BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Controlling User Accounts and Regulatory Compliance

Posted July 15, 2013    Morey Haber

PCI DSS Requirement 8 requires that organizations must be able to identify and log all user and administrative access to information systems and applications containing credit card and personally identifiable information. In addition, environments must also have a unique ID for every individual that will have computer access to these systems.  This simple requirement can be a daunting task for any organization to implement if they have a combination of authentication stores to manage across Windows, Linux, UNIX, and OS X. And, the verification process or checks and balances needed to manage this requirement can also stymy an organization if local accounts exist, as well. To handle this requirement, and implement best practices within any organization, BeyondTrust has a unique platform built around assessments, policy, and reporting to manage this requirement end to end.

First, BeyondTrust offers Retina in discover mode for all of our privileged identity solutions. Whether it is PowerBroker UNIX and Linux, PowerBroker for Windows, or PowerBroker PasswordSafe, Retina can discover all of the user accounts within your environment and document their membership. Below is a sample from the Retina CS Threat Management Console that illustrates this for a single host:

voyager.user-accounts

 

Next, we must find a way to manage multiple authentication stores. For this problem, the simplest method is actually the best method; consolidate them to one directory. In most organizations, Microsoft Active Directory (AD) is the primary vehicle for user account management. However, managing accounts and systems across platforms with AD is not a trivial function and native operating system tools are just flat out lacking to properly meet the requirements. BeyondTrust, however, has a solution for this in the form of PowerBroker Identity Services.

PowerBroker Identity Services allows you to integrate your Linux, UNIX, and Mac OS X servers with Microsoft Active Directory. The solution allows all of your assets, regardless of platform to be managed by computer and user in one central location; Active Directory. Non-Windows systems joined to the domain, appear as assets in AD, and allow users to authenticate locally via AD for system resources. This allows users to manage with their unique traits on those systems too. This is illustrated below:

linuxserversproperties

 

This solves the problem of multiple authentication stores and ensures system access can be controlled to individual user credentials. This coupled with the auditing capabilities of Retina ensures that no generic or rogue accounts exist either. Next, we need to solve the final problem; logging, reporting, and verification of credentialed access. BeyondTrust solves this problem with PowerBroker UNIX and Linux and/or PowerBroker for Windows. These two Privileged Identity Management (PIM) solutions allow for administrative control to systems and applications, and log all of their data to the Retina CS Threat Management Console for reporting to meet the final requirement. To illustrate this, below is a screenshot from Retina CS that provides details regarding the user, application, and privileges granted:

retinacs-smartgroups

This translates into a wide variety of reports can that manage PCI requirements directly for the issues at hand; especially for non-Windows systems:

reports-database

 

compliance-reports-inactive-users

BeyondTrust has a unique capability to solve the requirements within the PCI DSS and many other regulatory compliance initiatives. The simple collection, monitoring, and verification of user accounts, systems, and applications can be a monumental task if the environment uses multiple platforms, authentication services, and has multiple administrators to manage operations. The technology we offer can do this and so much more including vulnerability management and password vaulting to ensure strict control of administrative and system access. For more information, please click here. Our technology has the answers to your information technology questions.

Tags:
, , , , , , , , , , ,

Additional articles

red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. – By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Tags:
, , , , ,
pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,