Cisco routers, switches and other devices are the backbone of the network for many businesses, enabling employees to access internal file shares, internet resources and more. Admins sometimes need to access these devices using privileged credentials in order to perform maintenance, reconfiguration and other tasks. However, maintaining standing accounts with elevated privileges adds to your attack surface — the accounts could be misused by their owners or taken over by attackers, leading to denial of service, downtime or loss of sensitive data. If the privileged accounts for Cisco devices are shared among multiple admins, the security and privacy risks are even greater, since passwords are more easily leaked and it’s much more difficult to hold each admin accountable for their actions.
Minimize security risks related to privileged access by eliminating standing privileges altogether.
With the Cisco privileged access management capabilities in Netwrix SbPAM, organizations can reduce their attack surface area significantly while ensuring individual accountability. Temporary accounts with just enough privileges are automatically provisioned as required and de-provisioned when the task at hand is complete. With the click of a button, a user who needs privileged access to Cisco devices can be granted an elevated SSH session that’s monitored, logged and recorded for audit purposes. Alternatively you can use temporary credentials to login via web-interface. In short, with Netwrix SbPAM, you can give admins the access they need to maintain your Cisco devices while freeing your organization from the myriad risks of standing privileged accounts.
Provide granular privileges based on the current task
Least privilege is front and center of any corporate security policy. Network support engineers simply do not need to connect to IT systems using administrative access to carry out most of their day-to-day work, so standing privileged accounts pose unnecessary risk. When an admin does need elevated permissions, Netwrix SbPAM enables you to grant them the exact level of access they need, when they need it — reducing your attack surface area without hurting IT productivity.
Elevate the security of your AD-integrated devices
If access to a Cisco device is managed via the device’s association to Active Directory, Netwrix SbPAM can create an access token, add the user to the required security group, connect to the device via the web interface and perform password rotation for service accounts — all in a single workflow.
Never expose your privileged passwords
Netwrix SbPAM also enables you to reduce the risks of password exposure that come with using a web interface to manage Cisco devices. Its included browser plugin makes it easy to secure, control, manage and monitor privileged account usage without the need to enter passwords manually, which could expose the powerful credentials. You can integrate Netwrix SbPAM with your current password vault, so instead of copying and pasting credentials, the plugin will automatically fill out login forms in the web interface.