How it work

By requiring that all default accounts are managed by PAR, you can ensure that the passwords are changed based on time and usage.

GuardPost creates a secure proxied SSL connection for non-console based administrative access.

• Establishes granular access controls around cardholder and sensitive authentication data

• Protects Web-facing applications from external attacks (such as SQL injection) via anomaly detection

• Identifies movement of CVV/PIN data

• Automatically locates & classifies sensitive data

PAR provides secure file storage with granular access control.

The PAR file storage capability allows for dual (or more) control on the release process.

• Monitors and alerts on all changes to databases including changes to internal structures, data values, and external DBMS configuration files

• Automates reconciliation of database changes to authorized work orders (Remedy, Peregrine, etc.)

Restricts access by user, application, subnet, etc., including privileged users

eGuardPost provides granular control to dictate which systems can be accessed and proxies the access.

• Identifies use of shared database IDs

• Identifies creation of new IDs

• Restricts use of privileged vendor IDs

• Alerts on failed logins & restricts repeated attempts

PAR securely stores all managed passwords using AES 256 encryption. Passwords are transmitted via secure SSL.

PAR can disable any terminated user removing access to PAR and any managed passwords. With PAR automated change controls, no user has any password knowledge unless in an active/authorized release window so terminated users have no account password knowledge.

With PAR, you can require vendor password requests for dual authorization, so passwords will only be provided when approved. Approvals could only be given during allowable access hours. With eGuardPost (add-on to PAR or stand alone) you can have a full session capture of all traffic. Whether connecting to Windows, Unix, routers, etc, all traffic is captured for review with VCR like playback.

PAR was specifically designed to address this issue. PAR provides individual accountability to determine who accessed a shared account.

PAR supports per system and per account based password rules including defining require length, numeric & alpha-numeric characters and more.

User’s logging into PAR can be disabled after configurable number of attempts. Being disabled will not allow access to any of the stored passwords on PAR the user is authorized to request/obtain.

Disabled users are locked out until enabled by PAR administrator.

• Creates secure, verifiable audit trail with granular information about who, what, when, where, how of all database activities

• Identifies end-user IDs in connection pooling environments where database only sees generic ID (Oracle EBS, PeopleSoft, SAP, Siebel and custom applications)

• Automates report distribution and documents oversight to guarantee timely response

• Provides 100+ preconfigured audit templates and reports for PCI, SOX, and data privacy laws

PAR will provide accountability of who used a particular account, while eGuardPost can provide a full session capture of the activity.

eGuardPost captures the entire RDP or SSH session, providing full replay capability of the activities.

• Assesses vulnerability and configuration risks.

• Monitors integrity of all database files including configuration files, OS files, shell scripts, etc.

• Delivers the metrics and real-time visual tools required for continuous assessment and proactive improvement of database security.

• Provides practical, appliance-based technology to monitor and enforce corporate policies—without impacting performance or business processes.

By forcing all access though eGuardPost, you have a full audit trail of any access to data.