Privileged Account and Session Management (PASM) combines two solution toolsets—privileged password management (also called privileged credential management or enterprise password management) and privileged session management.
Let’s briefly breakdown the two primary components of PASM:
Privileged password management: Centralizes the discovery, onboarding, and management of privileged accounts and credentials from within a tamper-proof password vault or safe. These solutions may secure everything from traditional privileged user passwords to SSH keys, to machine and application passwords, to DevOps secrets, and more.
Privileged session management facilitates the management, monitoring, and auditing of all sessions for users, systems, applications, and services that involve elevated access and permissions. It allows for advanced oversight and control to better protect the environment against insider threats or potential external attacks. Privileged session management also provides essential capabilities for maintaining critical forensic information required for audits, and regulatory and compliance mandates.
PASM is essential for enabling the proper control, hygiene, and management of privileged identities. In doing so, PASM solutions serve as a critical defense against unauthorized access, insider misuse, and potential breaches.
For instance, the privileged password management component of PASM helps reduce the risks associated with privileged credential compromise by safeguarding access to privileged account passwords, secrets, and SSH Keys. This often includes features such as:
In addition, PASM solutions overlay continuous monitoring and recording of privileged accounts and sessions. They capture detailed session data for real-time or post-session review, and collect data required for regulatory compliance, when it comes time for audits.
Together, PASM and Privileged Elevation and Delegation Management (PEDM) (also called Endpoint Privilege Management) comprise the two most traditional sub-disciplines of Privileged Access Management (PAM). PASM and PEDM complement each other, and it is generally recommended to deploy both PASM and PEDM tools concurrently within the same network.
In recent years, independent analyst research firm has also two other tool areas under PAM, Secrets Management and Cloud infrastructure entitlement management (CIEM).
Below are brief descriptions of each of these four distinct, but complementary, tooling areas within PAM.
Some modern PASM solutions have a comprehensive approach to managing all types of privileged access. Such holistic PASM offerings blend session management and monitoring with secure management of a broad range of credentials, including traditional privileged user credentials, SSH keys, certificates, DevOps secrets, and potentially even workforce passwords (application passwords for users across the enterprise), and more.
PASM solutions provide critical security controls for defending against external and insider attacks, and can disrupt multiple steps in the cyberattack chain. Here are some common threats privileged account and session management solutions help defend against:
Yes, privileged account and session management (PASM) is important for the advancement of a zero-trust architecture (ZTA). Zero trust is a cybersecurity framework that gained popularity as a response to the dissolving of the traditional network perimeter—these shifting network trends include remote work, mobile adoption, bring your own device (BYOD) policies, and cloud-based assets that are no longer located within a network boundary.
Some ways in which PASM can help advance zero trust principles:
For more in-depth understanding of the role of PASM and PAM in enabling zero trust architectures and principles, check out this guide: Advancing Zero Trust with Privileged Access Management (PAM).
Essential features and capabilities of Privileged Account and Session Management (PASM) solutions typically should include:
Privileged Account and Session Management provides essential capabilities for organizations seeking strong protection against unauthorized access and insider threats. By integrating privileged password and session management, PASM offers a comprehensive solution that not only safeguards critical credentials, but also ensures meticulous monitoring and compliance. With its potential to also advance a zero-trust and meet a growing demand of emerging use cases, PASM is an instrumental technology set for a modern security architecture.
Learn about BeyondTrust’s Total PASM solution, which combines the most expansive, integrated set of privileged credential management and privileged session management capabilities, for an industry-best value.