Next, we must find a way to manage multiple authentication stores. For this problem, the simplest method is actually the best method; consolidate them to one directory. In most organizations, Microsoft Active Directory (AD) is the primary vehicle for user account management. However, managing accounts and systems across platforms with AD is not a trivial function and native operating system tools are just flat out lacking to properly meet the requirements. BeyondTrust, however, has a solution for this in the form of PowerBroker Identity Services.
PowerBroker Identity Services allows you to integrate your Linux, UNIX, and Mac OS X servers with Microsoft Active Directory. The solution allows all of your assets, regardless of platform to be managed by computer and user in one central location; Active Directory. Non-Windows systems joined to the domain, appear as assets in AD, and allow users to authenticate locally via AD for system resources. This allows users to manage with their unique traits on those systems too. This is illustrated below:
This solves the problem of multiple authentication stores and ensures system access can be controlled to individual user credentials. This coupled with the auditing capabilities of Retina ensures that no generic or rogue accounts exist either. Next, we need to solve the final problem; logging, reporting, and verification of credentialed access. BeyondTrust solves this problem with PowerBroker UNIX and Linux and/or PowerBroker for Windows. These two Privileged Identity Management (PIM) solutions allow for administrative control to systems and applications, and log all of their data to the Retina CS Threat Management Console for reporting to meet the final requirement. To illustrate this, below is a screenshot from Retina CS that provides details regarding the user, application, and privileges granted:
This translates into a wide variety of reports can that manage PCI requirements directly for the issues at hand; especially for non-Windows systems:
BeyondTrust has a unique capability to solve the requirements within the PCI DSS and many other regulatory compliance initiatives. The simple collection, monitoring, and verification of user accounts, systems, and applications can be a monumental task if the environment uses multiple platforms, authentication services, and has multiple administrators to manage operations. The technology we offer can do this and so much more including vulnerability management and password vaulting to ensure strict control of administrative and system access. For more information, please click here. Our technology has the answers to your information technology questions.
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.