We are delighted to announce game changing features now offered as part of ManageEngine PAM360, our enterprise privileged access management (PAM) suite.

With PAM360’s new additions to its Zero Trust offering, your organization’s privileged identities will be protected like never before. These updates will be available with the latest version of PAM360.

What’s new in PAM360?

  1. Dynamic trust scores for users and target devices

  2. Policy-based access control (PBAC)

  3. Conflict Resolver

Dynamic trust scores for users and target devices

You can now establish trust scores for users and devices in PAM360, which take into account your organization’s security policy or specific criteria. PAM360 evaluates each risk parameter according to its assigned score, and generates an overall dynamic trust score ranging from 0 to 100. This score can be utilized to initiate customized actions in real-time, such as restricting a user’s access to PAM360.

A user’s trust score is calculated based on the following criteria:

  1. Invalid sign-in attempts

  2. Non-office hours sign-in

  3. Access from allowed IPs

  4. Access from allowed devices

  5. User belongs to a particular group

  6. Open ports in user’s devices

A device’s trust score is calculated based on the allowed system requirements of the device, such as OS version:

  • Browser plugins/Add-ons

  • Applications/Packages

  • Processes/Services

Admins can prevent users with low trust scores from initiating a remote session, reaching an application, or engaging in other essential tasks. It is also possible to confine devices with low trust scores to limit the scope of unauthorized access within the company. The trust score is evaluated instantaneously by analyzing user activities and the device state. With PAM360, sessions that do not meet the trust score requirement can be automatically ended. Administrators can notify users about their actions, ask for valid reasons for access, and take measures such as denial or termination of access.

Policy-based access control

Design a personalized access policy based on unlimited interchangeable conditions. Organizations that require rigorous access limitations can choose to apply multi-level filtering to provide access in tiers based on a user’s compliance with the factors.

These access policies can be customized based on the following factors:

  1. User trust score

  2. Resource trust score

  3. Password policy

  4. Access controls

Depending on the above-mentioned factors, an access policy can restrict the following access to privileged resources:

  1. RDP Access

  2. SSH Access

  3. RemoteApp

  4. SQL Access

  5. Password Reset

  6. Landing Server Access

  7. JIT Privilege Elevation

  8. Self-Service Privilege Elevation – Linux & Windows

Additionally, if such conditions are not met, PAM360 can be automated to perform investigatory actions such as triggering a personalized audit, issuing a warning, requesting a reason from the user, or an abrupt denial or termination of access along with automatic warning e-mail notification to such users.

Conflict Resolver

Last but not least, the latest Zero Trust addition will feature a central conflict resolution dashboard. Conflict Resolver will indicate when there are one too many access policies associated with certain resources. This will enable admins to note and resolve such conflicts immediately, without going through the hassle of changing access policies for these devices one by one.

These upgrades to ManageEngine PAM360’s Zero Trust offering will help admins keep the privileged identities in their enterprise secure.

To experience these features hands-on, please download the product upgrade pack.

To learn how to configure these new Zero Trust controls, watch this video: