Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

PowerBroker Password Safe 6.6 Extends Workflow Capabilities and Security

July 26, 2018

  • Blog
  • Archive

blog-powerbroker-password-safe-6-6.jpg

BeyondTrust PowerBroker Password Safe 6.6 features some exciting enhancements around ease of onboarding for Unix and Linux hosts, enterprise session management and adaptive account grouping, giving users unmatched levels of security, accountability, and control while continuing our commitment to usability and simplicity. Here are some highlights of new features:

Secure Password Update Proxy for Unix and Linux

One of the challenges for managing accounts on remote systems is that you have 2 options for the authority under which you change the password.

1) Use the accounts own password to change its password.

This is great if there is only the ability to have a single account on the managed platform. But what happens if the password becomes out of sync? i.e. let’s say someone logs in using the managed account and changes it to something else… now the account password stored is no longer correct, so the system cannot log on to change it; in these cases, you must manually reset the password to a known state.

2) Use a separate functional account that has rights to be able to change the managed account

The way around the single account sync issue above is to have a separate (usually dedicated) functional account that changes the managed account password. This gets over the out of sync issue because it can log on to override the managed account password regardless of whether it is in sync or not. Best practice is that the functional account password is auto-rotated and never available for checkout.

The problem is that although a separate functional account solves the out of sync issue, you still need to set up an additional account on every system that does not have the capability of leveraging a central domain/directory functional account.

BeyondTrust PowerBroker Password Safe in conjunction with PowerBroker for Unix & Linux now offers the capability to change passwords on Unix and Linux hosts without the need for a functional account on each host. Leveraging remote command execution, PowerBroker for Unix & Linux will change managed account passwords on any remote system under its control.

ss-pbps-6-6-a.jpgPolicy Rules in PowerBroker for Unix and Linux allow password updates to be securely passed to managed endpoints.

We designed the integration to be simple— you simply specify a proxy host that has the PowerBroker for Unix & Linux client installed, and all password changes/checks will be routed through to managed endpoints with no additional functional account requirement. The best of both worlds!

Enterprise Session Replay Enhancement

PowerBroker Password Safe has expanded the capabilities of its remote proxy capability to allow sessions to be played back from any node in the infrastructure.

Often network connection speeds between organizational sites can be slow, especially to small satellite offices. This creates challenges for accessing remote resources via centralized session management proxies. PowerBroker Password Safe enables proxies to be distributed, providing security and audit without the expense of a slow user experience. In PowerBroker Password Safe version 6.6, you can play back sessions from any node regardless of where they were originally recorded – even if they have been archived.

New APIs for Quarantine and Session Control

A new set of APIs allow you to dynamically control active sessions, and a new User Quarantine function prevents further user activity. Session/Request control enhancements include:

Active Session Control

  • Locking all active sessions for given managed account
  • Locking all active sessions for given managed system
  • Terminating all active sessions for given managed account
  • Terminating all active sessions for given managed system

Active Request Control

  • Terminating all active requests for given managed account
  • Terminating all active requests for given managed system

Custom Attributes for Managed Accounts

Custom attributes have long been available for Assets. In PowerBroker Password Safe v6.6, you can you apply custom attributes to managed accounts also.

The new generic custom attributes can be set from Smart Rules or via the API; once applied, they can be leveraged as a filter for Smart Groups to allow unordered lists of managed accounts to be created. The great thing about this feature is that it allows dynamic inclusion or exclusion of accounts to a security group that can also be driven externally via API/CLI.

Protect Passwords with Copy to Clipboard

Rather than display passwords by default, Password Safe now obfuscates the password and allows users to copy the password to the clipboard by default.

ss-pbps-6-6-d.jpgThe copy to clipboard feature prevents passwords from being displayed on screen.[/caption]

This prevents screen-scraping malware from capturing passwords and adds an additional layer of security by passing the password directly to the paste buffer thus ensuring that the password is never initially displayed on the screen.

Usability

We have added many enhancements to improve the user experience including language support, improvements to directory queries and the asset grid. There is a brand-new configuration landing page which supports granular search and embedded help.

Reporting

New reports include Entitlement by User Report and Database User Report, plus many enhancements have been made to improve existing reports. We have boosted the performance of the Analytics and Reporting component, and added the ability to save scheduled reports to a network share.

Other Enhancements

There are over 100 enhancements and new features in this release of PowerBroker Password Safe. Check out the new features document for a complete rundown, and if you would like to learn more about PowerBroker Password Safe, let us know!

Martin Cannard

Martin has been helping organizations solve challenges in the privileged account management and identity and access management space for over 24 years. At Dell Software, Martin managed a team of Solution Architects, focused on designing and implementing solutions in the Privileged Account Management (PAM) space. Prior to joining Dell, Martin was Sr. Product Manager for Novell Privileged User Manager, a privilege management application acquired from Fortefi, an organization where he served as Vice President, Corporate Development. Prior to this, he was Program Manager of Client Technologies at Symantec where he was responsible for many ground-breaking field and channel enablement applications. Additionally, Martin managed the European QA group at Axent Technologies and has held various management positions in consulting, systems development, and operations. Martin is a regular speaker for security events, and webinars.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.