Today, with the expansion of network infrastructure, the increase of active equipment and the outsourcing and contracting of huge parts of organizations, on the one hand, and the concern of security issues regarding the access of system managers, as well as the requirements given by upstream organizations such as Afta and Bank Central has caused the special access management system (PAM) to attract the most attention and be at the top of the organizations’ priorities. The PAM product provided by ARCON NET company called ARCOS has a very high rating in the list provided by Gartner and has a strong competition with other similar products such as CyberArk, BeyondTrust and Dell in this field. Due to the implementation and use in many financial and credit institutions and ministries around the world, this product has reached full maturity and now has the ability to connect to more than 50,000 devices, as well as the ability to communicate with all products. It has Bumi by the research and development department of this company to create a special connector.

Capabilities
Manage senior user access
Management and control of senior user access levels
Manage and control access to programs and operating systems
Prevent accidental or intentional execution of malicious commands with high-level access on critical systems
Access management for remote users
Protection against security threats caused by high-level access
Integrated and two-factor authentication
Limiting the access of senior system administrators

In order to prevent human error (unintentional) for managers with high access levels or to prevent sabotage and malicious activities that may be done by disgruntled or infiltrating human resources in the organization, it is possible to limit high access levels. (admin) and also prevent the execution of some destructive orders without using the position of senior leaders. .

Safe storage of passwords

Passwords are stored in ARCON product in the form of multi-layer encryption and will be able to change complex passwords fully automatically, dynamically at specific time intervals for a very large number of devices, imperceptibly for administrators and system leaders. And fulfilled the requirements of upstream organizations in this way. .

Central management

By using central management, system managers will be able to control all the access and executive affairs of managers in a centralized manner.

Record the audit trail

In order to clarify and investigate the future, the need to record the audit trails and events of the operating systems, databases and security equipment and the network is a serious matter, necessary and also with certain technical difficulties. ARCON will be able to simplify this process as much as possible and meet the requirements of the upstream organizations by using the audit sequence registration system as well as the complete recording of the meetings.

Instant view of events

Using the live dashboard will enable the system administrators to monitor the active accesses and check the completed commands in real time. Risky commands are also detected and can be seen instantly. In order to personalize the dashboard page, facilities have been provided so that the live dashboard can easily be changed according to the needs of the organization.

Manage keys

The use of SSH keys for authentication has been a concern of system administrators since the past. These cryptographic keys, like passwords, can be used by hackers to find the correct key pair to enter the system. ARCOS also protects SSH keys by creating a layer for access control.

Using Microsoft Active Directory in authentication

The use of Microsoft Active Directory (MAD) as an authentication element in ARCOS makes it possible for devices with operating systems other than Windows, such as Linux and Unix, to be authenticated through Active Directory. And in this way, the integrity of the entire organization can be maintained and established with the least complexity.

Integrated authentication

By using integrated authentication, you no longer have to worry about keeping dozens of complex passwords, and changing them periodically will not waste the time and energy of system administrators. Passwords will not be passed on a platform that can be eavesdropped, and all available resources will be available to administrators and system leaders in the shortest possible time.

Two-factor authentication

Two-factor authentication will ensure that if the password is stolen by password thieves, they will not be able to use it to access the resources and equipment of the organization and cause disruption or change. In order to use the second authentication factor, ARCON company has presented its one-time password (OTP) module so that it can be used on smart devices such as mobile phones and tablets. It is also possible to use other authentication methods such as authentication with biometric factors, RSA tokens and VASCO tokens.

Control access to specific components

In order to require specific access, to access or not to access parts of the operating system with a user level in the operating system, databases, security equipment and network, ARCOS will be able to provide maximum efficiency and Provide security for managers, leaders and contractors of the organization and prevent disruptions in other services and applications used by the organization.

Creating virtual groups

Managing a large number of systems by different teams will be very complex and critical. The problem of presenting The appropriate level of access to these teams will be such that it is able to do all their work needs with the lowest level of access. Building virtual groups and communication between these groups in achieving the optimization of calculated processes, roles and responsibilities.

Record and save all sessions

In order to record the events as well as legal follow-ups regarding the orders made by the leaders, all the sessions can be stored with advanced technology in a very small volume in order to be used to record the audit sequence, regarding the increase The knowledge of the organization’s employees should also be used in outsourced projects.

Improving the level of access and management of roles

Due to the fact that ARCOS will be able to properly manage the access of system administrators by applying the Policy, sometimes the need to temporarily change the user account of a non-administrator user to a system administrator is also felt. This temporary user change can be revoked from the user at a specific and predetermined time based on the specified criteria.