Lightweight Privileged Access Management (PAM)

Manage access. Audit activity. Respond to incidents. All-in-one

The Challenge

The Challenge

Privileges grant power. Uncontrolled privileges spell danger. With Ekran System’s privileged access management (PAM) capabilities, you'll have the power to:

  • Secure remote access to critical endpoints
  • Get full visibility over all privileged accounts
  • Granularly control access requests and permissions
  • Monitor and audit activity of privileged users
  • Ensure compliance


Deter insider threats

Deter insider threats

Fully protect critical assets

Fully protect critical assets

Easily pass cybersecurity audits

Easily pass cybersecurity audits

Access maximum PAM capabilities for a reasonable price

Access maximum PAM capabilities for a reasonable price

Ekran System Privileged Access Management Solutions

Password management

Forget about having to deploy extra privileged password management software. Ekran System includes a sophisticated privileged password management solution with all the capabilities you need to properly handle and protect your secrets:

  • Password Vault for securely storing and delivering secrets
  • Automated and manual password rotation for Windows and AD accounts
  • Role-based access control
  • SSH key management
  • Password management for shared accounts (Windows, Linux)
  • Web account password management

Ekran System provides military-grade data encryption and uses only FIPS 140-2 compliant encryption algorithms. All data and connections, including privileged account credentials and client–server connections, are encrypted with AES-256 keys and an RSA-1024 or RSA-2048 algorithm.

Access request and approval workflow

Minimize cybersecurity risks and control the number of simultaneously active accounts with Ekran System’s just-in-time PAM capabilities:

  • Manual access approval for determining who can access what and when 
  • One-time passwords (OTP) for securing temporary access to specific endpoints, including emergency access
  • Integration with leading ticketing systems including SysAid and ServiceNow for cross-checking and validating the reasons for privileged access requests
  • Time-based user access restrictions for enhancing the protection of critical data and systems

Monitor, record, and manage user activity in all sessions started under temporary credentials.

Multi-factor authentication

Strengthen the protection of your critical assets with Ekran System’s two-factor authentication (2FA) tool. This tool is part of our rich set of identity and access management features.

Ekran System’s multi-factor authentication tool enhances the user verification process by combining user credentials and time-based one-time passwords. This privileged identity management solution is included with any Ekran System license and runs on Windows Server and Windows and macOS endpoints.

Learn more: Ekran System 2FA tool

Continuously monitor all privileged accounts

Monitoring is an essential part of privileged account management. With Ekran System, you can continuously monitor, record, and audit all privileged sessions on endpoints.

If a server connection is temporarily limited or lost, the lightweight Ekran System Client will continue recording the session in offline mode. Once the connection is restored, all information will be uploaded to the Ekran System Application Server.

In addition, Ekran System can automatically generate a large set of user activity reports, allowing you to get a close-up view of every user action and analyze overall user activity.

Real-time alerts and incident response

Enable proactive privileged activity monitoring with the help of Ekran System’s actionable alert system.

Use our extensive library of template rules or set custom targeted alerts for detecting abnormal user behavior. Block users, terminate applications, and send real-time notifications to pinpoint privileged access abuse in near real time.

For each alert, you can optionally assign an automated incident response action that will be executed along with notifying security staff: show a warning message to the user, kill an application, or block the user.

Ekran System® manages privileged access to ensure compliance

Ensuring a proper level of privileged account management and access management is one of the main requirements of major compliance regulations and standards. With Ekran System’s privileged access management security solution, you can meet compliance requirements with ease:

The most complete set of supported platforms

More on supported platforms

Ekran System® integrations

Ekran System privileged access management software integrates with your infrastructure, including with the leading SIEM and ticketing systems.

What Our Clients All Over The World Say



They Chose Ekran System®


What is privileged access management?

Privileged access management, or PAM, is a set of cybersecurity policies, principles, and tools that allow you to manage the access rights of privileged users. By applying a privileged access management solution, you can configure which users can access which resources, protect sensitive data from unauthorized access, and detect and prevent security incidents.

Why is privileged access management important?

