PowerBroker Endpoint Protection Platform:
Comprehensive APT Protection

Integrated multi-layered endpoint protection in a single, lightweight client that replaces multiple security agents, protecting against Advanced Persistent Threats (APTs), known exploits, zero-days, and all other attack vectors.

Integrated Firewall, IPS, Anti-Malware, Anti-Virus and Vulnerability Assessment

Targeted attacks can easily bypass anti-virus solutions and other individual lines of defense, necessitating multi-layered endpoint protection. The PowerBroker Endpoint Protection Platform eliminates the need to implement and manage multiple point products by combining system and application firewalls, intrusion prevention, anti-malware, anti-virus, and local vulnerability assessment capabilities. PowerBroker Endpoint Protection secures systems from entire classes of attack, without constant rule or signature updates.

  • Protect critical endpoints with an all-in-one firewall, IPS, anti-malware, anti-virus solution
  • Conduct local vulnerability assessments of air-gapped and otherwise disconnected systems
  • Protect web servers and web applications against exploits, zero-days, and unauthorized access (optional)
  • Reduce system management costs with a "no-touch" solution that eliminates the need for constant updates
  • Rely on updates from the renowned BeyondTrust Security Research Team
PowerBroker Endpoint Protection UI
Comprehensive APT Protection
Defend desktops and web servers (optional) against viruses, spyware, worms, Trojans, and other malicious exploits including zero-days.
Reduced Endpoint Protection Costs
Eliminate the licensing and support costs associated with buying and maintaining multiple endpoint security products. Lower system requirements by over 50% compared to the memory footprint of maintaining 5+ discrete endpoint security products.
Specialized Protection for Desktops, Servers and Web Servers
The PowerBroker Endpoint Protection Suite is available in three versions that are configured and tuned for specific system types.
Centralized Management and Analytics
Leverage with the optional BeyondInsight IT Risk Management Platform for centralized management, agent deployment, real-time alerting, compliance reporting, and behavioral analysis.


  • Application Control: Authorize or deny program file execution based on custom policies.
  • Registry Protection: Stop malicious programs or errant users from infecting or modifying systems.
  • Storage Protection: Prevent data leakage by regulating USB and FireWire storage devices.


  • Zero-Day Protection: Provides protection for systems containing vulnerabilities with no available patches.
  • Event Analysis: Forward attack events to the BeyondInsight console (optional) for centralized reporting, alerting and management.


  • Offline Coverage: Perform local vulnerability scanning when local credentials and more frequent scans are required.
  • Exposure Identification: Find missing patches, unsecured configurations, and zero-day vulnerabilities.

Virus and Spyware Protection

  • Infection Prevention: Provides complete signature and heuristics-based attack protection.
  • Event Analysis: Forward malware events to the BeyondInsight console (optional) for centralized reporting, alerting and management.

File Integrity Monitoring

  • Visibility: Specify files and directories to monitor.
  • Control: Authorize changes by caller and attributes.
  • Protection: Tamper-proof systems and applications.

FIREWALL Protection

  • Traffic Control: Performs traditional firewall duties, allowing or denying traffic based on a set of predetermined rules.
  • Real-Time Source Monitoring: Only allows traffic from authorized applications, preventing unauthorized programs from making illegal outbound connections.


  • Attack Protection: Thwart buffer overflows, parser evasions, directory traversals, and many other attack types.
  • Pattern Detection: Block requests resembling attack patterns such as SQL injection, cross-site scripting, and more.
  • Zero-Day Protection: Eliminate the need for a database of attack signatures that requires regular updating.
  • Damage Prevention: Detect attacks and prevent unauthorized access and/or damage to the web server and host applications.
  • Application Support: Support and protect all common web-based applications, plus many third-party and custom applications.


PowerBroker Endpoint Protection Platform

PowerBroker Endpoint Protection Platform

Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Endpoint Protection Platform. PBEPP integrates multi-layered endpoint protection in a single, lightweight client to protect against known exploits, zero-day attacks, malware, and all other attack vectors. BeyondTrust’s award-winning endpoint protection solutions are available as standalone products or as key components for our Security In Context offerings.

On Demand Webinar: Because Auditing Stinks Sometimes


Auditing stinks. Well, mostly stinks. In this on demand webinar, lead by Group Policy MVP Jeremy Moskowitz, you’ll learn the three key tenets to real Group Policy auditing. Tenet 1: Why do you care about Group Policy auditing? Tenet 2: How does Eventing help you know “Who did what?” Tenet 3: How does Reporting tell you... more

Stopping the Skeleton Key Trojan


Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts. more

Our Newest Product Release: PowerBroker for Windows 6.0


We’re very excited to announce the release of PowerBroker for Windows 6.0, the industry’s first identity management solution able to leverage least privilege and vulnerability data scanned by the award winning Retina CS Threat Management Console. This allows our customers to take a system’s overall risk into context when deciding what level of privileges a user or... more

Internet Explorer 8 0day


Last week, news broke that the U.S. Department of Labor’s (DoL) website was compromised… and that it had been serving up Internet Explorer 0day to its visitors. This 0day, CVE-2013-1347 (Retina Audit 19041 – Microsoft Internet Explorer 8 Remote Code Execution Vulnerability (Zero-Day)), only affects Internet Explorer 8 on Windows XP, Vista, and Windows 7 (as well as Server 2003,... more

IT Security’s Best Kept Secret – Hiding in Plain Sight


This blog post was first posted on on January 22nd, 2013. It can be found, in it’s original formatting, here:               There’s a reason the old saying “an ounce of prevention is worth of a pound a cure” resonates in so many situations – because it’s true.... more

Just Released Blink 6.0: Advanced Endpoint Protection


It has been a long time since any vendor has introduced game changing features to end point protection solutions. We have seen claims of better anti-virus protection, advanced persistent threat protection (APT), and even claims of massive resource savings using their latest versions. BeyondTrust believes in a defense in depth approach to end point protection... more

The Value of a Zero-Day Vulnerability Assessment Scanner


Let’s assume your business is near perfect. You have a proven and reliable vulnerability management lifecycle in place and identification of vulnerabilities and patch remediation happens like clockwork. Finding lingering threats or missing patches is a rarity and even your endpoint protection solution never fails catching the latest malware. Like I said, a near perfect... more

The Retina Protection Agent


Traditional anti-virus solutions that rely on blacklisting malware are insufficient to protect today’s systems from the plethora of threats. Security vendors have evolved endpoint protection solutions to include firewalls, host-based intrusion prevention solutions, and even proactive application protection capabilities in order to defend against the evolving threat landscape. Unfortunately, many businesses still rely on anti-virus... more

See all PowerBroker Endpoint Protection Platform blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.


Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More

PowerBroker Identity Services

Quickly and easily integrate your Unix and Linux servers into your Active Directory infrastructure.

Learn More

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker for Unix & Linux

Quickly and easily manage root access on Unix and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Sudo

Centralized policy, logging and version control for sudo activities.

Learn More Request a Free Trial

PowerBroker for Mac

Enable standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our Unix/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial


A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial


Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More

PowerBroker Endpoint Protection Platform and BeyondInsight

PowerBroker Endpoint Protection Platform is part of the BeyondInsight IT Risk Management Platform, which unifies Retina CS Enterprise Vulnerability Management with available PowerBroker privileged account management solutions. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

PowerBroker Endpoint Protection Platform

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

PAM & VM For
Stronger IT Security