Wallix Bastion

• Defend your critical assets from cyber-attack with powerful and easy-to-use Privileged Session Management capabilities. Achieve cybersecurity compliance requirements and monitor privileged session activity, all while increasing IT admins’ productivity and enabling and easy control over privileged access.
  The WALLIX Session Manager offers IT leaders a powerful solution to manage, control and audit access to network assets with strong security posture ensuring that only the right person has access to the right IT resources.
• Securely store credentials in a controlled vault and protect passwords against theft and sharing thanks to high-end encryption. Eliminate the use of passwords written on sticky notes or stored in unsecured Excel files, or worse, saved in clear text scripts for all to discover. Leverage high-level password security controls as well as Application-to-Application Password management for tight control over privileged credentials.
  The WALLIX Password Manager enables IT leaders to easily control and manage their passwords, secrets and credentials. It operates with the WALLIX vault or integrates with third-party vaults to protect and enhance existing investments.
• Enable secure remote access for IT administrators and external providers to connect safely from anywhere with secure-by-design capabilities; empower your IT team to ensure that only the right person can access the right resource for the right purpose.
  Eliminate the need to open an RDP, SSH, or Telnet connection thanks to the Access Manager’s HTML5 browser-based connectivity with session management. No additional plugins or fat clients needed on endpoints, and no untraceable VPN infrastructure to secure access to critical resources.
  The WALLIX Access Manager offers advanced multi-Bastion Global Search capabilities for privileged session forensic analysis and can distinguish tenants spanning across several Bastion instances, for a global multi-tenant Privileged Access Management architecture.
• Admin rights can introduce critical vulnerabilities to your vital assets. Ensure that the right privilege is granted to the right user at the right time, without compromising productivity.
  Privilege Elevation and Delegation Management offers Least Privilege control over access rights to your most sensitive IT resources.
  Eliminate overprivileged users and minimize security risks without impeding your teams’ productivity.
• Enable DevOps and Robotic Processes to automatically access critical IT resources in real time without vulnerable, hard-coded credentials left in scripts. The AAPM module is an easy-to-install software that works with Ansible, Terraform, and other similar tools to allow sealed access to target passwords stored in the WALLIX Bastion Vault.
  The WALLIX Application-to-Application Password Manager enables DevOps to access critical resources without ever knowing the credentials. All secrets are safely stored and AAPM enables completely secure access for DevOps tools or robots for unrivaled security and control and unimpacted productivity.

Wallix BestSafe

• White list for corporate applications, gray list for dangerous applications, blacklist for malware.
  Eliminate privileged accounts and local admin rights
  Grant application-level and process-level privileges to carry out authorized administrative tasks (White list)
  Reduce privileges of potentially dangerous applications (email clients, browsers, etc. with internet access) to deny access to sensitive resources, regardless of user’s elevated privileges (Grey list)
  Stop malware, ransomware, and cryptoviruses from executing or encrypting files
• Take a proactive approach to endpoint security, compared to traditional endpoint management tools, implementing application-level privilege management.
  Eliminate privileges in user accounts
  Manage user-level privileges in addition to application and process privileges
  Assign user accounts to group memberships
  Set time limits for user sessions, automatically terminating the session when the time limit is reached
  Simplify IT administrator workloads.
• Put an end to shared passwords used on countless endpoints and tools across local administrator accounts.
  Guarantee each password is unique per computer, account, and day
  Manage password rotation simply and effectively – a given password is only valid on that computer, on that day and time
  Trace attempts to change a password
  Predict future password iterations without connecting to the network.
• Detect encryption attempts in real time to stop ransomware in its tracks with a near-100% success rate, unlike other technologies
  Automatically detect when a process intends to perform an encryption operation, before it is carried out
  Stop the process and execute automated rules for response
  Define rule actions based on standards or administrator thresholds
  Store encryption keys to decrypt at a later date.
• Manage and control all key business applications through an innovative and easy-to-use portal, leveraging BestSafe’s unique process-level privilege management technology
  Install applications on-demand, or deploy automatically and unattended
  Users perform software installations themselves, without holding administrator privileges or burdening the IT team
  The SDM flexibly and efficiently deploys updates, repairs, admin or maintenance tasks, emergency distributions and uninstallations, without the need for user interaction or elevated privileges
  Delegate administrative tasks to endpoint users, without granting administrative rights
  Maximize security with no impact on productivity or performance.

Wallix Trustelem

• Gather your identity sources into a single identity referential to easily control access rights in one centralized location.
  Support for Active Directory, Azure AD, LDAP directories, and Google G Suite directory
  Import as many directories as needed into your WALLIX Trustelem platform
  Complete or partial directory import, based on group membership and attribute filtering
  Import of group memberships and user attributes to define proper access management policies.
• PProvide users with a Single Sign-On experience to remove the burden of managing a different password for each target application and entering credentials again and again.
  User dashboard displaying all applications to which the user has access rights
  Integrated Windows Authentication and X.509 client certificates support to access the user dashboard with no login form
  Identity federation through SAML, OpenID Connect, and OAuth protocols
  Pre-integrated applications such as Office 365, G Suite, Salesforce and many others.
• hoose from an array of Multi-Factor Authentication mechanisms to fit the specific requirements of your different populations, because there is no one-size-fits-all MFA solution. Trustelem Authenticator: a mobile application offering a strong authentication solution which is both secure and easy to use. Within network coverage, Trustelem Authenticator receives push notifications. When the device is offline, the application generates a 6-digit code. In addition to users locking their device, the application can be fingerprint-protected or require a four-digit PIN.
  OTP over SMS authentication: a simple and practical solution, widely known by users in other contexts
  FIDO 2 security devices: can be used through the WebAuthn protocol to implement multi-factor authentication based on USB or NFC physical keys. WALLIX Trustelem supports all FIDO2-compliant devices, including ANSSI-certified devices.
  Google Authenticator or any RFC 6238-compliant OTP generation mobile application is supported by WALLIX Trustelem for multi-factor authentication.
• Offer users a self-service solution for simplifying and streamlining management of credentials.
  Active Directory Self-Service Password Reset (SSPR) allows users to re-initialize their Active Directory password independently, after re-authenticating with one or more add-on solutions such as the Trustelem Authenticator mobile app, an SMS, one or more secret questions, a link sent by email, or other solutions
  The user dashboard suggests renewing the Active Directory password either spontaneously or upon expiration
  Users are prompted with MFA enrollment procedures when they access their dashboard or a specific target application, so that enrollment is fully autonomous. Administrators control which user or group is prompted for auto-enrollment of the MFA solutions.

Wallix Authenticator

• The zero-trust principle requires proof of identity to enable access wherever you are. Prevent unauthorized access, reduce data breaches, and mitigate the risk of lateral movement to protect the entire IT environment without any technical constraints for users.
• Complete the WALLIX Bastion PAM solution and gain even stronger security for remote access via the WALLIX Access Manager. Integrate MFA with the WALLIX Trustelem SSO platform to benefit from contextual and adaptative authentication.
• Secure Remote Access Confirm the identity of your employees, partners, and contractors no matter where they are and reduce the risk of stolen passwords from phishing or other attack methods. Security made easy for remote workers and all digital interactions!