BeyondTrust has just launched version 20.1 of our Privileged Remote Access solution, which empowers IT teams to control, manage, and audit remote privileged access by authorized employees, contractors, and vendors—without compromising security. With Privileged Remote Access, organizations can enforce least privilege, exert granular control and visibility, and layer on advanced credential security over remote access for both insiders and third parties. The latest release includes a number of enhancements and new, market-leading capabilities that improve usability, automation, and reporting.
Here’s a brief round-up of what’s new with the release of version 20.1:
Configuration APIs
This release has a new set of APIs that enable Privileged Remote Access administrators to automate and orchestrate administrative tasks within /login and the Access Console. There are specific methods exposed via an API that enable a programmatic way to create, list, update, and delete certain configuration items in Privileged Remote Access. For example, this enables Privileged Remote Access administrators to use the API to create local user accounts or delete Jump Clients that have been offline for a specified number of days.
RDP Session Forensics
This release has a new setting for RDP Jump Items that provides administrators with additional logging details for RDP Jump sessions. Users can leverage this new functionality by enabling the “Enhanced Logging” setting in the RDP Jump Item properties. This “Enhanced Logging” functionality will capture additional session events; for example, “Focused Window Changed Event” and “Mouse Click Event”. This functionality enhances security by providing administrators with RDP Jump session details that previously were only supported in Jump Client sessions.
Vault Enhancements
Vault is our Privileged Remote Access and credential management tool delivered from the cloud, managed and hosted by BeyondTrust. Our cloud-native solution can manage over 5,000 Windows credentials and can store up to 10,000. Our Privileged Remote Access Vault functionality delivers a cloud-ready credential and session management solution, so our customers can provide users with the credentials they need, when they need them. Additionally, administrators are able to rotate and restrict access to managed credentials all from the /login administration UI.
It is now possible to retrieve a list of Vault accounts with the Vault Configuration API. Vault administrators can also create generic username/password and username/SSH key accounts using the API. This provides a programmatic way to on-board Vault accounts that can’t be automatically discovered through Domain Discovery (Active Directory). Users can also Check In/Check Out Vault credentials via the API.
Users and administrators can now select groups of Vault credentials and perform a password rotation on all credentials in the selected group, with just one click! This functionality provides administrators with a simple and efficient method to rotate user-selected groups of credentials or all Vault credentials at once, making it simpler for our customers to manage large numbers of credentials with Vault, while eliminating the need for time-consuming manual rotation of individual credentials. Additionally, users can now view up to 2,000 credentials at a time in the Vault for all Jump Item sessions.
Users can also now define which Vault users can inject credentials while in a session, and which Vault users can view credentials when checked out in /login. Previously, these permissions were grouped together, and we heard feedback that some customers needed a more granular approach.
BeyondInsight Integration: Reporting & Session Details
Our Privileged Remote Access customers have expressed their desire for further integrations with the BeyondTrust portfolio. With this release, administrators can leverage our BeyondInsight platform for session details and reports of Privileged Remote Access sessions. This integration includes a new Dashboard view for Privileged Remote Access sessions, which users can access in the BeyondInsight interface. Administrators who utilize our existing reporting functionality of /login can continue to view session details, reports, and session recordings in the /login interface.
Additionally, Session reports now contain details regarding the Access Approver Name, Email Address, and Comments for sessions that require approval. The session report also now contains the Request Reason for sessions that require users to specify a reason for their access request.
Deployment
BeyondTrust secure remote appliances offer a centralized platform for access control and session management. BeyondTrust helps you keep sensitive data behind your own firewall, under the trusted security measures you already have in place. Our cloud virtual, and physical appliances models help enterprise organizations address regulatory and security requirements. We offer 4 deployment options for privileged remote access:
- On-premise
- IaaS (Infrastructure as a Service)
- SaaS (Software as a Service)
- Hybrid (a combination of all)
The new features and enhancements with version 20.1 broaden what’s already possible with BeyondTrust’s Privileged Remote Access, helping you control, manage, and audit vendor and internal remote privileged access.
Already a customer? - Here’s how to get started.
Ready to experience the most secure solution for enabling remote access to vendors and employees? Contact us today!
