Blackfort Technology
Blackfort Privileged Access Bridge
Product · PAM software

PAM software · live supervision & instant stop · session recording · agentless

Blackfort Privileged Access Bridge

Manage privileged access to IT, OT and cloud systems securely – with live supervision and instant stop, full session recording and a tamper-evident audit trail. No permanently open access, no agents installed on the target systems.

What the Privileged Access Bridge is

The Blackfort Privileged Access Bridge is a software platform for privileged access management (PAM). It sits as a hardened gateway between users and critical target systems – servers, databases, network devices, cloud consoles and industrial controllers. Every privileged access runs exclusively through the bridge, is specifically assigned and time-limitable, recorded in full, can be supervised in real time and terminated immediately at any time.

The product delivers the controls that ISO 27001, NIS2, DORA, BSI IT-Grundschutz and IEC 62443 require for privileged access – not as after-the-fact documentation, but structurally anchored in the access process. Auditors receive data from the system, not from policy documents.

Software platform – with or without a hardware gateway: The PAB is primarily a software solution for IT, cloud and service-provider scenarios. For industrial remote maintenance we bundle the same software with an industrial-grade gateway in the DMZ – the OT remote-maintenance variant. Identical software, different delivery form.

The problem: uncontrolled privileged access

Privileged access is the most common root cause of serious security incidents. In typical enterprise environments you find administrators with permanent, barely monitored Domain Admin rights, service providers with active VPN accounts left over from projects that ended long ago, service accounts with passwords that have not been rotated for years, and machine builders with direct connections into production networks.

A single compromised admin or supplier account is enough in such environments to bypass the entire perimeter. Ransomware attacks of the last few years – from Colonial Pipeline to numerous German mid-sized companies – have all taken exactly this route. Not because internal systems were poorly secured, but because uncontrolled privileged access was permanently open.

Typical findings in practice: Domain Admin accounts without MFA, shared service accounts with wiki-documented passwords, permanently active RDP jump boxes without session recording, external service providers with site-to-site VPNs into production networks, no evidence of who accessed which system when – and therefore no defensible forensics in the event of an incident.

Regulatory requirements for PAM

Privileged access management is an explicit obligation – not a recommendation – in virtually every relevant security framework. The Privileged Access Bridge addresses these requirements structurally:

ISO/IEC 27001:2022 – Annex A.8.2 & A.8.18

Privileged access rights must be restricted, logged and regularly reviewed. The use of privileged utility programs must be controlled. The PAB delivers the structural implementation: granular permission matrix, time-limited access, session recording, live supervision with instant stop and a tamper-evident audit trail.

NIS2 – Art. 21(2) (access control & asset management)

NIS2 obliges affected organisations to take concrete measures for access control and monitoring of privileged access – including external service providers (supply-chain security, Art. 21(2)(d)). Uncontrolled supplier access is a direct breach. Under Art. 20 the management body is personally liable for implementation. The PAB bundles, time-limits, records and supervises exactly this access.

DORA – Art. 9 (ICT security) & Art. 28 (third-party risk)

Mandatory for financial entities: controlled access to ICT systems, oversight of external ICT providers, gapless logging. The PAB delivers the required evidence for BaFin and auditor enquiries as well.

IEC 62443-3-3 – remote access in OT

For industrial automation systems: strong authentication, dedicated monitored remote-access channels, full logging, immediate termination capability. No general VPN access to the OT network – instead a dedicated, controlled entry point.

BSI IT-Grundschutz – ORP.4 & OPS.1.1.5

Identity and entitlement management as well as logging are basic requirements. For KRITIS operators the requirements must be implemented demonstrably – the PAB delivers the structured documentation for audits under BSI-KritisV.

GDPR – Art. 32 (technical and organisational measures)

Processing activities of privileged users must be controlled and traceable. In the event of a data protection incident the supervisory authority requires evidence of who accessed which personal data when – the PAB delivers that evidence directly.

What the Privileged Access Bridge delivers

The PAB is more than a jump host with a session-recording add-on. It is a PAM platform with the core capabilities that regulated environments require:

Session Recording

Every privileged session is recorded in full and can be replayed directly in the portal – the basis for forensics and complete audit evidence.

