UNIX & Linux Privilege Management + Active Directory Bridging
Achieve compliance and improve efficiency in UNIX, Linux and Mac environments by implementing root account privilege and session management, integrating open systems into Active Directory, and utilizing Group Policy for consistent configuration management. Replace sudo in heavily regulated environments.
UNIX and Linux Compliance in the Data Center or the Cloud
PowerBroker Servers enables IT organizations to implement privileged access policy across UNIX, Linux and Mac environments, while centralizing management through Microsoft Active Directory and achieving consistent configuration with Group Policy. This centralized approach to managing privileged access in the virtual datacenter reduces complexity and cost, provides a secure alternative to sudo, and helps IT more efficiently demonstrate compliance.
- Enable users to perform specified administrative tasks without disclosing passwords
- Record and index all sessions for quick discovery during audits
- Enable users to leverage their AD credentials to access UNIX, Linux or Mac systems
- Attain consistent configuration by extending native group policy management tools to include settings for UNIX, Linux and Mac
- Consolidate directories to simplify management of complex environments
- Leverage across more than 30 different UNIX/Linux platforms
“With PowerBroker, we have better user engagement/ experience for our customers, along with better security.”Director of Site operations, XING
[Read the Case Study]
- Rely on Secure, Compliant Privilege Delegation
- Delegate privileges more securely than with sudo, without disclosing the root password on UNIX, Linux, and Mac OS X platforms. Monitor sessions with DVR-style recording for a complete audit trail.
- Extend Group Policy to Achieve Compliance
- Enable consistent configuration enterprise-wide by extending native Group Policy management tools to include specific group policy settings for UNIX, Linux and Mac. Supports compliance with SOX, PCI, HIPAA, and other regulations across all systems by replacing NIS with an Active Directory infrastructure.
- Leverage AD for Authentication and Authorization
- Centralize authentication and authorization to enable users to log into UNIX, Linux, or Mac systems using their Active Directory usernames and passwords. A single password policy set in Active Directory applies to all joined systems, including Kerberos SSO to SAP, Siebel, and other key enterprise applications.
- Consolidate or Migrate Directories
- Facilitate migration from multiple authentication mechanisms, identities, and directories to a single Active Directory-based infrastructure for all systems and users. This centralizes control and speeds user onboarding and offboarding. PowerBroker Identity Services provides a pluggable framework with an interface similar to Microsoft's Management Console on Linux or Mac OS X.
- Empower administrators: Provides a single, familiar tool set to manage both Windows and UNIX systems.
- Replace sudo: Granularly controls user access to programs, files, and directories as well as brokering system tasks, without sudo.
- Robust: Supports flexible integration scenarios with Active Directory and other directory services, from basic authentication enablement to storage and lookup of PowerBroker policy data.
- Secure logging: Centralized log data facilitates controlled access to session activity information.
- Simplify policy management: Centralized policy store enables a single control point for managing user privileges.
- Achieve compliance: Quickly meets access/authorization regulations as described in SOX, HIPAA, GLBA, PCI DSS, FDCC and FISMA.
- Group policy: Enables one-to-many management of UNIX, Linux, and Mac OS X configuration settings.
- Track activity: Time-stamped logs for every administrative, user-level, and application activity ensures that no suspicious activity goes unnoticed.
PowerBroker Servers Enterprise
Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Servers Enterprise. PowerBroker Servers Enterprise enables centralized management of your Linux and UNIX users, groups and computers with powerful integration with Microsoft Active Directory. PowerBroker protects against intentional or accidental misuse of privilege that would otherwise allow insiders and hackers to facilitate attacks executing privileged commands.
XING Improves Security and Transparency of Access Rights with PowerBroker
Read this Case Study of Xing's implementation PowerBroker Servers. XING is a social network for business professionals. With PowerBroker they improved overall security, supported an increase in the level of privileged accounts and enabled a less time-consuming process.
A Smooth Road to Compliance for a Large Health Plan
As a UNIX shop, this large health company also needed a solution that could perform the deep, credentialed scans required for real protection from vulnerabilities, while also protecting the system’s root password.
In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report... more
Windows doesn’t make least privilege easy Enforcing least-privilege access policies on Windows has never been easy – especially given some fundamental flaws have haunted the OS since the mid-1990s. Consider the following permissions issues: Windows 95 and 98 had a logon screen and could even be joined to the domain, but users could bypass the prompt... more
Accelerate and Simplify Deployment of PowerBroker Privilege Management Solutions with Oracle VM Templates
On April 17th, Oracle and BeyondTrust experts Doan Nguyen and Paul Harper shared how leveraging Oracle VM Templates can automate and simplify the deployment of the PowerBroker for UNIX & Linux privilege management solution across your IT environment. See below for an embedded, on-demand recording of the webcast. Oracle and BeyondTrust Team Up The partnership... more
This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product. With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API. The Web Services interface implemented by BeyondTrust is an industry standard that... more
The 5 Things Every Linux Administrator Should (and Should Not) Do When It Comes to Privileged Account Management
When it comes to privileged account management the list of things an administrator can do to protect their environment is seemingly never ending. Last week we hosted a webinar with Oracle Linux and presented a list of 5 things every Linux administrator should, and should not, do when managing privileged accounts. Given the current security... more
Did you know that 40% of employees have unnecessary access rights? What about that over 25% of employees admitted to having retrieved information not relevant to their job like financial, reports, salary info, HR and personnel docs? Now have I caught your attention? As our latest security survey proves, insider threats continue to be a... more
We are very excited for the announcement of our latest release of PowerBroker Identity Services 7.5, the industry’s most effective solution for bridging Linux, UNIX and Mac OS X assets into Active Directory. This latest update provides the strongest communications encryption to date, as well as the utmost flexibility with regards to event notification and management.... more
When reading a recent article in the USA Today about how Edward Snowden, a former Booz Allen Hamilton employee and NSA contractor, was able to steal sensitive data via non-specific vectors, I was reminded of the illusion that threats are predominately external to organizations. Even though we might not know exactly how Snowden was able to... more
No one will dispute that Oracle is a heavyweight when it comes to the relational database market, but Oracle is far more than a one trick pony. Oracle has a plethora of enterprise products and hardware solutions that will fit the needs of almost any business. However the key to success for many of the... more
A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which... moreSee all PowerBroker Servers Enterprise blog posts
PowerBroker Servers Enterprise is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:
- Centralized solution management and control via common dashboards
- Asset discovery, profiling and grouping
- Reporting and analytics
- Workflow and ticketing
- Data sharing between Retina and PowerBroker solutions
The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.