BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development.

New features for mitigating password risk and ensuring accountability enterprise-wide

Here’s the 10,000-foot overview of what’s in the new release: Most prominently, Password Safe 5.2 is fully integrated into our BeyondInsight risk management platform, which augments the solution’s ability to mitigate password risks and audit privileged sessions with enterprise-class capabilities not seen in competitive solutions. These include:

  • Asset and Account Discovery: delivers enterprise-wide visibility and control by automatically identifying and profiling systems and accounts to bring under management
  • Dynamic Rules and Asset Groupings: streamlines management of large environments
  • Data Warehouse: enables historical correlation, trending and analysis of key metrics for audit and compliance needs
  • Password Age Report: enables customers to identify stale passwords that could be in possession of former employees, partners or other stakeholders
  • Role-Based Access Control (RBAC): supports a lightweight, self-service portal for requesting password access, managing requests, and replaying recorded sessions

That’s just the start of it. BeyondInsight, included with version 5.2, enables customers to manage Password Safe in concert with our other BeyondInsight-supported solutions. This means there’s a common management console, shared asset and account data, shared data warehouse for reporting, and several other points of integration.

PowerBroker Password Safe Password Age Report
The new Password Age report enables you to identify old passwords that could pose security risks.

What drives us? You (and your end users) do.

Making effective products is pretty simple when you listen to your customers. I’ll give you one example: When planning to add session management capabilities to Password Safe, we spoke with several organizations that had other solutions but were not satisfied with the results. End users accustomed to rich, purpose-built applications like PuTTY or Remote Desktop Connection/Manager (RDCMan) were suddenly saddled with Java-based web apps for session monitoring – binding them to a browser for SSH and RDP connections; introducing security and usability concerns; and requiring constant updates with the associated compatibility hurdles.

We therefore challenged our product team to proxy a connection to a remote server for session monitoring while allowing users to leverage native connection tools (and ensuring end-to-end security at the same time). In the end, we did just that. We showed what we had to the organizations we previously interviewed and many have already switched over to Password Safe.

Of course, this release is not just about making life easier for end users. It’s about empowering IT operations to better understand and reduce risk. Password Safe 5.2 does this by:

  • Delivering a rich, distributed asset discovery engine backed by years of R&D and tested via our other solutions on networks with millions of assets
  • Making it simple to discover and profile all known and unknown assets, shared accounts, user accounts, and server accounts
  • Keeping passwords and accounts secure with new reporting and analytics capabilities for understanding password ages and identifying potential backdoors
  • Enabling administrators to view a system’s risk score and known vulnerabilities prior to approving access to a password or session (requires Retina CS)

It also means you can start with a standalone, best-of-breed privileged password management solution, and then easily add integrated AD bridging modules for authentication, privilege management modules for command elevation and task elevation; auditing modules for change control, and vulnerability management modules for gauging asset risk.

This is about the sm of the parts, a unification of our solutions into a consolidated platform that improves security while simplifying the daily activities of our customers.

» Learn more about Password Safe
» Download the version 5.2 new features overview
» Request a trial

Tags:
, , ,

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,