Privileged Access Management Dictionary

Download PDF version here.

Privileged User – a person entitled to connect to critical assets within an IT infrastructure.

Privileged Accounts – a user or an application account, which is authorized to access critical system resources.

Privileged Credentials – privileged account login & password.

Privileged Session – server access session established by a privileged user.

Privileged Access Management (PAM) – an area of IT security focused on managing access to critical infrastructure equipment and confidential data. It enables strict control and supervision of access to company servers.

Privileged Identity Management (PIM) – covers complex access management processes in corporate environments. Includes user authentication, as well as authorization access to most company IT resources – servers, printers, files, etc.

Identity & Access Management (IAM) – an area of IT security which manages access to company resources and the identity of users.

Privileged Password Management – enables management of passwords to privileged accounts.

Proactive Monitoring – user activity tracking capable of taking automated actions based on a user’s behavior. This can be achieved either by screening user input and comparing it against a predefined subset of black-listed commands. A more sophisticated systems analyze how the user interacts with the target host and builds an individual behavioral model. It can then be determined if the connected user is the actual individual authorized to access the system or someone else who has managed to get hold of that user’s login credentials.

Password Vault (PV) – a secure storage of privileged accounts’ passwords. It enables strict control over access to secrets and allows authenticating users without disclosing the actual system password to anyone.

Secret Management/Secret Manager – software that allows to define complex password policies and automated rotation of passwords to privileged accounts.

Privileged Account and Session Management (PASM) – secure password storage and privileged session monitoring.

Application to Application Password Management (AAPM) provides a secure password exchange between applications.

Privilege Elevation and Delegation Management (PEDM) enables host-based command filtering (allowing users to execute only a defined subset of operating system commands) and running specific commands with a higher level of privileges.

Authentication – verifying a user’s identity.

Authorization – verifying whether a specific user has access to a given resource.

Optical Character Recognition (OCR) – processing images in order to extract text information contained within. OCR enables implementing full-text search in PAM solutions for graphical (e.g. RDP, VNC) sessions.

Remote access protocols – protocols that allow remote access to privileged resources.

Password rotation policy – definition of rules regarding periodic static password change.

Password sharing – a case of a few individuals accessing sensitive resources using the same login and password combination.

Attack vectors – different ways of executing a  cyberattack.

Protocol Encryption – enables secure communication between two endpoints by encrypting network traffic so it cannot be seized by simply capturing data packets.

Private Key – a private key is an essential element of  asymmetric cryptography (public-key cryptography). It is used to decrypt data  using a complementary public key. E.g. if John wants to send an encrypted message to Kate, he uses Kate’s public key (which is publicly available) to encrypt the text. Such message can be decrypted only with the private key, which is exclusively in Kate’s possession.

Key-based Authorization – verifying a user’s identity based on a combination of their public and private keys 

Security Incident Management – a process of handling an IT security related incident.

Security Information and Event Management (SIEM) – collection, analysis and long-term storage of system events from networked devices.

Log Management – collecting and storing log messages and audit trails.

Server Access List /Access list (ACL) – defines a list of access permissions to an IT infrastructure object (server, printer, file, etc.).

Raw Network Traffic – exact representation of network packets exchanged between two endpoints. Raw network traffic includes the actual user data as well as control information that is necessary to deliver it: source and destination network addresses, error detection codes, etc.

Protocol Recording – capturing and storing network packets generated by a specific protocol used for establishing a remote access session.

Agentless – a so-calledagent” is a piece of software installed on a server to enable various services, e.g. access sessions monitoring. Agentless solutions do not require agents making the deployment easier, especially in environments where all hardware and software must pass security audit.

Work Efficiency Analysis – analyzing the activity of users, determining idle time and estimating efficiency.

Misuse prevention – detecting and acting upon a potential misuse of privileged access rights.

Behavior profiling – user activity tracking and analysis in order to build individual behavioral profiles. This ensures detecting changes in user behavior and notifying a system administrator about a possibility of unauthorized access.

Just in Time  Access (JiT Access) – short-term, comprehensive control over access rights. JIT is utilized in scenarios in which an external contractor is hired to do a specific job and needs a set of access rights to do it.