Agentless

No software on client or target system. Access runs entirely in the browser, over RDP, SSH, VNC, Telnet and Kubernetes. Legacy systems stay untouched.

Live Supervision & Instant Stop

A supervisor follows any running session in real time – read-only – and terminates it immediately if in doubt. Four-eyes oversight, technically enforced.

Device-isolated Access

Every user sees only the target systems explicitly assigned to them. Access exists only to what is explicitly granted – no view into neighbouring segments.

Time-limited Access & Access Windows

Accounts can be time-limited (valid from / until) and restricted to weekdays and hours. No permanently open access.

Granular Permissions

Fine-grained permission matrix across connections, groups and users. Grant or block file transfer and clipboard per connection.

Tamper-evident Audit Trail

Security-relevant actions are logged actor-accurately and tamper-evidently – auditable evidence for ISO 27001, NIS2, DORA and IEC 62443.

Architectural principle: zero trust for privileged access

The PAB consistently follows the zero-trust principle: no implicit trust, minimal entitlements, full logging. In practice this means four structural properties that classical jump-host or VPN solutions do not deliver:

01

No permanently open access

Privileged access is specifically assigned and time-limitable – with a validity period and access windows. No "grown-in" permanent account, not even for long-standing regular service providers.

02

Control before network

The user reaches no target system directly: they sign in at the gateway, the session token stays server-side, and only the rendered session image – pixels, no active code – reaches the workstation. No tunnel into the network.

03

Granular zone isolation

Every user sees only the target systems explicitly released to them. Access exists only to what is explicitly assigned – through the permission matrix of the bridge itself, not through firewall rules.

04

Tamper-evident audit trail

Security-relevant actions are logged actor-accurately and tamper-evidently, sessions recorded in full and replayed in the portal – no after-the-fact stitching, no spreadsheets, no questions of interpretation.

Use cases

Privileged access management for internal admins

System administrators work through specifically assigned, time-limitable access; every session is recorded and can be supervised live. Four-eyes oversight is enforced technically instead of being expected informally. Auditors and regulators receive verifiable controls – not just policy documents.

Secure remote maintenance by external service providers

Software vendors, IT service providers and maintenance partners receive only device-specific, time-limitable access. Full session recording, live supervision, immediate termination – no permanently active VPN accounts.

Industrial remote maintenance (OT)

Machine builders and system integrators need access to maintenance workstations and operator interfaces in production. The PAB mediates this access agentlessly, isolates the targets from each other and delivers IEC 62443-compliant controls – without interfering with running production systems. For this use case we additionally offer an industrial-grade gateway.

Keeping external providers of several clients separate

Anyone organising access for many customers or business units separates them via dedicated instances or separate connection groups with their own permission matrix. Every access is recorded separately and logged actor-accurately – without a dedicated VPN configuration per customer.

Cloud admin access to hybrid infrastructures

Privileged access to Azure, AWS and GCP resources as well as on-premises systems happens through a single interface. Live supervision, time-limited access and session recording apply consistently – regardless of which data centre or cloud region the target system lives in.

KRITIS and NIS2 compliance evidence

Operators of critical infrastructure must demonstrably control privileged access. The PAB produces the evidence required – permission matrix, session recordings, tamper-evident audit trail – directly from the system. Auditors review data, not promises.

Privileged Access Bridge in comparison

In many organisations VPN or classical jump hosts are the existing baseline. Both have their place – but structurally they do not deliver the controls regulators expect:

PropertyVPNJump host (classical)Privileged Access Bridge
Granular target-system controlmanual
Session recording & replayoptional
Live supervision of running sessions
Instant stop from the live view (NOT-AUS)manual
Time-limited access & access windowslimitedmanual
Tamper-evident, actor-accurate audit trailincomplete
Agentless – browser only, no software on target systems

The PAB does not replace a VPN in every case – often the clean combination of VPN as the network layer plus the PAB as the control plane is the pragmatic path. In scenarios with a high density of external providers or strict evidence obligations, the PAB fully replaces classical jump-host solutions.

