BeyondTrust White Papers and Resources

Our security experts have compiled a plethora of resources together to help you get more value out
of BeyondTrust products and solutions.


SWOT Assessment: BeyondTrust – The BeyondInsight and PowerBroker Platform

Read Ovum's SWOT Assessment, an honest and thorough review of BeyondTrust's Privilege Account Management solutions. This paper analyzes the strengths, weaknesses, opportunities, and threats in the PAM space.

Understanding BeyondTrust Patch Management

Retina CS facilitates both Microsoft and third party patching by integrating with Microsoft Windows Server Update Services (WSUS). Retina CS utilizes WSUS as the patching engine and effectively becomes a management console to WSUS. Familiarity with WSUS is necessary to fully understand the Retina CS integration.

Four Best Practices for Passing Privileged Account Audits

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. While the list of specific audit requirements can seemingly go on forever, implementing the four best practices discussed in this white paper will ensure that you pass your privilege management audits 99% of the time.

Application Control: The PowerBroker for Windows Difference

Application control solutions are designed to block the execution of unauthorized applications. PowerBroker for Windows is the next-generation solution for application control. When integrated with Windows, application privileges are simply controlled with just a few rules.

BeyondTrust and the Monetary Authority of Singapore's Technology Risk Management Guidelines

Effective as of July 2014, the Monetary Authority of Singapore (MAS) has imposed updated Technology Risk Management (TRM) Guidelines on all financial institutions that have any form of operations in the territory, no matter where in the world they are based. This Bloor solutions paper details how BeyondTrust's product suite can help financial institutions achieve compliance.

Mitigating the Risks of Privilege-based Attacks in Federal Agencies

This document provides an overview of BeyondTrust's powerful compliance and risk management solutions, with specific details concerning the needs of U.S. government agencies.

Solutions Overview: The Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions

The Australian Signals Directorate has developed a list of strategies to mitigate targeted cyber intrusions developed through ASD’s extensive experience in operational cyber security. This document provides an overview of the recommendations revised in 2014 in relation to BeyondTrust’s Privileged Account Management (PAM) and Vulnerability Management (VM) solutions.

PowerBroker for Windows: Desktop and Server Use Cases

Learn about the day-to-day advantages of implementing least privilege throughout your organization with PowerBroker for Windows. This white paper includes specific use case for PowerBroker for Windows implementations on both desktops and servers, including increased detail regarding privileged accounts.

Fusing Vulnerability Data and Actionable User Intelligence

BeyondTrust joins asset and user information in one platform, allowing IT and Security teams to have one lens through which to view risk. This puts events in context and enables joint decision-making within your IT organization, ensuring daily operations are guided by common goals for reducing risk.

Frost & Sullivan Review: PowerBroker Password Safe

Password theft and loose password protocols leave companies vulnerable to insider attacks or to external attacks that leverage insider credentials. Learn how Password Safe can help you mitigate these threats.

The Three States of a Vulnerability: Vulnerability Classifications Beyond Risk

This white paper discusses three potential states for vulnerabilities — active, dormant and carrier — and the business ramifications of remediation strategies. The paper also briefly introduces some new technologies in Retina and PowerBroker that address each vulnerability state.

Identifying and Mitigating IT Risk with the Top 20 Critical Security Controls

The Top 20 Critical Controls are designed to stop the cycle of compromise and privilege escalation before it can begin. BeyondTrust software solutions address several of the Critical Security Controls, namely those designed to mitigate threats to assets and users in IT environments.

BeyondTrust Addendum to VMware Solution Guide for the Health Insurance Portability and Accountability Act (HIPAA)

Organizations migrating physical server infrastructure to virtual platforms often find that virtual hosts and guests can present new security risks and compliance violations. Without proper security policies and tools, these risks can outweigh the cost reduction and efficiency benefits offered by virtualization strategies. BeyondTrust security solutions enable your organization to adopt best practices for virtual platform security while addressing key mandates outlined by HIPAA.

BeyondTrust Addendum to VMware Solution Guide for the Payment Card Industry Data Security Standard (PCI DSS)

Organizations migrating physical server infrastructure to virtual platforms often find that virtual hosts and guests can present new security risks and compliance violations. Without proper security policies and tools, these risks can outweigh the cost reduction and efficiency benefits offered by virtualization strategies. BeyondTrust security solutions enable your organization to adopt best practices for virtual platform security while addressing key mandates outlined by the Payment Card Industry Data Security Standard.

