BeyondTrust has released the latest updates to Privileged Remote Access (PRA), which allows organizations to secure, control, and audit vendor and internal remote access. In addition to adding new features and enhancements, version 22.2 builds upon the market-leading functionality that was introduced in release 22.1 and deepens the relationship between privileged access and credential management.
What’s New with 22.2?
While PRA 22.1 made it possible to discover and import Windows service accounts into its built-in password management vault, version 22.2 has expanded on that vision by allowing these accounts to be automatically rotated. With the combined ability to discover, import, and now rotate these critical business elements, PRA is directly tackling some of the biggest challenges organizations have when it comes to managing Windows service accounts: their pervasiveness and their interconnectedness.
Highlights – PRA 22.2
Below is a brief round-up of the new features from the release of version 22.2. For more detailed information, please check out the full release notes.
Windows Service Account Rotation
Building upon the 22.1 ability to discover and import Windows service accounts, in 22.2, the Privileged Remote Access vault can now rotate Windows service accounts (local) and Active Directory Service Accounts (domain). Previously, managing service accounts was considered one of the most daunting challenges for IT professionals for the following reasons:
- These privileged accounts that run automated business processes are used by applications, not people
- A single service or process account may be referenced in multiple places
- Since these accounts are interconnected, a password change can potentially lock out the account and cause cascading system failures if performed incorrectly.
Enabling service account rotation through the Privileged Remote Access vault simplifies what was previously a manual and complex process, making the management and security of those accounts much more routine and predictable.
Password Safe External Search
The 22.2 release includes support for multiple Jumpoints, expanding upon the 22.1 version where only a single Jumpoint was supported. This functionality extends the already complementary relationship that exists between these two products. Users of both Privileged Remote Access and Password Safe can now use this integration to search for and remotely access Password Safe Managed RDP and shell systems that are accessible with Jumpoints. In addition to the added security, there is also the convenience factor because technicians no longer need to interact with multiple interfaces.
API – Group Policy Access Permissions
This new capability enables organizations to set permissions en masse and apply attribution via the Group Policy API. Organizations can more effectively scale their growing remote access needs by integrating and automating the management of manual administrative tasks using APIs.
Syslog Access from UI
Now, Privileged Remote Access customers can easily download records of administrative actions directly from the administrative console. Ensuring that administrative actions are recorded and auditable can:
- Prevent misuse
- Trigger remediation workflows
- Notify the organization of specific events.
This empowers organizations who are managing remote access, especially privileged remote access, to meet compliance and regulatory conditions regarding the auditability of privileged actions and identities.
Group Policy and Jump Group Search
Administrators can now save time and enjoy an improved experience when searching for Group Policies or Jump Groups.
Vendor Admin – PRA User
Administrators now have additional flexibility when managing Vendor Groups and Users. While some organizations elect to delegate certain onboarding rights to a trusted Vendor User who manages the Vendor Team, many organizations prefer to use an internal resource for this function. Now, whether an organization prefers an internal or external resource, the administrator can effectively and securely manage Vendor Groups and Users.
Vendor – User Expiration Notification
Now, both administrators and users will have more visibility (via notifications) regarding the onboarding and offboarding workflows. This will help with the management of the onboarding/offboarding process for Vendor Users by increasing visibility, making it easier to offload administrative tasks to other users while still ensuring administrators can manage and oversee the overall process. This ultimately:
- Saves the PRA Administrator time
- Maintains compliance mandates
- Improve their ability to meet their organization's requirements as they scale.
Linux Jumpoint – Protocol Tunneling
Previously, this functionality has only been available for Windows Jumpoints. Now, Privileged Remote Access users can utilize protocol tunneling through a Linux Jumpoint across an increased number of networks. This ability to make protocol-based connections greatly extends connectivity scenarios.
Privileged Remote Access – Next Steps
The latest features and enhancements that have been introduced with version 22.2 broaden what’s already possible with BeyondTrust Privileged Remote Access.
Already a customer? - Here’s how to get started with all the latest features from the new release.
Ready to experience the most secure solution for enabling remote access to vendors and employees?
Adam White, Director, Technical Marketing
Adam White is the Director of Technical Marketing and has been with BeyondTrust for 19 years in a variety of technical and operations roles. Originally starting in support and spending over a decade in solutions engineering, Adam brings that technical lens to the BeyondTrust marketing team. He is a vintage electronics and hi-fi nerd (think vacuum tubes); collector of too many amplifiers, guitars, and effects pedals; husband; and father of three teenagers.
