Business Driver – Thycotic Privilege and Password Product Suite


Thycotic’s market leading Privileged Access Management (PAM) enables you to protect your organisation’s privileged credentials – applications, root, administrator across the Enterprise and store them in an encrypted, centralised repository. PAM also helps discover root, service, application and administrative accounts to identify who should and should not have access to privileges based on role and responsibility. Secret Server helps organisations to provision access, ensure password complexity, delegate access and control IT sessions.


Cloud or On-site
Customise to meet unique business requirements
Exercise more granular control over critical security infrastructure
Delegate access and rotate credentials
Monitor and record sessions for forensic review and analysis


Solution Overview: Thycotic Account Lifecycle Manager


Managing Service Accounts (non-human accounts that interact with the operating system) is a challenge because authentication mechanisms like AD have traditionally been unable to distinguish the difference between user and service accounts. Account Lifecycle Manager from Thycotic fills this void by identifying service accounts, understanding their purpose and mitigating the risk of breaches, human error or service downtime.


Establish tighter controls with workflows
Delegate accounts based on roles and automatically provision and decommission accounts without interruption to service delivery
Enforce governance and ownership compliance over service accounts
Reduce service account sprawl and reduce risk through better management


Privileged Behaviour Analytics


Privileged Account abuse poses a real threat to cybersecurity but the risk to an organisation can be reduced with the deployment of Thycotic’s Privileged Behaviour Analytics. This solution allows administrators to quickly identify privileged account abuse, identify the extent of the malfeasance and flags risk of anomalous behaviour proactively


Easy to manage controls
Intuitive reporting
Extensive customisation
Easy to incorporate into existing disaster and business availability plans
Integrate seamlessly with Secret Server and log notifications with Slack and ServiceNow

Password Management


Password Reset Server for Active Directory (AD) and Office 365


Password resets can cost organisations up to $100 per instance and demand an enormous amount of time and resources. By dedicating an application to the task password related service calls can be reduced by up to 70% and self-service provisioning are quickly adopted by errant users.


Improve password strength and security
Automate password provisioning reducing administrative costs
Replace inefficient and risk-prone manual processes
Improve staff productivity
Integrate seamlessly with market leading authentication tools like AD
Automate enrolment for educational environments or casual employees


DevOps Secrets Vault


Typically, DevOps environments are tough environments with relentless deadlines and challenging collaborative demands. The DevOps ecosystem is often a repository of critical intellectual property and trade secrets that provide a competitive advantage. DevOp’s Secrets Vault from Thycotic replaces risk-prone passwords with Application Process Interface (API) commands that automate “secret creation”, retrieval and archiving.


Secure sensitive intellectual property” (IP) securely with DevOps Vault
Centralise the repository of secrets and enforce stringent access controls
Integrate seamlessly with RPA tools and automatically scale as DevOps pipelines grow or retract
Works out-of-the-Cloud with Thycotic Secret Server


Connection Manager


Thycotic’s Connection Manager lets IT and Security administrators manage and interact concurrently with RDP and SSH remote connections in a unified environment.


Launch and configure sessions across multiple environments
Automatically inject credentials into remote sessions on an ad hoc basis
Manage centrally using a single intuitive interface
Record sessions and provide an audit trail for tracking and forensic analysis

Links and Resources

Least Privilege


Privilege Manager


Stop ransomware and malware in their tracks by deploying Thycotic’s Privilege Manager that removes local administrative rights from endpoints. By deploying a single agent across users, administrators can manage and remove local admin rights and elevate trusted applications to execute, sandbox or block while maintaining “least privilege” model.


Single agent for simple deployment
Apply flexible policies using whitelisting, blacklisting and greylisting to define trusted applications and processes
Improve productivity with users automatically accessing apps and system resources without administrative intervention required


Access Control


Unix Protection


Increase the safeguards and controls that protect Unix infrastructure from breach or attack. Thycotic’s Unix Protection extends your Secret Server investment even further and ensures that local root accounts are protected. It also improves the root discovery process by managing and controlling access more vigilantly.


Control and manage SSH Keys
Apply least privilege access for Sudo / Su and other potentially destructive command line instructions
Manage SSH Keys more efficiently and securely
Harness the power of Thycotic’s Secret Server across all Unix Servers
Demonstrate compliance across all Unix infrastructure
Reduce service desk calls by reducing support related requests