BeyondTrust White Papers and Resources

Our security experts have compiled a plethora of resources together to help you get more value out
of BeyondTrust products and solutions.


SWOT Assessment: BeyondTrust – The BeyondInsight and PowerBroker Platform

Read Ovum's SWOT Assessment, an honest and thorough review of BeyondTrust's Privilege Account Management solutions. This paper analyzes the strengths, weaknesses, opportunities, and threats in the PAM space.

Understanding BeyondTrust Patch Management

Retina CS facilitates both Microsoft and third party patching by integrating with Microsoft Windows Server Update Services (WSUS). Retina CS utilizes WSUS as the patching engine and effectively becomes a management console to WSUS. Familiarity with WSUS is necessary to fully understand the Retina CS integration.

Four Best Practices for Passing Privileged Account Audits

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. While the list of specific audit requirements can seemingly go on forever, implementing the four best practices discussed in this white paper will ensure that you pass your privilege management audits 99% of the time.

Application Control: The PowerBroker for Windows Difference

Application control solutions are designed to block the execution of unauthorized applications. PowerBroker for Windows is the next-generation solution for application control. When integrated with Windows, application privileges are simply controlled with just a few rules.

BeyondTrust and the Monetary Authority of Singapore's Technology Risk Management Guidelines

Effective as of July 2014, the Monetary Authority of Singapore (MAS) has imposed updated Technology Risk Management (TRM) Guidelines on all financial institutions that have any form of operations in the territory, no matter where in the world they are based. This Bloor solutions paper details how BeyondTrust's product suite can help financial institutions achieve compliance.

Mitigating the Risks of Privilege-based Attacks in Federal Agencies

This document provides an overview of BeyondTrust's powerful compliance and risk management solutions, with specific details concerning the needs of U.S. government agencies.

Solutions Overview: The Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions

The Australian Signals Directorate has developed a list of strategies to mitigate targeted cyber intrusions developed through ASD’s extensive experience in operational cyber security. This document provides an overview of the recommendations revised in 2014 in relation to BeyondTrust’s Privileged Account Management (PAM) and Vulnerability Management (VM) solutions.

PowerBroker for Windows: Desktop and Server Use Cases

Learn about the day-to-day advantages of implementing least privilege throughout your organization with PowerBroker for Windows. This white paper includes specific use case for PowerBroker for Windows implementations on both desktops and servers, including increased detail regarding privileged accounts.

Fusing Vulnerability Data and Actionable User Intelligence

BeyondTrust joins asset and user information in one platform, allowing IT and Security teams to have one lens through which to view risk. This puts events in context and enables joint decision-making within your IT organization, ensuring daily operations are guided by common goals for reducing risk.

Frost & Sullivan Review: PowerBroker Password Safe

Password theft and loose password protocols leave companies vulnerable to insider attacks or to external attacks that leverage insider credentials. Learn how Password Safe can help you mitigate these threats.

The Three States of a Vulnerability: Vulnerability Classifications Beyond Risk

This white paper discusses three potential states for vulnerabilities — active, dormant and carrier — and the business ramifications of remediation strategies. The paper also briefly introduces some new technologies in Retina and PowerBroker that address each vulnerability state.

Identifying and Mitigating IT Risk with the Top 20 Critical Security Controls

The Top 20 Critical Controls are designed to stop the cycle of compromise and privilege escalation before it can begin. BeyondTrust software solutions address several of the Critical Security Controls, namely those designed to mitigate threats to assets and users in IT environments.

BeyondTrust Addendum to VMware Solution Guide for the Health Insurance Portability and Accountability Act (HIPAA)

Organizations migrating physical server infrastructure to virtual platforms often find that virtual hosts and guests can present new security risks and compliance violations. Without proper security policies and tools, these risks can outweigh the cost reduction and efficiency benefits offered by virtualization strategies. BeyondTrust security solutions enable your organization to adopt best practices for virtual platform security while addressing key mandates outlined by HIPAA.

BeyondTrust Addendum to VMware Solution Guide for the Payment Card Industry Data Security Standard (PCI DSS)

Organizations migrating physical server infrastructure to virtual platforms often find that virtual hosts and guests can present new security risks and compliance violations. Without proper security policies and tools, these risks can outweigh the cost reduction and efficiency benefits offered by virtualization strategies. BeyondTrust security solutions enable your organization to adopt best practices for virtual platform security while addressing key mandates outlined by the Payment Card Industry Data Security Standard.

BeyondTrust Solution Overview: Monetary Authority of Singapore

. In June 2013, the Monetary Authority of Singapore created a new set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandated certain requirements for Technology Risk Management (TRM) and also contained a set of guidelines (TRM Guidelines) and errata notices (TRM Notices). BeyondTrust supports these four practice areas. This white paper discusses BeyondTrust solutions and the sections of MAS TRM Guidelines that are covered with this technology.

