passwords with Hitachi ID Privileged Access Manager.
• Animated demonstration.
4 Representative customers
5 Hitachi ID Suite
7 Project drivers
Organizations need to secure their most sensitive passwords:
8 Participants in PAM
Hitachi ID Privileged Access Manager works by randomizing privileged passwords and connecting
people and programs to privileged accounts as needed:
9 HiPAM impact
11 Randomizing passwords
Push random • Periodically (e.g., between 3AM and 4AM).
passwords to systems: • When users check passwords back in.
• When users want a specific password.
• On urgent termination.
13 Fault-tolerant architecture
User
Hitachi ID Privileged
Credential Access Manager
vault
LDAP/S, Windows
HTTPS NTLM server or DC
Load
SSH,
balancer
TCP/IP + AES
Replication
TCP/IP + AES
Site A Unix, Linux
Credential
vault
TCP/IP
+ AES
Managed
Firewall endpoints
TCP/IP + AES
HTTPS
Site C
Various protocols
14 Included connectors
Directories: Databases: Server OS – X86/IA64: Server OS – Unix: Server OS – Mainframe:
Active Directory and Azure Oracle; SAP ASE and HANA; Windows: NT thru 2016; Linux Solaris, AIX and HP-UX. RAC/F, ACF/2 and TopSecret.
AD; any LDAP; NIS/NIS+ and SQL Server; DB2/UDB; and *BSD.
eDirectory. Hyperion; Caché; MySQL;
OLAP and ODBC.
Server OS – Midrange: ERP, CRM and other apps: Messaging & collaboration: Smart cards and 2FA: Access managers / SSO:
iSeries (OS400); OpenVMS Oracle EBS; SAP ECC and Microsoft Exchange, Lync and Any RADIUS service or SAML CA SiteMinder; IBM Security
and HPE/Tandem NonStop. R/3; JD Edwards; PeopleSoft; Office 365; Lotus IdP; Duo Security; RSA Access Manager; Oracle AM;
Salesforce.com; Concur; Notes/Domino; Google Apps; SecurID; SafeWord; Vasco; RSA Access Manager and
Business Objects and Epic. Cisco WebEx, Call Manager ActivIdentity and Imprivata OneSign.
and Unity. Schlumberger.
Help desk / ITSM: PC filesystem encryption: Server health monitoring: HR / HCM: Extensible / scriptable:
ServiceNow; BMC Remedy, Microsoft BitLocker; McAfee; HP iLO, Dell DRAC and IBM WorkDay; PeopleSoft HR; CSV files; SCIM; SSH;
RemedyForce and Footprints; Symantec Endpoint RSA. SAP HCM and Telnet/TN3270/TN5250;
JIRA; HPE Service Manager; Encryption and PGP; SuccessFactors. HTTP(S); SQL; LDAP;
CA Service Desk; Axios CheckPoint and Sophos PowerShell and Python.
Assyst; Ivanti HEAT; SafeGuard.
Symantec Altiris; Track-It!; MS
SCS Manager and Cherwell.
Hypervisors and IaaS: Mobile management: Network devices: Filesystems and content: SIEM:
AWS; vSphere and ESXi. BlackBerry Enterprise Server Cisco IOS PIX and ASA; Windows/CIFS/DFS; Splunk; ArcSight; RSA
and MobileIron. Juniper JunOS and SharePoint; Samba; Hitachi Envision and QRadar. Any
ScreenOS; F5 BigIP; HP Content Platform and HCP SIEM supporting SYSLOG or
Procurve; Brocade Fabric OS Anywhere; Box.com and Windows events.
and CheckPoint Twitter.
SecurePlatform.
Management & inventory:
Qualys; McAfee ePO and
MVM; Cisco ACS;
ServiceNow ITAM; HP
UCMDB; Hitachi HiTrack.
16 Infrastructure auto-discovery
Find and classify systems, services, groups, accounts:
• Hitachi ID Privileged Access Manager can find, probe, classify and load 10,000 systems/hour.
• Normally executed every 24 hours.
• 100% policy driven - no scripts.
Active-active • Trivial to setup, no add’l cost, minimal effort to recover from disaster.
• Geographically distributed: maximum safety.
User • Strong login (2FA) followed by single sign-on (launch many sessions).
friendly • Request multiple accounts, launch multiple sessions without
re-authenticating.
• Direct and proxy connections.
Not just • Temporary group membership.
passwords • SSH trust injection.
• Suspend/resume cloud based VM (lower cost of cloud).
Robust • Reminders, escalation, delegation, concurrent invitations.
workflow • Not limited to "two keys" scenario.
IAM • Manage AD, LDAP groups that determine who has access.
included • Requests, approvals, SoD policy, certification, reports.
Animation: ../../pics/camtasia/suite11/hipam-request-password.mp4
Animation: ../../pics/camtasia/suite11/hipam-approve-request.mp4
Animation: ../../pics/camtasia/suite11/hipam-launch-rdp-approved-request.mp4
Animation: ../../pics/camtasia/v10/hipam-linux-preauth.mp4
Animation: ../../pics/camtasia/suite11/hipam-view-playback-nb.mp4
Animation: ../../pics/camtasia/v10/hipam-admin-reports.mp4
26 Password display
Animation: ../../pics/camtasia/v9/pw-disp-scaled-1/pw-disp-scaled-1.mp4
27 Summary
Hitachi ID Privileged Access Manager secures privileged accounts:
• Eliminate static, shared passwords to privileged accounts.
• Built-in encryption, replication, geo-diversity for the credential vault.
• Authorized users can launch sessions without knowing or typing a password.
• Infrequent users can request, be authorized for one-time access.
• Strong authentication, authorization and audit throughout the process.
Learn more at hitachi-id.com/privileged-access-manager
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: sales@hitachi-id.com