BeyondTrust Solution Overview: Monetary Authority of Singapore

. In June 2013, the Monetary Authority of Singapore created a new set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandated certain requirements for Technology Risk Management (TRM) and also contained a set of guidelines (TRM Guidelines) and errata notices (TRM Notices). BeyondTrust supports these four practice areas. This white paper discusses BeyondTrust solutions and the sections of MAS TRM Guidelines that are covered with this technology.

PowerBroker for Windows: Risk Compliance

BeyondTrust has developed patent-pending technology to fuse the risk of vulnerable applications, application control, regulatory compliance, and least privilege into the next generation of endpoint security solutions. This fusion addresses the concerns of whitelisting vulnerable applications and can match application privileges and runtime operations to regulatory compliance requirements based on abstract and industry standard risk concepts.

Computer Security and Compliance in the Federal Government

The Federal Information Security Management Act of 2002 requires federal agencies to report on the state of their information security. The United States Office of Management and Budget released a reporting tool called CyberScope in 2009 to assist these agencies in meeting FISMA reporting requirements. CyberScope attempts to correct previous deficiencies and streamline the FISMA reporting process. BeyondTrust offers products that allow organizations to comply with these requirements and support directives used to comply with FISMA requirements such as FDCC, SCAP and DIACAP.

Context Aware Security Intelligence

"In a world where rapid IT expansion must adapt to the requirements of cloud computing amid the risks of increasingly sophisticated cybercrime, enterprises of all sizes are rethinking their IT security. Gartner has predicted that one of the newest preferred methods of implementing IT security will be through the use of a context-aware methodology. Many security focused companies are currently in the conceptual and design phases of context aware security. BeyondTrust, though, is the only security solution vendor actually providing Context-Aware Security Intelligence today.

Take Back Control of Your Active Directory Auditing

Every organization needs to have management tools that allow them seamless control over all aspects of their Active Directory environment. Uptime is extremely important for every organization and every minute that Active Directory is not functioning properly could cause a financial loss. Administrators need tools that can provide them with insight into when Active Directory is changed, objects modified or deleted, so they can take quick and efficient action if the change is in error. PowerBroker Auditor for Active Directory provides this integration of real-time auditing of changes to all Active Directory objects, along with the ability to rollback any changed or deleted object efficiently and with great precision.

Three Ways to Secure Virtual Apps

The popularity of virtual applications has increased exponentially; however, the architecture and deployment of virtual applications are difficult to manage for traditional vulnerability management solutions. This guide examines challenges of scanning and detecting virtual app vulnerabilities and details how Retina ensures virtual apps are part of your standard vulnerability management processes.

Simplifying the Challenges of Mobile Device Security

Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware on phones and tablets continues to increase at rapid rates. Leaving mobile security out of your integrated security strategy opens your network to security breaches, data loss, intellectual property theft, and regulatory compliance issues.

Headlines Versus Reality: Survey Report How Do IT Security Professionals Prioritize?

In BeyondTrust’s latest survey of its customers and prospects, the company learned that cyber threats that don’t make headlines are in fact the ones causing concern for IT security professionals. The survey, which polled 1677 respondents, demonstrated that headline-driving attacks are not what keep IT security professionals or executives up at night. In fact, findings revealed that 55 percent of respondents viewed common malware and spyware as the number-one threat to their organizations.

BeyondTrust Research Report: In Configuration We Trust

"In Configuration We Trust" offers simple, practical steps to dramatically improve security posture without investing in new technology. This report from the BeyondTrust Research Team offers configuration best practices related to VLANs and IPSec, proxies, disabling WebDAV, as well as insights on why organizations should upgrade their Microsoft software, how to best utilize penetration testing, and more. Download this white paper and receive a free configuration check tool.

Reduce the Cost of PCI DSS Compliance with Unified Vulnerability Management: A Requirement-by-Requirement Guide

In this guide, you'll learn how to cut the cost and time-investment of PCI compliance using powerful new Unified Vulnerability Management capabilities. Get requirement-specific methods to ensure that you meet compliance and keep sensitive information fully protected.

Avoiding the Top 5 Vulnerability Management Mistakes

In this guide, you'll learn how to avoid the top five vulnerability management mistakes to protect critical IT assets and improve your security posture, while reducing costs.

Best Practices for Securing Remote and Mobile Devices

The number of mobile and remote workers has exploded over the past few years. So have the security risks they pose and once these vulnerable employees re-connect they pose a growing threat to your corporate network. This solution brief outlines how an endpoint intrusion prevention and scan-on-connect solution can enable you to secure mobile and remote machines, and your corporate network, from today’s most sophisticated and blended threats.

