Cookies
This site uses cookies, if you continue you agree to our cookie policy.

Eclipse Privilege

Privilege is a Windows-based application that mediates access to privileged shared accounts. Only give users the access rights they need to perform a task ("least privilege").

  • More secure; stop privileged accounts being shared and known by many users, e.g in easily-accessed spreadsheets.
  • Security compliance; use event logs and session recordings for later review and analysis.
  • Simpler user provisioning; user access and permissions are controlled centrally and linked to Active Directory.
  • Automate routine tasks; for example, create scripts to automatically change endpoint device passwords regularly.

Privileged Identity & Access Management

Virtually every device or software application within your network infrastructure, or your customer's infrastructure, has a privileged or administrative account to manage it. Often providing or facilitating access to an organisation's most critical assets, the privileged accounts and passwords on these devices are often shared between teams of people responsible for their management. While most identity-management products focus on addressing personal identities, a huge challenge to IT security risk and compliance is often overlooked.

Privileged accounts include super-user logins (e.g. root or admin), service accounts, or M2M or App-2-App accounts used by web services and line-of-business applications. Generally, these are:

  • Often neglected through infrequent use or because they are "out of sight, out of mind".
  • Rarely changed because of the time it would take.
  • Unaudited because it is usually impossible to effectively track the 'who, what, when and why'.

Password Manager

Privilege represents an easier way for your organisation to implement effective privileged identity and password management. By proxying connections, Privilege will help you to centrally control and audit administrative access with privileged credentials through access delegation (separating users from the credentials used to access a device), audit logs and session recording. This approach enhances security and compliance by granting administrative users only the rights they need—nothing more, nothing less.

  • Stronger password security. Enforce complex passwords on privileged accounts and run scripts that periodically change passwords in order to reduce the risk of infiltration by malicious programs and unauthorized users.
  • Improved staff efficiency. Quickly grant, change and revoke privileged access as staff change or leave job roles. A number of breaches occur because staff retain privileged credentials that are no longer relevant to their current role and because hours of tedious work are required to change shared account credentials.
  • Protect critical systems. Minimise any loss or outage to your business and ensure the accountability of every user-access to your infrastructure with advanced out-of-the-box auditing and reporting tools that enforce corporate policy.
  • Improve workforce productivity. With a simple web portal interface where users are only given the level of administrative access to see the devices and methods of connection that they are authorised for.
  • Protect sensitive assets when working with third parties. Enable direct connection to the target device, optionally on a time-limited basis, without disclosing the privileged credentials.

Download Eclipse Privilege Brochure

Tame your privileged and shared accounts. Centrally manage your users and passwords through Eclipse Privilege.

Eclipse Privilege Features

Privilege will centralise your password management and provide privileged access control for your shared accounts.

Implementation

Eclipse Privilege provides a resilient and flexible platform that will proxy connections from your engineers or technicians to your managed devices.

Database Mirroring

Database Mirroring

Privilege securely stores encrypted credentials in an SQL back-end and supports (optional) database mirroring to provide a totally resilient system. If the principle server fails, Privilege will automatically switch to the mirror.

Active Directory Integration

Active Directory Integration

Link Privilege user groups to Active Directory or LDAP user groups, allowing users to log in with their existing credentials and speeding up user-provisioning. Privilege is also capable of working standalone with its own database of users.

Resilient Connectivity

Resilient Connectivity

Privilege proxies connections and supports multiple Web Servers and Connection Managers in order to balance the load and distribute resources. It can provide flexible connectivity to devices over an IP-based network or utilise dial-up connections.

Import/Export

Import/Export

Simplify the process of configuring multiple connections or generate an emergency  "break-glass" copy of the configuration. Connection details can be imported from or exported to MS Excel.

Device Support

Device Support

Privilege supports the administrative protocols common to many of the devices on your network: SSH, Telnet, HTTPS, HTTP, MS Remote Desktop, VNC, PCAnywhere, SFTP, FTP, ASCII (dial-up), Raw TCP.

