|
|
Indeed introduces version 2.10 of Indeed Privileged Access Manager (Indeed PAM).
Indeed PAM now supports OpenLDAP and ALD PRO directory services in addition to Active Directory and FreeIPA.
Version 2.10 introduced Ad hoc resources, which allow you to connect to any resource without having to add them to PAM first.
Another improvement is the ability to natively connect PAM to SIEM systems.
We tell you about all the new features implemented in Indeed PAM 2.10 in this article.
OpenLDAP and ALD PRO support
Indeed PAM 2.10 introduces the ability to select OpenLDAP and ALD PRO as directory services. This innovation expands the possibilities for import substitution of the Microsoft Active Directory directory service. Indeed PAM now supports the following user directories: Active Directory, FreeIPA, OpenLDAP and ALD PRO.
Blocking a user
Using this function, the PAM system administrator can close the user's access to resources in two clicks.
A blocked user will not be able to:
Open sessions.
View, set, and change your account password.
Access authentication data for Application to Application Password Management (AAPM) applications.
This feature allows you to quickly respond to suspicious user actions, thereby maintaining system security.
Moreover, unblocking a user after clarifying the circumstances is as easy as blocking them.
Possibility to change the key and/or encryption algorithm of the PAM database
Indeed PAM 2.10 introduces the ability to change the database encryption key without stopping PAM. This allows you to quickly respond to cases where the database encryption key is compromised.
Likewise, you can change the encryption algorithm without stopping PAM.
Ability to specify multiple RADIUS servers for PAM user authentication
Now the PAM system administrator can specify several virtual phone number service RADIUS servers. This will ensure fault tolerance of the system, since if one of the RADIUS servers fails, the PAM system will try to connect to another RADIUS server.
Assigning policies to user groups
Starting with Indeed PAM 2.10, policies can be assigned to user groups.
Previously, to assign a policy to a group of users, it was necessary to assign a policy to each user in the group separately, but now this can be done with one button.
Possibility of connection to arbitrary resources
Indeed PAM 2.10 adds a new type of resource — custom resources. These are resources that are not registered in the Indeed PAM system. The innovation makes it possible to connect to any resources without having to enter them into PAM in advance.
This new feature makes it easier for PAM users who create virtual machines as part of their work. IT can now connect to them immediately without having to wait for the PAM administrator to add them to the list of resources.
Native SIEM support via CEF and LEEF log formats
It is now possible to connect Indeed PAM to a SIEM system without using additional connectors or parsers, which frees the customer from the need for additional modifications.
Increasing the maximum length of an account password
Indeed PAM 2.10 does not have a limit on the length of an account password, which allows you to create more complex passwords, and therefore reduce the likelihood of your account being hacked.
Incorrect OTP blocking settings
Indeed PAM 2.10 now includes options to manage user blocking when an incorrect OTP is entered:
The number of incorrect entry attempts is the value, if exceeded, the user will be temporarily blocked, i.e. will not be able to enter OTP.
Authenticator Lockout Period - the period of time (in minutes) after which the user will be unblocked and will be able to enter OTP again.
These settings allow you to configure Indeed RAM to comply with your company's information security policies.
Support for S3 storage types
Indeed PAM 2.10 has expanded the list of supported storage types to include S3.
|
|
發表於 2024-11-7 13:41:51
收藏