Analyzing the Accuracy and Time Costs of Web Application Security Scanners

This paper focuses on the accuracy and time needed to run, review and supplement the results of the web application Scanners and is a follow-on study to a October 2007 study, "Analyzing the Effectiveness and Coverage of Web Application Security Scanners."

Analyzing the Effectiveness and Coverage of Web Application Security Scanners

This paper summarizes the studies of web application scanners and an attempt to quantify their effectiveness done by Larry Suto, Application Security Consultant from San Francisco. This study utilizes a novel methodology developed to objectively test the three leading web application vulnerability assessment tools. So far as the author knows, this is the first publicly published study that statistically evaluates application coverage and vulnerability findings by these tools.

The Need for Vulnerability Assessment and Remediation: What My CIO Needs to Know

Implementing a vulnerability management process is critical to protecting any business from harmful attacks. This white papers examines the importance of vulnerability assessment and the common myths surrounding security protection.

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

This paper discusses different scanning techniques and the benefit of using non-intrusive methods for regular vulnerability assessments and more hostile measures for specific environments.

What Every CIO Needs To Know About HIPAA Compliance

HIPAA regulations require healthcare companies to develop, implement and document the measures they take to ensure that health information remains secure under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is intended to protect and simplify the exchange of healthcare data nationwide.

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Compliance with HIPAA is a federal law and violators face up to $250,000 in fines and jail time of up to 10 years. This white paper examines how a vulnerability assessment solution, such as the Retina Network Security Scanner, is key to attaining compliance.

SecureIIS: Web Server Protection Guarding Microsoft Web Servers

"The amount of money we spent on SecureIIS is a fraction of what we would have invested in salaries just to keep up with patch management" - Rebecca Ryder, BRTRC. Learn how today’s businesses require an added layer of protection to ensure that their Microsoft IIS Web Servers remain running without interruption.

Continuous Monitoring with Retina in the Federal Government

The United States government passed the Federal Information Security Management Act in 2002, which requires federal agencies to provide reports on their information systems. The National Institute of Standards and Technology has published Special Publication 800-53, which further details the requirements that federal agencies must meet regarding their information systems.

In this paper, learn how BeyondTrust provides a variety of software solutions that meet these federal requirements. Retina is a platform that provides centralized control over a suite of applications which perform vulnerability management and other functions related to system security.

Elevate cloud security with privilege delegation

In this article, the author discusses the needs that drive migration of data centers into the cloud, details the role of virtualization in both public and private cloud infrastructures, and outlines the security and compliance implications of cloud computing in order to provide insight into the protection of sensitive data in the cloud through "administrative access" and "privileged delegation."

A Data Center's Journey into the Cloud

This white paper discusses the drivers for data centers moving to the cloud, the role of virtualization in both public and private cloud infrastructures and outlines the security and compliance implications of cloud computing - providing insight into the protection of sensitive data in the cloud via administrative access and privileged delegation.

Securing Privilege Delegation in Public and Private Cloud Computing Infrastructures

This white paper discusses the drivers for data centers moving to the cloud, the role of virtualization in both public and private cloud infrastructures and outlines the security and compliance implications of cloud computing - providing insight into the protection of sensitive data in the cloud via administrative access and privileged delegation.

IDC Vendor Profile Profiles BeyondTrust

This IDC Vendor Profile profiles BeyondTrust, a market leader in the Privileged Account Management (PAM) space. In this Vendor Profile, IDC defines the market drivers for PAM technology and outlines the BeyondTrust approach to solving this issue for both enterprise and government entities.

Challenges of Managing Privileged Access

This white paper discusses the goals and challenges of creating a privileged access management program for your Windows desktops and servers in an enterprise environment. Privileged access is a key issue these days, especially on desktops, for which an over-privileged user can be a weapon of destruction on your internal network if they inadvertently download and install malware.

Compelling Reasons for Least Privilege

This white paper discusses the best practice strategies enterprises can use to move a user to a least privilege environment, where they do not have local administrative privileges. By implementing least privilege, your enterprise can save money in many different ways, not to mention downtime, helpdesk cycles, and loss of money due to incorrect desktop configurations performed by the user.

Privilege. Made Simple - Privileged Account Management (PAM) Demystified

In an effort to improve business security, compliance and productivity, privilege authorization policies must be redesigned and user permissions for more granularly managed. Yet Identity and Access Management (IAM) solutions have remained largely unchanged. Traditional solutions account for a significant part of the total cost of IAM, a staggering amount when you consider that these solutions fail to control superuser access to critical servers and fail to enable desktop users to effectively perform their job.

