Privileged Account Management System (PAM)
Launches privileged account management (PAM) products early in the industry to help users better manage accounts and passwords
    Quick Learn
Documentation
Core Features

  • Automatic Account Collection

    Automatic Account Discovery and Collection

    Support for Multiple Protocols and Various Devices

    Quick Obtaining of Account List and Attribute Information

  • Application Identity Management

    Dynamic Obtaining of Hardcoded Passwords; Support for Multilingual and Diverse Middleware

    Free of Agents and Cached in External Storage; Integrates Multiple Application Identity Authentication Technologies in the DevOps Mode

  • Multi-view Ledgers

    Regular Inspection and Dynamic Monitoring; Automatic Failure Analysis

    Multi-dimensional Display: by Risk Type, Distribution, and Impact Scope

  • Lifecycle Management

    Account Creation; Account Permission Change

    Account Locking/Unlocking; Account Deletion

  • Password Vault

    Independent Server; System Security Reinforcement

    Chinese National Cryptographic Algorithms; Hardware Encryption

  • Emergency Mode

    Automatic Backup of Passwords; Secure Backup of Passwords in Segments

    Encryption of Private Passwords; Encryption of PGP Keys

Use Cases

  • Account Information Collection

    Issue Analysis:A huge number of accounts and a wide range of devices need to be managed. The account list cannot be quickly obtained to serve as data support. Manual information collection is time-consuming and laborious.

    Solution: Periodically and automatically sort out accounts, collect account-related information, and further analyze risks by using multiple protocols.

    Customer Benefits:Identify various account risks (such as weak passwords, zombie accounts, ghost accounts, permission changes, and not changing passwords regularly). Implement fine-grained internal management. Meet compliance. Provide full data support for the Red Team VS Blue Team approach.

  • Management of Weak Passwords

    Issue Analysis: All types of devices have weak passwords. Human resources are insufficient to regularly reset account passwords. In addition, no mechanisms are available for securely storing and backing up the data generated after password changes.

    Solution: Periodically and automatically change and reset passwords by using multiple protocols. Use Chinese national cryptographic algorithms to store sensitive information. Encrypt information in segments and export the encrypted information for backup.

    Customer Benefits: Eliminate "weak passwords". Comply with the Classified Protection of Cybersecurity and the regulations on account passwords. Meet the requirements specified in the Chinese national cryptography regulations. Back up passwords to enhance security.

  • Application Identity Management

    Issue Analysis: After a password is changed, the password copies associated with various applications need to be synchronized, and the applications associated with the database connection pool need to be restarted. As a result, each password change is high-risk and subsequent steps may be mistakenly omitted.

    Solution:Apply the SDK and JDBC framework to enable applications or the database connection pool to dynamically obtain passwords from the PAM platform. There is no need to restart an application after the password associated with it is changed.Appmgr node is an agentless cache node used to store encryption certificates, and it has a variety of advantages such as high performance, high scalability, security, and consistency mechanism to ensure stable operations of business systems.

    Customer Benefits: Free from the need to change the passwords of application-related accounts. Prevent data leaks and SQL injection.The last-mile problem in account and password management is resolved.

Success Story
A Branch of Bank of China — One-time Password Management Project

In the PAM, the hardcoded password management feature allows you to dynamically manage the passwords of accounts used for applications to connect to the database. This feature prevents SQL injection and internal data leaks, protecting the last mile of privileged account management in the data center.