PROVE IT : the PAM solution that simplifies your privileged access management
PAM / BASTION HOSTDeveloped by our teams since 2014, the PROVE IT bastion host controls and monitors all access while recording every action performed by privileged users on the information system, without complexity.
Why deploy a bastion host ?
Privileged accounts are a prime target for cyberattacks. System administrators, external contractors, service accounts… these accounts hold extensive rights over your information system, and in the event of a compromise, the consequences can be immediate and critical.
The bastion host acts as a single, secure gateway for all your sensitive access. By enforcing the principle of least privilege and centralising connection management, you retain full control over internal and external critic access. At any point, you know :
- Who connected to your servers
- When the connection took place
- What was performed on the resource
Access centralisation
Fast to deploy
Seamless integration
Simple to administrate
Intuitive interface
Agentless solution
On-Premises
Free trial
Discover the PROVE IT documentation
Download our datasheet to find out more about our bastion solution's features.
Take back control of your privileged access
Without a bastion host, managing privileged access can quickly become a daily headache.
With PROVE IT, you control your sensitive access in a simple and efficient way : our solution enables you to define granular, role-based access policies (RBAC), tailored to your environments and your teams (segmentation by realms, user roles, time-based restrictions, target resources, and more).
Every access is governed, controlled and limited to what is strictly necessary. This drastically reduces your attack surface — without impacting your administrators' productivity.
Full visibility over actions performed on your information system
A privileged account incident without usable audit trails means a lengthy and complex investigation and an inability to meet regulatory requirements (NIS2, DORA,…).
With PROVE IT, every administration session is recorded (access logs & video capture of actions), providing complete auditability at any time.
You can configure and receive real-time alerts in the event of unusual behaviour, and act immediately by terminating a suspicious session directly from the administration console.
Whether responding to an audit, investigating an incident, or simply maintaining oversight of your information system, you're no longer operating blind.
PROVE IT, certified by ANSSI
Issued by the French National Cybersecurity Agency (ANSSI), the Security Visa – CSPN certification is awarded to solutions that have successfully passed penetration testing. It attests to the solution's robustness against cyber threats.
Since implementing PROVE IT, access is channelled through a single, clearly identified, protected and monitored entry point.
Feature
A secure credential vault
PROVE IT natively integrates a password vault : an encrypted, audited container, CSPN-certified by ANSSI, designed to ensure that your external contractors never have direct knowledge of credentials.
This reduces the risk of data leaks, eliminates weak or reused passwords, and saves valuable time in secrets management.
A solution designed to combine compliance, peace of mind and operational efficiency.
Feature
Controlled internet exposure
Internet exposure and the management of multiple contractor VPNs are two operational realities that IT teams know all too well : high risk, rising costs, and complexity that is difficult to sustain over time. The "Outpost", a dedicated module of the PROVE IT bastion, provides a concrete alternative : controlled exposure of your resources, with no compromise on either security or ease of administration.
A tailored response, whatever your needs
The number of users and target devices is unlimited.
Licensing is based on a single metric: the maximum number of simultaneous access sessions to target resources.
PROVE IT Standard Between 2 and 50 simultaneous access sessions | 
PROVE IT Advanced Between 5 and 50 simultaneous access sessions | 
PROVE IT Cluster 50+ simultaneous access sessions | |
|---|---|---|---|
| Authentication via LDAP server (including AD) | |||
| MFA (passkey) to strengthen access security | |||
| Controlled internet exposure (Outpost) | |||
| Access policy for critical resources – Control of privileged users and third-party contractors | |||
| Secure vault for sensitive account management | |||
| Logging – Recording – Playback of internal and external connections | |||
| Advanced event notifications (email, syslog, etc.) | |||
| Authentication via RADIUS connector | |||
| REST API to streamline frequent administration operations | |||
| Segmentation of PROVE IT administration rights by profile: auditors / operators / administrators | |||
| Volume of 50 or more simultaneous sessions | |||
| Enhanced resilience | |||
| Disaster recovery (DRP) ensured through an active/passive architecture with manual failover | Option | Option | Option |
Frequently asked questions about PROVE IT
What is PROVE IT in a nutshell ?
PROVE IT is a PAM solution developed by Rubycat. It ensures the control, traceability and recording of sensitive connections to your information system. It addresses current recommendations and european regulatory requirements (GDPR, NIS2, DORA, etc.).
The solution is recognised for its robustness, reliability and ease of daily use.
How is the PROVE IT vault secured ?
The PROVE IT vault is secured through:
- Indirect access to credentials: users never have access to actual passwords
- Granular encryption of each container: isolated and protected by a passphrase or a "Shamir's Secret Sharing" scheme (a cryptographic method designed to split a secret)
- Multi-party governance compliant with ANSSI and ISO 27001 standards, eliminating single points of failure
What does PROVE IT offer over other PAM solutions?
PROVE IT provides a fast integration and a smooth learning curve. At Rubycat, we believe that security should never mean complexity. That is why PROVE IT has been designed to deliver enhanced security and ease of use from day one :
- Immediate deployment : Up and running in 30 minutes, agentless, with minimal disruption to your existing infrastructure.
- Accelerated autonomy : Intuitive onboarding, proven by our customers, with a skills transfer achievable in half a day.
- Preserved user experience : Your teams access their usual resources (RDP, SSH, etc.) through a catalogue of manageable devices — fully transparent for end users.
The result : Proactive security, seamless adoption, and IT teams refocused on their core business.
How is the PROVE IT bastion licence sized ?
With PROVE IT, there is only one licensing metric : the maximum number of simultaneous sessions to your target resources.
The bastion licence is sized according to the number of administration sessions simultaneously open to your resources (servers, network devices, etc.), regardless of the number of users or resources declared within the solution. In practice, one session corresponds to one active connection from an administrator to a target resource at any given moment.
Examples :
- A technician connected via RDP to a Windows server = 1 session
- 5 administrators each connected to a different device (e.g. 1 Windows server via RDP, 1 Linux server via SSH, 1 firewall, 1 router, 1 Proxmox via HTTPS) = 5 simultaneous sessions
- An administrator with 3 parallel connections open (whether via RDP, SSH or HTTPS) = 3 sessions
Conversely, if 50 administrators are registered in the bastion but only 8 are working simultaneously, each on a single device, only 8 simultaneous sessions of the licence are consumed.
This model allows sizing to reflect actual usage, taking into account activity peaks (on-call periods, production releases, emergency interventions), rather than over-provisioning unnecessarily.
What impact will installing PROVE IT have on my existing infrastructure ?
PROVE IT has been designed to have the smallest possible footprint on your infrastructure: the bastion is installed in 30 minutes on a dedicated virtual machine, with no agent required on your workstations or target servers. A non-invasive integration with minimal prerequisites, enabling a gradual adoption of the solution.
Will my teams need to change their working habits to use the bastion ?
PROVE IT is designed to be as seamless as possible for your administrators and external contractors. Access to resources is available either through a web portal or directly from your usual RDP/SSH clients (MobaXterm, PuTTY, MSTSC…) in a single click.