BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Controlling User Accounts and Regulatory Compliance

Posted July 15, 2013    Morey Haber

PCI DSS Requirement 8 requires that organizations must be able to identify and log all user and administrative access to information systems and applications containing credit card and personally identifiable information. In addition, environments must also have a unique ID for every individual that will have computer access to these systems.  This simple requirement can be a daunting task for any organization to implement if they have a combination of authentication stores to manage across Windows, Linux, UNIX, and OS X. And, the verification process or checks and balances needed to manage this requirement can also stymy an organization if local accounts exist, as well. To handle this requirement, and implement best practices within any organization, BeyondTrust has a unique platform built around assessments, policy, and reporting to manage this requirement end to end.

First, BeyondTrust offers Retina in discover mode for all of our privileged identity solutions. Whether it is PowerBroker UNIX and Linux, PowerBroker for Windows, or PowerBroker PasswordSafe, Retina can discover all of the user accounts within your environment and document their membership. Below is a sample from the Retina CS Threat Management Console that illustrates this for a single host:

voyager.user-accounts

 

Next, we must find a way to manage multiple authentication stores. For this problem, the simplest method is actually the best method; consolidate them to one directory. In most organizations, Microsoft Active Directory (AD) is the primary vehicle for user account management. However, managing accounts and systems across platforms with AD is not a trivial function and native operating system tools are just flat out lacking to properly meet the requirements. BeyondTrust, however, has a solution for this in the form of PowerBroker Identity Services.

PowerBroker Identity Services allows you to integrate your Linux, UNIX, and Mac OS X servers with Microsoft Active Directory. The solution allows all of your assets, regardless of platform to be managed by computer and user in one central location; Active Directory. Non-Windows systems joined to the domain, appear as assets in AD, and allow users to authenticate locally via AD for system resources. This allows users to manage with their unique traits on those systems too. This is illustrated below:

linuxserversproperties

 

This solves the problem of multiple authentication stores and ensures system access can be controlled to individual user credentials. This coupled with the auditing capabilities of Retina ensures that no generic or rogue accounts exist either. Next, we need to solve the final problem; logging, reporting, and verification of credentialed access. BeyondTrust solves this problem with PowerBroker UNIX and Linux and/or PowerBroker for Windows. These two Privileged Identity Management (PIM) solutions allow for administrative control to systems and applications, and log all of their data to the Retina CS Threat Management Console for reporting to meet the final requirement. To illustrate this, below is a screenshot from Retina CS that provides details regarding the user, application, and privileges granted:

retinacs-smartgroups

This translates into a wide variety of reports can that manage PCI requirements directly for the issues at hand; especially for non-Windows systems:

reports-database

 

compliance-reports-inactive-users

BeyondTrust has a unique capability to solve the requirements within the PCI DSS and many other regulatory compliance initiatives. The simple collection, monitoring, and verification of user accounts, systems, and applications can be a monumental task if the environment uses multiple platforms, authentication services, and has multiple administrators to manage operations. The technology we offer can do this and so much more including vulnerability management and password vaulting to ensure strict control of administrative and system access. For more information, please click here. Our technology has the answers to your information technology questions.

Tags:
, , , , , , , , , , , ,

Additional articles

CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,
Mac-Security-Enterprise

On Demand Webinar: Security Risk of Mac OS X in the Enterprise

Posted August 20, 2015    BeyondTrust Software

In the last several years, Mac administrators have come to realize that they may be just as vulnerable to exploits and malware as most other operating systems. New malware and adware is released all the time, and there have been serious vulnerabilities patched by Apple in the past several years, some of which may afford attackers full control of your systems.

Tags:
, ,