Capabilities of Bomgar Privileged Access Management
Bomgar Privileged Access Management lets you control access to critical systems without hindering the work privileged users need to perform. You can define how users connect, monitor sessions in real time, and record every session for a detailed audit trail. Highlighted features are below.
Secure Remote Access
Extend remote connection protocols beyond the LAN without compromising
security by using a Layer 7 (Application) approach that incorporates much
tighter controls than those available with a traditional VPN.
Use Bomgar’s patented Jump technology or native protocols (RDP, SSH) to view or control remote desktops, servers, and network devices.
Create shortcuts for frequently accessed computers.
Access the command line for network troubleshooting, system diagnosis or supporting a network device.
Custom Special Actions
Bomgar automatically detects the remote operating system and presents special action shortcuts to users during sessions (e.g. a shortcut to the Control Panel when connected to Windows systems). You can even create your own custom special actions.
View and switch between all the monitors connected to the remote desktop.
Access and control multiple systems simultaneously, so that processes spanning multiple systems can be addressed.
Reboot the remote desktop without losing your connection. Reboot into safe mode with networking and request automatic logon credentials at reboot.
Capture and save an image of the remote screen.
Create a library of scripts for automating repetitive tasks.
View the remote system information, including running processes, installed programs, CPU usage, and more.
Access Console Scripting
Start a session with a remote computer from an external program.
Transfer files between remote computers during remote access sessions using Bomgar’s built-in File Transfer.
Bomgar’s patented Jump Technology enables remote access without requiring firewall changes or VPN.
Remote Desktop Protocol (RDP)
Integrated Microsoft Remote Desktop Protocol enhances RDP security and works across remote networks without VPN tunnels or open listening ports (TCP 3389).
Connect to SSH-enabled or Telnet-enabled network devices and control the command line feature on the remote system.
Power systems on/off remotely with integrated Wake-on-LAN (WOL) support.
Deploy Bomgar Jump Clients to multiple systems at once.
Easily perform forensics analysis and provide audit reports across video and text logs for internal and external compliance requirements. Authorized users can monitor, and even terminate, sessions in real-time.
Command shell recordings are now included in Session Forensics searches. Successful matches in stored shell recordings automatically take the user to that point in time in the recording.
Endpoint Surface Analyzer
Know and control how critical endpoints are accessed throughout your organization. Be aware of the listening network port exposure for systems that you manage. Report and keep a running log of critical endpoint network exposure.
Monitor ongoing remote sessions, take over sessions, or transfer them to another user. The Dashboard lets you monitor privileged sessions from your desktop or iPad.
Broadcast a message to all logged-in users.
Generate activity reports for specific users or groups. Reports include details about remote sessions, including system information, IP information, file transfer details and more. The following reports are available: Session Reports; Team Reports; Summary Reports; User Account Reports.
Define which privileged users can view or generate reports.
Session recording videos
Capture videos of each RDP, Command Shell, or Jump session. Videos include annotations identifying who has mouse/keyboard control, and you can pan through videos quickly to find key events.
Monitor the Bomgar Appliance using Simple Network Management Protocol (SNMP).
Send log messages about the Bomgar Appliance to an external syslog server.
Cloud Access Control
Harden your internet-facing cloud resources by closing unnecessary ports. Enable multiple authorized users to access and manage cloud infrastructure powered by AWS, Azure, VMware and other IaaS providers.
Supports Windows, Redhat, CentOS, and Ubuntu Linux VMs powered by AWS, Azure, VMWare and other IaaS providers.
Allow multiple authorized users to securely connect and manage cloud infrastructure without revealing root credentials.
Reduced Attack Surface
No opening of inbound firewall configurations required. Harden your internet facingcloud resources by closing all unnecessary ports including 22 and still get shell access!
Headless Linux Support
Headless Linux configurations supported for on prem data center, public, and private cloud infrastructure
Integrate with SIEM, Change Management, and Multi-Factor Authentication tools for a comprehensive approach to securing privileged access.
Out-of-the-box integrations are available for a number of the leading solutions.
Use the Bomgar API to integrate privileged access with your SIEM solution.
Integrate Bomgar Privileged Access Management with ServiceNow or other change management solutions.
