BeyondTrust is pleased to announce the latest releases for two of our industry-leading products, Privilege Management for Windows (PMW) and Password Safe (PS) These releases reflect our commitment to innovation, portfolio integration, and listening to our customers. The newest Password Safe release also delivers on the #1 requested item on the BeyondTrust Ideas Portal.
Both of these product releases are immediately available.
What’s New in Privilege Management for Windows 5.7
Password Safe Integration
Enterprise password management and least privilege technologies each provide substantive benefits in controlling risk and improving user productivity, However, each solution by itself only solves for a slice of the privilege problem.
Without the use of an enterprise password manager like Password Safe, updating passwords for intermittent, remote, or mobile systems remains a challenge for organizations that need to conduct business while users are working remotely, and potentially off the network. In some instances, the only way for privilege management tools to properly elevate application privileges is to use a real username and password combination with administrator permissions. This then requires the distribution of these credentials to users, which undermines least privilege policies.
To overcome these obstacles, Privilege Management for Windows 5.7 now integrates with Password Safe 7.1 to create an industry-unique approach to addressing remote password changes and elevation of applications for real user credentials. The result is a process for account password changes at any time, in any location, and designed to overcome the limitations of network segmentation.
The integration of Privilege Management for Windows 5.7 with our enterprise credential vaulting solution, Password Safe, enables organizations to seamless solve for two challenging use cases, while unlocking many other synergies for customers. Here are two capabilities you can leverage when Privilege Management for Windows is used alongside Password Safe:
1. Local rotation of administrator and service accounts
For those Windows endpoints under Password Safe management that are not connected to the corporate network, Privilege Management for Windows introduces the ability to apply local account password rotations on behalf of Password Safe, via BeyondInsight. This use case helps organizations continue to manage credentials on endpoints for users who are working from remote locations. Based on a configurable heartbeat, PMW will check in with Password Safe to identify any account passwords that require rotation, apply the change, and verify that the change was successful.
2. “Run As” Password Safe User
PMW 5.7 also adds the ability to run and elevate specific applications using credentials managed and protected by Password Safe. When enabled, Privilege Management for Windows will check out a pre-defined credential at the point that an application launched and pass the credential directly to the process. This capability significantly extends the concept of JIT privilege management by providing true hands-off access to service accounts, domain level credentials, and other privileged credentials. This ensures that the credentials are only used as part of a specific task and only accessed at the point the task is executed. For Developers, sysadmins, and DevOps, this feature provides the security of vaulting those highly prized accounts, AND the convenience of performing tasks in the appropriate context, without the need for manual intervention.
What’s New in Password Safe 7.1
We are pleased to announce the availability of Team Passwords with the release of Password Safe 7.1. Team Passwords is a new feature designed to securely store credentials owned by small groups in a fully auditable, controlled environment. This feature is the #1 requested item on the BeyondTrust Ideas Portal and offers a valuable addition in extending secure password practices throughout your organization.
There are teams in your organization that must access accounts as part of their daily work. Examples of shared accounts include social media, customer relationship management (CRM), bank accounts, and more. Most of these accounts do not contain sensitive information, but in the wrong hands, could still cause damage to the organization. For example, a social media account accessed by unauthorized personnel has the potential to cause reputational damage, such as in the form of malicious posts.
Traditionally, most small groups with oversight over shared credentials have managed them manually in spreadsheets or written down, such as in sticky notes. Security-conscious organizations seek to provide management for these credentials locally to each team in a secure and auditable way.
How Team Password Management Works
Team Passwords adds a new Feature to Password Safe, which is assigned to groups in Users & Groups. Each Group with the feature represents a Team. Each Team gets their own isolated store where they can secure the credentials used within their team.
The creator of the credential becomes the Owner. Only the credential Owner can change the credential, while each member in the Team group can retrieve it. The Owner and Administrators can also reassign ownership of a credential within the team.
Team members can create a folder structure to organize their credentials. The solution delivers extensive search and filtering capabilities, helping teams get to the credentials they need quickly and effectively. All activity within Team Passwords is logged for auditing.
More about BeyondTrust Privilege Management for Windows & Mac and Password Safe Products
BeyondTrust Privilege Management for Windows & Mac (PMWM) is a preventative Endpoint Security solution that removes excessive admin rights, applies modern application control, enables passwordless administration, and gives users just enough privileges to do their jobs and be productive. The solution blocks the majority of malware and ransomware and protects against both external and internal threats. Utilizing QuickStart policies, organizations achieve rapid time-to-value, whether deploying the solution on-premises or via SaaS.
BeyondTrust Password Safe (PS) combines privileged password and session management to discover, manage, and audit all privileged credentials. Customers can scan, identify, and profile all assets for automated onboarding, ensuring no credentials are left unmanaged. The solution controls privileged user accounts, applications, SSH keys, cloud admin accounts, RPA accounts, and more. Password Safe also monitors and records live sessions in real time, with the ability to pause or terminate suspicious sessions. With BeyondTrust Password Safe, customers benefit from a searchable audit trail for compliance and forensics and can achieve and verify complete control and accountability over privileged accounts.