Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development.

New features for mitigating password risk and ensuring accountability enterprise-wide

Here’s the 10,000-foot overview of what’s in the new release: Most prominently, Password Safe 5.2 is fully integrated into our BeyondInsight risk management platform, which augments the solution’s ability to mitigate password risks and audit privileged sessions with enterprise-class capabilities not seen in competitive solutions. These include:

  • Asset and Account Discovery: delivers enterprise-wide visibility and control by automatically identifying and profiling systems and accounts to bring under management
  • Dynamic Rules and Asset Groupings: streamlines management of large environments
  • Data Warehouse: enables historical correlation, trending and analysis of key metrics for audit and compliance needs
  • Password Age Report: enables customers to identify stale passwords that could be in possession of former employees, partners or other stakeholders
  • Role-Based Access Control (RBAC): supports a lightweight, self-service portal for requesting password access, managing requests, and replaying recorded sessions

That’s just the start of it. BeyondInsight, included with version 5.2, enables customers to manage Password Safe in concert with our other BeyondInsight-supported solutions. This means there’s a common management console, shared asset and account data, shared data warehouse for reporting, and several other points of integration.

PowerBroker Password Safe Password Age Report
The new Password Age report enables you to identify old passwords that could pose security risks.

What drives us? You (and your end users) do.

Making effective products is pretty simple when you listen to your customers. I’ll give you one example: When planning to add session management capabilities to Password Safe, we spoke with several organizations that had other solutions but were not satisfied with the results. End users accustomed to rich, purpose-built applications like PuTTY or Remote Desktop Connection/Manager (RDCMan) were suddenly saddled with Java-based web apps for session monitoring – binding them to a browser for SSH and RDP connections; introducing security and usability concerns; and requiring constant updates with the associated compatibility hurdles.

We therefore challenged our product team to proxy a connection to a remote server for session monitoring while allowing users to leverage native connection tools (and ensuring end-to-end security at the same time). In the end, we did just that. We showed what we had to the organizations we previously interviewed and many have already switched over to Password Safe.

Of course, this release is not just about making life easier for end users. It’s about empowering IT operations to better understand and reduce risk. Password Safe 5.2 does this by:

  • Delivering a rich, distributed asset discovery engine backed by years of R&D and tested via our other solutions on networks with millions of assets
  • Making it simple to discover and profile all known and unknown assets, shared accounts, user accounts, and server accounts
  • Keeping passwords and accounts secure with new reporting and analytics capabilities for understanding password ages and identifying potential backdoors
  • Enabling administrators to view a system’s risk score and known vulnerabilities prior to approving access to a password or session (requires Retina CS)

It also means you can start with a standalone, best-of-breed privileged password management solution, and then easily add integrated AD bridging modules for authentication, privilege management modules for command elevation and task elevation; auditing modules for change control, and vulnerability management modules for gauging asset risk.

This is about the sm of the parts, a unification of our solutions into a consolidated platform that improves security while simplifying the daily activities of our customers.

» Learn more about Password Safe
» Download the version 5.2 new features overview
» Request a trial

, , ,

Leave a Reply

Additional articles


Answering the age-old question, ‘What’s plugged into my network?’

Posted October 9, 2015    Alejandro DaCosta

“What’s plugged into my network?” is a question I hear frequently from security administrators. And, really, it’s no surprise why. No longer do we have to account just for the physical servers in our datacenters, workstations and a few network devices. Now we need to keep track of roaming laptops, dynamic virtual systems, off-site cloud deployments and BYOD.


Closing the Vulnerability Gap

Posted October 7, 2015    Brian Chappell

Managing vulnerabilities is a significant challenge for many organizations. The main difficulties with managing this manifest in two key areas. The first is that the list isn’t static. The second is priority.


Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015    Morey Haber

Late afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.