Good afternoon, good morning, or good evening. Welcome to our webinar today sponsored by ManageEngine and we'll be talking about Zero Trust and how Privileged Access Management can help in that quest and I'm delighted also to be joined on the web webinar by Srilekha Sankaran, who is Chief Architect of PAM for ManageEngine.
So, hello there. Hello Paul, hello everyone. Hope you're okay.
Good, good. Thank you. Excellent.
Well, we'll hear from you in a little while. Meantime, I'll press on with this. Just for people listening in, you don't have to do anything. Just enjoy and listen. You're muted.
So, no need to worry about muting or unmute yourself. There will be a couple of polls during the webinar and there's also your chance to ask questions at the end in the Q&A. We also always record our webinars and this will be available very shortly after the live event, as will the slide decks which you will see today.
So, if you have any colleagues that can't join us live, then please tell them and they can watch it on the recording. So, that's all that's happening.
Now, the agenda today. I will start off with a kind of a brief history of Zero Trust, where it is, what it is, how it affects Privileged Access Management, and then Sri Lekha will go into a little bit more detail about Manage Engine and how it can help with Privileged Access Management, and then we have the Q&A wrap-up and goodbye.
So, let's start off with our first poll. So, nice and simple. Have you considered Zero Trust, your organization?
Yes, no, reply there. So, let's start the poll opening.
Yep, thank you very much. We'll wait a little while just to collect the answers while we're doing it.
So, yeah, so Zero Trust is obviously on the radar at the moment. Lots of people talking about it, not the least which are analyst communities.
So, have you considered Zero Trust? Yes or no?
So, I think we'll close that poll now and carry on with the rest of my presentation. So, to start with, I just wanted to point out a kind of obvious fact, but when we talk about Zero Trust, everything is connected to the internet these days. As soon as you switch on your phone, as soon as you set down to work, you're connecting to the internet, and the internet is the world's biggest Zero Trust network. You simply can't trust what's on it and what you're connecting to. It's a matter of fact, and the news stories around the world prove this on a daily basis.
So, that's something to bear in mind. When you consider what is the backbone of your organization, and what is the backbone of your communication systems right now, and that is the internet. This is a quote from the National Institute of Science Technology in the United States, which says that Zero Trust is not an architecture. It's the first thing that we always need to establish.
It's not something you can sort of buy off the shelf, but it is actually a set of principles for workflows, system design, and operations that you can use to improve the security posture of your organization or business. So, that's always worth, just like the internet is the world's biggest Zero Trust network, Zero Trust is not an architecture on its own. And the guy that's kind of credited with at least popularizing the, if not inventing, the concept of Zero Trust is a guy called John Kinderberg, who used to be a IT analyst.
And he, about 10 years ago, took the concept that actually had been around for a few decades before all of this, and before the internet even. And he decided to, you know, to start formulating what Zero Trust is, how it relates to an organization, what particular pieces you need, and what policies, etc., that you need to create a Zero Trust environment. And the key thing he said was that networks should be designed without implicit trust.
So, just as we don't trust the internet, which is why we have firewalls, why we have filters, etc., on all our connections to the internet, then the inner workings of our organization should take the same position, so that networks should be designed without any implicit trust in them.
So, you have to enforce strict identity and least privilege access policies. And the key word there is least privilege. And you'll see how privilege access management is now being used in new ways to promote and establish a Zero Trust in organizations.
So, going back to the NIST's definition of Zero Trust, and it really is actually worth looking at this document. And these documents are actually available quite easily, and they're quite reasonably priced. I think I have one on my shelf here somewhere, but it doesn't fall to hand.
Oh, here's one. Yeah. This is on authentication guidelines, but you can get these, I think, on Amazon or directly from the NIST, and it's actually a very good way of establishing some guidelines. But just to get seven tenets of what they say.
So, we have all data sources and computing services are considered resources. All communication is secured regardless of the network location.
Access, and this is important, access to individual enterprise resources is granted on a per session basis. So, that's where we start getting into the concept of just-in-time management and just-in-time access, so that you don't have standing access, you don't have standing privileges that somehow, and this is the tricky part, because actually implementing on a per session basis is actually quite hard work.
