Stealthbits Privileged Activity Manager®

Privileged Access Management with Stealthbits Privileged Activity Manager enables secure, task-based administrative access delivered just-in-time and with just-enough privilege.



With Stealthbits Privileged Activity Manager (sbPAM), organizations are empowered to reduce their risk footprint through a task-based approach to Privileged Access Management. sbPAM provides Administrators the exact level of privileges needed, exactly when they’re needed, for only as long as they’re needed, and returns the environment to a no-access-by-default state, immediately upon completion.

Secure, Control, Manage, and Monitor
Privileged Account Usage for Security & Compliance

Managing too many privileged accounts? Don’t have the budget to vault and manage all the privileged accounts you have? Looking for a more secure way to delegate administrative functions to all the people who need it in your organization? Stealthbits Privileged Activity Manager reduces your privileged account footprint while providing all the capabilities you need to manage and secure your most sensitive credentials.

Don’t just MANAGE privileged accounts…REMOVE them!
The path to success

Stealthbits’ Privileged Access Management solution makes it easy to overcome the challenges and limitations of traditional PAM offerings and secure, control, manage, and monitor privileged account usage through a just-in-time, just-enough privilege approach.

Step 1

Discover privileged accounts with standing access to system, application, and data infrastructure.

Step 2

Onboard accounts for management and remove standing privileges to reduce the attack surface.

Step 3

Grant the exact level of permission needed to the user to perform the desired administrative function.

Step 4

Connect the user directly or via proxy for advanced session monitoring.


Manage privileged user accounts

Simple architecture - Great Benefits

Stealthbits Privileged Activity Manager (sbPAM) provides secure administrative access to systems with the usage of modern technologies. sbPAM automatically creates temporary access accounts for every administrator and dynamically provides the required authorizations for the required task and then withdraws them again. This process eliminates the potential attack surface and the administrative effort of complex authorization groups is greatly reduced.

Guarantee authorized access

Guarantee authorized access

With the adaptive “zero trust” security architecture it can be ensured that all privileged access is authorized after a multi-level approval.

Fulfill Best Practices

Fulfill "Best Practices"

The Separation of authorizations for privileged access from standard authorizations; the principles of “Least Privileges” and “Need to know” are ensured by means of automated procedures.

Ensure traceability and evidence

Ensure traceability and evidence

sbPAM records all administration activities as a video, which can be played back in the event of possible misconduct or attacks for control and preservation of evidence.

Enable just-in-time access

Enable just-in-time access

Privileged access authorizations can be made available dynamically for individual users, in dual mode and for shared accounts.

Reduce the attack surface

Reduce the attack surface

With sbPAM, Kerberos tickets can be automatically deleted after the session to prevent possible attacks.

No standing authorizations

No standing authorizations

The required access rights are made available dynamically at the required time and then completely revoked.

Key Features

Just-in-Time, Temporary Privilege Accounts

Use sbPAM “Activity Tokens” to provide temporary permission and access the auto-provisioned and de-provisioned. It reduces your attack surface and potential for lateral movement attacks.

Access Certification

Built-in access certification facilities allow, approve or deny who should and should not have access to sbPAM.

Session Recording & Playback

Enforce accountability or gain evidence during investigations to record and playback sessions. Know exactly what actions are taken with proof.

DirectConnect Sessions

Don’t change the way you have grown accustomed to working. With DirectConnect sessions, Admins can launch sbPAM activities from their tool of choice with no need to log into sbPAM.

Bring Your Own Vault™ (BYOV)

Support for existing, alternative or multiple Remote Secret Stores allows for fast & easy integration. Use your existing vault, our vault, or no vault.

Federation & Smart Card Authentication

For user convenience saving authentication time, sbPAM can consume pre-authenticated identities from identity providers like Okta, Ping Identity, ADFS, & more.

Easy configuration & implementation guaranteed

Compared to other comparable administrative instruments, sbPAM offers simple and easy to handle policy management, which consists of three basic elements:

  • Users: Administrators who need privileged access
  • Resources: systems or applications
  • Activities: Steps to set up, monitor, and delete permissions

Reducing the complexity of managing privileged authorizations is the key to increase data security and compliance with governance requirements. The configuration options of sbPAM support these requirements to a large extent.

Why should you consider this solution?

Stealthbits' Privileged Activity Manager offers many advantages with just one solution:

Reduction of the attack surface

The primary objective is to reduce the permanent authorizations, as they represent an attack surface for lateral movements by cyber attackers. The sbPAM focuses on activities with privileged authorizations and not on a single account. sbPAM provides temporary access with privileged permissions for a user and then removes it when the activity is completed.

Password vault freely selectable

Almost all of today's PAM providers require you to use your own safety, which means a lot of effort and costs when you switch. sbPAM is one of the few providers to offer various options: a) Use your existing Vault (BYOV) and sbPAM will be configured on this, b) You use the vault integrated in sbPAM or c) You enable Vaultless-based releases. You have the choice.

Integrated approval workflow

Organizations must check privileged access authorizations and document the same accordingly, for traceability. sbPAM includes a simple approval workflow that provides the necessary transparency about the users activity to reduce the risk of undesired activities.

Optimized operating costs

With other PAM providers, there are no additional costs for licenses and operating costs for high-availability configurations. With sbPAM you don't have to expect any hidden costs, as everything required is already included in the license.

Let’s Collaborate

Visit our products pages to read more about the capabilities and features of products:

Get more information

Download our Factsheets Here German English
sbPAM is a product/service from Stealthbits Inc., 200 Central Ave Hawthorne, NJ, 07506, USA.
All rights reserved. The content is protected by copyright!

Sign Up for Our Newsletter!