Use LDAPS/Active Directory to provision users and groups.
Use RADIUS for multi-factor authentication.
Use Kerberos for single sign-on.
Smart Card Support
Pass smart card credentials to remote computers.
Authorization and Notification
Require access notification and authorization. Define what endpoints users can access, schedule when they can access them, and white/blacklist applications for a comprehensive approach to privileged access.
Application Whitelisting/Application Sharing
Only allow specific applications to be viewed by privileged users.
Require authorization by a third party before a privileged user can access an endpoint.
Inactive Session Timeout
Automatically log users out after the session has been inactive for a given amount of time.
Automatically lock the remote computer at the end of each session.
User Login Schedule
Define when sessions can occur on an individual or group basis.
Jump Session Policies
Define which tools are available to privileged users based on the specific endpoint being accessed.
Automatic Elevation Service
Automatically elevate privileges on remote Windows computers whenever a session begins.
Elevate Customer Client
Manually elevate privileges on remote Windows computers.
Define which files and directories can be viewed. Limit file upload or download privileges and prevent users from having full control of the remote file system.
Remote Registry Editor
Access the remote registry editor on Windows computers.
Restrict End-User Interaction
Prevent end users from controlling the remote mouse and keyboard, or black out the remote screen while a session is occurring.
Set permissions on which special actions and custom special actions are available to users.
View or Control
Give users remote control or view-only privileges on remote computers.
User Device Verification
Require verification for mobile devices prior to allowing them to be used in sessions.
Set permissions for individual users or groups of users. Sync Bomgar with Active Directory or LDAP group policies.
Mobile and Web Consoles
In addition to desktop consoles for Windows, Mac, and Linux, Bomgar Privileged Access Management includes mobile apps and a browser console. Native mobile apps give users secure access over 3G/WiFi from Android or iOS devices only to allowed endpoints. The Bomgar Privileged Web console enables privileged access from the browser without installing software locally.
Android Access Console
Access remote computers and servers securely from an approved Android tablet or phone.
Apple iOS Access Console
Access remote computers and servers securely from an approved iPad or iPhone.
Privileged Web Console
Access to endpoints securely through a web-based access console. The Bomgar Privileged Web console enables privileged access without installing software locally.
Desktop Access Console
The Access Console is the desktop application for Bomgar Privileged Access Management. It places remote computers and time-saving tools at your users’ fingertips.
Credentials and Keys
Authorize access without exposing credentials to privileged accounts. Store credentials in your password management solution. Then authenticate users or elevate privileges with credential or SSH key injection.
Endpoint Credential Management
Integrate Bomgar with your password vault to utilize pre-provisioned credentials. Credential management lets you hide authentication details from privileged users even while granting them access to approved endpoints.
Manage Access Across Hybrid Environments
Bomgar allows you to manage and control privileged access across hybrid environments and platforms. Most organizations are using a mix traditional computing, private and public cloud infrastructure to run their critical systems. Bomgar gives you the ability to centrally secure and audit access across all of these environments.
Bomgar also works to and from every platform your privileged users need, including Windows, Mac, and Linux. Plus, users can leverage desktop-quality access through Android or iOS (iPad, iPhone) apps.
Managing privileged access with Bomgar improves productivity for everyone. It streamlines setup, centralizes auditing and reporting, and allows users to connect from their preferreddevice.
Integrate Privileged Access Management with Your Environment
You’ve already invested in solutions for password management, user authentication, security information and event management (SIEM), IT service management (ITSM), systems management and change management. Bomgar Privileged Access Management lets you integrate privileged session management into your existing environment and increase your return on those investments.
Secure Deployment Options for Privileged Access Management
The Bomgar Appliance for Privileged Access Management offers a centralized platform for access control and session management. Bomgar helps you keep sensitive data behind your own firewall, under the trusted security measures you already have in place. Please, speak with us about which appliance is best for your organization.
How Does the Bomgar Appliance Work?
Firewalls are designed to block incoming traffic. That is why traditional remote access tools (RDP, VNC, pcAnywhere, Dameware and others) require firewall configuration changes in order to work over the internet.
Bomgar does not require changes to your firewall because both endpoints and privileged users connect to the appliance through outbound connections. That means that if the remote desktop or server can connect to the internet, your off-network users can connect to it through Bomgar without the use of VPN.