It's quite hard on system resources and architecture design, so that you have a per session basis, which is actually still highly efficient and doesn't interfere with the workings of the business. One of the reasons we have a lot of standing privileges right now and standing access is because if we didn't, the business would slow down, but that doesn't imply zero trust, you see.
So, we need to think about that carefully, and the access resources is determined by a dynamic policy evaluating the identity, the application service, the requesting asset, as in, let's say, a laptop or the device, and the behavioral and environmental attributes. So, all of those things have got to be factored into something that happens every millisecond, every day, everywhere in the world where someone logs on or seeks access to a resource. The enterprise then needs, on the compliance side, needs to monitor and measure the integrity and security posture of all owned and associated assets.
So, you can't have zero trust if you don't know what's happening in your networks, if you don't know who's accessing what or who's trying to access stuff. All resource authentication and authorization must be dynamic and strictly enforced before access allowed.
So, you can only allow access once authentication and then authorization is completed, and if that fails, then that is a violation of the zero trust and that identity cannot get access.
And finally, again, coming back to sort of analytics and information, you should ensure that your organization collects as much information as possible about state of assets, network, infrastructure, and communications, and use that as a continuous analysis, even, say, on a monthly basis, even a weekly basis, so that you can make decisions about what needs improving in the architecture and what is perhaps a risk. And that is obviously an ongoing process. It's also obviously a process which, again, uses up resources and time, but it needs to be done if you're going to maintain zero trust.
Now, all that's very well. As I said, there are some challenges to this. There are organizational challenges. I mentioned in the previous slide that creating such a network, doing such things as keeping a record of network activity and logging all that, it's quite hard and it's quite costly to implement. If you find that your infrastructures and your applications need modification, that also can be a challenge.
The legacy infrastructure, quite often, you may have identity and access management systems or access management systems which do not adhere to the tenets of zero trust that we've just been talking about. So, again, that's going to be an expense. It's going to be a labor cost. It's going to be a time cost. And you need to work out a risk and cost analysis of how you can do that. Privilege access, again, as we'll talk about later, is a key part of this. How can you protect those privilege access accounts or people who have identities that have access to privilege resources?
How will you make that a zero trust environment as well? Is it possible that you can go on the process of digital transformation, which is ongoing, and zero trust at the same time? That's certainly a challenge, but I think it's certainly a good challenge as in if you start to digitalize your environment, it's a great opportunity to start thinking about designing that architecture so that zero trust is designed in.
Do you have in your organization teams like DevOps or coders or those departments that quite often might use privilege access management or they might use rapid access to cloud resources? We call them sort of agile dynamic teams who are at the very age of modern computing as in they want super fast access. They want to turn things around very quickly. How can you bring them within a zero trust environment as well?
Related to that, of course, is the complexity of many environments, even those that have legacy infrastructure that have old applications are still now probably joined by newer cloud resources and then multi-cloud resources. Very few organizations have just Amazon or just AWS, sorry, or Microsoft Azure or Google. They may have all three running in different parts of the organization in different countries perhaps. All of these things and that in particular brings a key challenge to implementing a zero trust in your organization.
So we at Kupinger Coal amongst other things obviously talk about identity and access management and the future of identity. We increasingly now speak about what we call an identity fabric.
The best way to really describe this is going beyond the static platform-based identity access management and privilege access management platforms that exist in many organizations and thinking more about areas or platforms that can sort of wrap around the business like a fabric and and can offer an integrated perspective across all areas of identity access management to every identity and every service and resource.
Obviously that's easier to put down on a piece of paper and describe than it is to implement, but that's the theory and a theory is that one size doesn't fit all, one platform doesn't fit all. Let me give you an example.
