Privileged Task Automation & Delegation

Privileged Task Automation SHOULD ABSOLUTELY be one of the core layers in your Privileged Account Security strategy.

It's all about delegating the task not the privilege.

By automating sysadmin tasks, login sessions are no longer needed. This closes down the most vulnerable of attack surfaces, whilst the workflow benefits from automation speed.

Osirium's PTM will automatically perform Privileged Tasks on behalf of your team members, and without handing over insecure and unaccountable direct access to all those susceptible Privileged Accounts in your infrastructure. Tasks will be consistent and free from human error.

As a result, your team can dispense with wading through loathsome run books, looking up credentials, manual sign on etc. Now they can now more effectively focus on delivering an IT infrastructure to meet the competitive advantages your organisation needs.

It's a great way of delegating all those repetitive tasks to the most appropriate part of the organisation. Business Tasks can be wrapped up into a 'First Call Fix' strategy.

Privileged Task Automation
  • High volume tasks; packaging up simple tasks such that they can be executed error-free.
  • Delegating tasks to 3rd party service providers or lower skill-set / low cost service desk staff.
  • Complex time-consuming tasks, using simple parameter driven execution, again by 3rd parties or lower skill-set staff.
  • Reacting swiftly to status changes, security policy compliance deviations, cyber-breach notifications and change reviews by senior manager / security officer / CTSO/CSO.

Take a look at Privileged Task Automation & Delegation features…

See The Features

Feature Highlights

Delegate Packaged Tasks

Business process tasks can be packaged up and delegated to 3rd parties or untrained junior staff to action, freeing up senior admin time for more important tasks, which can also be automated.

Tasks can also be run without needing risky direct privileged access to devices.

Osirium Searchable Task Names

Searchable Task Names

Tasks can be associated with the devices shown in the Osirium Desktop Client.

This means the SysAdmin can easily search and find the appropriate tasks.

Osirium Business Related Names

Business Related Names

Devices, tasks and task inputs (including dropdown options) can all be given customizable, business specific names which significantly reduce the opportunities for operational errors.

e.g. when admins are instructed to perform a task; ‘Switching the company website to the DR location’, the chance of catastrophic errors are minimized.

No Training Required

No Training Required

Tasks in Osirium are presented to the user as simple forms within the Desktop Client which can be made self-explanatory by using clear business related input field names.

No training is required and no detailed knowledge is required of the end devices and their tasks.

Free Text Inputs

Free Text Inputs

Tasks can handle free text inputs to allow the operator to manually enter information.

Inputs can be validated against rules i.e. numeric, alphanumeric, IPv4 IP Address etc. Incorrectly entered data is clearly alerted to the user on the form.

Dropdown Selections

Dropdown Selections

Tasks can have drop down pre-defined lists with input options.

The choices are defined per task/per device which can then be used to limit the choices of the operator so that incorrect options cannot be chosen, minimizing the risk of human error.

Checkboxes

Checkboxes

Tasks can have simple Yes/No boolean checkbox inputs.

These also have customizable display names.

File Uploads

File Uploads

Files can be selected and uploaded TO devices as part of a task.

e.g. this allows tasks to start with a file import and then other steps can be performed to check if the file had been processed correctly, for example through SQL commands.

File Downloads

Files can also be downloaded FROM devices either during or at the end of a task.

This would allow routine specific logs or reports to be downloaded to Osirium for diagnostic purposes, particularly if the SysAdmins did not have direct authorized privileged access to the device.

One Click Tasks

One-Click Tasks

‘One Click’ tasks simply perform an action with a set of predefined inputs and controls if required.

This is particularly useful for simple, quick fixes.

Known Fault Workarounds

One use of tasks is to create “known-fault” workarounds.

These are tasks that attempt to fix problems which are commonly encountered on systems or devices and have well-known resolutions. Typically it might be a one click task, which could be delegated to the Help Desk so that subsequent support calls for the same problem, can be fixed almost immediately after the call is made, negating the need for escalation to senior staff.

Email on Success or Failure

Osirium can be configured to send email alerts to device or system owners, whenever a task has been performed.

These emails can summarise the user, the specific task, the target device and confirm that the task was performed successfully.

Automated Tasks

Tasks can be performed automatically, as well as manually.

Typically being triggered by schedules defined by users for daily, weekly or monthly execution.

Multiple Technology Support

Tasks can run against many different types of devices with a variety of management interfaces including; SSH, Telnet, RDP, VNC, RPC, vSphere, HTTP(S) and even bespoke application APIs.

Tasks can also be created for web-only devices (such as cloud portals), web applications, servers and network devices.

Device API Support

Tasks can be written, not only to use command line or web interface interactions, but they can also be written for Application Programming Interfaces (APIs).

This allows a fully interactive programmatic interface into devices. This is often the preferred method of connecting because it produces the most accurate and high-performance tasks.

Template Sub Files

Template Sub Files

Tasks can be created and managed in separate files from the main template.

This makes the creation and organisation of multiple tasks much simpler.

Device Backups

Backing up the configuration of devices which fall outside the normal scope of a traditional network backup solution is a valuable contributor to business continuity.

Osirium does not require agents on the devices and actually invokes the vendors own commands to create a backup archive file which then gets copied and stored securely on Osirium.

Device Techouts

Collecting diagnostic technical information can be a tedious and time consuming task.

A Tech-out task solves this by connecting to a device, running a recognized set of commands to collect diagnostic information and then copying it back to Osirium. Tech-outs can be stored for future examination and comparison with current issues.

Subtasks

As with programming languages, tasks can call on sub tasks so you don’t have to re-write specific initialisation or finalisation steps.

For example, a task could be called to automatically back up a device prior to the main task running and then perform the backup again afterwards.

Change Ticket Information

A free text input can be setup as a change ticket reference.

Entering a valid format Change Ticket number prior to running the task will be logged in the audit trail of the task, allowing it to be searchable and found by ticket number search criteria.

Multiple Step Tasks

Tasks can be simple one line commands or they can be complex series of steps with conditional statements.

This allows multiple steps to be run, followed by tasks to check that it has executed correctly, or in the case of failure, perform additional steps to retrieve error logs, etc.