In the case of closed networks, a single internet-connected Bomgar node can enable an off-network privileged user to connect to network devices and desktops that are not themselves connected to the internet.
In addition, Bomgar enables remote sessions within a local area network. In most cases, a remote desktop connection can be established without deploying remote agents or configuring remote computers individually.
Bomgar enables multiple remote protocols: RDP, SSH, Telnet, and our patented Jump Technology. Both the Access Console for privileged users and the endpoint application run seamlessly across operating systems: Windows, Mac, Linux, Network Devices, Android, iOS. This wide compatibility lets Bomgar centralize remote session management. Each remote session produces detailed logs and video recordings. No data passes through a third party. All session data is guarded by SSL encryption.
Monitor Privileged Users and Shrink Your Attack Surface
Traditional peripheral security measures – like firewalls, active directory rights management, complex password policies, and frequent rotation – are proving to be limited. When unauthorized users gain access to accounts and credentials, they can bypass these traditional systems. The largest and most recent cyber breaches have been attributed to unauthorized users leveraging privileged credentials for unauthorized access.
Cyber security professionals have a problem. They must maintain security and manage risk without hindering user productivity and satisfaction. With Bomgar, security professionals can control and monitor privileged access while also empowering authorized users to perform their duties. Bomgar addresses privileged access management with the four A’s of security: Architecture, Authentication, Access Controls, Audit.
Architecture: Deploy without Disruption
Bomgar Privileged Access Management is designed to work within an already secure network perimeter. Because both the customer and the user connect to Bomgar through outbound connections, no firewall changes are necessary. That means you can extend Remote Desktop Protocol and SSH beyond the LAN without opening ports or requiring VPN connectivity.
And Bomgar works across platforms. Privileged users can connect to Windows systems within the network without deploying a client prior to connecting. Or you can deploy Bomgar clients to Mac and Linux systems, or any server/computer outside your managed network. Connect to Linux and UNIX systems with SSH. Users can even connect from Android or iOS devices.
Each remote connection is guarded by secure encryption and passes through the Bomgar appliance. Bomgar can reside in your network, under the security measures you already have in place.
Authentication: Leverage Existing Directories
One key to managing power users’ privileges is managing their credentials. That’s why Bomgar integrates with your existing directory services, like LDAPS and Active Directory. If you change a user’s account in Active Directory, it is automatically reflected in Bomgar.
In addition, you can connect Bomgar to RADIUS for multi-factor authentication and Kerberos for single sign-on. And with Bomgar, a privileged user can use his or her Smart Card to authenticate to a remote computer.
But that’s not all. Since Bomgar allows privileged users to connect from mobile devices, you can create a list of authenticated devices and determine the network locations from which they can connect. You’ve worked hard to make your general authentication structure secure. Bomgar lets you leverage it.
Access Controls: Define more than 50 Permissions
Bomgar offers more than 50 separate user permissions, so you can fine tune the level of access available to each privileged user. Assigning permissions to users or user groups is straightforward. You can even create templates in Bomgar and use Active Directory to assign users to those templates. If you move a user from one group to another in LDAPS, their permissions in Bomgar are automatically updated to reflect their new role.
Rather than giving users all-or-nothing access, Bomgar helps you implement least privilege best practices for all your users. You can define what endpoints and applications are available, and when they can be accessed. Let users connect right away or notify and require permission from an authorized approver before each session.
- Restrict remote access to defined endpoints
- Schedule when endpoints can be accessed
- Require access notification and authorization
- Prevent unauthorized programs from being viewed with application whitelisting
- Manage your access control policy with group policies
Audit: Report in Detail on Every Session
Not only does Bomgar help prevent unauthorized access, it also gives you insight when an authorized user does something that is unauthorized.
Bomgar logs all session activity centrally. Know who connected to endpoints, when the sessions occurred, and what happened during the session. In addition to log reports, Bomgar also records videos of each session. These video recordings capture every action taken in each remote desktop, SSH, or Telnet session.
You can export session videos and reports from Bomgar and store them in an external file system for a detailed audit trail. Or you can track session data and configuration changes with your existing SIEM solutions.