9
March 2017
Osirium PAM ServiceNow Integration
Andy Harris
Osirium PAM is fully integrated with ServiceNow, taking Privileged Access Management (PAM) one step higher in security and compliance. Watch our video on the integration, below, to learn more.
Osirium’s PAM manages the who, how and when of single-sign-on (SSO) and Task Automation, and now plays well with ServiceNow, a Change Management Database (CMDB) product that manages the workflow of why SysAdmins and DevOps will access systems.
We’ve created a plug-in policy module for PAM's profiles which, when enabled, enforces a valid CMDB ticket requirement for every task or SSO session.
ServiceNow implements unique IDs for each ticket, whether it be change or incident based. The API allows our PXM platform to find these tickets and query their status for use in policy flow.
Osirium PAM not only checks the ticket, it logs its use internally and generates a CEF formatted syslog message.
Attackers now need so much more just to gain access to your systems:
- Privileged Account credentials – with PAM, privileged credentials are long, strong, truly random and regularly changed. Furthermore, they never enter the users’ workstation environment, are never displayed, and can’t be intercepted or phished from your users.
- A valid CMDB ticket – Even if an attacker could remotely control your SysAdmin or DevOps systems they’d need to know a valid CMDB ticket to get any further.
- A lack of accountability – Insider wrong doing is deterred by the sheer level of accountability on the PXM Platform. Users can’t share credentials; PAM enforces a ‘One Instance Only’ for user identities, and Privileged Session Management can record all user actions on systems, devices and applications.
In addition, many sites have an emergency ticket that is always open. This is for the occasional situation where systems need to be fixed and the paperwork done later. Osirium PAM supports this ticket type with full accountability and logging, without impeding remediations.
Osirium PAM and ServiceNow integration in 5 minutes
We’ve created a plug-in policy module for Osirium’s profiles which, when enabled, enforces a valid CMDB ticket requirement for every task or SSO session.