Key points
- Proxies admin sessions (SSH, RDP, web consoles) through a controlled gateway
- Records video / keystroke logs for audit
- Enables real-time monitoring and force-termination
- Often paired with credential vaulting and JIT access
- Core PAM capability alongside vault and JIT
What it is
Privileged session management (PSM) is the PAM capability that watches what privileged users actually do once they have access — recording RDP, SSH, database, and web-console sessions and giving security teams the ability to review or kill them in real time.
How it works
Users connect to target systems through a PSM proxy (an RDP/SSH gateway or browser-isolation layer). The proxy injects credentials from the vault (so users never see passwords), records the session, and streams metadata to SIEM. Analysts can replay sessions, search keystrokes, and terminate live connections.
When buyers care
- SOX, PCI-DSS, HIPAA, and FedRAMP all require auditing of privileged activity
- Third-party / vendor access to sensitive systems
- Detecting insider misuse
- Investigating incidents involving admin credentials
Common misconceptions
- PSM is not a replacement for least privilege. It records what privileged users do; it doesn't reduce who has access.
- Recording everything is not the goal. Modern PSM uses risk-based recording and command filtering to keep storage manageable.
FAQ
Is PSM the same as PAM?
PSM is one pillar of PAM. The other pillars are credential vaulting, JIT/just-in-time elevation, and secrets management for non-human accounts.
Do I still need PSM if I use JIT access?
Usually yes. JIT reduces standing privilege; PSM gives you the audit trail of what happened during the elevated window.