Visulox allows users both inside and outside of your organization to access the resources they require while consistently enforcing the principle of least privilege. The service can be accessed via the browser or a desktop client. The platform is modular by design, allowing organizations to freely configure Visulox to suit their specific needs.
Visulox is a comprehensive Privileged Access Management platform designed to give your organization complete control over activity on their systems. Headquartered in Zürich, Switzerland, the platform is used by organizations of all sizes globally, including Fortune 500 organizations and multi-national companies.
Visulox helps organizations that require several different servers, virtual machines, applications, or other resources for their operations. Each one of these may require a different level of access for different users, which can be a challenge to provision and manage without a comprehensive access management system in place.
Within the Visulox platform, roles are mapped to specific users, which define what actions a user can perform. The platform offers granular customization for these permissions. For example, you could create a role that is allowed to access another user’s session to prove support but prevent them from changing any access rules in the system.
Admins can export lists of users who are able to access a given application, ensuring it is easy to track who has access to what-and to what level-for compliance purposes.
Access to applications and servers are controlled via Access Policies. These policies can be customized and applied to either specific users or groups. These policies can be based on a specific user’s permissions, the IP address used, or even the time of day.
If users wish to access a resource they are not currently assigned to, they may request permission from an administrator, helping to ensure end users can get access to services, when necessary, while minimizing security risks.
Visulox’s File Transit Zone feature enables users to easily move data to and from the Visulox platform. A user can browse for files to move or simply drag and drop. When a file is uploaded, it can then be sent to a user’s server or virtual machine to be used there.
Within any servers or machines connected to Visulox, each user has a dedicated folder for the File Transit Zone. Anything placed in this folder is then downloaded to the Visulox portal and can be retrieved there, so file management is very straightforward. Each individual data transfer is documented and can trigger a self-definable event if desired.
Depending on the user privileges, users may have permission only to upload files, download files, do both or neither. Restrictions can also be placed on which file types can be transferred. For example, executable files are not allowed by default. it is also possible to set up the file transfer in two stages and require a supervisor’s check in advance.
Visulox can be configured to enforce session recording when certain systems are accessed, ensuring both security and compliance. Users must consent to their activity being recorded via a pop-up before they can access these systems. These recordings are backed up and can be played back at any time.
Similarly, the platform can be configured so that users can only access applications if they are supervised by another user. This is enforced before an application can be accessed, and if the supervisor is disconnected or idles then the session is locked.
Visulox enables remote access into other user’s sessions if they require assistance. Supervisors may request the ability to connect, which the end user may accept or deny. During remote sessions, end users can point at specific information for the helper to look at where needed.
By default, data such as session recordings are stored indefinitely. However, users may also define a custom retention time to satisfy any compliance requirements. Visulox’s revision server also allows data to be moved off their platform to other databases. At no time can unauthorized persons draw conclusions about the activities of individual users. All access to films is logged.
Session recording is available as an additional feature and is not included in the base license.
Visulox provides comprehensive reporting and auditing. Any activities such as sessions, file transfers and events are kept in audit logs. These logs include which actions were carried out, which suers completed actions, activity timestamps, and IP addresses of sessions where applicable.
Admins are able to annotate log entries where needed. A very useful feature is the ability to view a snapshot of the users’ screen at specific timestamps, which can be viewed directly from the audit log.
Visulox supports multi-factor authentication (MFA). PINS / OTPs may be sent by either authenticator app or by email. Any PINs sent by email will be valid for 15 minutes.
MFA is available as an additional feature and is not included in the base license.
Deployment is run as a managed service; a Visulox engineer will walk through the deployment with any clients. Visulox is deployed in the customer’s DMZ or data center, as Visulox does not provide their own cloud service.
From a management perspective, administrators have the power to adjust nearly every aspect of their users’ experience. Log entries can also be annotated to provide additional context.
Overall, the platform is easy to use after learning where the different features can be managed within the portal. The main portal is referred to as the ‘Workspace,’ which clearly lists out any resources (servers, VMs, etc.) on the left side and other pertinent information such as system messages, active policies, etc.
The Visulox platform is comprised of six modules. The basic user license includes access to two modules, with following features:
Additional modules which can be purchased include:
Visulox also offers a pre-configured package deal for small businesses. This deal includes:
Visulox is a comprehensive Privileged Access Management platform, with granular functionality that allows organizations to carefully plan how their assets should be used. VISULOX can be installed during operation and does not require any agents on clients or servers.
Although the platform has a number of areas to configure, which can be daunting at first, the platform is ideal for organizations that require collaboration between users while also handling sensitive data.
Overall, we recommend that organizations looking for a comprehensive PAM solution, with granular policy controls, easy file management and detailed audit logging, should consider shortlisting this service.
Review and Technical Testing By: Laura Iannini
Privileged Access Management
Wangen-Brütisellen , Zürich