8 Reasons Customers Switch to Password Safe for Privileged Password Management

Scott Lang, May 5th, 2015

It’s clear that privileged password and privileged session management products are essential for keeping mission-critical data, servers and assets safe and secure. As I discussed in my previous post, there are several strategies to consider when deploying a privileged password and privileged session management solution. At this point, you may be wondering how BeyondTrust stacks up.

With that, here are the eight most common reasons that organizations switch to PowerBroker Password Safe:

1) Dynamic account discovery and asset profiling: Your IT environment is in a constant state of flux, with assets and accounts being added and updated virtually every day. It’s critical to quickly bring systems and accounts under management – and then keep tabs on them as they evolve. Syncing with Active Directory is fine for identifying accounts on company-sanctioned Windows systems, but few networks are so homogenous and “tidy.” Rogue devices, backdoors and standalone systems outside of AD can pose huge threats. Doesn’t it therefore make sense to constantly scan your environment for new assets and accounts – both authorized and unauthorized – across all platforms? PowerBroker Password Safe is the only solution to deliver this breed of dynamic discovery and profiling, and we believe it translates to a faster time to value.

2) Straightforward deployment: One of the biggest disappointments when bringing a new technology solution on board is ending up with a complex and confusing deployment. Several customers have switched to PowerBroker Password Safe because they were fed up from tinkering with the assortment of disparate modules necessitated by competitive solutions. All components of Password Safe, including the safe, the policy manager, web access technology, session management, and password synchronization manager, are delivered on a single, hardened appliance (physical or virtual) with centralized configuration and management through the BeyondInsight console. As well, those capabilities are available in a software-only version. A straightforward deployment means less complexity and cost.

One caveat: For obvious reasons, you do need to deploy two Password Safe appliances for high-availability implementations. Configuring High Availability in Password Safe is as simple as verifying access between the appliances and completing a configuration page.

3) Session management that’s simple and secure: If you’re managing password delegation and access to privileged accounts, it makes sense to then use the same solution to facilitate, segregate and monitor privileged sessions. Most enterprise password management vendors require additional software agents or JavaScript for session management – and often charge extra for it! Instead of putting your sensitive information at risk, PowerBroker Password Safe includes built-in, agentless session management that works securely with native applications such as PuTTY and Microsoft Terminal Services Client (MTSC). To keep things protected, it doesn’t pass credentials to the client, but rather uses one-time keys for RDP and SSH connections. What’s more, it runs on a modern, intuitive HTML-5 interface that users appreciate and readily adopt. This approach leads to a faster time to value, and reduces cost and complexity.

4) Dynamic permissions: Privileged password management solutions, in essence, were created to overcome human error—so why depend on a solution that always requires manual intervention? Password Safe can be fully automated around Smart Rules remove user action from the equation and streamline security initiatives—including automatically detecting new accounts or systems, and sending alerts for risky or “stale” accounts. Password Safe can automatically delegate privileges based on a discovered asset’s OS, services, applications and other profile information. For instance, if it discovers a SQL Server, Password Safe can automatically make it available to DBAs and kick off a notification to IT operations. Of course, it also offers traditional approval workflows for cases where human checks are required. Easier to use, better insights on usage – each hallmarks of Password Safe.

5) Unmatched reporting and analytics: Reporting and analytics are crucial not only for audit and compliance purposes, but also for maintaining visibility into the status of privileged accounts, assets and passwords on a day-to-day basis – and pinpointing where further action is needed. PowerBroker Password Safe provides a wide range of privileged password reports out of the box. It is also the only privileged password management solution to include a structured big data warehouse, allowing for long-term, historical reporting on all asset and account data. All Password Safe reports can be scoped with role-based access, scheduled for automatic delivery, and customised via pivot-grid capabilities. Better insights, delivered to the right stakeholders.

6) Video session monitoring: In the event of a breach, there is nothing worse than struggling to find the underlying causes of the breach or how to fix it. But monitoring capabilities in other solutions often only show a limited view of privileged sessions, leaving gaps in activity. Those that offer full video audits sometimes use non-native formats, eating up bandwidth and storage. BeyondTrust, on the other hand, allows you to go beyond surface-level monitoring with DVR-style videos of all privileged sessions. Immediate playback in native formats eliminates the guessing game, enforces accountability, and assists in compliance validation.

7) A unified approach to Privileged Account Management: Stringing together solutions from multiple vendors can leave unnoticed holes in your privileged account management infrastructure. By bringing all privilege and password management initiatives under a single integrated console, users can eliminate the risk of open back doors and gain greater visibility into user and asset-based risks. PowerBroker Password Safe seamlessly integrates with other least-privilege, privilege management, vulnerability management, and endpoint protection solutions through the BeyondInsight IT Risk Management Platform. In addition to providing a data warehouse for centralized reporting and threat analytics, the platform provides shared capabilities for discovering, profiling and grouping accounts and assets – as well as suite-wide workflow, notification and user management. What does this approach mean to you? Easier management and deployment of policy across your environment.

8) A more complete threat analytics solution: Password Safe includes powerful threat analytics capabilities that enable you to reveal hidden IT risks previously buried in disparate data feeds and speeds. When used on its own, the solution analyses user, account and password behavior to identify and isolate threats resulting from misuse of credentials — but that’s just the beginning. Because Password Safe is part of the BeyondInsight IT Risk Management Platform, its data can be correlated with additional user, account, asset and attack activity detected by other BeyondTrust solutions in the environment. The end result is a more accurate, complete and informed picture of advanced persistent threats, malware, and other imminent threats to your environment.

This is just a small slice of the reasons customers select and stick with PowerBroker Password Safe. Don’t just take our word for it, though – see what our customers are saying for yourself.

To see if Password Safe makes sense for your environment, request a free trial. And if you’re not quite convinced, check out Frost and Sullivan’s recent review and the Gartner Market Guide for Privileged Account Management.

Editor’s Note: The above post was originally published in September 2014. It has been revamped and updated for accuracy and timeliness.