Skip to content

    Step 1 of 5
    All fields are required

    To what degree do you:
    Support dual authorization for privileged operations on critical or sensitive secrets and assets. For example, requring just-in-time privileged access approval or doublelock to provide an extra layer of security for accessing secrets.
    Access Control

     
    Support just-in-time access request for elevated permissions to run privileged commands and applications on workstations and servers.
    Access Control

     
    Control application launch with local controls enforcing privilege elevation policies on Windows workstations.
    Access Control

     
    Eliminate local privileged accounts on Linux and UNIX to reduce the attack surface and align with the Printiple of Least Privilege and zero standing privileges.
    Access Control

     
    Support mutual authentication between PAM components using cryptographic credentials. This mitigates the risk of rogue parties attempting to compromise the system.
    Access Control

     
    Restrict privileged access to registered and company-owned endpoints to ensure that company-sanctions assets are protected.
    Access Control

     
    Prohibit privileged access by any client that is unknown, not secured, and untrusted.
    Access Control

     
    Manage the lifecycle of service/applications from provisioning to deprovisioning to rationalize the number of accounts and reduce the attack surface.
    Account Lifecycle Management

     
    Automate the credential management for service/application accounts and their dependencies. Ensure that when rotating a service/application account password, you don't break any other service dependent on the same account.
    Account Lifecycle Management

     
    Provide notifications, MFA services, and access to vaulted secrets via a mobile app that can provide necessary access via cellular even if WiFi is unavailable.
    Availability & Disaster Recovery

     

    Step 2 of 5
    All fields are required

    To what degree do you:
    Replace plaintext, hard-coded credentials and sensitive configuration data from source code, configuration, and script files. Replace with programmatic calls to the vault to obtain secrets and credentials. This prevents adversaries from harvesting sensitive data on the disk.
    DevOps

     
    Automate privilege security in DevOps workflows and tooling.
    DevOps

     
    Enable creation of basic elevation policies to run privileged applications on Windows servers to support least privilege.
    Identity Governance

     
    Enable creation of basic elevation policies to run privileged applications on Windows and Mac workstations to support least privilege.
    Identity Governance

     
    No local user accounts for the PAM platform. Integrate the Platform into the Organizations Identity Provider such as AD, LDAP, Azure AD or Okta.
    Identity Management

     
    For routine administrative activity, don't use shared (anonymous) accounts. Admins use their individual account for all access, ensuring that logged events tie back to a unique user. This streamlines incident response and audit activities.
    Insights & Incident Response

     
    Record remote sessions initiated from the vault. Sessions can be replayed and meta data searched (e.g., typed commands) to facilitate incident investigations and audits.
    Insights & Incident Response

     
    Send session activity metadata to a SIEM tool for SOC data enrichment, event correlation, and reporting, and alerting.
    Insights & Incident Response

     
    Support session monitoring to observe login sessions in real-time and provide the option to terminate the session if suspicious activity is observed.
    Insights & Incident Response

     
    Integrate with User and Entity Behavior Analytics (UEBA) tools for more advanced threat detection and alerting.
    Insights & Incident Response

     

    Step 3 of 5
    All fields are required

    To what degree do you:
    Import Excel, or automatically discover all local Linux privileged accounts and vault them to ensure you have centralized management and control over their use.
    Inventory & Classification

     
    Import Excel, or automatically discover all local Windows privileged accounts to ensure visibility.
    Inventory & Classification

     
    Discover local Linux/UNIX SSH keys on servers and workstations.
    Inventory & Classification

     
    Discover privileged admin groups, roles, and security configuration files to ensure visiblity.
    Inventory & Classification

     
    Automatically discover service/application accounts across Identity and Cloud Service Providers for visibility.
    Inventory & Classification

     
    Integrate with IT Service Management tools (such as ServiceNow) to drive access control request workflows tied to help desk tickets.

     
    Create Roles to constrain access and strictly control the use of all powerfull roles and groups in the PAM platform such as Admin role of System Administrator group.
    Least Privilege

     
    Enforce MFA when checking out a secret to ensure the user is the legitimate owner of the credential.
    MFA at Depth

     
    Enforce MFA at workstations and servers for direct login and privileged command and application execution.
    MFA at Depth

     
    Vault the most privileged accounts within the environment, those that can create other accounts, move laterally to access multiple systems, and that have full control within your trust fabric (AD and AAD). Enable access only in emergency situations.
    Secrets Vaulting & Management

     

    Step 4 of 5
    All fields are required

    To what degree do you:
    Focus on the most privileged groups within the environment, those membership grant permission to create other accounts, move laterally grant full control within your trust fabric (AD and AAD).
    Secrets Vaulting & Management

     
    Manage admin groups, roles, and security configuration files that might grant privileges across all assets.
    Secrets Vaulting & Management

     
    Vault all discovered service/application accounts to ensure you have centralized control over their use.
    Secrets Vaulting & Management

     
    For emergency PAM accounts, establish hardware-based MFA.
    Secure PAM

     
    Store emergency PAM accounts within a physical fire-proof safe or use software-based MFA for identity assurance.
    Secure PAM

     
    Protect the vault master encryption key in a hardware security module (HSM) such as the AWS KMS.
    Secure PAM

     
    Leverage vaulted credentials to automatically launch login sessions to targets other than servers and websites. Extend credential and session security to any target that has a suitable API such as PowerShell, PuTTY, SQL Server, and Notepad.
    Secure Remote Access

     
    For remote server access, enforce the use of an "alternate admin account" and MFA for stronger protection.
    Secure Remote Access

     

    Step 5 of 5
    All fields are required

    Enter your contact info below and submit to see your finished report.

    Delinea needs the contact information you provide to us to contact you about our products and services. If you have subscribed, you may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.
    1 2 3 4 5