You may have a privilege access management system in place which does a good job for protecting traditional identities that have privilege access such as administrators, but that uses a system of passwords, it uses a system of vaulting, and it takes time for the privilege identity to request access, to get a password, to use the password, to then do what they want to do, and that is why those things often get left open as standing privileges, whereas the people in DevOps work much faster and you might find that they're actually bypassing privilege access managing altogether, but they're actually doing stuff which is very, very key and very privileged indeed, i.e.
having access to pieces of code, having access to software supply chains, etc., which are very privileged indeed, but you may find that they actually either don't use any kind of PAM, but they actually would use maybe their own version, even develop something of their own. You end up with your legacy identity access management, and then you've got this new stuff which is being pushed out and developed beyond control of the normal IT security department, so that is what's happening.
You've got what you might call a rogue identity fabric, so you've got bits of which are part of the design and other bits which aren't and which you have no control of. It's a process of looking at the entire organization, which we've laid out here on this slide, and looking at those areas which need covering, which might be covered by one form of identity access management and one form of privilege access management and another area which needs say cloud infrastructure and entitlement management again.
So you then start to get this holistic view supporting all identities, human and machine, etc. Again, by doing this we can start to build a zero trust network because we are closing the gaps. We are logging what's happening in DevOps without interfering with their workflow, without interfering with the speed and the way that they and even the times that they like to work. So that's what we need to do. We need to expand identity access management all across the organization so it supports zero trust and most importantly supports infrastructure as a service, identity as a service again.
All these things and there's many vendors now, as Manage Engine will show, that are thinking about this in the same way and they are looking to close these gaps. And then this again is really just a reference and again I'm not going to, this isn't something I'm going to run through here but this is really for your reference as part of this today's webinar. So we've basically taken core identity access management, extended identity access management and then integrations.
So within all of this you can see how identity and access management is really now quite a complicated and yet fully comprehensive sort of science perhaps that can cover most of the challenges that we can see at least for now at Kutma Gokal that most organizations need and those would run through the core functions of administration, analytics and risk, authentication and authorization. So take a look at that when you've got time and see where perhaps your organization, where you think yeah we've got that and you know it's a great document just to have to refer to.
So with that I'll just quickly open my last poll which is, the question is how many different cloud service providers do you use or does your organization use? Which really is something we're trying to find out from so many of our subscribers and users and so the other question and so the answers available are just the one and only the one of AWS, Azure and Google. More than three but not including those big three. More than three including those three plus others say OVH or Oracle etc or perhaps you don't actually know which really is not supposed to be a joke answer.
It's actually quite serious because it's actually quite conceivable that many IT managers, many CISOs don't have a clear idea of how many cloud services are being used and that's because of this case like I said where certain lines of business may be actually purchasing cloud on a shadow basis without it being managed or even known about by central IT.
So that I think is we'll close that poll now and just to before I hand over also when you get the download I put a load of linkable resources here which go into a lot more detail about Zero Trust identity and cloud access security brokers etc for you to read online when you get the chance. So I shall now hand over to Sankaran to talk more about Zero Trust and PAM solutions with Manage Engine. So hello there. Thank you so much Paul. That was indeed an insightful session covering the threat landscape at large, the essentials and you know the key challenges in employing Zero Trust.
I also think you had a very pretty comprehensive and engaging perspective on how organizations can really get a head start with Zero Trust starting with their identity management and PAM strategies. So before I begin I'm Sri Lekha, product expert for PAM solutions at Manage Engine. So in this session I will be taking you all through how Manage Engine approaches Zero Trust security from a privileged access management point of view. So first off yes we are Manage Engine. We are the IT management division of Zoho Corp. Manage Engine has been in the IT management market for the last 25 years.
We offer over 120 IT management products and free tools that cover every facet of your IT starting from network and device management to privileged access security to applications management to active directory management, service desk software, file integrity monitoring and so on. So now coming to the privileged access management part, we've been in the market since 2007.
We started off with a password manager product and until now we've been supporting over 1 million admins worldwide and we have over 5,000 global brands trusting us and we also have over 200 channel partners across the world helping us with localized support, product implementations and so on. So coming to our PAM portfolio, we offer a comprehensive set of PAM solutions which cover end-to-end privileged access management for our customers.
