Privileged Access Management (PAM)
What is Privileged Access Management (PAM)?
Privileged Access Management (PAM)A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.
Privileged Access Management protects the "crown jewels" of an organization: domain admins, root accounts, cloud root users, database superusers, network device credentials, and service accounts. A PAM platform typically combines a credential vault (passwords, SSH keys, API tokens), session brokering through a bastion, just-in-time elevation, session recording with keystroke logging, and detailed audit. Tight integration with MFA, RBAC, and SIEM/SOAR enables anomaly detection and policy enforcement. PAM is a foundational control in zero-trust roadmaps, in PCI DSS, ISO 27001, and in cyber-insurance underwriting, and it dramatically reduces blast radius from credential theft and insider misuse.
● Examples
- 01
CyberArk Privileged Access Manager rotating the Windows local administrator password after each session.
- 02
BeyondTrust providing a recorded SSH bastion to root accounts on Linux production servers.
● Frequently asked questions
What is Privileged Access Management (PAM)?
A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges. It belongs to the Identity & Access category of cybersecurity.
What does Privileged Access Management (PAM) mean?
A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.
How do you defend against Privileged Access Management (PAM)?
Defences for Privileged Access Management (PAM) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Privileged Access Management (PAM)?
Common alternative names include: PAM, Privileged identity management.