Russian PAM (Privileged Access Management) Guide

Privileged accounts are one of the most sensitive points in an organization's information infrastructure. They are often the target of attackers who seek to gain unauthorized access to important data and resources of the enterprise through phishing and exchange of authentication mechanisms. Breaking an administrator account in time is one of the important tasks of a corporate infrastructure security specialist. Privileged Access Management (PAM) products have been developed to address the problem of controlling and managing privileged accounts.

PAM solutions are systems designed to monitor privileged user sessions, which allow you to track user sessions with extended rights and identify signs of an attack on corporate resources and critical data. The main task of PAM is to ensure the security of privileged accounts, which are often the main target of attackers. Their compromise can lead to serious consequences for business. Therefore, solutions of the PAM class are also engaged in strict authentication of privileged users, record all their actions, and in some cases even block those of them that can harm the system, for example, commands such as "rm -rf" in Linux.

The main tasks of modern PAM solutions:

• Accounting and control of granting access rights to privileged employees and contractors;
• Segmenting access so that no user has full access to critical resources;
• Password management of privileged accounts, including their automatic creation and updating to ensure minimization and separation of powers;
• Inventory of privileged accounts, which allows you to both track the appearance of unauthorized created privileged accounts, and delete them in time after the completion of the work of a privileged employee or contractor;
• A time or task-specific limitation that avoids accidental or intentional out-of-hours access to systems;
• Monitoring the activity of privileged accounts and full recording of their sessions;
• Audit and reporting on the actions of administrators and holders of special powers;
• Ensuring compliance with the regulatory requirements of both international (PCI DSS or) GDPR and Russian (Laws No. 152-FZ "On Personal Data," No. 187-FZ "On Safety" and CUES RUSSIAN FEDERATION others).

The use of a high-quality and well-configured PAM solution increases the level of information security. Solutions of this class prevent unauthorized access to critical resources and quickly respond to suspicious activity of accounts with increased authority. Some PAM solutions identify abnormal employee behavior, which is interpreted as account interception.

Monitoring the actions of privileged users simplifies compliance with the requirements of various security standards and regulators, since they have built-in standards for delimiting and minimizing the powers of employees, as well as for fixing the actions of administrative personnel critical to information systems. The implementation of PAM provides the necessary level of control and transparency for working with privileged accounts.

Monitoring the actions of administrators also allows you to optimize the work of the IT department, since the presence of an administrator's actions record on an independent device allows you to understand his actions and correct errors. PAM systems automate many routine access control processes, such as changing passwords and granting temporary privileges, and offer more stringent user authentication technologies, which complicates methods for attackers to bypass access control mechanisms.

Let's consider the systems for managing privileged access of domestic developers.

BI.ZONE is a digital risk management company that helps organizations safely grow their business in cyberspace. BI.ZONE develops its own products to ensure the sustainability of IT infrastructures of any size and provides a wide range of cyber defense services: from incident investigation and threat monitoring to the creation of cybersecurity strategies and comprehensive outsourcing of specialized functions. Since 2016, the company has implemented more than 1600 projects in the fields of finance, telecommunications, power, aviation and many others, protecting over 800 customers.

One of the solutions that is based on BI.ZONE's expertise in monitoring and response is the BI. ZONE PAM product. It is a privileged access management platform based on zero trust principles.

BI. ZONE PAM provide secure connections, secret rotation, session control and recording, event transmission to the monitoring system (SIEM), as well as blocking illegitimate activity. The principles of zero trust in the platform are implemented comprehensively: it not only strictly controls the use of privileges, but also makes IT infrastructure management convenient for users.

The BI. ZONE PAM microservice architecture allows you to update, configure, or restart individual components without shutting down the entire system. This also helps to keep the system functional even if its individual components fail.

The product is included in the register of domestic software and is certified by the FSTEC of Russia (4th level of trust, certificate No. 4844).

Key features:

• Compatibility with corporate IT infrastructure based on operating systems of the Windows NT and Linux/Unix families, including the main Russian Linux distributions.
• Built-in support for two-factor TOTP authentication and an internal directory for entering local user accounts into the PAM system.
• Easily view recorded text and graphic sessions and quickly navigate events within the recorded session.
• Independent change services as agreed. In BI. ZONE PAM of version 2.3, a "second hand" mechanism has appeared: users can suggest changes in settings, accounts and servers. And if the system administrator approves them, the changes will immediately take effect.
• Support for automation scripts and DevOps (container-native, Ansible scripts, API-first approach, etc.).
• Scale horizontally without the need for additional licenses.
• Ease of integration. Quick installation with ready-made deployment scripts and easy connection to various infrastructure components.

The product is implemented in financial sector organizations, in industrial enterprises and in large commercial structures where the stability of the platform is required.

In the near future, PAM solutions will be actively used by AI mechanisms, says Artem Nazaretyan, head of BI. ZONE PAM. According to him, the development of such solutions is directly related to the conditions under which customers of PAM systems work.

