Top 10 PAM Features Added in 2019

January 6, 2020

If you are an PAM customer, it might seem like our dedicated team of software developers never stop working to add new PAM features.

With a weekly release schedule, our developers issued 52 product updates last year.

As we reflect on the release updates from 2019, here is a list of the 10 most significant features or enhancements added to PAM over the last 12 months.

1. RDP Proxy

PAM users can create secure, high trust, password-less remote sessions to their managed Windows endpoints using your native desktop or mobile RDP clients.

PAM added the ability to create RDP proxy sessions directly from your desktop or mobile device without downloading or installing any agents, custom launchers or deployment packages. The RDP Proxy connect using native RDP clients: mstsc, mRemoteNG, mobile RDP, etc. Read how to create secure RDP proxy sessions.

2. MFA for Native Clients: PuTTY, RDP, mstsc, WinSCP, FileZilla, etc

Maintain strict enforcement of user authentication with multifactor authentication (MFA) even when using native client applications like PuTTY, Remote Desktop, WinSCP, FileZilla and others.

3. Domain Account Management (service, scheduled tasks, IIS app pool)

Many times, the passwords associated with Service, Scheduled Tasks and IIS App Pools accounts are never updated due to the difficulty in maintaining all the dependencies.

Using PAM, managing these accounts, both local or domain, can be done with relative ease ensuring that passwords are set to complex strings and automatically rotated to maximize your IT security. Read how to manage a Domain Account used as a Windows Service Account.

4. Custom Reports

The Report library comes standard with many of today’s most desired information including Audit Logs, Inventory, Job History and Sessions.

This year we added the ability for System Administrators to create their own custom reports built to their specific requirements using common reporting formats and detailed column data. Read about Custom Reports.

5. KeePass Import

Customers who are transitioning from other password management products like KeePass will find our new Import engine extremely useful.

When importing from native KeePass files, PAM will automatically rebuild folders and records, including key attachments, descriptions and other valuable information making the build-out of your new system vaults as easy as clicking a single button. Read how to import from KeePass.

6. DevOps: tokens and user management on containers, CLI (lock, unlock, request)

In 2019 we expanded PAM’s capabilities to better support DevOps and Application Management.

The product now allows container owners to manage their own user directory, applications and API tokens.

This allows System Administrators, who used to have this sole responsibility, to delegate control to Team or Department managers to maintain their own level of security.

Learn more about PAM Solutions for DevOps and Application to Application Password Management.

7. Virtual MFA

MFA authentication is typically associated with individual user accounts where the user maintains control of their secondary device, like a mobile phone, to generate personal codes. However, the benefits can be further extended to shared administrative accounts too.

The difficulty with MFA enforced on shared accounts is simply that several users cannot possess the same secondary device.

With PAM, you can now securely store your MFA secret key and generate on-demand or ‘just in time’ codes that can be used for shared accounts where MFA is required. Learn how to Generate and Share Virtual MFA TOTP Tokens.

8. Anonymous links

The introduction of Anonymous Links in PAM solved a complex problem with a simple solution.

Many times people need to safely share passwords and secrets, but they are often done using insecure methods like email or messaging services.

PAM can now generate secure single use, multiple uses or self-destructing unique links that can be accessed from anywhere to safely share secrets that are maintained within its Vault. Learn more about anonymous links.

9. Multi-level proxy access

For customers with isolated or remote customer environments, PAM has been extended to easily manage devices located in these networks including the ability to support task execution like password rotation and remote sessions, both web-based and native clients applications.

10. Scheduled email delivery for reports

PAM now includes the option to subscribe to automated email delivered reports.

Users can receive them periodically as PDF or CSV email attachments.

This allows administrators, auditors and owners to monitor the vital network activities, detect anomalies or discover problem areas without logging in to the system.

These automatically emailed reports can be delivered daily, weekly or monthly and can be associated with system-wide, vault, folder or record level objects, including report parameters and filters.

Honorable Mentions

  • In addition to our top 10 features added in 2019, we have a few additional honorable mentions:
  • Integration with ServiceNow that automatically updates Incident History with PAM events.
  • SQL and HTTP Traffic recording for greater insight and managerial review of more privileged sessions.
  • Native YubiKey authentication to increase enforcement of MFA requirements.
  • Introduced a new session Risk Score option to provide a measurable indication of events generated during each privileged session.
  • SSH Key Management to ensure key can be stored and rotated as needed for managed endpoints.