Privileged Access Life-Cycle Management How PALM Enables Security, Compliance, and Efficiency for Enterprise IT

Strengthening security, maintaining compliance, and achieving efficiencies and economies of scale are top-of-mind issues for enterprise IT executives. In this paper, IDC examines the role of Identity and Access Management (IAM) solutions in addressing these needs and specifically looks at the role Privileged Access Life-Cycle Management (PALM) can play in helping heterogeneous organizations proactively refine their strategies regarding privileged access management controls, cross-platform monitoring, and automated workflow capabilities.

Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

As Windows grew to fill roles in larger networks, both the OS and the server products built upon it did not always evolve to include more granular permission structures for administrators. The result has been an industry that, in general, relies on fully-privileged administrator accounts to accomplish even minor administrative tasks. We know it is a poor practice, but what else can we do?

Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux

This white paper highlights recommended steps to successfully implement automated policy management processes within UNIX/Linux systems using the privileged access lifecycle management framework. Lastly, we will focus on PSMC, the unifying platform solution to centralize policies, reporting and workflow engines, and deliver higher manageability, security and compliance capabilities.

BeyondTrust 2010 sudo Vulnerability Analysis

This BeyondTrust report investigates all vulnerabilities published by The National Institute of Standards and Technology (NIST) sudo Security Bulletins. It reports on vulnerabilities that are mitigated by configuring users to operate without the root password to UNIX and Linux operating systems.

How PowerBroker Password Safe Supports HIPAA Compliance

This document explains how PowerBroker Password Safe, a hardened appliance that provides secure storage and access for administrative passwords and encryption keys and certificates can help organizations comply with the HIPAA Final Security Rule.

Just How Secure is Your Sudo

This white paper will touch on the good, the bad, and the ugly of Open Source Privileged Account Management (PAM) systems and when it''s appropriate to deploy an Enterprise-ready solution.

BeyondTrust PowerBroker Root Access Risk Control for the Enterprise

Compliance efforts and security concerns have driven businesses to make substantial investments in threat control. Too often, however, these efforts pay far too little heed to the risks posed by poorly controlled access to administrative privilege in IT, which can have a hugely disproportionate impact on the business.

The Pursuit of a Standardized Solution for Secure Enterprise RBAC

Using PowerBroker Servers to implement role-based access control allows an organization to efficiently deploy key security and compliance requirements not always found in operating system (OS) RBAC implementations, including separation of duties and audit trails.

PCI DSS Compliance in the UNIX/Linux Datacenter Environment

This document explains how BeyondTrust PowerBroker supports the Payment Card Industry Data Security Standard (PCI DSS) by limiting and tracking authorization to execute commands and programs that access servers and applications storing and using proprietary cardholder.

Meeting the Access Security Requirements Of Sec 404 of the Sarbanes-Oxley Act in a Heterogeneous UNIX/Linux Environment

This document addresses how an organization can use BeyondTrust’s Identity and Access Management solutions (IAM) for UNIX/Linux to meet and demonstrate compliance with Sarbanes-Oxley (SOX) Sec 404 requirements for effectiveness of internal controls and financial reporting requirements.

Passing UNIX/Linux Audits and Meeting Regulatory Compliance

This white paper explains why the design of UNIX and Linux systems prevents them from passing today's security and compliance audits, and how BeyondTrust PowerBroker can bring these systems into compliance with multiple mandates, such as PCI DSS (Payment Card Industry Data Security Standard), the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach Bliley Act (GLBA).

Using PowerBroker Servers for Compliance with the Gramm-Leach-Bliley Act

This paper explains how PowerBroker Servers supports compliance with the Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA), protecting consumers' non-public personal information (NPI) on Unix and Linux systems.

sudo Security Risk - sudo Security Issues - Unix/Linux Security Issues

Though not publicized or romanticized by the Information Technology community, Unix/Linux OS users have passionately embraced either implementing open source privileged account management solutions (i.e., sudo), commercial solutions that are more user friendly, or not implementing anything at all. Though highly disputed, the fact of the matter is that both solution-types do work and both bring high-value depending upon the IT environment that it is managing.

Successfully Securing the Open Source Enterprise Privileged User Management in Linux Environments

Linux mastermind Sander van Vugt gives an overview of the current options that are available in the Linux operating system and discusses some features that can cause potential problems in modern enterprise environments.

Endpoint Security Redefined

This white paper discusses how Endpoint security is now redefined to include privilege management, application whitelisting, and data protection. These are essential components that must be added to the AV and firewall solutions for every endpoint.

