Secure Privileged Password Management and Privileged Session Management
- Secure and automate the process for discovering, managing and cycling privileged account passwords and SSH keys
- Control how people, services, applications and scripts access credentials
- Auto-logon users onto RDP and SSH sessions, without revealing the passwords
- Record all user and administrator activity in a comprehensive audit trail
- Alert in real-time as passwords are released and privileged session activity is started
Network-Based Asset Discovery
Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.
Agentless Privileged Session Management
Password Safe Privileged Session Management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java. Live session management enables true dual control, allowing admins to investigate suspicious behavior without killing sessions – or productivity.
Dynamic Rules & Asset Groupings
Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.
Threat Analytics & Reporting
Patent-pending BeyondInsight Threat Intelligence and Behavioral Analytics capabilities analyze privileged password, user and account behavior. BeyondInsight also serves as a central data warehouse for management, policy and reporting.
Simplified SSH Key Management
Automatically rotate SSH keys according to a defined schedule and enforce granular access control and workflow. Private keys stored in Password Safe can be leveraged to automatically log users onto Unix or Linux systems through the proxy with no user exposure to the key with full privileged session recording.
Application Password Management
Eliminate hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe helps get control over scripts, files, code and embedded keys.
Advanced Workflow Control
Provide additional context and simplify workflow requests by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.
Flexible Deployment Options
BeyondTrust solutions can be deployed on premise via software or hardware appliance, or hosted in the cloud through services including Amazon Web Services and others.
Free Download: PowerBroker Privilege Discovery & Reporting Tool (DART)
Quickly and easily reveal privileged accounts, users and assets across Windows, Unix and Linux environments.
Features & Benefits
DISCOVERY AND PROFILING
Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.
Auto Discover SSH Keys: Discover all SSH keys on host systems.
PASSWORD PROTECTION & KEY ROTATION
Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
Eliminate application credentials: Get control over scripts, files, code and embedded keys.
Ensure password strength: Define and enforce password policy to meet any complexity requirement.
Eliminate old passwords: Analyze password ages and proactively report policy violations.
Identify potential backdoors: Identify uncontrolled privileged accounts.
Solve the problem of remote and mobile users: Utilize PowerBroker for Windows as an agent to update passwords on remote and mobile devices.
Active/active targeted password change: Selectively process password change, password test, and account notification queue items for designated workgroups.
PRIVILEGED SESSION MONITORING, AUDITING AND REPORTING
Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP – without the need for Java.
Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.
Application proxy for RemoteApp: Allow any Windows application usage to be monitored and recorded.
Audit and log privileged sessions: Access and watch a session, then log an acknowledgement of the review to meet audit compliance requirements.
Quickly search session logs: Index and text search using keystroke to pinpoint data, and then log an acknowledgement of the review for audit purposes.
Integrate with SailPoint IdentityIQ: Manage access for privileged and non-privileged accounts with privileged access management and identity and access management (IAM).
RDP Enhanced Session Audit: Every click within the Windows interface, along with any keystrokes, is audited and recorded in a searchable session replay index.
Real-time activity alerting: Defined user activity can generate real-time email alerts, as well as block commands, lock, and terminate SSH sessions.
Command Blacklisting: Connection profiles define keyword groups that can determine a specific course of action – block command, lock session, block and lock session, or terminate session.
Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.
Advanced workflow control: Provides additional context by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.
Post-login command execution: Administrators can leverage a Unix or Linux Jumphost to run a specific command or script after a session connects.
Multi-system checkout: Allows admins to check out an account with a multi-system parameter, then launch sessions to linked systems.
Expedite checkout operations: Expidite checkout operations using OneClick for access to passwords, sessions and applications that would normally be approved automatically.
Simplify deployment: Implement hardware appliances, virtual appliances, or software.
Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.
SECURITY AND UPTIME
Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Threat Analytics.
Increase uptime: Deploy appliance pairs and replicate settings for high availability.
Active-Active infrastructure support: Allow an unlimited number of Password Safe appliances to be connected to an external SQL AlwaysOn Availability Group for unparalleled high-availability and scalability.
Cache API passwords securely: Rely on password caching for APIs when administrators need access to credentials directly on a local host.
Ensure API credential stability: Create aliases for APIs to map to multiple accounts so that API access is not interrupted during password changes.