Benefits of integrating PAM solutions with a Credential Vault

September 13, 2019//Tony Howlett

Last Updated: November 19, 2020

In order to make our solution as comprehensive and powerful as possible, we partner with a number of other well-respected companies in the cybersecurity space. Together, these partnerships add up to an enhanced solution that brings customers several key features and benefits that are essential for complete network protection.

In this post, we’ll look at four partner vendors, and how they integrate with our platform to add value in a number of ways. These companies – CyberArk, Hitachi ID, Thycotic, and BeyondTrust – are all Privileged Access Management (PAM) providers, and each provides a set of credential vault (or password vault) capabilities that bring important benefits when integrating with the SecureLink platform.

The SecureLink Credential Vault

Our Credential Vault is the foundation upon which the PAM integration is built. The Vault enables SecureLink administrators, as well as users who have the proper permissions, to store masked credentials on the server-side. These credentials are securely provided by SecureLink whenever a vendor requests access.

Using the Vault provides a key protection feature: credentials are never sent to a vendor. This is for the vendor’s own protection since masking credentials ensures that logins and passwords can’t be used to leapfrog, can’t be shared, and won’t end up exposed on a sticky note or digital keychain. In short, by keeping credentials hidden, the Vault prevents credentials from being compromised, helping to stop potential network intrusions before they can even start. 

PAM partner integration

The Credential Vault provides several valuable features for protecting credentials, but by joining forces with four PAM partner providers, even more security benefits can be provided to customers.

Features and benefits: a comparison

SecureLink’s integration with CyberArk (the CyberArk Enterprise Password Vault API integration) brings several important benefits. For example, SecureLink customers can use CyberArk’s Enterprise Password Vault to store credentials and integrate them into services that are accessed while using SecureLink. These credentials are stored solely in the CyberArk credential vault, which provides password rotation and automatic password regeneration. All privileged account passwords and SSH keys are protected in a highly secure central repository, which helps prevent the loss, theft, or unauthorized sharing of these credentials.

As with CyberArk, the SecureLink customer also gets benefits from its integration with Thycotic, which enables them to use Thycotic’s Secret Server to store credentials and integrate them into accessed services.  Thycotic allows customers to set password policies, provides the ability to auto-generate passwords, and hides all of the organization’s passwords within a single repository. 

These three benefits are also achieved through SecureLink’s integration with Hitachi ID (by using Hitachi ID’s Password Manager) and its integration with BeyondTrust (using BeyondTrust’s PowerBroker Password Safe).

Common features and benefits

By partnering with the four vendors described above, we at SecureLink gain a number of important benefits that are similar for each vendor. These integration features and benefits include:

  • Leveraging the native password storage capabilities and policies of each PAM partner
  • Retrieving necessary remote access credentials from each PAM partner, and connecting to the remote server via the SecureLink connection
  • PAM partners can utilize the SecureLink Credential Vault with minimal configuration
  • SecureLink can make API calls to PAM partners in order to retrieve credentials without additional configuration in the partner application.

Connectivity workflow

For each of the PAM partner integrations, the general connectivity workflow involves the same three steps:

  • The user sends a connection request using their SecureLink credentials
  • Masked credentials are requested from the partner API
    • CyberArk Enterprise Password Vault’s API
    • Thycotic Secret Server’s API
    • Hitachi ID Password Manager API
    • BeyondTrust Password Safe API
  • Masked credentials are passed to SecureLink and applied without user visibility.

The two-step takeaway

SecureLink’s highly-beneficial integration with PAM partners involves two key steps.

First step: using SecureLink’s Credential Vault. By keeping credentials hidden, the Vault prevents logins and passwords from being compromised and thus helps stop potential network intrusions before they can even begin. In other words, SecureLink’s Vault provides proactive protection, not reactive. 

Second step: building on its Vault features, SecureLink partnered with the best PAM providers and integrated its technology with their strengths (their credential vault or password vault capabilities), in order to provide even stronger security. For each PAM partner integration, masked credentials are requested from the partner API, then passed to SecureLink and applied — without being visible to the user.

By letting key PAM partners integrate with its Credential Vault – always using masked credentials – SecureLink can provide its customers with a more complete protection solution.

To learn more, you don’t need a credential at all. Just request a free, personalized demo today.

close close