Privileged Access and Administrator Password Management

Complete Device Support – Custom defined automated password management utility for any OS, application, account or device via SSH/Telnet.

Physical Appliance or Virtual Machine- Quick deployment – No agents to install on managed systems.

Granular Password Control - Control password release by user/group, system, and date/time.

Password Security - Automatic, random password resets with definable password composition rules.

Detailed Logs and Reports - Show that audit and regulatory compliance practices are met.

ADAD – Active Directory Auto-Discovery automatically discovers and imports any systems found within Active Directory, based on granular custom-defined filters.

PSMC Integration – The PowerSeries Management Console provides enhanced centralized capabilities for PowerKeeper installation via a web interface.

BeyondTrust PowerKeeper® is an Automated Password Management (APM) solution for access control, manageability and audit of all types of privileged accounts such as shared administrative accounts, application accounts, and local administrative accounts. PowerKeeper is available as a hardened physical appliance and a secure virtual machine to match an enterprise’s specific environmental needs. PowerKeeper enables organizations to reduce the risk posed by shared account access and instead provides a controlled and auditable process that generates onetime use passwords (OTP), rotates the password on any system managed by PowerKeeper, and tracks user and password activity within PowerKeeper.

PowerKeeper is a critical component of the BeyondTrust PowerSeries product suite that automates Privilege Access Lifecycle Management (PALM). PowerKeeper secures the “Access” stage of PALM and lays the foundation for best-of-breed granular privilege access control from other BeyondTrust solutions.

For additional reliability, all encryption in PowerKeeper is provided by commercially supported, FIPS 140-2 validated software. Only PowerKeeper can deliver the level of security and reliability that organizations need to satisfy compliance, auditing, operational, and internal risk-management requirements.

Privileged passwords are difficult to manage. They are often shared among individuals, lost or forgotten, left as default passwords, not regularly maintained, and not protected from misuse. This results in high administration costs and lower productivity. Ignoring this reality creates unacceptable security risks, and also violates government regulations (like SOX, HIPAA, and GLBA) and industry standards (like PCI DSS and ISO 27002). Compliance with these regulations and standards requires the creation of a secure access-control infrastructure and adherence to security best practices. BeyondTrust PowerKeeper provides a simple to implement, straight forward solution to these problems and closes these security risks while helping you demonstrate and meet compliance requirements.

PowerKeeper Diagram - How PowerKeeper Works

Strong, process-based methodology: A user requests a password through PowerKeeper, “checks out” the password (which may require approval) and uses it to log in to a privileged account. Similarly, an application requests a password and PowerKeeper authenticates the application against the approved program factors. If authenticated, Power¬Keeper checks out a one-time password to the application. In either case, PowerKeeper can rotate the password after it is “checked in” or after a pre-determined time. All requests and password activity are logged by PowerKeeper.

Complete Device Support

Automated Password Management (APM)

In addition to the list of APM supported platforms, which includes the most common OS, databases, etc., PowerKeeper is the only solution to provide a custom-defined APM utility for any operating system, account, or device via SSH/Telnet.

Simplified Management of Privileged Accounts

Automatic Authentication & Authorization

PowerKeeper automatically creates PowerKeeper users and permissions from the enterprise’s LDAP or Active Directory through group membership. Access to these managed resources can be implemented the same way.

Active Directory Auto Discovery

PowerKeeper automatically discovers and imports any systems found within Active Directory, based on customer-defined filters.

Available as Physical and Virtual Solutions

Flexible to Enterprises Specific IT Environmental Needs

Runs on Windows 2008/SQL Server 2008 (Increased Scalability)
Hardware appliances are 64-bit
Virtual machines are 32-bit
Virtual machine runs on VMware virtualization platforms

Multiple Layers of Security
- No direct access to the sealed operating system
- Employs commercially supported FIPS 140-2 validated components for all encryption
- Supports authentication methods (i.e., LDAP, AD, SecureID, Safeword)
- Program Factors to validate authenticity of application/script that is requesting credentials (i.e., User, Host, OS, Program)

A2A and A2DB Privileged Account Management

PowerKeeper provides lightweight, robust client libraries to enable existing and new application programs or scripts to securely retrieve current credentials from PowerKeeper, instead of hard-coding the credentials inside of a program.

Detailed Logs & Reports to Ensure Compliance

Every administrative, user-level, and application activity and password change is logged and time-stamped, enabling an enterprise the accountability, transparency, and enforcement of access controls required by compliance laws. Specialized reports include:

User/Approver/Requestor activities
Password Maintenance activities
User/File Entitlements (Rights)

Password Change/Release Controls

User-configurable, automated password reset schedule
Optional approval workflow to meet compliance
Configurable parameters for password aging, automated changes after password checkout, and scheduled changes by day/date/time