Managing privileged access can help you prevent cybersecurity risks like data theft, leaks and abuse, corporate espionage, and credential theft. Deploying a PAM toolset is also important for organizations that need to comply with cybersecurity laws, standards, and regulations like HIPAA, PCI DSS, and NIST SP 800-53. Protecting user access is an essential part of compliance.

What is the difference between privileged access management and identity and access management (IAM)?

While both PAM and IAM help to manage user access, they have a lot of differences:


1. PAM controls only privileged accounts, while IAM can be applied to all accounts.

2. PAM guarantees users will access only the resources to which they have access rights. IAM ensures that only the right people log in to an organization’s systems.

3. IAM verifies users’ identities before providing access to an organization’s resources. PAM checks users’ credentials before providing access.


Achieving regulatory compliance often requires organizations to deploy both PAM and IAM tools to ensure the best possible protection. Ekran System provides you with PAM and IAM tools in one solution.

Why use privileged access management software?

The main goal of using a PAM system is to protect an organization’s sensitive data from unauthorized access. PAM helps you make sure privileged users access only the resources they need for work purposes. Also, it alerts security officers if users do something suspicious with sensitive data.


PAM is useful for protecting both from insider threats like data theft and corporate espionage and from outside attacks like hacking, credential theft, and social engineering.

What are the benefits of privileged access management?

By deploying a PAM solution, an organization:


1. Protects sensitive data it stores

2. Mitigates possible insider and outsider threats

3. Prevents privileged users from violating security policies without affecting their productivity

4. Enhances compliance with cybersecurity requirements

Is Ekran System’s PAM solution a standalone tool?

No. Privileged access management is integrated into our insider risk management solution. Ekran System also includes tools for:


1. User activity monitoring

2. Identity management

3. Alerts on suspicious user actions

4. Enhanced auditing and reporting 


All of these functionalities help your security team protect sensitive data by efficiently monitoring and controlling user activity.

Can I use the Ekran System PAM solution to manage access privileges of remote employees?

With Ekran System’s PAM solution, you can manage remote access privileges as easily as you can manage access privileges of in-house employees. You can configure access rights for remote users, manage their credentials and secrets, audit their activity, monitor access requests and interactions with sensitive data, etc.

How can I configure access rights for each privileged user in my system?

Ekran System is highly flexible in terms of configuring access rights. For example, it allows you to:


1. Create unique access configuration for a user

2. Configure user roles and assign those roles to groups of users

3. Allow access to sensitive resources for a certain period of time

4. And do even more


Our PAM solution is easy to customize. Also, our support team is always ready to help with customizations and any other questions.

How does Ekran System help to implement the principle of least privilege and the just-in-time (JIT) approach?

You can implement the principle of least privilege using the following capabilities of Ekran System:


1. Granularly configure access rights for privileged users to allow them to interact only with the resources they need

2. Reconfigure users’ access rights at any moment in a couple of clicks

3. Provide access to the most sensitive resources for a set period of time


To implement JIT, you can also use these privileged access management features:


1. One-time passwords that provide users with access only when they need it and for a limited period of time

2. Manual access approval, which is useful for controlling access to the most secured resources

Which fail-safe mechanisms does Ekran System use?

Ekran System supports a high availability mode based on a Microsoft failover cluster. It’s designed in such a way that if the Ekran System server stops working, another server instance can replace it without data loss or reinstallation. To enhance availability, you can create a load balancer cluster for the AppServer or deploy an MS SQL cluster.

How do you protect the Ekran System password vault?

Ekran System encrypts privileged user credentials and other secrets with the Advanced Encryption Standard (AES) 256. These secrets are stored in an SQL database, which can be located on a separate machine.


We also use encryption to protect initial vectors for time-based one-time passwords, monitoring records, exported forensic data, and passwords of internal Ekran System users. You can learn more about Ekran System encryption mechanisms in our documentation.

Can I get help with deploying, configuring, and maintaining Ekran System?

We’ve prepared step-by-step guides for deploying Ekran System in the form of agents or jump server instances. The documentation also contains instructions on how to configure Ekran System components.


If you have any additional questions about our privileged access management tools, feel free to contact our support team.

More FAQ