Securden Unified PAM Features

Discover and Manage
Privileged Accounts

I had a great experience with Securden. It provided me a way to unify saving passwords across my different environments (on-prem and in the cloud)

- IT Security Associate, Energy Industry

How many Privileged accounts does your IT environment have?

Most enterprises possess a shedload of devices, where hundreds of accounts reside inside each of them. It is humanly impossible to have a record of the number and type of accounts. Among these accounts, only some are known and used on a regular basis, while the others are unnoticed and orphaned. Manually tracking them is an arduous and error-prone task. Consolidating and managing them becomes simple with an automated privileged accounts discovery process.

To obtain a comprehensive picture organization-wide, consolidating the accounts under a centralized vault is essential. Securden aids the fundamental step of consolidation with a robust discovery engine that fetches the accounts in servers, databases, and network devices to develop a roster for organized management.

Discovering & consolidating accounts: Critical for visibility

To obtain a comprehensive picture organization-wide, consolidating the accounts under a centralized vault is essential. Securden aids the fundamental step of consolidation with a robust discovery engine that fetches the accounts in servers, databases, and network devices to develop a roster for organized management.

Why dormant accounts pose grave threats

Unmanaged accounts always pose significant security threats. There could be scenarios where many accounts might remain dormant, and administrators might not even be aware of their existence. Following are some typical scenarios:

Privileged accounts of users who bid adieu to the organization
Shadow IT accounts created by employees & developers
Accounts that were not deprovisioned after offboarding a third-party contractor or a vendor.
Long-lost Privileged Accounts
Unmonitored Device Accounts
Accounts created for testing purposes .
Hidden backdoor accounts, which are used to steal sensitive data

All such accounts should be brought under control and management. But that requires visibility into their existence in the first place. Privileged accounts discovery precisely uncovers all dormant accounts so they can be managed by the IT administrator.

Track down all critical IT accounts and take charge

Securden scans your network, discovers devices and all accounts therein, including dormant accounts, and consolidates them for efficient administration. The different types of accounts discovered include:

1. Server Accounts:

Windows accounts (local, domain, and dependent service accounts)
Linux devices and their accounts
Mac devices and the accounts, devices and the accounts thereof

2. Database Accounts

Accounts associated with Microsoft SQL Server, Oracle, MySQL, and PostgreSQL databases.

3. Cloud Infrastructure Accounts

Accounts and keys distributed across Azure (Microsoft Entra ID), Google Workspace, AWS Cloud, and Azure Key Vault.

4. Network Devices:

Accounts associated with various network devices such as switches, routers, firewalls, and other network devices from various vendors such as Cisco, Juniper, HP, etc.

5. Virtual Accounts

Accounts present across your virtual infrastructure. Those present in VMWare ESXi hosts and Virtual Windows, Mac machines.

6. Other Accounts

Active Directory and LDAP-compliant directory services account
Privileged accounts used in web services such as ASP.NET config files and SharePoint; and in middleware tiers such as Oracle WebLogic, IBM
Privileged accounts used in web services such as ASP.NET config files and SharePoint; and in middleware tiers such as Oracle WebLogic, IBM WebSphere, and SAP NetWeave.
Cloud identities on platforms including Office 365, Azure Active Directory, Amazon AWS, IBM SoftLayer, Rackspace, and Force.com

Strengthen security by rotating passwords upon discovery

When consolidating passwords from various sources, it is important to ensure that the existing passwords are changed with randomly generated strong, unique ones. This action annuls the passwords accumulated in spreadsheets and text files and offers a fresh start to Privileged Access Management.

Frequently Asked Questions (FAQs) on Privileged Account Discovery

How can system administrators discover dormant and shadow IT accounts?

Employees and developers often create shadow accounts with administrative permissions over applications, cloud services, and hardware to bypass IT restrictions and get work done easier.

These accounts not only lack oversight but also turn out to be an easy backdoor for attackers. This also turns out to be a disaster for the security teams tasked with proving regulatory compliance.

PAM solutions like Securden Unified PAM help deeply scan the network and endpoints to identify unmanaged, and unauthorized accounts. Once discovered, they are onboarded into a central console, so the administrator can deal with the account by:

Changing the password of discovered privileged accounts.
Mapping the account to an employee to ensure accountability.
Having an audit trail ready for all activity done using the unmanaged account.
Deleting the administrative account permanently if it is not required.

How can IT security manage local (non-AD) accounts and access?

Local admin accounts on Windows, Mac, Linux endpoints can be discovered by PAM/EPM and the users who have access to these accounts can be pinpointed.

Securden Unified PAM utilizes a lightweight agent to:

Discover and monitor the local accounts that are on present workgroup computers.
Manage the access that users have to these local accounts by revoking excessive permissions.
Track application installations and prevent users from using malicious software.

Can CISO’s constantly monitor newly created admin accounts?

Scanning the network once to create an inventory of all accounts is generally not enough to prevent risk. Securden Unified PAM periodically scans the connected AD/Azure/Google Workspace domain and endpoints to keep the critical account details up to date. This ensures that any unauthorized admin accounts created can be immediately tracked.