Integration with your existing infrastructure

The PAB is designed as a control plane for privileged access. It inserts itself agentlessly over the native protocols of your target systems, runs wherever fits your security and operating strategy, and delivers recording and audit directly in the portal:

Protocols

RDP · SSH · VNC · Telnet · Kubernetes

Sign-in & session

Hardened portal sign-in · server-side session tokens · CSRF protection · time-limited accounts · access windows

Deployment

VMware · Hyper-V · Proxmox · KVM · Azure · AWS · GCP · OCI (Terraform)

Operations

On-premises · private cloud · managed service by Blackfort · break-glass model

Audit

Full session recording · in-portal replay · tamper-evident, actor-accurate audit trail

Deployment options

The PAB is operated the way it fits your security and operational strategy – not the other way around. Privileged credentials never leave your security zone in any of the models.

On-premises

Full sovereignty: the PAB runs on your own hardware or your own virtualisation platform (VMware, Hyper-V, Proxmox, KVM). No external data flow, no cloud component – the right choice for KRITIS operators and highly regulated environments.

Private cloud

Deployment in Azure, AWS, GCP or OCI as hardened VM instances with IaC templates (Terraform), encapsulated in your tenant. The bridge speaks outbound to the target systems; nothing reaches uncontrolled into your network.

Managed by Blackfort

You use the platform, we operate it: monitoring, patch management, regular hardening reviews. Optionally in a break-glass model – you control who gets access, with no need to build your own operational expertise.

OT bundle with hardware gateway

For industrial remote maintenance: identical software, bundled with a fanless, DIN-rail capable gateway installed directly in the control cabinet or in the OT DMZ – a dedicated, controlled entry point into the OT network.

How a typical introduction runs

A PAB introduction is a structured process, not an experimental one. In typical projects – from mid-sized machine builders to KRITIS operators – we work in four phases:

  1. 01

    Inventory & risk matrix

    Which privileged accesses exist today? Through which paths? Who has which entitlements? The outcome is a risk matrix that exposes the largest uncontrolled access points – often the basis for management decisions.

  2. 02

    Architecture & pilot

    Selection of the deployment option and pilot rollout for a delimited area (one plant or one admin group). Validation of the permission matrix, session recording and live supervision with real stakeholders.

  3. 03

    Rollout & migration

    Step-by-step replacement of existing access paths: permanent VPN accounts are closed, service providers are migrated to the PAB, emergency access is documented and hardened. Accompanied by our specialists – without production downtime.

  4. 04

    Operations & audit readiness

    Regular hardening reviews, evaluation of audit trail and recordings, preparation for ISO 27001, NIS2 or IEC 62443 audits. Optionally as a managed service through our team.

Why Blackfort for privileged access?

Blackfort Technology develops and operates security software for regulated environments – with its own product team in Germany, without dependency on third-party backends, and with the conviction that security products must not get in the way of day-to-day operations. The Privileged Access Bridge grew out of real requirements from our customers in industry, financial services and KRITIS – not from a marketing whitepaper.

We understand the reality that a security tool that slows down the admin on a weekend will eventually be bypassed. The PAB is therefore optimised for usability: access entirely in the browser, with no client setup, with file transfer and clipboard right in the session. Security is created through structure, not through friction.

What sets us apart from classical PAM vendors: a German vendor with EU-sovereign operation, an in-house product team, hardware-plus-software bundles for OT environments, and operation as a managed service on request – including a break-glass model.

Put privileged access on a structural footing now

In a 30-minute demo we show you the Privileged Access Bridge live: connecting in the browser, live supervision with instant stop, session recording and audit trail. Afterwards we discuss your specific architecture and provide a defensible price range.

