Beyondtrust

PowerBroker Password Safe:
Privileged Password and Session Management

Control and audit access to privileged accounts such as shared administrative accounts, application accounts,
and local administrative accounts.

Easy and Secure Password and Session Management

PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. Password Safe is easily deployable and offers broad and adaptive device support. The solution even simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

  • Secure and automate the process for managing privileged account passwords
  • Control how people, services, applications and scripts access credentials
  • Auto-logon users onto RDP and SSH sessions, without revealing the passwords
  • Record all user and administrator activity in a comprehensive audit trail
  • Alert in real-time as passwords are released and session activity is started
PowerBroker Password Safe Product Architecture

PowerBroker Password Safe product architecture

Frost & Sullivan 2014 PowerBroker Password Safe Product Review

"BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords."

Frost & Sullivan [full product review]
Network-Based Asset Discovery
Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.
Dynamic Rules and Asset Groupings
Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.
Agentless Session Management
Password Safe Session Management using standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java.
Analytics and Reporting
The BeyondInsight data warehouse enables you to collect, correlate, trend and analyze key metrics. Built-in reports, such as the Password Age report, identify areas that require action. You can also customize reports to meet specific business needs.

Discovery and Profiling

  • Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
  • Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.

Password Protection

  • Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
  • Ensure password strength: Define and enforce password policy to meet any complexity requirement.
  • Eliminate old passwords: Analyze password ages and proactively report policy violations.
  • Identify potential backdoors: Identify uncontrolled privileged accounts.

Session Monitoring, Auditing and Reporting

  • Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP.
  • Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
  • Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.

Workflow

  • Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
  • Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
  • Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.

Deployment

  • Simplify deployment: Implement hardware appliances, virtual appliances, or both.
  • Speed user adoption: Provide a modern, HTML-5 requester interface – no Javascript or agents required.
  • Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.

Security and Uptime

  • Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/SSLv3 communications.
  • Understand asset risk: Review an asset’s vulnerability profile and understand security exposures prior to granting access.
  • Increase uptime: Deploy appliance pairs and replicate settings for high availability.

Datasheet

PowerBroker Password Safe

PowerBroker Password Safe

Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Password Safe. BeyondTrust PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. The solution simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

Documentation

PowerBroker Password Safe 5.2 New and Updated Features

PowerBroker Password Safe 5.2 New and Updated Features

This document reviews the product updates included in the latest version of PowerBroker Password Safe. With PowerBroker Password Safe 5.2, BeyondTrust integrates its leading privileged password management solution with the BeyondInsight IT Risk Management Platform. Included standard with version 5.2, BeyondInsight extends Password Safe’s robust access control and session monitoring capabilities with best-in-class discovery, reporting and analytics capabilities

Documentation

PowerBroker Password Safe Report Book

PowerBroker Password Safe Report Book

This document provides an overview of the powerful reporting capabilities in PowerBroker Password Safe via BeyondInsight Analytics and Reporting. BeyondInsight is BeyondTrust’s centralized IT risk management platform, which is included with all licenses of Password Safe. The sample reports included here represent a fraction of the capabilities the reporting engine is designed to accommodate for your daily operations.

White Paper

BeyondTrust PowerBroker Password Safe: A Frost & Sullivan Product Review

BeyondTrust PowerBroker Password Safe: A Frost & Sullivan Product Review

Read Frost & Sullivan’s review of Password Safe. "BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords. ...Frost & Sullivan endorses PowerBroker Password Safe."

Case Study

DCI Exceeds Compliance Requirements for Privilege and Password Management

DCI Exceeds Compliance Requirements for Privilege and Password Management

DCI implements PowerBroker Unix & Linux and PowerBroker Password Safe to meet immediate compliance needs, while future-proofing their processes for upcoming financial services regulations.

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

11/20/2014

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices... more

Introducing BeyondInsight v5.3: Delivering New Levels of Threat Analytics

11/4/2014

Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in BeyondInsight. With the release of BeyondInsight v5.3, BeyondTrust solutions that come equipped with the centralized BeyondInsight management, analytics and reporting console now benefit from several additional platform... more

7 Reasons Customers Switch to Password Safe for Privileged Password Management

9/24/2014

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,... more

You Change Your Oil Regularly; Why Not Your Passwords?

9/11/2014

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods... more

Failing the Security Basics: Backoff Point-of-Sale Malware

8/22/2014

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others.... more

Integrating Least Privilege and Password Management to Solve Account Security Challenges

7/24/2014

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:... more

Reshaping Privileged Password Management with Password Safe 5.2

7/21/2014

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of... more

What to Look for in a Privileged Password Management Solution: Frost & Sullivan’s Review of PowerBroker Password Safe

6/11/2014

It wasn’t long ago that most organizations focused their privileged password management efforts on small subsets of critical servers and applications. Today, given the ever-present need to secure information, applications and assets, we’re seeing expansion of the password management footprint across servers at both smaller firms and larger enterprises alike. Whether to meet regulatory requirements, tighten... more

Top 10 Reasons You Need Privileged Account Management Now

7/29/2013

Don’t under estimate the complexity organizations face with managing and sharing access to privileged accounts. BeyondTrust has a wide variety of solutions that address the various challenges of privileged accounts.  Here are 10 key reasons our customers need and value the PowerBroker Password Safe solution: 1. EVERYONE has trouble managing privileged passwords – While some... more

See all PowerBroker Password Safe blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.

DATASHEET VMWARE SURVEY Watch Video

Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More Request a Free Trial

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More Request a Free Trial

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More Request a Free Trial

PowerBroker Identity Services

Quickly and easily integrate your Linux and UNIX servers into your Active Directory infrastructure.

Learn More Request a Free Trial

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our UNIX/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial

BeyondSaaS

A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial

BeyondInsight

Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More

BeyondInsight Built-In

PowerBroker Password Safe is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

PowerBroker Password Safe + BeyondInsight

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

Fusing
PAM & VM For
Stronger IT Security