Privileged Access Management OSIRIUM

All IT Infrastructures are managed by Privileged Users, who are given elevated powers through accessing Privileged Accounts to ensure that the uptime, performance, resources, and security of the computers meet the needs of the business.

 It’s the misuse of Privileged Accounts in the Hybrid-Cloud world which has become one of the most critical security challenges, as uncontrolled access to Privileged Accounts opens a “barn door” through which untrusted 3rd parties can compromise data and inflict cyber-attacks, ultimately causing irreparable damage to the business and its corporate reputation.

Osirium creates a secure separation between the users system and credentials and the connection and credentials used for the system/device/application to be managed. Device credentials never pass through the users system and therefore never risk interception. Osirium has full break glass and roll-back features to cope with devices that leave the network or are restored from backups.


PAM - Privileged Access Management - Separate people from passwords. Prevent privileged passwords ever reaching the workstation

PTM - Privileged Task Management - Remove the need for direct system access & eliminate the potential for human error

PSM  - Privileged Session Management - Create a precise, irrefutable audit trail of exactly who did what, where and when

PBM - Privileged Behaviour Management - Visualise latent threat within your organisation, pre-emptively prevent privileged account misuse



Granular Account Control

Osirium enables every Privileged Account on every device to be given a particular state;

Osirium Managed

Osirium creates and manages the username and passwords of personalised accounts on devices and assigns an appropriate role to those accounts. Full audit trails are available and the device accounts can be given granular ‘Roles’ as opposed to everyone being given full admin. Privileged tasks can also be performed on devices.

Password Managed

Osirium changes the passwords of the device accounts so nobody knows them and Osirium provides SSO services to the device with a full audit trail. Typically, all SysAdmins receive full admin rights and privileged user tasks can also be performed on devices.

Password Known

This is the minimum level of acceptable best-practice security and typically applies to generic accounts. Osirium knows the passwords and so provides SSO and PASSIVE Session Recording to the device. The password can be manually changed in Osirium without revealing its details. Direct connections to devices can still be made, although no Session Recording will be possible. Typically, all SysAdmins get full admin rights and privileged tasks can also be run on devices.


It is understood why this account exists but the password has not been provided to Osirium. The account can only be used directly (not using Osirium’s SSO capability). This is a risky unprotected account known by Osirium.


Osirum does not know about this account and why it exists. It therefore presents a sizeable risk to the integrity and security of the device.

Secure Storage of Privileged Credentials

Osirium securely stores privileged credentials. These are then used to provide SysAdmin access to devices without knowledge/sight of the passwords.

Readily Change Account States

Accounts can easily have their state level increased, or reduced. This enables each device to have its accounts managed in the way which best suits the security policy.

Complex Passwords

Osirium uses long, complex, randomly created passwords, making dictionary and brute force attacks futile. Password rules can be set per device to ensure any password policies on devices are met. Different passwords are used for every account on every device managed by Osirium.

Role Based Access Control

Osirium allows device access to be granted at a very granular level and to assign specific roles to individual or groups of individuals. As the accounts have been created personalised to each user, they can be aligned to a particular set of rights or permissions on the end device, therefore no more sharing the highest level account.