For companies of any size and public sector
Providing remote access to your most sensitive systems is necessary, but it introduces risk. VPNs typically provide too much access, especially for contractors, vendors and occasional use employees.
Exposing credentials introduces even more risk. Domain accounts may be able to access far more than they should be. Even if an account is local only, how are access credentials stored, shared or used? Typically, this is done through email, messaging systems, or local key stores, all of which require credential exposure.
Keeper Connection Manager allows administrators to provide access to privileged systems without having to share credentials. Access can be revoked at any time, and a robust audit trail identifies when and how the system was used.
Keeper Connection Manager is built on a foundation of both Zero-Knowledge and Zero-Trust security, with granular access rules. Administrators can provide a user with access to the whole system – or just one component.
Nearly all compliance frameworks address the risks associated with privileged systems access by mandating Zero Trust, least privilege, or both. For example, here’s PCI DSS Requirement 7:
All systems within the Cardholder Data Environment should have sufficiently configured access control to ensure only authorized internal individuals have access to the environment, systems and sensitive cardholder data. All other access by non-authorized individuals must be denied.
Most frameworks contain additional controls regarding protecting credentials, not using default credentials, recording sessions, and more. Keeper Connection Manager allows you to meet compliance requirements from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISM, GDPR and more.
Implementing a Privileged Access Management solution should be as painless as possible. This is often not the case. Some solutions require custom clients to be installed for all privileged users, and agents to be installed on all privileged endpoints, in addition to one or more bastions to broker the connections. Some require changes to your Active Directory, or direct access to your domain controllers.
Keeper Connection Manager is easy to deploy. Simply install a gateway, and it supports SSH, VNC, Kubernetes, databases and RDP out-of-the-box. There are no agents, your web browser is the client, and there is no impact on your domain controllers or other services.
The Keeper Connection Manager gateway can be completely locked down to the customer's infrastructure to limit access between the client device and the target server. Secrets that are used to connect to the target servers can be managed within the Keeper Secrets Manager encrypted vault. Pass-through credentials also provide users with dynamic access to target instances without secrets storage anywhere in the gateway.
Keeper offers extensive reporting on privileged user behavior. In addition to providing aggregate security audits, Keeper also provides event logging for over 140 event types, event-based alerts, and integration with popular 3rd party SIEM solutions. Keeper’s compliance reporting functionality also allows admins to monitor and report on access permissions for privileged accounts across the entire organization, in a zero-trust and zero-knowledge security environment.
Keeper holds the longest-standing SOC 2 attestation and ISO 27001 certification in the industry. Keeper utilizes best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.