DEDICATED

TO PROTECTING
STRATEGIC DATA
AND ASSETS
PRIVILEGED ACCESS MANAGEMENT PLATFORM

WALLIX Bastion: Secure Privileged User Access FEATURES

The WALLIX Bastion is a centralized solution that secures
& BENEFITS
privileged access and monitors privileged sessions. It provides
unalterable audit trails and behavioral analysis reports on
privileged user activity. These resources can be useful when n Seamless integration
making security decisions and can help prevent the spread of with existing environments,
malicious software to other systems. capitalizing on previous
investments into previous
WALLIX BASTION CORE
security solutions thanks to
The core of the WALLIX Bastion allows you to secure your universal connectors and plugins
privileged accounts and support your teams regulatory compliance
efforts. It includes the following capabilities: n The platform provides a single
point of access that can adapt
• Administration: - Video and text recordings for all videos
- HA/load balancing - Complete audit logs and advanced to meet your organizations
- Disaster recovery searches to isolate incidents
unique needs using a scalable
- Backup and restore
• Password Vault: and interoperable architecture
- Management APIs
- Password and SSH keys safekeeping in the
• Audit/Real-time monitoring: WALLIX certified vault
- Real-time monitoring of all privilege user - Open architecture to enable integration n Easy and efficient deployment
activities through alerts, reporting and with third party vaults
remote session
toward quickly attainable
- Automatic session termination based on • Reporting: milestones resulting in better
actions interception: blacklist, widget event - Basic reports accessible from the user
interface and downloadable as .csv file
control over implementation
reports, process sequences, keyboard traffic
("4-Eyes", OCR) or the use of bounce servers) - Bi-directional SIEM integration for and cost, while also optimizing
- Users accountability and trace actions for advanced reporting and real-time processing
the Total Cost of Ownership
statistical reports on monitored activity using: of malicious behavior detection
(TCO)
PORTAL ACCESS / AUDIT ACCESS MANAGER

ADMIN CORE SYSTEM REAL TIME n Enforce regulatory requirements

MONITORING
APPROVAL
WORKFLOW
AUTHENTICATION AUTHORIZATION SSO through traceable audit trails
SIEM
BACKUP
ACCOUNTS
MANAGEMENT
USER
MANAGEMENT
RESOURCES
MANAGEMENT
and separation of operational
RESTORE BUSINESS

PASSWORD VAULT INTEGRATION WITH

INTELLIGENCE tasks from administrative
MySQL DB REST API X509 CERTIFICATION
CUSTOMIZE EXTERNAL VAULT
API
ANALYZE perimeter
DISASTER SESSION MANAGER PASSWORD MANAGER
RECOVERY REAL TIME

n Identify accounts at risk and

EVENT ALERTS
SESSION PROBE PASSWORD MANAGER
LOAD COMMAND
BALANCING FILTERING

PLATFORM
LIVE SESSION CONTROL PLUGINS
REPORTING
map your privileged accounts
VIRTUAL OR
PHYSICAL
APPLIANCE PRIVILEGED SESSION MANAGER AAPM
SESSION
using the WALLIX Discovery
CLOUD
ON PREMISE RECORDING
MANAGED
SERVICES SERVICE ACCOUNTS AUDIT
POST-MORTEM

The WALLIX Bastion includes session, password, and portal access management features on a unified and
scalable platform for optimal security.
 WALLIX SESSION MANAGER TECHNICAL SPECIFICATIONS
WALLIX SM

This module enables administrators to manage privileged user Encryption Algorithm

sessions in real-time for enhanced risk prevention: AES 256.

Authentication method
• Manage and govern privileged accounts through:
Identifier, LDAP, Active Directory, Radius,
- Unix or Windows operating systems, network devices, databases, TACAS+, Kerberos, X509, OTP, Web SSO,
mainframes, virtual infrastructures, or SU/SUDO injection Authentication technologies utilized

- Consoles, business web applications, and fat clients (e.g.: firewall by WALLIX ALLIANCE PARTNERS-WAP.

management, Salesforce, or Sage) Protocols

- Direct access to resources using native clients (PuTTY, WinSCP, MSTC, HTTP/HTTPS, RDP/TSE, SSH, VNC,
OpenSSH, etc.) with connection rules embedded directly into the Bastion Telnet, SFTP.

- Workflows designed with context-relevant access configurations Monitoring

• Gather metadata (session probe) to supply dashboards with detailed SNMP & e-mail monitoring tools
ticketing and workflows
and context-relevant information
for administrator notifications.
• Remote APP management
Architecture
3 layers for scalability
WALLIX PASSWORD MANAGER
WALLIX PM

(WALLIX Bastion farm, Bastion cluster,

bounce server cluster).
This module allows administrators to manage passwords and enforce
password policies. The security is enhanced by ensuring that users Integration/Deployment
only have permissions to access the resources they need to complete Bastion running as a proxy
or in a transparent mode.
their job duties. This helps guarantee that passwords and SSH keys
will not be disclosed or misused: • Available as On Premise
or On Demand
• Enforce periodic change and rotation of passwords • Accessible through AWS
• Includes dedicated plugin library for target password management & Azure marketplaces
• Support SSH certificates • Available as a hardware appliance
• Application-to-Application to Password Management and Services for virtual machine, or as a software

accounts management
Easy provisioning and synchronization with
central Identity Access Management
WALLIX ACCESS MANAGER
WALLIX AM

solutions within the REST API.

WALLIX Access Manager provides a web portal for users and Plugins to integrate with all business
partners environments, supported by
administrators. Administrators can track operations more effi- WALLIX ALLIANCE PARTNERS-WAP.
ciently and in real-time:
High availability and Load Balancing
• Global search across your entire Bastion infrastructure Bastion clusters.
• Single sign-on (SSO) integrates across all deployed Bastions using F5 BIG IP, A10 Thunder.
RDP and SSH architecture
• Protect assets and systems through set rules that can automatically
authorize or revoke user access
• Delegation to third-party systems for user authentication and identifi-
cation (SAML 2.0)
• Multi-tenant architecture compatible with service providers' environ-
ments, with a complete isolation of instances
• Customizable web interface
• No VPN required for remote access

FOR MORE INFORMATION

Email: info@wallix.com
www.wallix.com