The first product in our suite was Password Manager Pro which was launched in 2007 which was also built to inventories and manage our in-house secrets like SSH keys, passwords, certificates and so on. So we built this internal tool because we had to manage passwords and keys manually in spreadsheets which was neither easy nor was it secure for us. Eventually we later added more capabilities such as session monitoring, reporting, logging, auditing to help our internal IT administrators facilitate remote privileged access to target endpoints and so on.
So later we thought this tool will be of great aid for our customers and so Password Manager Pro was born. So down the line we also built a comprehensive PAM portfolio that caters to multiple PAM use cases and niche business use cases as well. These capabilities include encryption key life cycle management, secure remote access, privileged session management and so on. So as of today PAM360 serves as ManageEngine's enterprise PAM suite.
PAM360 encapsulates the core capabilities of all our PAM point products and also includes advanced and high-end functionalities such as just-in-time privilege elevation, DevSecOps secrets management, blended analytics and other plentiful customizations. So in addition PAM360 also offers the contextual integrations with IT management solutions such as you know active directory management solutions, sim tools, network management tools, endpoint tools and so on.
And we also offer integration with developer tools, business applications and so on which results in tighter integrations with all parts of your IT and also helps you get nifty insights on privileged access across your enterprise for quicker remedies and reduced security incidents. So this is also why PAM360 caters to more matured enterprises compared to other PAM products in our portfolio. So before we understand how ManageEngine approaches zero trust, we may have come across workplaces evolving today. Offices are no longer confined to just buildings and rooms and co-working spaces.
The boundaries have vanished and the security perimeters are now omnipresent. But however the fact remains no matter how sophisticated attackers become, no matter how sophisticated attack algorithms turn out to be, it all boils down to a simple misuse of credentials and privileges to gain access to sensitive data. So if anything the recent data breach reports only suggest that the number of privilege abuse attacks have risen in the recent past. This is as a post-pandemic effect probably, but in fact over 80% of data breaches happen only because of apparent and weak and compromised credentials.
So with that being said, now before exploring how we approach zero trust controls, let's first understand what it takes to take the first step towards zero trust PAM. This is very similar to what Paul just covered in terms of having some bare minimum controls in an organisation to actually get started with zero trust. So this includes the first step which is verifying the legitimacy of user requests. This is a very basic step where if a user needs access to an endpoint or an application, they will first have to prove the legitimacy of their request.
So this comes in the form of a request mechanism where users first raise the request to the administrators. The administrators will then verify and confirm whether this user can be granted access to. And post that, administrators will approve their access request and users can gain access to these systems.
So next, IT teams need a score-based access provisioning mechanism where users and devices through which users connect to remote systems will first be assessed for threats and risks. So based on that, they will be assigned with a baseline trust score for both users and devices. So this way, admins can grant access to passwords and remote hosts only if the baseline trust score is acceptable.
As in, users with high baseline trust scores can have higher chances of access compared to those who do not have it. And for this, you will need to have tight integrations with your other IT management areas such as UEBA, continuous monitoring of remote sessions to be able to dynamically assign scores for users and devices. And finally, you should also enforce multi-factor authentication because it just adds another layer of security to your environment. Now that brings us to the core part of this presentation, which is how PAM360 encapsulates Zero Trust security in its modules.
So to begin with, PAM360 offers the following capabilities in terms of Zero Trust when it comes to monitoring privileged activities. So the first two controls are pretty intertwined where we offer policy-based access controls, which are driven by trust scores. Now this is an industry-first approach to Zero Trust, which includes leveraging a dynamic and automated trust score mechanism to assess real-time threats posed by users and devices.
Subsequently, you can also set up access control policies based on these trust scores and other crucial factors like whether or not there's MFA enabled, or if there are password policies that are set, or if users are granted access based on their roles, and so on and so forth. Based on these factors and policies, administrators can trigger automated follow-up actions based on your organization's security requirements. And as part of its Zero Trust portfolio, PAM360 also includes additional levels of scrutiny when it comes to provisioning access to users.