Today, they face constant cyber attacks, increased legal requirements and the need to cut costs by using AI to streamline processes. In this regard, PAM systems will strengthen the ability to respond and prevent illegitimate actions, becoming part of cyber resistance platforms and actively using AI mechanisms. At the same time, modular and flexible products will be in demand, and a tangible part of customers will have cloud and service supply models, "believes Artem Nazaretyan.

SKBKontur specializes in providing secure electronic document management services . The company has developed a PAM solution Kontur.PAM AM, "which is a service that allows only privileged users to give access to information, for example, remote employees, technical support specialists, information system owners and developers.

Kontur.PAM AM "- a system for protecting critical resources of the organization. It provides complete control and transparency of the actions of privileged users.

Here are some features of the service:

• Access control. Privileged rights are granted only if necessary and for the duration of the task;
• Track all events. The system records events about the entry of privileged users to end resources, which helps to quickly identify suspicious activity;
• One-click privilege management. The minimum required access for each user is configured to reduce the risk of errors and simplify administration;
• Rapid response to incidents. The system allows you to instantly interrupt the session in case of suspicious actions, promptly preventing threats and protecting data.

The service is suitable for enterprises of any industry where data protection is required. It can integrate into existing enterprise infrastructure.

This privileged access control product was originally developed by New Security Technologies (NTB). In December 2022, the entire company was acquired by Rostelecom-Solar, and the product was added to the range of this manufacturer of information protection tools.

Solar SafeInspect is a fully functional platform for managing privileged accounts and sessions in modern cloud and classic information systems. The program can be used not only as a standalone solution, but also as an add-on for other PAM products.

Here are some Solar SafeInspect features:

• Support for various administration protocols. The system monitors and analyzes data transmitted via protocols, SSH RDP HTTP,/, HTTPS Telnet and others;
• Connection control. The tool allows you to control by which protocols the connection is made, from which addresses, ports and where they were connected;
• Different authorization methods. The system supports certificate authentication, two-factor token authentication, and one-time password access;
• View work sessions. Privileged users' actions can be monitored online or their work sessions recorded.
• Creation of reports. The system provides logging of user actions, where time, subject and access object are recorded, as well as completed actions.
• Integration with other security systems. Integration with SIEM systems allows you to conduct more detailed investigation of events and identify vulnerabilities in real time.

Solar SafeInspect is certified by the FSTEC of Russia according to the 4th level of trust (No. 4816), entered into the Unified Register of Domestic Software and suitable for import substitution.

Indid, a domestic developer of information security software in the financial, industrial, transport and other fields, released its system for controlling privileged access in 2018. Indeed PAM is a software package for managing administrative access and monitoring the actions of privileged users of different categories: full-time and freelance employees, as well as external performers.

Some of the capabilities of Indeed PAM are:

• Account protection. Privileged user authorization is protected by two-factor authentication using the TOTP mobile application or RADIUS servers. Passwords of privileged accounts, including passwords of local administrators, are rotated automatically according to a specified schedule;
• Monitor administrator actions. The PAM administrator manages privileged access rights to the target resources through a single console. If necessary, you can prevent a privileged user from entering SSH commands and transferring files to the resource using SSH and RDP protocols;
• Investigation of incidents. All privileged user sessions are recorded. At the same time, additional data are recorded that can help with the investigation;
• Compliance with Zero Trust policy. A zero trust policy implies no trust in anyone inside or outside the network.

The Indeed PAM 2.7 version is certified by the FSTEC of Russia (No. 4667) according to the 4th level of trust.

The company "iT Bastion" began its activities in Russia in 2014. She was originally the exclusive provider of Wallix's foreign PAM solution. However, the company made its own PAM solution called "Service Provider Action Control System" (SKDPU) and registered it in the register of domestic software in 2019.

A comprehensive product called SKDPU NT ensures the security of remote access to the company's IT resources for privileged users and contractors. It is included in the Register of Software of the Ministry of Telecom and Mass Communications of Russia, and the access gateway of the SCDPU NT is certified by the FSTEC of Russia.

Some possibilities of NP MCDS:

• Access control, recording sessions and monitoring the actions of privileged users;
• Monitoring of actions performed by privileged users on administered devices: business applications, databases hypervisors, servers Windows and/or UnixLinux network devices, etc.;
• Statistics and activity reports, such as connection logs, connection statistics, user ratings, etc.;
• Recording sessions. Moreover, Windows Terminal Server (RDP) or VNC sessions can be recorded in video format, and actions performed from the command line (SSH, Telnet, etc.) can be recorded in text format;
• Password manager, allows you to automatically or manually change the passwords of privileged users;
• Real-time monitoring, as a result of which the system notifies about any attempts to connect to devices determined as critical, about unsuccessful attempts to enter the MCDS or about the impossibility of automatic entry using a specified account;
• Single Entry Point (SSO), with which each user enters the MCDS using their accounts data and gains access to devices allowed under the policy without re-entering the password.

