DEDICATED

TO PROTECTING
STRATEGIC DATA
AND ASSETS
PRIVILEGED ACCESS MANAGEMENT PLATFORM

WALLIX Bastion: Secure Privileged User Access FEATURES

The WALLIX Bastion is a centralized solution that secures
& BENEFITS
privileged access and monitors privileged sessions. It provides
unalterable audit trails and behavioral analysis reports on
privileged user activity. These resources can be useful when n Seamless integration
making security decisions and can help prevent the spread of with existing environments,
malicious software to other systems. capitalizing on previous
investments into previous
WALLIX BASTION CORE
security solutions thanks to
The core of the WALLIX Bastion allows you to secure your universal connectors and plugins
privileged accounts and support your teams regulatory compliance
efforts. It includes the following capabilities: n The platform provides a single
point of access that can adapt
• Administration: - Video and text recordings for all videos
- HA/load balancing - Complete audit logs and advanced to meet your organizations
- Disaster recovery searches to isolate incidents
unique needs using a scalable
- Backup and restore
• Password Vault: and interoperable architecture
- Management APIs
- Password and SSH keys safekeeping in the
• Audit/Real-time monitoring: WALLIX certified vault
- Real-time monitoring of all privilege user - Open architecture to enable integration n Easy and efficient deployment
activities through alerts, reporting and with third party vaults
remote session toward quickly attainable
- Automatic session termination based on • Reporting: milestones resulting in better
actions interception: blacklist, widget event - Basic reports accessible from the user
interface and downloadable as .csv file
control over implementation
reports, process sequences, keyboard traffic
("4-Eyes", OCR) or the use of bounce servers) - Bi-directional SIEM integration for and cost, while also optimizing
- Users accountability and trace actions for advanced reporting and real-time processing
the Total Cost of Ownership
statistical reports on monitored activity using: of malicious behavior detection
(TCO)
PORTAL ACCESS / AUDIT ACCESS MANAGER

ADMIN CORE SYSTEM REAL TIME n Enforce regulatory requirements

MONITORING
APPROVAL
through traceable audit trails
WORKFLOW AUTHENTICATION AUTHORIZATION SSO SIEM

BACKUP
ACCOUNTS
MANAGEMENT
USER
MANAGEMENT
RESOURCES
MANAGEMENT
and separation of operational
RESTORE BUSINESS

INTEGRATION WITH
INTELLIGENCE tasks from administrative
MySQL DB REST API X509 CERTIFICATION PASSWORD VAULT
CUSTOMIZE EXTERNAL VAULT
API
ANALYZE perimeter
DISASTER SESSION MANAGER PASSWORD MANAGER
RECOVERY REAL TIME
EVENT ALERTS
SESSION PROBE PASSWORD MANAGER
LOAD
BALANCING
COMMAND
FILTERING
n Identify accounts at risk and
PLATFORM
LIVE SESSION CONTROL PLUGINS
REPORTING
map your privileged accounts
VIRTUAL OR
PHYSICAL
APPLIANCE PRIVILEGED SESSION MANAGER AAPM SESSION
using the WALLIX Discovery
CLOUD
ON PREMISE RECORDING
MANAGED
SERVICES SERVICE ACCOUNTS AUDIT
POST-MORTEM

The WALLIX Bastion includes session, password, and portal access management features on a unified and
scalable platform for optimal security.
 WALLIX SESSION MANAGER
WALLIX SM
TECHNICAL SPECIFICATIONS

This module enables administrators to manage privileged user Encryption Algorithm

sessions in real-time for enhanced risk prevention: AES 256.

• Manage and govern privileged accounts through:
- Unix or Windows operating systems, network devices, databases,
mainframes, virtual infrastructures, or SU/SUDO injection
Authentication method
Identifier, LDAP, Active Directory, Radius,
TACAS+, Kerberos, X509, OTP, Web SSO,
Authentication technologies utilized by

WALLIX ALLIANCE PARTNERS-WAP.

- Consoles, business web applications, and fat clients (e.g.: firewall
management, Salesforce, or Sage) Protocols
- Direct access to resources using native clients (PuTTY, WinSCP, MSTC, HTTP/HTTPS, RDP/TSE, SSH, VNC,
OpenSSH, etc.) with connection rules embedded directly into the Bastion Telnet, SFTP.

- Workflows designed with context-relevant access configurations Monitoring

• Gather metadata (session probe) to supply dashboards with detailed SNMP & e-mail monitoring tools
ticketing and workflows
and context-relevant information
for administrator notifications.
• Remote APP
management Architecture
3 layers for scalability
WALLIX PM

WALLIX PASSWORD MANAGER (WALLIX Bastion farm, Bastion cluster,

bounce server cluster).

This module allows administrators to manage passwords and enforce

Integration/Deployment
password policies. The security is enhanced by ensuring that users Bastion running as a proxy
only have permissions to access the resources they need to complete or in a transparent mode.
their job duties. This helps guarantee that passwords and SSH keys
• Available as On Premise
will not be disclosed or misused: or On Demand
• Accessible through AWS
• Enforce periodic change and rotation of passwords
& Azure marketplaces
• Includes dedicated plugin library for target password management • Available as a hardware appliance
• Support SSH for virtual machine, or as a software
certificates
• Application-to-Application to Password Management and Services Easy provisioning and synchronization with
accounts management central Identity Access Management
WALLIX AM

solutions within the REST API.

WALLIX ACCESS MANAGER Plugins to integrate with all business

partners environments, supported by
WALLIX Access Manager provides a web portal for users and WALLIX ALLIANCE PARTNERS-WAP.

administrators. Administrators can track operations more effi-

High availability and Load Balancing
ciently and in real-time: Bastion clusters.
F5 BIG IP, A10 Thunder.
• Global search across your entire Bastion
infrastructure
• Single sign-on (SSO) integrates across all deployed Bastions using
RDP and SSH architecture
• Protect assets and systems through set rules that can automatically
authorize or revoke user access
• Delegation to third-party systems for user authentication and identifi-
cation (SAML 2.0)
• Multi-tenant architecture compatible with service providers' environ-
ments, with a complete isolation of instances
• Customizable web interface
• No VPN required for remote access

FOR MORE INFORMATION

info@dkbsolutions.com