Interface

Interface

Privilege provides a Windows console for administration, and a web portal to initiate connections. The web portal includes a handler that launches the appropriate client application on the user's PC.


Access Management

Eclipse Privilege is a single point of access to ensure that all of your privileged users, applications and devices can only access devices through Privilege and are only given the level access required for their task.

User Permissions

User Permissions

Utilising a group hierarchy and extensive permissions, you can control a user's administration capabilities, which managed devices they see and what level of access they have.

Devices & Connections

Devices & Connections

Each managed device in Eclipse Privilege supports multiple methods of connectivity (SSH, Web, Remote Desktop, etc) and multiple credentials for each connectivity method. In addition, Privilege supports chained connections; access to a device that has to pass through intermediary devices.

Timed Access Controls

Timed Access Controls

Provide timed access to temporary staff or 3rd party maintainers with just one click. Connections will expire after the period you define or after a set level of inactivity.

M2M Communications

M2M Communications

Ensure that all M2M or App2App connections are audited. Eclipse Privilege provides the capability to establish connections to devices programmatically and be integrated into larger systems.

Connection Templates

Connection Templates

Eclipse Privilege enables you to integrate virtually any type of remote equipment. Define new device types and create connection scripts for the log on/log off processes. An in-built script editor and wizard for web-based log-ons will help you.

Scheduled Tasks

Scheduled Tasks

Eclipse Privilege can run scripts at regular periods to automate administration tasks; for example to change a managed device password (and update the password in Privilege), retrieve configuration data or update time & date settings.


Compliance

Ensure that you can prove compliance with both internal and external regulations regarding security practices.

Session Recording

Session Recording

SAMS records all desktop activity of technicians or engineers during active sessions with SAMS devices. Connections are blocked if recording is not possible. This ensures that you have a full visual account of any changes or hacking attempts made during the session.

Remote Access Logs

Remote Access Logs

Record all remote access connections, including the start and end time, user name and their IP address, how the device was accessed, session activity (except for Remote Desktop, pcAnywhere and VNC) and any connection notes that were entered after the session was terminated.

Administration Logs

Administration Logs

The Admin logs are a record of all configuration done using the administration console. They also include entries for users that are locked out of the system.

SNMP Alarms

SNMP Alarms

Privilege can be configured to send you SNMP traps for important events such as successful/failed connections, disconnections, admin logins, web logins or accounts that become locked.

Reporting

Reporting

During audits, prove how many connections are being made, by whom, for which connection methods and credentials and for how long. Reports can be automatically scheduled and delivered via email.

Connection Notes

Connection Notes

Force your engineers and technicians to document any configuration changes or their reason for the connection by requesting notes once a session has been terminated.


Additional Features

  • Asset information. Store information within Privilege on your managed devices, such as vendor/third party contact information and device location.
  • Password policies. When using Privilege without Active Directory or LDAP integration, use password policies to enforce complex passwords and have users regularly change them.
  • Log storage. Automatically delete audit logs after X number of days, after reaching a certain size, or a number of records reached.

Requirements

Eclipse Privilege requires or supports the following environments:

Privilege Admin Console & Script Manager

Responsible for administering the Eclipse Privilege application

  • MS Windows Server 2003 & Server 2003 R2
  • MS Windows Server 2008 & Server 2008 R2
  • Windows XP SP3
  • Windows Vista SP2
  • Windows 7 SP1

Connection Manager

Initiates and manages the connections to managed devices made by users.

  • MS Windows Server 2003 & Server 2003 R2
  • MS Windows Server 2008 & Server 2008 R2

Database

Stores configuration, device and credential data.

  • MS SQL Server 2005 and Express
  • MS SQL Server 2008 and Express
  • MS SQL Server 2008 R2 and Express

Web Server

Required for the user interface to initiate connections.

  • IIS 6.0 for Windows Server 2003 and 2003 R2
  • IIS 7.0 for Windows Server 2008 and 2008 R2

Web Browsers

Used by engineer and technician users as the application interface.

  • MS IE 7.0 or later
  • Mozilla Firefox 3.0.6 or later
  • Google Chrome 10.0 or later