The modern SKDPU NT system is based on the Russian Astra Linux SE OS, certified by the FSTEC of Russia for UD-4 (No. 4811) and the Ministry of Defense for NDV-2 requirements.

NGR Softlab is a Russian developer of information security solutions. It has been operating in the market since 2019. The main specialization is the development of analytical systems for information security. Among the company's products, there is also a PAM solution called Infrascope.

PAM Infrascope is a professional Russian privileged access management solution. It is a comprehensive product that protects access to network infrastructure and applications, as well as monitors and records actions that affect business continuity. This product is aimed at strengthening the information security of organizations by reliably controlling and monitoring privileged accounts used by administrators and technical specialists.

PAM Infrascope functionality:

• Centralize password storage. All credentials are stored in a single secure repository that eliminates the human factor in access control;
• Monitor administrator activity. Each session with a privileged account is monitored, recorded and analyzed for all actions;
• Multi-level authentication. biometric Methods and hardware authentication are used to increase the level of security;
• Reports and analysts. Reporting tools allow you to track changes and identify potential threats;
• Scalability. Suitable for businesses of all sizes, ranging from small offices to big business.

The product was developed taking into account the peculiarities of Russian information security standards and the needs of the local market. Introduced in banking institutions, telecom companies, production enterprises and government agencies. In January 2024, the system was assigned the FSTEC certificate No. 4752.

The Kazan company [2] is a system integrator that has its own Incident Monitoring and Response Center (SOC). However, she also develops solutions for automating information security processes. To control privileged users, the company's developers have developed and released the Innostage PAM PAM PAM solution on the Russian market.

It is designed to automate the process of inventory, storage, password rotation and access to privileged accounts, control and audit the actions of privileged users.

Innostage PAM not only controls, but also organizes the access of privileged users to the information resources of client companies.

Some Innostage PAM features:

• Lower transaction costs. Structured and centralized access management reduces the likelihood of errors and failures by minimizing operational risks and reducing the cost of incident recovery;
• Reduce the risk of internal threats. PAM helps manage access and limit privileges, reducing the risk of internal threats and allowing for prompt investigation of incidents through video and text logs;
• Improving labor discipline. PAM improves IT team discipline by tracking SLA scores for IT teams.
• Secure storage of privileged accounts (CDU). Provision to users of personal encrypted storage facilities of the CDU with the possibility of controlled delegation of access to them;

In 2025, Innostage introduced an updated version of the privileged access management system - Innostage Cardinal PAM. The developers decided to update the name to emphasize the transition to a new level of maturity.

Web Control was founded in 2008 with the aim of promoting high-tech solutions to the market. It is a distributor of cybersecurity products that produces products under its own brand name. The company's first vendors were the Blue Coat System, which offers a secure web gateway, Lieberman with a privileged access control system, and ObserveIT, a developer of a solution for analyzing user behavior.

The sPACE PAM product was launched on the market in 2021. In the registry, it is listed under the name "Automated system for organizing and managing the workflow of privileged users with an integrated secure authorization implementation environment and a subsystem for managing the lifecycle of passwords and access keys," that is, it includes not only PAM functionality, but also password and access key management.

The solution can perform the following functions:

• Organization and provision of access;
• Monitoring of actions of users and external suppliers;
• Remote access from public workstations;
• Auxiliary PAM for specific tasks.

Since
2007, the Russian company Avanpost has been specializing in the development of credential management systems (IDM). The company's flagship product is Avanpost IDM, to which SSO and PKI were added after a while. The company focused on access rights management models, offering intelligent tools for analyzing and minimizing access rights.

The SmartPAM product was released by the company in February 2025, but its key feature is the use of artificial intelligence. The intelligent algorithms used in the product work on the basis of two neural networks, each of which is responsible for key aspects of analyzing the behavior of privileged users. One network studies patterns of user behavior in a normal state, and the second - highlights anomalies in this behavior. In the development of such technologies, the company's experience in managing access rights - IDM - was used.

As a result, Avanpost's SmartPAM allows you to solve the following problems:

• Organize the use of privileged accounts;
• Automate access rights management processes, excluding the human factor;
• Perform the functions of monitoring and auditing the actions of employees, with extended powers;
• Protect access to privileged accounts by searching for anomalies in behavior;
• Enforce internal security policies.

AVSoft ("AV Soft") was formed in 2010 by Anton Chukhnov. Its main activity is the development of software in the field of information security. The company offers solutions to protect the corporate IT infrastructure from targeted attacks, virus software, spam, phishing. Since 2022, the company has been a resident of Skolkovo, and in 2024 it participated in the National Multiscaner project.

AVSoft PAM is a system for controlling privileged users in the corporate segment. It records the actions of users with security-critical permissions and audits their actions, which prevents leaks of confidential information and promptly corrects errors in the activities of administrators and contractors.

Here are some features of the system:

• Support for FTP, SSH, RDP, Telnet and others;
• Recording sessions of privileged users;
• Isolation of network objects, data collection for incident investigation;
• Control of the main privileged accounts: personal, office, domain, emergency, administrative, local.