So this comes in the form of smart request-release workflows, role-based access provisioning, real-time reporting, which I'll just be covering in the later slides as well. Now similar to user trust scores, administrators can also set up baseline trust scores for devices, where devices are given with customizable trust scores at the beginning based on a variety of risk factors which you deem are vital for your organization's security. And based on these scores, you can create access policies and trigger follow-up actions when it comes to provisioning access to remote endpoints.
So in short, you will be providing baseline trust scores for both users and devices, and these scores will reduce or increase during the session depending on how, depending on the merits of your actions in the session. And if you cross a threshold, you will be given with warning or your sessions will be terminated depending on the severity of the action that users take on during these sessions. Next is privilege elevation and delegation. So PAM360 offers both agent-based and agentless mode of privilege elevation which helps our customers ensure zero standing privileges in their environment.
The agentless mode is also known as the just-in-time privilege elevation. With JIT in place, Windows domain users can actually gain elevated permissions where they will get domain administrative privileges based on a request approval mechanism for a specific time frame.
Now, this orchestrated workflow allows domain users to easily log in to remote endpoints for a specific period and carry out their intended tasks. And once they have completed their intended tasks, the access to these systems will be revoked, and also the passwords of such critical systems will be automatically rotated. So users with only valid access requirements will be automatically elevated into local security groups for temporary access through this method.
Similarly, a domain user account can also be elevated into a domain security group, and this kind of elevation is actually facilitated through ManageEngine's native Active Directory Management solution, which is also called AD Manager Plus. So through the integration with AD Manager Plus, PAM360 can provide administrators the control to map domain user accounts to specific security groups in Active Directory. Once these accounts are added to the security groups, their privileges are basically elevated, which means they can gain administrative access to remote endpoints for a temporary period.
Like I said, once this time runs out, permissions are automatically revoked, ensuring that no user has access to these privileged systems anymore. And in addition, these user accounts with temporary privileges will also be subsequently removed from those security groups automatically. Whether or not it's a local or a domain user group, these users will be subsequently removed from those groups.
The other form of elevation is agent-based self-service privilege elevation, where users, once they gain access to a remote endpoint, will not be able to launch applications unless they are added as a privileged user account on PAM360. Now, PAM360 also enables administrators to configure self-service privilege elevation on target endpoints using agents. This is an agent-based approach, right?
So with access controls enabled for accounts in these resources where the agents are configured, users can log into these machines and run specific type of application which they won't normally have access to. When I say specific, this could be a command file, this could be an exe file, this could be an msi or a batch file. So there are some whitelisted applications which these elevated users can have access to, but this comes in the form of an agent-based approach and they will have to be running this application as a PAM privileged account.
Now to understand this better, let's say you are a developer. You will need to install a particular application in a remote endpoint, but you may not have sufficient privileges to install applications on an endpoint, right?
Now, using the self-service privilege elevation mode, you can elevate yourself as a PAM360 privileged account and you can install the installer file in that machine and you will be demoted from that mode once your request period has ended. So similarly, let's say you're a database administrator who wants to perform a maintenance in SQL Studio, but you might not have full-on administrator privileges to that endpoint or that application as well.
So when you use and run this application as a PAM360 privileged account, you will be able to run queries, you will be able to export tables from SQL Studio as a privileged administrator. So this is how managed engines privilege elevation modes work.
Moving on, PAM360 also includes role-based access controls, which I just mentioned just a while ago, where users, whenever users are onboarded into PAM360, they are also allotted with privileges and roles. So PAM360 by default supports six user roles, where three of them are administrative roles and the other three are non-administrative roles. So each of these roles carry common jury privileges, where administrator roles have maximum privileges of full-on control access to privileged resources, whereas non-administrative users have only view or modify access to those resources.
So let's say when a user is onboarded, they're assigned with a role with the least privilege. This is to ensure that they have restricted access to resources by default. But however, these roles can be changed anytime by administrators based on the user's requirements and preferences as well. So let's say when I add resources, these resources, when I say resources, these are typically remote endpoints such as databases, servers, network devices, and so on.