PowerBroker for Windows: Risk Compliance

BeyondTrust has developed patent-pending technology to fuse the risk of vulnerable applications, application control, regulatory compliance, and least privilege into the next generation of endpoint security solutions. This fusion addresses the concerns of whitelisting vulnerable applications and can match application privileges and runtime operations to regulatory compliance requirements based on abstract and industry standard risk concepts.

Computer Security and Compliance in the Federal Government

The Federal Information Security Management Act of 2002 requires federal agencies to report on the state of their information security. The United States Office of Management and Budget released a reporting tool called CyberScope in 2009 to assist these agencies in meeting FISMA reporting requirements. CyberScope attempts to correct previous deficiencies and streamline the FISMA reporting process. BeyondTrust offers products that allow organizations to comply with these requirements and support directives used to comply with FISMA requirements such as FDCC, SCAP and DIACAP.

Context Aware Security Intelligence

"In a world where rapid IT expansion must adapt to the requirements of cloud computing amid the risks of increasingly sophisticated cybercrime, enterprises of all sizes are rethinking their IT security. Gartner has predicted that one of the newest preferred methods of implementing IT security will be through the use of a context-aware methodology. Many security focused companies are currently in the conceptual and design phases of context aware security. BeyondTrust, though, is the only security solution vendor actually providing Context-Aware Security Intelligence today.

Take Back Control of Your Active Directory Auditing

Every organization needs to have management tools that allow them seamless control over all aspects of their Active Directory environment. Uptime is extremely important for every organization and every minute that Active Directory is not functioning properly could cause a financial loss. Administrators need tools that can provide them with insight into when Active Directory is changed, objects modified or deleted, so they can take quick and efficient action if the change is in error. PowerBroker Auditor for Active Directory provides this integration of real-time auditing of changes to all Active Directory objects, along with the ability to rollback any changed or deleted object efficiently and with great precision.

Three Ways to Secure Virtual Apps

The popularity of virtual applications has increased exponentially; however, the architecture and deployment of virtual applications are difficult to manage for traditional vulnerability management solutions. This guide examines challenges of scanning and detecting virtual app vulnerabilities and details how Retina ensures virtual apps are part of your standard vulnerability management processes.

Simplifying the Challenges of Mobile Device Security

Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware on phones and tablets continues to increase at rapid rates. Leaving mobile security out of your integrated security strategy opens your network to security breaches, data loss, intellectual property theft, and regulatory compliance issues.

Headlines Versus Reality: Survey Report How Do IT Security Professionals Prioritize?

In BeyondTrust’s latest survey of its customers and prospects, the company learned that cyber threats that don’t make headlines are in fact the ones causing concern for IT security professionals. The survey, which polled 1677 respondents, demonstrated that headline-driving attacks are not what keep IT security professionals or executives up at night. In fact, findings revealed that 55 percent of respondents viewed common malware and spyware as the number-one threat to their organizations.

BeyondTrust Research Report: In Configuration We Trust

"In Configuration We Trust" offers simple, practical steps to dramatically improve security posture without investing in new technology. This report from the BeyondTrust Research Team offers configuration best practices related to VLANs and IPSec, proxies, disabling WebDAV, as well as insights on why organizations should upgrade their Microsoft software, how to best utilize penetration testing, and more. Download this white paper and receive a free configuration check tool.

Reduce the Cost of PCI DSS Compliance with Unified Vulnerability Management: A Requirement-by-Requirement Guide

In this guide, you'll learn how to cut the cost and time-investment of PCI compliance using powerful new Unified Vulnerability Management capabilities. Get requirement-specific methods to ensure that you meet compliance and keep sensitive information fully protected.

Avoiding the Top 5 Vulnerability Management Mistakes

In this guide, you'll learn how to avoid the top five vulnerability management mistakes to protect critical IT assets and improve your security posture, while reducing costs.

Best Practices for Securing Remote and Mobile Devices

The number of mobile and remote workers has exploded over the past few years. So have the security risks they pose and once these vulnerable employees re-connect they pose a growing threat to your corporate network. This solution brief outlines how an endpoint intrusion prevention and scan-on-connect solution can enable you to secure mobile and remote machines, and your corporate network, from today’s most sophisticated and blended threats.

Analyzing the Accuracy and Time Costs of Web Application Security Scanners

This paper focuses on the accuracy and time needed to run, review and supplement the results of the web application Scanners and is a follow-on study to a October 2007 study, "Analyzing the Effectiveness and Coverage of Web Application Security Scanners."

Analyzing the Effectiveness and Coverage of Web Application Security Scanners

This paper summarizes the studies of web application scanners and an attempt to quantify their effectiveness done by Larry Suto, Application Security Consultant from San Francisco. This study utilizes a novel methodology developed to objectively test the three leading web application vulnerability assessment tools. So far as the author knows, this is the first publicly published study that statistically evaluates application coverage and vulnerability findings by these tools.

The Need for Vulnerability Assessment and Remediation: What My CIO Needs to Know

Implementing a vulnerability management process is critical to protecting any business from harmful attacks. This white papers examines the importance of vulnerability assessment and the common myths surrounding security protection.

