As enterprises accelerate digital transformation and seek to evolve their security programs and tools to cope with the ever-expanding landscape of privileges, BeyondTrust continues to advance our privileged access management (PAM) solutions to poise your organization to confidently embrace technologies, while staying protected against an onslaught of constantly evolving cyber threats. Our goal is to simplify the process and effort needed to continuously improve your security posture while removing friction and fostering efficiency.
In this release, Password Safe has added support for new platforms, introduces key access policy enhancements, and provides an extensive set of additional API endpoints to support working with Team Passwords. BeyondTrust has also enhanced the integration between its BeyondInsight platform and Password Safe with Privilege Management for Windows and Mac (PMWM), our market-leading endpoint privilege management solution. These new features and capabilities save IT operations and security teams time, providing stronger security and greater flexibility. Continue reading for more highlights on this latest release.
BeyondTrust Password Safe 21.1 new features and enhancements include:
- Support for macOS Secure Token, Cisco Wireless LAN Controller, and Fortinet Admin; also includes support for Privilege Management for Windows & Mac as password test/change agent
- An extensive set of APIs enable admins the ability to create, read, update, and delete functionality for Team Passwords
- Added greater granularity and flexibility to customize Access Policy
- Added more predictability to Password Safe Cloud updates, and more accessibility to log files for Password Safe cloud resource brokers
In this release, BeyondInsight 21.1 also introduces an enhanced Global Policy allowing BeyondInsight to serve all policies across all applicable Smart Rules. This feature enables the PMWM agent to know the order in which to process all the policies, providing additional flexibility, while removing potential policy assignment conflicts.
BeyondTrust BeyondInsight 21.1 new features and enhancements include:
- Enhanced Global Policy enables BeyondInsight to serve all policies across all applicable Smart Rules
- Privilege Management for Windows & Mac standalone policy editor now logs what policy was edited and by whom
- Optimized "Analytics and Reporting" navigation and display of reports
Password Safe Support for More Accounts – Why this Matters
With the release of Password Safe 21.1, we have expanded the support for more platforms and types of accounts. We know you face privileged credential management challenges as new devices, platforms and accounts are constantly being added to your environments, increasing their complexity and making it harder to efficiently onboard credentials/accounts and consistently manage and secure all credentials according to best practices. Our goal is to efficiently bring ALL privileged accounts under management with minimal manual effort, even in the face of this multiplying complexity. We have expanded support to the following accounts:
macOS Secure Token Accounts: Workstations represent the most likely initial entry point for hackers to gain access to your network, so securing the privileged accounts on and used with workstations (laptops and desktops) remains a top priority in any cybersecurity approach. Password Safe now supports managing macOS credentials configured for Secure Token and standard macOS accounts. This new feature ensures that no systems, especially workstations, are missed when managing access to privileged accounts, and helps improve macOS security.
Fortinet Admin Accounts: Fortinet admin accounts are different from other Fortinet accounts, so in Password Safe 21.1, we have added explicit support. Now customers can manage access to all Fortinet admin accounts from Password Safe.
Cisco Wireless LAN Controller Accounts: Password Safe can now manage and control access to privileged accounts on Cisco Wireless LAN Controllers.
Enhanced Functionality for Team Passwords
Team Passwords was introduced last year as part of Password Safe to help you manage shared accounts used by small groups within your organization. These accounts are accessible by members of the teams as part of their daily work. Examples of teams include Development, Test, QA, Marketing, Finance, and others. Most of these accounts do not contain sensitive information, but they could still cause damage to the organization in the wrong hands.
Traditionally, credentials shared by small groups have been managed manually in spreadsheets or, worse, with sticky notes, without any oversight. With Team Passwords, organizations can provide management for these credentials locally to each team in a secure and auditable way.
Password Safe 21.1 has added an extensive set of additional API endpoints to support working with Team Passwords. With full Create, Read, Update, and Delete (CRUD) functionality for both Folders and Accounts, customers can now use this capability to bulk import accounts from existing solutions and interact with the Team Passwords accounts from scripts and applications. This feature is designed to save time from a manual import and further enhance your team password security.
Tighter Integration with BeyondTrust Privilege Management Solution
Release 21.1 for BeyondInsight and Password Safe also reflects our commitment to innovation and portfolio integration. Working together, our solutions solve more use cases and significantly increase the value gained by our customers.
In 21.1, Password Safe and BeyondInsight have enhanced the support and integration with Privilege Management for Windows and Mac. Here is a summary of the enhancements:
Global Policy for Privilege Management for Windows & Mac (PMWM): In BeyondInsight, customers use Smart Rules to dynamically group assets (agents) and deliver policy. Because assets can belong to multiple Smart Rules, a policy assignment conflict can occur.
With Global Policy enabled, BeyondInsight serves all policies across all applicable Smart Rules. This feature allows the PMWM agent to know the order in which to process all the policies assigned to it, regardless of the number of Smart Rules the asset belongs to. This feature introduces new flexibility to process all policies, while removing potential policy assignment conflicts.
Policy Auditing for Privilege Management for Windows & Mac: With this release, the PMWM standalone policy editor will now log what policy was edited and by whom. These audit events are captured and displayed by BeyondInsight under the existing User Audits grid.
New Endpoint Privilege Management for Mac functionality - Secure Token Support: Password Safe and Privilege Management for Windows have long provided the ability for Windows clients to operate as a test and change agent for Windows accounts and enable Privilege Management for Windows to use Managed Accounts for process elevation. Privilege Management for Mac now offers the same level of integration, including support for Secure Tokens. Seamless use of the Privilege Management for Mac agent for password test and change activities is beneficial for scenarios where those endpoints do not accept inbound connections.
About BeyondInsight and Password Safe
BeyondInsight is BeyondTrust's centralized reporting and analytics platform that provides IT and business leaders visibility into the privilege-related risks facing their organizations.
BeyondTrust Password Safe combines privileged password and session management to protect privileged credentials and safeguard access to critical assets. The product leverages a robust, distributed network discovery engine to scan, identify, and profile all assets. This categorization uniquely allows automated onboarding and the ability for access policies to self-adjust according to environmental changes.
For more information, check out the What’s New documents or the release notes:
To learn more about Password Safe or view a demo, visit: https://www.beyondtrust.com/password-safe
Alex Leemon, Sr. Product Marketing Manager
Alex Leemon is a Sr. Product Marketing Manager at BeyondTrust, focusing on Privileged Password & Session Management and PAM for Cloud security solutions. She has over fifteen years of experience working with enterprise-level and Critical Infrastructure organizations solving safety and security challenges. Before joining BeyondTrust, Alex served in various roles related to the development of operational technology (OT) products and the Industrial Internet of Things (IIoT).