So when a resource is shared with users, PAM360 by default will enforce role-based access filters, as in users that fall under administrative roles will have complete control over these resources. Like I said, they can view, modify, and have full access to those resources, but non-administrative users only will have view and modify access, which is also their maximum privilege. So similarly, PAM360 offers smart request release workflows where if a user needs access to passwords, they'll first have to raise a request to the administrators.
The administrators will receive notifications and emails with these requests, and they can verify the validity of these requests and then choose to either approve or reject them. So also upon approval of these requests, administrators can provision user with exclusive and temporary access to passwords, let's say for 30 minutes. After the expiry of these 30 minutes, the password will become void, and the user will no longer have access to that particular password or the machine.
So further, administrators can also revoke access to passwords if they suspect any malicious activity, and this can be done during the usage period itself. So also like I had mentioned, there is also an option to automatically reset the credentials of resources, the keys of resources after every single use, right? So this way, no user can engage in unauthorized access attempts using an old password. So even if a password is accidentally exposed, they will not be valid anymore because the credentials are always rotated.
So finally, PAM360 includes a native session management module, which allows users to launch direct and single-click connections to remote hosts without requiring passwords. So when sessions are launched, administrators can join and shadow these sessions in real-time, they can also chat with users, they can monitor and audit live sessions, and if they suspect any user to be engaging in anomalous or malicious activities, they can terminate those user sessions in real-time as well.
Further, these sessions are also recorded, and these recordings can be used for future forensic analysis and security audits internally. So in addition, PAM360 also generates comprehensive audit trails, covering all events around the privileged account and key activities such as login attempts, schedule tasks, password resets, you know, whatnot. So this data, this audit data, helps in complying with regular industry compliance programs such as PCI DSS, HIPAA, POPI, and various other compliance programs.
And audit trails also provide a detailed history of access activities, like who accessed which resource, what did they access, why did they need it, how did they access, when did they access, and all of which is also required for your internal security audits.
Further, PAM360 also integrates with SIEM tools such as Splunk, Event Log Analyzer, like whatever SIEM tool you have in organization, you can integrate it with PAM360 to send your audit trails and logs as syslog messages, and you can use these solutions to correlate privileged access data with event data across your organizations to help you understand user access and anomalous activities in detail.
Further, PAM360 also integrates with network management tools, using which you can send these logs and audit as SNMP tracks, which you can use to, again, further analyze and correlate privileged access data with other events across your organization, which will help you proactively address, identify, and preempt any security blind spots. So this way, you can make sure that your security teams make informed security decisions. So with this, I hope I have given you a very good high-level picture of how ManageEngine approaches Zero Trust with its enterprise PAM suite.
If you would like to explore how PAM360's Zero Trust capabilities work, or if you would like a personalized session from our experts on how we can help you achieve your Zero Trust goals, please feel free to reach out to us on the email that you see on screen. Thank you so much for your presentation.
And yeah, before we do the Q&A, let's just have a quick look at the polls. And there's no real surprises that the first poll, have you considered Zero Trust? Ninety-four percent overwhelmingly said yes, and six percent no. And that seems to be consistent with research that we are doing.
Certainly, Zero Trust, as I said right at the start, has caught the imagination, although it's not a new concept. But certainly, today's computing environments has, you know, found a new audience, I think, and it's having, I think, people taking it very seriously. The second poll, which is, again, no real surprises, 15 percent have one cloud, 38 percent use three big ones, zero have more than three, but don't use AWS.
Again, that's consistent. And 25 percent are using more than three, including AWS.
However, as I said at the time, 23 percent say they have no idea. And that is not something that anyone needs to be particularly, you know, embarrassed or ashamed about.
I think, you know, it's just a matter of, of, you know, business life right now. And the whole point of things like Zero Trust and cloud infrastructure, entitlement management and privilege access management is to help us get around that certain situation.
So, I don't know, Sreelika, if you want to just say anything on those results, any comments yourself? The poll results are really evident of the fact that all the organizations are right now considering Zero Trust very seriously, especially for their, you know, cloud and IIS platforms, basically.
So, yeah, it's pretty evident. Yeah. Okay.
Well, we've got a couple of questions. And these are mostly about PAM360, actually.
