PowerBroker Password Safe:
Privileged Password and Privileged Session Management
Control and audit access to privileged accounts such as shared administrative accounts, application accounts,
local administrative accounts, service accounts, database accounts, devices and SSH keys.
Secure Privileged Password Management and Privileged Session Management
PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys. Password Safe offers multiple deployment options and broad and adaptive device support.
- Secure and automate the process for managing privileged account passwords and SSH keys
- Control how people, services, applications and scripts access credentials
- Auto-logon users onto RDP and SSH sessions, without revealing the passwords
- Record all user and administrator activity in a comprehensive audit trail
- Alert in real-time as passwords are released and privileged session activity is started
"BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords."Frost & Sullivan [full product review]
- Network-Based Asset Discovery
- Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.
- Dynamic Rules and Asset Groupings
- Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.
- Simplified SSH Key Management
- Automatically rotate SSH keys according to a defined schedule and enforce granular access control and workflow. Private keys stored in Password Safe can be leveraged to automatically log users onto Unix or Linux systems through the proxy with no user exposure to the key with full privileged session recording.
- Agentless Privileged Session Management
- Password Safe Privileged Session Management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java.
- Threat Analytics and Reporting
- The patent-pending BeyondInsight Clarity Threat Analytics engine analyzes privileged password, user and account behavior, with BeyondInsight serving as a central data warehouse for management, policy and reporting.
- Application Password Management
- Eliminate hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe helps get control over scripts, files, code and embedded keys.
Discovery and Profiling
- Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
- Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.
Password Protection & Key Rotation
- Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
- Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
- Eliminate application credentials: Get control over scripts, files, code and embedded keys.
- Ensure password strength: Define and enforce password policy to meet any complexity requirement.
- Eliminate old passwords: Analyze password ages and proactively report policy violations.
- Identify potential backdoors: Identify uncontrolled privileged accounts.
- Solve the problem of remote and mobile users: Utilize PowerBroker for Windows as an agent to update passwords on remote and mobile devices.
Privileged Session Monitoring, Auditing and Reporting
- Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP - without the need for Java.
- Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
- Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.
- Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
- Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
- Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.
- One tool to deploy: Realize the benefit of a single solution for both password and privileged session management.
- Simplify deployment: Implement hardware appliances, virtual appliances, or software.
- Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.
Security and Uptime
- Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/SSLv3 communications.
- Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Clarity Threat Analytics.
- Increase uptime: Deploy appliance pairs and replicate settings for high availability.
PowerBroker Password Safe
Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Password Safe. BeyondTrust PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. The solution simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).
PowerBroker Password Safe 5.5 New and Updated Features
This document reviews the product updates included in the latest version of PowerBroker Password Safe. With PowerBroker Password Safe 5.5, BeyondInsight now supports data feeds from PowerBroker Password Safe, which enables the patent-pending Clarity Threat Analytics engine to analyze privileged password, user and account behavior. Other updates include simplified SSH key management, dedicated user account mapping and many other enhancements.
PowerBroker Password Safe Report Book
This document provides an overview of the powerful reporting capabilities in PowerBroker Password Safe via BeyondInsight Analytics and Reporting. BeyondInsight is BeyondTrust’s centralized IT risk management platform, which is included with all licenses of Password Safe. The sample reports included here represent a fraction of the capabilities the reporting engine is designed to accommodate for your daily operations.
BeyondTrust PowerBroker Password Safe: A Frost & Sullivan Product Review
Read Frost & Sullivan’s review of Password Safe. "BeyondTrust PowerBroker Password Safe is a solid tool for the secure procurement and dissemination of passwords. ...Frost & Sullivan endorses PowerBroker Password Safe."
DCI Exceeds Compliance Requirements for Privilege and Password Management
DCI implements PowerBroker for Unix & Linux and PowerBroker Password Safe to meet immediate compliance needs, while future-proofing their processes for upcoming financial services regulations.
LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more. more
It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. more
There is one thing that should change more frequently than the weather: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations, and you don’t have a process to control those accounts. more
BeyondTrust has released version 5.5 of PowerBroker Password Safe, our solution for automating privileged password and privileged session management. This new release features some exciting enhancements – especially around threat analytics and SSH key management. Read on for more. more
New webinar featuring Security Expert MVP, Paula Januszkiewicz in a discussion on Enterprise Password Management. more
There are a wide variety of enterprise password management products available in the market – from high availability enterprise solutions to personal desktop tools. These products are delivered by vendors such as BeyondTrust and others like CyberArk, Thycotic, LastPass, and even Apple’s Keychain. The goal of all of these solutions is to simplify the storage,... more
BeyondInsight Clarity, now shipping standard with BeyondInsight v5.4, enables our customers to detect critical IT security threats previously lost amidst volumes of data, while identifying specific users, accounts and assets exhibiting patterns of risky activity. more
Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability
How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices... more
Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in BeyondInsight. With the release of BeyondInsight v5.3, BeyondTrust solutions that come equipped with the centralized BeyondInsight management, analytics and reporting console now benefit from several additional platform... more
At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others.... moreSee all PowerBroker Password Safe blog posts
PowerBroker Password Safe is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:
- Centralized solution management and control via common dashboards
- Asset discovery, profiling and grouping
- Reporting and analytics
- Workflow and ticketing
- Data sharing between Retina and PowerBroker solutions
The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.