Reduces attack surface by removing standing privileged accounts that can be compromized by attackers. Enables admins to efficiently accomplish their tasks while enforcing accountability. Avoids audit findings and provide solid proof that privileged activity is not creating security risks.

Emphemeral Privilege Accounts

Shrink your attack surface by eliminating standing privilege. Instead, create on-demand accounts that have just enough access to do the job at hand and are deleted automatically afterward.
 

Access Approval and Certification

Ensure all privileged activity is legitimate and performed by a trusted user with workflows for approving or denying requests for privileged access and regularly certifying privileged users’ rights.
 

Session Monitoring and Recording

See exactly what privileged activity is happening across your systems, live or retrospectively, to spot policy violations, or collect evidence during investigations.

Cleanup of Privileged Access Artifacts

Mitigate the risk of Golden Ticket and related attacks with automatic purging of Kerberos tickets after each privileged session. Avoid unsanctioned remote connections by automatically disabling RDP on the server once an administrative task is completed.
 

Service Account Management

Safeguard service accounts by rotating their passwords from one place; receive an alert if the process is disrupted so you can pause it and roll back any unwanted changes.

Zero Trust Privileged Access

Validate identities by enforcing contextual multifactor authentication (MFA) each time an admin requests a privileged session, using granular policies for specific activities and resources.

Achieves visibility, security, access control and compliance across your entire organisation. 

Securely access every resource and account

The Keeper Vault protects all users in the organisation for complete coverage. Access is provisioned through consistent policies, and KeeperPAM integrates with all Identity Providers (IdPs) and network infrastructure.

With a zero-knowledge and zero-trust architecture, connections and tunnels established from Keeper to the target infrastructure are encrypted end-to-end. Public sector organisations can protect Operational Technology (OT) environments to help meet CISA's stringent requirements.

Fast and responsive sessions

Keeper's engineers are the original creators of Apache Guacamole and are experts in browser-based remote session protocols covering SSH, RDP, VNC, HTTPS, MySQL, PostgreSQL, SQL Server and more.

KeeperPAM uses a zero-trust gateway service to access each environment. No firewall updates or ingress changes are needed, thereby enabling seamless, secure access without complexity.

Provide just-in-time access without exposing credentials

With Keeper’s remote session capabilities, the user never has access to the credentials or SSH keys.

Access to a resource can be time-limited, and credentials automatically rotate after access has been revoked.

Utilise all your development tools in one platform

Use your own SSH clients and database management tools like PuTTY, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio and pgAdmin with an added layer of protection.

Start a tunnel with one click and connect to localhost. Tunnels are end-to-end encrypted, ensuring zero-trust architecture and zero-knowledge security are preserved throughout the session.

It locks down sensitive account passwords on-premises en integrates with Active Directory. It gives you full audit reports for compliance and automates privileged account discovery and password changing. It controls what admins can do with privileged accounts.

Eliminate internal and external threats

Don’t just vault IT credentials. Know exactly who has access to key systems.

• Real-time session monitoring, recording and keylogging keeps a watchful eye on IT.
• Integrate with SIEM and vulnerability scanners for heightened security.
• Enforce least privilege policies for super user accounts.

Meet compliance mandates

Improve standings with auditors and maintain compliance through password management.

• Produce full audit reports on vault activity.
• Record and monitor IT admin sessions.
• Keylogging for deeper visibility.
• HIPAA, PCI, SOX, NIST, Basel II, FIPS.
   

Manage Service Accounts

Never lose track of service accounts or application pools again.

• Instantly discover service accounts on the entire network.
• Rotate service account passwords without breaking dependencies.

Secure Password Vault

• Role-based access control (Admin, User, Auditor, Custom)

• Active Directory authentication

• AES 256 and SSL encryption

• Customizable Secret templates

• HSM encryption key storage (optional)

• Web-based access (Internet Explorer, Firefox, Safari, Chrome)

• Desktop client (Windows, Linux, Mac)

• Smartphone applications (iPhone, Android, and Windows)

Enhanced Security Audits & Compliance

• Session launcher (RDP, PuTTY, Web, SecureCRT, MS SQL, PowerShell, cmd, custom)

• Two-factor authentication (RADIUS, soft token)

• Session recording and monitoring

• Custom approval workflows (Check Out, Request Access, Require Comment)

• Full audit logs and customizable alerts

• SIEM integration

• Vulnerability scanning integration