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

This paper discusses different scanning techniques and the benefit of using non-intrusive methods for regular vulnerability assessments and more hostile measures for specific environments.

What Every CIO Needs To Know About HIPAA Compliance

HIPAA regulations require healthcare companies to develop, implement and document the measures they take to ensure that health information remains secure under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is intended to protect and simplify the exchange of healthcare data nationwide.

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Compliance with HIPAA is a federal law and violators face up to $250,000 in fines and jail time of up to 10 years. This white paper examines how a vulnerability assessment solution, such as the Retina Network Security Scanner, is key to attaining compliance.

SecureIIS: Web Server Protection Guarding Microsoft Web Servers

"The amount of money we spent on SecureIIS is a fraction of what we would have invested in salaries just to keep up with patch management" - Rebecca Ryder, BRTRC. Learn how today’s businesses require an added layer of protection to ensure that their Microsoft IIS Web Servers remain running without interruption.

Continuous Monitoring with Retina in the Federal Government

The United States government passed the Federal Information Security Management Act in 2002, which requires federal agencies to provide reports on their information systems. The National Institute of Standards and Technology has published Special Publication 800-53, which further details the requirements that federal agencies must meet regarding their information systems.

In this paper, learn how BeyondTrust provides a variety of software solutions that meet these federal requirements. Retina is a platform that provides centralized control over a suite of applications which perform vulnerability management and other functions related to system security.

IDC Vendor Profile Profiles BeyondTrust

This IDC Vendor Profile profiles BeyondTrust, a market leader in the Privileged Account Management (PAM) space. In this Vendor Profile, IDC defines the market drivers for PAM technology and outlines the BeyondTrust approach to solving this issue for both enterprise and government entities.

Challenges of Managing Privileged Access

This white paper discusses the goals and challenges of creating a privileged access management program for your Windows desktops and servers in an enterprise environment. Privileged access is a key issue these days, especially on desktops, for which an over-privileged user can be a weapon of destruction on your internal network if they inadvertently download and install malware.

Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

As Windows grew to fill roles in larger networks, both the OS and the server products built upon it did not always evolve to include more granular permission structures for administrators. The result has been an industry that, in general, relies on fully-privileged administrator accounts to accomplish even minor administrative tasks. We know it is a poor practice, but what else can we do?

Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux

This white paper highlights recommended steps to successfully implement automated policy management processes within UNIX/Linux systems using the privileged access lifecycle management framework. Lastly, we will focus on PSMC, the unifying platform solution to centralize policies, reporting and workflow engines, and deliver higher manageability, security and compliance capabilities.

BeyondTrust PowerBroker Root Access Risk Control for the Enterprise

Compliance efforts and security concerns have driven businesses to make substantial investments in threat control. Too often, however, these efforts pay far too little heed to the risks posed by poorly controlled access to administrative privilege in IT, which can have a hugely disproportionate impact on the business.

Successfully Securing the Open Source Enterprise Privileged User Management in Linux Environments

Linux mastermind Sander van Vugt gives an overview of the current options that are available in the Linux operating system and discusses some features that can cause potential problems in modern enterprise environments.

AppLocker and PBWD

AppLocker, which was introduced in Windows 7, provides powerful technology for controlling application execution for enterprises. By implementing AppLocker policy, organizations can better control what applications can install and run on desktops via White Lists and Black Lists, improving security and reducing the risk that malware poses.

Extending the Value of Group Policy Securely & Effectively

In this white paper, Microsoft Group Policy MVP, Darren Mar-Elia, expertly discusses the capabilities of Group Policy with respect to security configuration, including a number of new features introduced in Windows 7 & Server 2008-R2; how policy gets delivered and the tattooing nature of security settings; the free Microsoft Security Compliance Manager tool and how it can help you define security baselines based on best-practice templates that can be exported to live GPOs; the challenges of using Group Policy as a security compliance solution, including some best practices; and how 3rd parties are leveraging and extending Group Policy as a tool for delivering new Windows security features.

Goldie Locks and the Three Least Privileged Desktops eBook

Curious about how least privilege applies to you and your organization? Let Goldie Locks show you in this new eBook written by Microsoft MVP Derek Melber. In the story, Goldie Locks plays the role of a recent college graduate, with degrees in marketing and multimedia communications, who is just starting her position in marketing for a mid-sized IT company.

From Least Privilege to Best Privilege on your Windows® Desktops

These seemingly incongruous needs often come to a head on the Windows desktop, which is the main entry point for the user into an enterprise network. In this white paper, I’ll examine this age-old struggle and help you understand how you can find the right balance with something I call "Best Privilege."

Building a Secure and Compliant Windows Desktop

Virtually every organization is being compelled to improve client security. Auditors, regulators and business unit owners all recognize the threat unsecured desktops pose, and understand the need to comply with the myriad of regulatory and governance issues that make today’s headlines.