Today we’re proud to introduce another important milestone in Silverfort’s journey to build the world’s leading unified identity security platform. The same paradigm shift we’ve previously applied to MFA, Non-Human Identity (NHI) protection, ITDR and more, is now applied to address one of the most critical challenges of identity security – securing privileged access with our new Privileged Access Security (PAS) product.
It’s time to rethink the security of privileged access.
Entering 2025, it’s easy to see that identity security has become the top of mind for organizations’ security leaders. In light of the evolving identity threat landscape, in which credential compromise for malicious access is a pillar in almost every attack, leaders are compelled to reevaluate the traditional identity security methods that are no longer efficient enough – and PAM solutions are high on the list.
Why the current ways to protect privileged users are not enough.
Every hands-on identity security practitioner would be the first to agree that relying exclusively on the traditional PAM approach to guard administrative access is bound to leave security gaps. Endless onboarding cycles, challenge in discovery of all privileged accounts, and frequent bypasses by admins, are some of the prominent issues organizations struggle with. The result is that PAM protection is rarely applied to all privileged accounts, and too many are left temporarily or even permanently exposed.
Envision a privileged access security solution that overcomes the gaps of traditional PAM.
Our task when attempting to tackle this important challenge was to build a solution that addresses the following needs: from the operational aspect, rapid deployment and onboarding, covering all privileged accounts. From the security aspect, the ability to enforce secure access for all privileged users, with Least Privilege and Just-In-Time (JIT) access policies.
To achieve these goals, we had to zoom out of how PAM solutions were built so far (which is still based on architecture designed decades ago) and look for an alternate approach. One might say that our aim wasn’t to build a better PAM, but to fundamentally rethink how the objectives that PAM solutions aim for can be better achieved in an alternative manner.
Silverfort Privileged Access Security (PAS): Go beyond protecting privileged accounts. Secure them.
At the core of Silverfort lies the innovative technology and architecture in which our platform integrates with the different pieces of the IAM infrastructure, becoming an inline component of the authentication and authorization process. This enables us to see, monitor, and enforce identity security controls in real time on 100% of the access requests that take place within the various identity providers (IdPs) in the environment. So, we’ve turned our efforts to use these capabilities for the purpose of protecting privileged access:
- Rapid deployment and onboarding: If Silverfort is already in place no additional installation is required, and the Privileged Access Security capabilities can be enabled immediately. If not, Silverfort can be deployed in most organizations in a matter of hours or days (unlike traditional PAM solutions which take months or even years to deploy and onboard).
- Automated discovery: Silverfort already sees every authentication and access attempt, as well as the configuration of the IAM infrastructure. As such, it can not only identify the users that are members of the admin groups, but – more importantly – identify the users that access sensitive resources, practically exercising admin access without being officially defined as such. Silverfort can also identify all the sources and destinations in which a privileged account is being used.
- Enforcement of Least Privilege access, with “Virtual Fencing”: Silverfort can interject in any authentication process and inform the identity provider whether to allow access or block it. This allows organizations to ensure that privileged accounts are used only within their intended purpose, and that no one can abuse them for any other access.
- Just-In-Time (JIT) access: We’ve enhanced our technology with the ability to disable any administrative account, and only enable it for short period of time when it’s actually needed, upon a verified access request by an authorized user.
- Admin bypass resiliency: The admin’s user experience when accessing resources stays intact and is not subject to any change. Silverfort’s security controls are enforced inline through its integration with the IAM infrastructure (e.g., Active Directory), regardless of how the admin tries to access the resource. In practice, it means that no admin can bypass the protection of Silverfort by accessing resources “directly,” as they (and threat actors) often do with traditional PAM solutions.
Reshaping the future of identity security.
The launch of PAS is another important step in Silverfort’s mission to deliver a single solution that addresses the full scope of identity security needs. What’s more important than the specific capabilities, is that PAS operates with our existing modules – ISPM, ITDR, MFA, Service Account (NHI) protection, and Authentication Firewall – to form a whole that is far greater than the sum of its parts. For the first time, security teams can get a turnkey solution to address identity threats end-to-end, in which the ability to protect administrative access plays a key role.
Join us in redefining what’s possible.
Learn more about Silverfort Privileged Access Security here.