BI.Zone Privileged Access Management (BI.Zone PAM)

2026: Version 2.5 with additional access control and administration capabilities

The zero trust model privileged access management platform BI. ZONE PAM upgraded to version 2.5. It simplified connection management, increased control over remote sessions, and expanded administration through the web interface. BI.Zone announced this on March 10, 2026.

A scheduled access feature has appeared in the update. The PAM administrator can create and assign temporary access policies to containers, limiting user connections to targets by day of the week and time of day.

The user sees the allowed connection intervals and understands in advance when access is active and when it is blocked. Connections outside the specified time windows are automatically blocked. Rules are managed centrally through access policies, reducing the risk of unauthorized use of the system.

For example, you can monitor contractors and external professionals by giving them access for the duration of the work and closing it without the participation of administrators. In addition, routine operations are automated: scheduled updates, backups and scheduled tasks with privileged access strictly on schedule, without the need for manual intervention.

The platform also now supports monitoring active user sessions and automatic synchronization of target systems via LDAP.

Шаблон:Quote 'author=said Artyom Nazareth, head of BI. ZONE PAM.

Automation of administration reduces manual load and risk of errors. Synchronizing target systems with LDAP directories allows you to configure the import once and continue to automatically keep the data up-to-date.

The BI. ZONE PAM web interface now has the ability to edit connection properties for native RDP (standard Windows Remote Desktop Protocol). The PAM administrator can centrally manage allowed RDP links and configure remote session settings for users, groups, and containers. Under one policy, it is possible to allow or prohibit the use of the clipboard, mount local disks and flash USB devices. Restrictions are applied automatically when connected and allow you to flexibly control the capabilities of remote sessions without manual adjustment.

MFA cache management is also completely transferred to the BI. ZONE PAM interface. The PAM administrator and the cybersecurity administrator can configure cache parameters through the UI at the system level, as well as for individual users, groups and containers. This simplifies administration and improves certificate security in BI. ZONE PAM.

In addition, the platform simplifies work by automatically collecting data on target systems from LDAP directories. This eliminates manual input and eliminates the need to constantly update information. Administrators can set up a synchronization schedule - daily, weekly, or monthly. The system supports full and incremental synchronization, which ensures that resource data is up-to-date with minimal effort. This approach reduces the risk of manual errors.

2025

Version 2.3 with Claim System to change security settings, accounts, and servers

An updated version of BI. ZONE PAM has created a system of claims to change security settings, accounts and servers. This allows you to manage privileged access using the zero trust concept. BI.Zone announced this on August 5, 2025.

In BI. ZONE PAM of version 2.3, an opportunity that is relevant for the Russian market has appeared - the "second hand" mechanism. Now the solution can be configured so that changes in settings, accounts and servers pass through the application system: the user creates a request, and the authorized employee approves it. Double control eliminates the risk that a critical change will be made unilaterally, while at the same time speeding up the work of employees. Users can add target systems and accounts to the BI. ZONE PAM themselves, so new parts of the infrastructure are now connecting much faster.

The update added command filtering to the SSH session. The system administrator can create a blacklist of commands using regular expressions or use the predefined list. The measure increases protection against intruders, including internal ones. In addition, it allows IT departments to organize a smooth onboarding for new employees. For example, if someone tries to reboot the mail server, BI. ZONE PAM can, depending on the user's role, allow or disable the action, show a warning, or transfer data to SIEM.

Шаблон:Quote 'author=said Artem Nazaretyan, head of BI. ZONE PAM.

In addition, BI. ZONE PAM of version 2.3 has expanded the interface capabilities for dealing with incidents, users and groups. There are sections for managing secret rotation engines and integration with LDAP - previously such settings were made through API requests. Ready-made fault-tolerant installation schemes with installation scripts have also become available to customers.

In all attacks the infrastructure destruction cases investigated by the BI. ZONE DFIR team in 2025, attackers required access to a privileged account to cause damage. The continued interest of fraudsters in users with extended rights is one of the many reasons why systems of the privileged access management class have become a basic tool. cyber security PAM solutions affect the work of hundreds of key employees every day, so customers have high demands on the convenience of these products.

BI.Zone PAM 2.0 with caching of the second factor for connection via RDP and SSH protocols

The platform for managing privileged access using the BI.ZONE PAM zero trust model received significant improvements as part of the update. Version 2.0 focuses on improving the user experience. To get the desired result, it now takes less action. At the same time, privileged users can focus on business tasks without being distracted by the work of the tool. BI.Zone (Secure Information Zone, Bison) announced this on February 4, 2025.

So, in the case multifactor authentication of (MFA), caching of the second factor appeared for connection through the RDP and protocols. SSH During operations on dozens servers or databases an employee, you no longer need to re-specify when password connecting to the next system. The specialist once enters the credentials when data entering the BI. ZONE PAM and receives a special one for file mass connections. The validity period of such a file is determined by the platform administrator.

After the update, settings appeared in the interface that were previously available only through the console or API. Among them are the management of users, roles, secrets and configuration of the solution. For example, through a personal account, a BI. ZONE PAM administrator can set the lifetime of a certificate, assign a user group a one-time password login, or configure system component balancing. At the same time, a flexible role model allows you to determine what users are allowed to do when working with both the tool itself and critical components of the IT infrastructure.

Work with session records has also accelerated. The security worker can now find anomalies faster with full-text keyword searches, improved command input mapping, and the ability to skip periods of inactivity on video. This accelerates the response to failures and incidents.