So, does PAM360 support application control as part of its PAM modules? And if yes, can you talk us through it? I don't know if that's possible, but certainly, does it support application control?
Oh, yes. PAM360 supports application control with its agent-based privilege elevation.
So, PAM360 primarily offers, like I said, an agent-based, agentless and agent-based privilege elevation, of which the agent-based elevation is called self-service privilege elevation. So, this includes additional security controls to help, like, administrative users to control and configure elevation controls for select applications.
So, you will be able to, you know, whitelist a few applications and ensure elevated access to your users using this self-service privilege elevation in place. Yeah.
So, yes, to answer your question, yes, PAM360 offers application control and innovative access to certain applications through its agent-based privilege elevation. Thank you. Okay. The next question is also a bit technical.
So, how does PAM360 enforce least privilege to users? Oh, yes. Like I mentioned in my session, there's, like, whenever users are onboarded into PAM360, right, it will be assigned user roles by default.
So, let's say you have an active directory environment. You onboard users from your directory service, and you will have to immediately assign roles to them.
So, we have and we support six default types of user roles, of which three are administrative roles and three are non-administrative roles. So, if you do not, by chance, assign any roles to a user during their onboarding process, they'll be assigned with the least non-administrative role in PAM360, which means they will not have administrative privileges even if they are going to be an administrative user on PAM360 unless their roles are changed.
So, that way, no user will have elevated access to resources or, you know, endpoints at the beginning unless their roles are being assigned appropriately. So, this is how PAM360 enforces least privilege at the very beginning.
And later, you also have, like, privilege elevation methods where users will first have to raise requests for their access activities, and users will also be given with time-limited access to resources and applications. So, at every level, yes, PAM360 offers, I mean, applies least privilege when it comes to access activities. Great. I didn't mention least privilege much in my presentation, but it is absolutely crucial to the whole concept of zero trust. You're absolutely right.
And I should point out, actually, that the new Privileged Access Management Leadership Compass, in which ManageEngine obviously features very strongly, is now available for read or download on the Coupang.co website. So, another question here is talking about behavior analytics. I'm sure the answer is yes, but I'll let you explain. Does PAM360 support behavior analytics?
Again, that was an incredibly important part of zero trust. If you don't know what's happening, you can't secure things.
Oh, yes, absolutely. PAM360 supports privileged user entity behavior analytics.
So, we offer two types of analytics here, and we offer native UEBA through our internal ManageEngine products called Log360 and Analytics Plus. So, Log360's integration with PAM360 will help our administrators identify anomalous behavior and understand suspicious activities in detail, through which they can assign threat scores and eliminate threat actors and bad actors in your privileged environment.
Whereas, we also have an integration with another product from our own IT management suite called Analytics Plus. Through Analytics Plus' integration, you can build data models, user behavior models, user access patterns, and understand how your users use your privileged environment, what your users use to log in, what are the access activity patterns.
So, we offer blended analytics when it comes to privileged user behavior analysis. So, this way, you can effectively identify any kind of security blind spot, threat actors, and you can also identify what kind of anomalous activities happen in your privileged environment.
So, yeah, PAM360 offers blended analytics in the form of integrations with ManageEngine Log360 and Analytics Plus. Fantastic.
Well, there's no questions more at the moment. I just want to, just while we have some time, let me just publicize something very exciting coming from KC very soon, KC OpenSelect, which is our new, brand new interactive online tool that's coming which will help you as end users make those decisions you need on identity and access management solutions, but also on cybersecurity in general, and of course, areas like privilege access management.
So, look out for that coming this quarter, this first part of 2023, KC OpenSelect. As I said, we don't have any more questions, so I will take the opportunity to thank you very much, Sri Lanka, for being with us today, for your excellent presentation, and also to you, who were online today with us. Great attendance, great to hear, great to see so many people here again.
As I said right at the start, this webinar is recorded and will be available probably from tomorrow on the website for any of your colleagues that couldn't make it today, but for now, I will say goodbye, good night, or good morning to you all, and hope to see you on the next webinar. Goodbye. Thank you so much, everyone.
Thank you, Paul. Goodbye.