AppLocker and PBWD

AppLocker, which was introduced in Windows 7, provides powerful technology for controlling application execution for enterprises. By implementing AppLocker policy, organizations can better control what applications can install and run on desktops via White Lists and Black Lists, improving security and reducing the risk that malware poses.

Extending the Value of Group Policy Securely & Effectively

In this white paper, Microsoft Group Policy MVP, Darren Mar-Elia, expertly discusses the capabilities of Group Policy with respect to security configuration, including a number of new features introduced in Windows 7 & Server 2008-R2; how policy gets delivered and the tattooing nature of security settings; the free Microsoft Security Compliance Manager tool and how it can help you define security baselines based on best-practice templates that can be exported to live GPOs; the challenges of using Group Policy as a security compliance solution, including some best practices; and how 3rd parties are leveraging and extending Group Policy as a tool for delivering new Windows security features.

Reducing the Threat from Microsoft Vulnerabilities

This BeyondTrust Report investigates all vulnerabilities published in Microsoft’s 2008 Security Bulletins and reports on vulnerabilities that are mitigated by configuring users to operate without administrator rights. The results show that companies can reduce the threat from Microsoft vulnerabilities, experience greater protection from zero-day threats and reduce risk by removing administrator rights.

Goldie Locks and the Three Least Privileged Desktops eBook

Curious about how least privilege applies to you and your organization? Let Goldie Locks show you in this new eBook written by Microsoft MVP Derek Melber. In the story, Goldie Locks plays the role of a recent college graduate, with degrees in marketing and multimedia communications, who is just starting her position in marketing for a mid-sized IT company.

From Least Privilege to Best Privilege on your Windows® Desktops

These seemingly incongruous needs often come to a head on the Windows desktop, which is the main entry point for the user into an enterprise network. In this white paper, I’ll examine this age-old struggle and help you understand how you can find the right balance with something I call "Best Privilege."

Building a Secure and Compliant Windows Desktop

Virtually every organization is being compelled to improve client security. Auditors, regulators and business unit owners all recognize the threat unsecured desktops pose, and understand the need to comply with the myriad of regulatory and governance issues that make today’s headlines.

Least Privilege Application Compatibility for Windows 7 Migrations

This paper will give you an overview of the new technologies built into Windows 7 and how those technologies can help you in your migration. We will also surface some of the confusion around what those technologies mean from a security perspective, especially when removing administrative privileges from your users.

Applying the Principle of Least Privilege Across the Enterprise

When users login to their computers with local administrator privileges, they greatly increase the risk of security breaches by viruses, malware and malicious users. By removing administrative privileges and implementing the security best practice of Least Privilege, these threats can be avoided and network security increased.

Fulfilling Compliance by Eliminating Admin Rights

There’s a problem with the widespread distribution of administrator rights in your organization, and it has nothing to do with security. That problem is compliance: Compliance with the industry, governmental, and regulatory statutes that define certain configurations within your IT infrastructure. Although many of those configurations are mandated to enforce a greater level of security control, your job as IT professional is to ensure their fulfillment.

BeyondTrust 2010 Microsoft Vulnerability Analysis

This BeyondTrust report investigates all vulnerabilities published in Microsoft’s 2010 Security Bulletins, as well as all of the published Windows 7 vulnerabilities to date. It reports on vulnerabilities that are mitigated by configuring users to operate without administrator rights and examines the latest major Microsoft releases, including Windows 7 and Internet Explorer 8.

Achieving Windows Desktop "Least Privilege" in the Federal Market

This paper will provide information on what you need to know to make decisions on why and how to create secure desktops by implementing the security best practice of least privilege.

3 Simple Steps To Ensure DIACAP Compliance

When it comes to achieving and maintaining DIACAP compliance, PowerBroker for Servers can help you get there. It’s a way to implement a consistent protocol of access control that prevents users from escaping to root, while centrally logging all privileged activity.

How to Avoid the High Cost of Security Audits

Modern computing is governed by a number of security regulations. These particularly affect companies offering services to the government, processing credit card payments, or handling medical or financial records.

Managing Group Policies for Non-Windows Computers through Microsoft Active Directory

Currently, midsize and large enterprises have to manage identities and policies uniformly across a heterogeneous platform base. This need arises from increasing node management costs, the desire to improve security posture, and industry regulatory requirements.

Using PowerBroker Identity Services Enterprise to Comply with PCI Data Security Standards

Learn how PowerBroker Identity Services Enterprise and Microsoft Active Directory can foster compliance with the Payment Card Industry Data Security Standard, by meeting requirements for strict control of access to customer data, authentication of business users, access monitoring, network security, and system resource auditing.