Granular Access Control
In a typical server environment, once you are granted with administrator or root privilege, you are the KING of the server! You could perform anything you want on the server, without any restrictions. Despite you have a fancy detection system in place, the moment you receive the alert, this also means that the incident has occurred. Should you be also considering a proactive prevention strategy besides just having a good detection system?
MasterSAM Granular Access Control module offers Whitelist & Blacklist capability to flexibly control privileged access over system objects such as file/folder, service, command, shared folder, registry, …etc. It allows you to go beyond the system native limits and apply stringent enforcement control e.g. deny admin to shutdown server or perform user management function despite having privileged access, allow operator to start/stop specific service without requesting for admin credential and deny SHELL access, etc. Centralised facility allows quick enforcement of policies and ensure administrative access is always restricted. With this capability, the preventive measure and role segregation stipulated in most compliance audit are now enforceable by MasterSAM.