Beyondtrust

PowerBroker Password Safe:
Privileged Password and Privileged Session Management

Control and audit access to privileged accounts such as shared administrative accounts, application accounts,
local administrative accounts, service accounts, database accounts, devices and SSH keys.

Secure Privileged Password Management and Privileged Session Management

PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys. Password Safe offers multiple deployment options and broad and adaptive device support.

  • Secure and automate the process for managing privileged account passwords and SSH keys
  • Control how people, services, applications and scripts access credentials
  • Auto-logon users onto RDP and SSH sessions, without revealing the passwords
  • Record all user and administrator activity in a comprehensive audit trail
  • Alert in real-time as passwords are released and privileged session activity is started
PowerBroker Password Safe: Privileged Password and Session Management

PowerBroker Password Safe product architecture

Frost & Sullivan 2014 PowerBroker Password Safe Product Review

"BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords."

Frost & Sullivan [full product review]
Network-Based Asset Discovery
Network-Based Asset Discovery Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.
Dynamic Rules and Asset Groupings
Dynamic Rules and Asset Groupings Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.
Simplified SSH Key Management
Simplified SSH Key Management Automatically rotate SSH keys according to a defined schedule and enforce granular access control and workflow. Private keys stored in Password Safe can be leveraged to automatically log users onto UNIX or Linux systems through the proxy with no user exposure to the key with full privileged session recording.
Agentless Privileged Session Management
Agentless Privileged Session Management Password Safe Privileged Session Management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java.
Threat Analytics and Reporting
Threat Analytics and Reporting The patent-pending BeyondInsight Clarity Threat Analytics engine analyzes privileged password, user and account behavior, with BeyondInsight serving as a central data warehouse for management, policy and reporting.
Application Password Management
Application Password ManagementEliminate hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe helps get control over scripts, files, code and embedded keys.

Discovery and Profiling

  • Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
  • Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.

Password Protection & Key Rotation

  • Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
  • Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
  • Eliminate application credentials: Get control over scripts, files, code and embedded keys.
  • Ensure password strength: Define and enforce password policy to meet any complexity requirement.
  • Eliminate old passwords: Analyze password ages and proactively report policy violations.
  • Identify potential backdoors: Identify uncontrolled privileged accounts.
  • Solve the problem of remote and mobile users: Utilize PowerBroker for Windows as an agent to update passwords on remote and mobile devices.

Privileged Session Monitoring, Auditing and Reporting

  • Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP - without the need for Java.
  • Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
  • Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.

Workflow

  • Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
  • Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
  • Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.

Deployment

  • One tool to deploy: Realize the benefit of a single solution for both password and privileged session management.
  • Simplify deployment: Implement hardware appliances, virtual appliances, or software.
  • Speed user adoption: Provide a modern, HTML-5 requester interface – no Javascript or agents required.
  • Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.

Security and Uptime

  • Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/SSLv3 communications.
  • Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Clarity Threat Analytics.
  • Increase uptime: Deploy appliance pairs and replicate settings for high availability.

Datasheet

PowerBroker Password Safe

PowerBroker Password Safe

Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Password Safe. BeyondTrust PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. The solution simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

Documentation

PowerBroker Password Safe 5.5 New and Updated Features

PowerBroker Password Safe 5.5 New and Updated Features

This document reviews the product updates included in the latest version of PowerBroker Password Safe. With PowerBroker Password Safe 5.5, BeyondInsight now supports data feeds from PowerBroker Password Safe, which enables the patent-pending Clarity Threat Analytics engine to analyze privileged password, user and account behavior. Other updates include simplified SSH key management, dedicated user account mapping and many other enhancements.

Documentation

PowerBroker Password Safe Report Book

PowerBroker Password Safe Report Book

This document provides an overview of the powerful reporting capabilities in PowerBroker Password Safe via BeyondInsight Analytics and Reporting. BeyondInsight is BeyondTrust’s centralized IT risk management platform, which is included with all licenses of Password Safe. The sample reports included here represent a fraction of the capabilities the reporting engine is designed to accommodate for your daily operations.

White Paper

BeyondTrust PowerBroker Password Safe: A Frost & Sullivan Product Review

BeyondTrust PowerBroker Password Safe: A Frost & Sullivan Product Review

Read Frost & Sullivan’s review of Password Safe. "BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords. ...Frost & Sullivan endorses PowerBroker Password Safe."

Case Study

DCI Exceeds Compliance Requirements for Privilege and Password Management

DCI Exceeds Compliance Requirements for Privilege and Password Management

DCI implements PowerBroker Unix & Linux and PowerBroker Password Safe to meet immediate compliance needs, while future-proofing their processes for upcoming financial services regulations.

PowerBroker Password Safe 5.5: Advanced Threat Analytics and Simplified SSH Key Management

4/8/2015

BeyondTrust has released version 5.5 of PowerBroker Password Safe, our solution for automating privileged password and privileged session management. This new release features some exciting enhancements – especially around threat analytics and SSH key management. Read on for more. more

On-Demand Webinar: The Dark and Bright Side of Enterprise Password Management

3/12/2015

New webinar featuring Security Expert MVP, Paula Januszkiewicz in a discussion on Enterprise Password Management. more

Overcoming the One Fatal Flaw of Enterprise Password Management

2/9/2015

There are a wide variety of enterprise password management products available in the market – from high availability enterprise solutions to personal desktop tools. These products are delivered by vendors such as BeyondTrust and others like CyberArk, Thycotic, LastPass, and even Apple’s Keychain. The goal of all of these solutions is to simplify the storage,... more

Advanced Threat Analytics Reveals Hidden Risks: Introducing BeyondInsight Clarity

2/3/2015

BeyondInsight Clarity, now shipping standard with BeyondInsight v5.4, enables our customers to detect critical IT security threats previously lost amidst volumes of data, while identifying specific users, accounts and assets exhibiting patterns of risky activity. more

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

11/20/2014

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices... more

Introducing BeyondInsight v5.3: Delivering New Levels of Threat Analytics

11/4/2014

Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in BeyondInsight. With the release of BeyondInsight v5.3, BeyondTrust solutions that come equipped with the centralized BeyondInsight management, analytics and reporting console now benefit from several additional platform... more

7 Reasons Customers Switch to Password Safe for Privileged Password Management

9/24/2014

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,... more

You Change Your Oil Regularly; Why Not Your Passwords?

9/11/2014

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods... more

Failing the Security Basics: Backoff Point-of-Sale Malware

8/22/2014

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others.... more

Integrating Least Privilege and Password Management to Solve Account Security Challenges

7/24/2014

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:... more

See all PowerBroker Password Safe blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.

DATASHEET VMWARE SURVEY Watch Video

Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More Request a Free Trial

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More Request a Free Trial

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More Request a Free Trial

PowerBroker Identity Services

Quickly and easily integrate your Linux and UNIX servers into your Active Directory infrastructure.

Learn More Request a Free Trial

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our UNIX/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial

BeyondSaaS

A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial

BeyondInsight

Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More

BeyondInsight Built-In

PowerBroker Password Safe is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

PowerBroker Password Safe + BeyondInsight

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

Fusing
PAM & VM For
Stronger IT Security