Privileged Password Management and Privileged Session Management
BeyondTrust PowerBroker® Password Safe is an automated password and session management solution that provides secure access control, auditing, alerting and recording for any privileged account — such as a local or domain shared administrator account; a user’s personal admin account; service, operating system, network device,
database (A2DB) and application (A2A) accounts; and even SSH keys, cloud and social media. By improving the accountability and control over privileged passwords, IT organizations can reduce security risks and achieve compliance objectives.
Password Safe automates password and session management enterprise-wide
The PowerBroker Privileged Access Management Platform PowerBroker Password Safe is part of the BeyondTrust
PowerBroker Privileged Access Management Platform, which delivers visibility and control over all privileged accounts, users, and assets. The platform integrates a comprehensive set of PAM capabilities to simplify deployments, reduce costs, improve system security, and reduce privilege related risks. PowerBroker
solutions include:
- Enterprise Password Security:
Provide accountability and control over privileged credentials and sessions. - Server Privilege Management:
Control, audit, and simplify access to business critical systems. - Endpoint Leas Privilege: Remove excessive user privileges and control applications on endpoints.
Password Safe offers multiple deployment options and broad and adaptive device support.
- Reduce attack surfaces by eliminating credential sharing
- Monitor and audit sessions for unauthorized access
- Analyze behavior to detect suspicious user, account and asset activity
Key Features
DISCOVERY AND PROFILING
- Discover all known and unknown assets, and shared, user and service accounts
- Automatically discover all SSH keys on host systems
- Identify and manage assets with common traits via Smart Rules
PASSWORD PROTECTION AND SSH KEY MANAGEMENT
- Selectively process password change, password test, and account notification queue
items for designated workgroups - Support industry-standard encryption algorithms, such as AES 256 and Triple DES
- Randomize passwords on a scheduled basis or upon check-in
- Rotate SSH keys automatically and enforce granular access control and workflow
- Utilize PowerBroker for Windows to update passwords on remote and mobile devices
- Get control over scripts; eliminate application credentials, files, code and embedded keys
PRIVILEGED SESSION MONITORING
- Manage live sessions to give admins the ability to lock, terminate or cancel sessions
- Record privileged sessions in real time via a proxy service for SSH, RDP, and any Windows
applications such as TOAD – without need for Java, or a client on the desktop - Meet regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and more
- Use keyword search to watch privileged sessions and log all session reviews
- Allow any Windows application to have login credentials played in automatically with usage monitored and recorded
WORKFLOW AND USABILITY
- Use DirectConnect to launch an SSH or RDP session by passing a string to the proxy
- Leverage true Role-Based Access Controls with Active Directory and LDAP integration for
assigning roles and rights to users - Manage checkout workflow with seamless connectivity to RDP and SSH via native
desktop tools such as PuTTY and MSTSC - Accommodate fire-call requests to ensure access to password-managed systems after
hours, on weekends, or in other emergency situations - Leverage a Unix/Linux Jumphost to run a command or script after the session connects
- Use “OneClick” to expedite checkout operations for access to passwords, sessions and
applications that would normally be approved automatically
DEPLOYMENT
- Benefit from a single solution for both password and session management
- Deploy as hardware appliances, virtual appliances, or software
- Employ out-of-the-box connectors, plus a custom connector builder for all systems that
support Telnet or SSH
SECURITY AND UPTIME
- Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption
& HTTPS/SSLv3 communications - Analyze privileged password, user, and account behavior with threat analytics capabilities
- Allow an unlimited number of Password Safe appliances to be connected to an external
SQL Always On Availability Group for unparalleled high-availability and scalability
This video is about BeyondTrust Powerbroker Password Safe Product Overview by E-SPIN that will give you more information regarding this product.
For those who can not join us for the session, please see the summary and highlight clip for the event.
E-SPIN recently run a BeyondTrust Powerbroker Password Safe what’s new session cover what new for new user and existing users.
Feel free to contact E-SPIN for solution, product and project requirements.