BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development.

New features for mitigating password risk and ensuring accountability enterprise-wide

Here’s the 10,000-foot overview of what’s in the new release: Most prominently, Password Safe 5.2 is fully integrated into our BeyondInsight risk management platform, which augments the solution’s ability to mitigate password risks and audit privileged sessions with enterprise-class capabilities not seen in competitive solutions. These include:

  • Asset and Account Discovery: delivers enterprise-wide visibility and control by automatically identifying and profiling systems and accounts to bring under management
  • Dynamic Rules and Asset Groupings: streamlines management of large environments
  • Data Warehouse: enables historical correlation, trending and analysis of key metrics for audit and compliance needs
  • Password Age Report: enables customers to identify stale passwords that could be in possession of former employees, partners or other stakeholders
  • Role-Based Access Control (RBAC): supports a lightweight, self-service portal for requesting password access, managing requests, and replaying recorded sessions

That’s just the start of it. BeyondInsight, included with version 5.2, enables customers to manage Password Safe in concert with our other BeyondInsight-supported solutions. This means there’s a common management console, shared asset and account data, shared data warehouse for reporting, and several other points of integration.

PowerBroker Password Safe Password Age Report
The new Password Age report enables you to identify old passwords that could pose security risks.

What drives us? You (and your end users) do.

Making effective products is pretty simple when you listen to your customers. I’ll give you one example: When planning to add session management capabilities to Password Safe, we spoke with several organizations that had other solutions but were not satisfied with the results. End users accustomed to rich, purpose-built applications like PuTTY or Remote Desktop Connection/Manager (RDCMan) were suddenly saddled with Java-based web apps for session monitoring – binding them to a browser for SSH and RDP connections; introducing security and usability concerns; and requiring constant updates with the associated compatibility hurdles.

We therefore challenged our product team to proxy a connection to a remote server for session monitoring while allowing users to leverage native connection tools (and ensuring end-to-end security at the same time). In the end, we did just that. We showed what we had to the organizations we previously interviewed and many have already switched over to Password Safe.

Of course, this release is not just about making life easier for end users. It’s about empowering IT operations to better understand and reduce risk. Password Safe 5.2 does this by:

  • Delivering a rich, distributed asset discovery engine backed by years of R&D and tested via our other solutions on networks with millions of assets
  • Making it simple to discover and profile all known and unknown assets, shared accounts, user accounts, and server accounts
  • Keeping passwords and accounts secure with new reporting and analytics capabilities for understanding password ages and identifying potential backdoors
  • Enabling administrators to view a system’s risk score and known vulnerabilities prior to approving access to a password or session (requires Retina CS)

It also means you can start with a standalone, best-of-breed privileged password management solution, and then easily add integrated AD bridging modules for authentication, privilege management modules for command elevation and task elevation; auditing modules for change control, and vulnerability management modules for gauging asset risk.

This is about the sm of the parts, a unification of our solutions into a consolidated platform that improves security while simplifying the daily activities of our customers.

» Learn more about Password Safe
» Download the version 5.2 new features overview
» Request a trial

Tags:
, , ,

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,