In addition, the update adds support for Ansible playbook. This tool automates routine DevOps operations to speed IT configuration management. BI. ZONE PAM allow you to run an Ansible playbook with all employee actions recorded and support for the zero trust principle. This is a rare case for PAM systems: they usually do not allow such scripts, and companies have to choose between security and manageability.

We aim to create the best privileged access management product and consistently develop the platform from the right architecture and principles laid down at the start of development to the most convenient interface. When preparing this update, we considered feedback from the market so that privileged users can perform their tasks more efficiently using BI. ZONE PAM with consistently high security. According to our UX research, now employees need almost a quarter less time to perform daily operations compared to the old version, "said Artem Nazaretyan, head of BI. ZONE PAM.

BI. ZONE PAM help secure the infrastructure by controlling the rights of privileged users, monitoring their activity and transferring data to. SIEM The product is included in, register of domestic software has a certificate. FSTEC Russia The solution works on, and Linux is also compatible with the main Russian Linux distributions.

2024

Certification of FSTEC of Russia

BI. ZONE PAM received the certificate of FSTEC of Russia. BI.Zone announced this on October 2, 2024.

The product has successfully passed the necessary tests. Now it can be used to protect information systems, which are subject to regulatory requirements for certification of the used information protection tools in the FSTEC system of Russia.

BI.ZONE Privileged Access Management (BI. ZONE PAM) prevents attackers from entering the company's IT perimeter through administrative accounts: the solution controls the powers of privileged users, ensures password rotation and records the actions of employees and contractors when working with critical information. Thus, the product minimizes the risks of business continuity disruption.

The presence of a certificate confirms that BI. ZONE PAM corresponds to the 4th level of trust and is a software tool that implements the functions of managing and controlling privileged access to IT infrastructure objects, as well as the functions of protecting against compromise of secrets. This means that the product can be used in systems where the 1st class or the 1st level of security is required: state information systems (GIS), automated process control systems (APCS), personal data information systems ( ISDS). The solution can also be used in significant objects of critical information infrastructure (CII) up to and including category 1 and in public information systems up to and including class II.

Obtaining the certificate of FSTEC of Russia is an important milestone for us. This is confirmation that BI. ZONE PAM is ready to solve the most difficult security problems in government and critical systems. We have created a product that not only protects privileged access, but also takes into account current cyber threats, as well as business needs: it is convenient to configure and use, it can be easily scaled to the entire infrastructure of the company, "said Artyom Nazaretyan, head of BI. ZONE PAM.

BI.Zone PAM Release

BI.ZONE announced on August 15, 2024, the launch of the BI.ZONE PAM privileged access management product, which protects administrative accounts.

The solution helps protect the infrastructure from intruders: it independently rotates passwords, controls the powers of privileged users, monitors their activity and transmits data on suspicious events to SIEM. The microservice architecture of the product allows you to deploy a distributed fault-tolerant installation and provides the ability to scale horizontally, which, according to the developers, guarantees continuity of business processes.

Administrative accounts are of particular interest to attackers: unauthorized access to these accounts paves the way for critical data and company systems. The consequences for business can be painful: leakage of confidential information, illegitimate access to financial assets, destruction of IT infrastructure, simple and loss of profit.

BI.ZONE Privileged Access Management prevents attackers from accessing privileged accounts and entering the company's IT perimeter. The product allows you to build protection against MITRE ATT&CK techniques, which are often used in attacks on Russian companies. Thus, 42% of groups use such techniques at the stage of obtaining initial access and 63% at the stage of privilege escalation (according to BI.ZONE).

The product manages privileged access using the zero trust concept. BI. ZONE PAM is a platform through which employees and contractors gain administrative access to the company's IT infrastructure centrally, without the ability to directly access servers, databases and network devices. At the same time, users do not have information about passwords for accessing specific resources: the system works according to the SSO (single sign-on) principle and itself conducts end-to-end authentication on target resources on behalf of privileged accounts.

It also rotates passwords and certificates with each new connection or on a schedule, which also solves the problem of updating passwords manually. Thus, BI. ZONE PAM reduces the risk of misuse of administrative accounts if they are leaked or stolen using social engineering methods, the company noted.

The platform helps to ensure prompt response to failures and incidents, as well as speed up their investigation: all user actions are recorded, while cybersecurity event data is sent to SIEM. The experience of commands and solutions from the BI.ZONE ecosystem related to monitoring and responding to cyber incidents helps strengthen the product in this direction.

The "development driver BI. ZONE PAM was the cybersecurity audits conducted by the BI.ZONE Consulting team. An analysis of the data obtained over two years showed that more than 90% of customers did not have a built-up process for managing privileged access, since companies did not find a tool on the domestic market that was suitable for their requests. The necessary funds were not used due to the difficulty in setting up, the inability to scale the solution horizontally and other problems, "said Artyom Nazaretyan, head of BI. ZONE PAM.

Microservice architecture allows you to create an installation that covers the entire IT environment of the company and can withstand the maximum number of sessions. Fault tolerance of the system is also provided in case of failure of one of the components. At the same time, the possibilities of horizontal scaling are limited only by the computing resources of the customer, but not by the software itself.

The BI. ZONE PAM solution is included in the register of domestic software. It is expected that the product will receive a certificate from the FSTEC of Russia by the end of 2024.

BI. ZONE PAM is fully deployed on Linux and is independent of Windows infrastructure components.