Core capabilities

  • Session recording & replay
  • Live supervision of running sessions
  • Instant stop (NOT-AUS)
  • Time-limited access & access windows
  • Granular permission matrix
  • Device-isolated access
  • Agentless – no software on target systems
  • Tamper-evident, actor-accurate audit trail

Regulatory framework

Management systemISO/IEC 27001
EU regulation (KRITIS)NIS2
Financial sectorDORA
OT security standardIEC 62443
BSIIT-Grundschutz
Data protectionGDPR Art. 32

OT variant

Industrial remote maintenance with a hardware gateway

Identical software, bundled with an industrial-grade gateway for the OT DMZ – a dedicated, controlled entry point into the OT network.

To the OT variant

Request a demo

30-minute live demo with connecting, live supervision, instant stop and session recording – tailored to your scenario.

Schedule a demo

Frequently asked questions about the Privileged Access Bridge

What is the Blackfort Privileged Access Bridge?

The Blackfort Privileged Access Bridge (PAB) is a privileged access management (PAM) software platform that acts as a hardened gateway between users and critical target systems. All administrative access – by internal admins, external service providers or equipment manufacturers – runs exclusively through the bridge. Access is specifically assigned and time-limitable, every session is recorded in full, can be supervised live and terminated immediately if in doubt, and every security-relevant action lands in the tamper-evident audit trail. Target systems remain unchanged; no agent installation is required.

What is the difference between the software and the OT remote-maintenance variant?

The software is identical. For classical IT environments, cloud and service providers we ship the PAB as a pure software solution – on-premises, in your private cloud or as a hybrid deployment. For industrial remote maintenance we bundle the same software with an industrial-grade DIN-rail gateway positioned in the DMZ between IT and OT networks (see industrial-remote-access-security). You decide – without changing the software – whether you need only the software platform or the full hardware-plus-software package.

Does software need to be installed on the target systems?

No. The Privileged Access Bridge is agentless by design. It communicates with target systems over their native protocols – RDP, SSH, VNC, Telnet and Kubernetes. Access runs entirely in the browser; nothing is installed on client or target system. Legacy systems and proprietary controllers stay untouched, which preserves maintenance windows, vendor support contracts and certification states.

Why is a VPN or a classical jump host not enough?

A VPN grants network access, but no granular control over what happens once the user is connected. Classical jump hosts are often permanently reachable themselves, without session recording, without live supervision, without specifically assigned, time-limitable access. The Privileged Access Bridge replaces or augments these components with exactly those controls – it is the control plane that ISO 27001, NIS2 and DORA explicitly require for privileged access.

How do users sign in and how is access granted?

Users sign in at the hardened PAB portal. The session is held server-side – the session token never leaves the server, the browser only holds an HttpOnly cookie protected against cross-site request forgery. Access is granted per user and group through a fine-grained permission matrix, can be time-limited (valid from / until) and restricted to access windows (weekdays, hours). Privileged actions such as live supervision and instant stop are role-bound.

How do we keep an overview of sessions and audit?

All recordings are findable and playable directly in the portal – no export and no third-party tool required. Security-relevant actions are logged actor-accurately and tamper-evidently, so it is always traceable who was on which system when and which privileged action was triggered. Active sessions can be viewed centrally, supervised live and terminated immediately.

How is the PAB operated – on-premises or as a service?

Both are possible. You run the PAB yourself (on-premises or private cloud) or use it as a managed service by Blackfort – including operation, patch management and monitoring. Optionally in a break-glass model: you control who gets access, Blackfort is responsible for technical operation, and a sealed emergency account stays with you.

How secure is the audit trail?

Security-relevant actions are captured as structured, tamper-evident entries – with the actual actor, time and action. Attribution happens centrally at the gateway, so the real user is named unambiguously and does not disappear behind a technical service account. This means privileged activity cannot be obscured after the fact – an explicit requirement under NIS2 and ISO 27001.

What happens if the bridge fails?

For genuine emergencies there is a documented break-glass process with separately secured emergency credentials whose use is itself logged. Because access to the target systems is agentless and over their native protocols, the target systems remain administrable independently of the bridge – the PAB is the control plane, not a single point of failure for emergency operation.

Kontakt aufnehmen

Put privileged access on a structural footing

Talk to us about your specific environment. We will provide a defensible architecture and price range – concrete, with no obligation.