BeyondTrust has just launched version 21.1 of our market-leading Privileged Remote Access solution, which empowers IT/OT teams to control, manage, and audit remote privileged access by authorized employees, contractors, and vendors—without compromising security. With Privileged Remote Access, organizations can enforce least privilege, exert granular control and visibility, and layer on advanced credential security over remote access for both employees and third-parties.
The latest release includes several enhancements and new, market-leading capabilities that improve automation, expand connections to additional devices, and more!
Below is a brief round-up of what’s new with the release of version 21.1.
Vendor Onboarding
IT teams want to get tools into vendors and employee’s hands quickly, but onboarding new third parties, vendors, or suppliers can be a time-consuming and repetitive process – one that’s ripe for automation. With Vendor Onboarding, we have securely eliminated manual overhead of managing vendor teams and users by delegating portions of the vendor user administration to trusted sub-admins/vendor admins. These capabilities and workflows help to eliminate shared accounts, while providing an easier, more automated path to adding new vendor users as they onboard .
With this release, administrators can delegate the management of vendor and internal users to a trusted vendor administrator, or another internal user. Administrators can enable Vendor Users to request or sign up for Access through a customizable portal page. This new functionality is an addition to the Vendor Groups section under Users & Security. Administrators can now create and customize portal pages for specific Vendors, allowing users to register for the access they need, when they need it.
The Vendor Portal can be restricted to specific email domains as well as existing network restrictions for the Vendor Group. Vendor User self-registration through the Vendor Portals always requires approval for user creation by the defined administrator for the Vendor Group. This functionality is designed to decrease the manual administration requirements of Vendor management, as well as provide a quicker path to Access for new users.
Bring Your Own Tools (BYOT)
This release introduces BYOT, specifically for RDP Jump Items. This new functionality enables users to leverage their existing native RDP tool for RDP Jump Items, while maintaining the benefits of the audit trail and session recordings our users know and love. This functionality is enabled/disabled as a setting in the Desktop Access Console. The setting can be changed at any time, so users can determine the best method for their circumstances. This functionality is available for the Desktop Access Console only.
Mac Support
BeyondTrust has supported Mac OS X since 2007. And, unlike some remote support solutions that stop with basic support, BeyondTrust offers largely the same functionality for Mac as it does for Windows. In this release we have included:
- macOS Big Sur Support: The macOS Representative Console and the Customer Client now fully support macOS Big Sur, including changes to support its new security requirements. The Apple Silicon architecture is also supported through Apple's Rosetta 2 technology.
Vault Enhancements
Our Privileged Remote Access solution includes a cloud-based credential management tool delivered, managed, and hosted by BeyondTrust. Leveraging the cloud to manage privileged credentials makes the process simpler and more cost-effective for businesses. Our cloud-native solution can manage over 5,000 windows credentials and can store up to 10,000.
The BeyondTrust Vault has been enhanced to include:
- Jump Client Discovery & Rotation: Jump Clients can now perform discovery and rotation of local credentials (Windows only). This new functionality allows administrators to manage machines individually and set who has access to those machines without the need to set up a local or shared account on the remote system. This new feature not only complements the use of Jumpoints in the network for domain-based rotation, but also allows for more singular control over smaller groups of machines.
- Desktop Access Console: When users login to their Desktop Access Consoles after upgrading to the 21.1 release, they will see a new Vault tab. The Vault section enables users to Check-In/Out Vault Accounts that the administrator has defined for their user. This enables users to leverage Vault Accounts for session activity or locally on their own device. This enhances user experience and productivity by enabling access to Jump Items and Vault Accounts from one location.
- Account Groups: Vault administrators can now organize Vault accounts into account groups, providing a better management experience. Admins can also now assign account groups to group policies, rather than only individual Vault accounts. Additionally, Vault accounts can be assigned to an account group during the import process.
- Personal Accounts: Privileged Remote Access users can now create private generic accounts in Vault. This functionality improves the day-to-day experience for users by allowing them to manage their own Vault accounts privately for use during remote sessions, or for quick access to other tools. Users can store Generic Credentials that are not managed, rotated, or visible to anyone else but themselves. These credentials are then useable for injection or check out only by that specific user.
- Reporting: Vault reporting now provides more search options and the ability to directly download the report results. The reporting API has been updated to support this new functionality.
Raspberry Pi OS Access
BeyondTrust’s Secure Remote Access Jump Client Technology has added headless support for the Raspberry Pi OS. Raspberry Pi is a series of single board computers used to perform many different functions. It is a low cost, credit-card-sized computer that enables endless possibilities. Raspberry PI is often used by several industries, for example, for equipment or machine monitoring of industrial applications, or even as an edge gateway solution, thanks to its low power requirements and high processing capabilities.
BeyondTrust Privileged Remote Access enables Raspberry Pi secure access to allow privileged users to connect to more types of unattended systems, perform administrative actions, and secure who has access to manage these devices.
Extended ADPU Smart Card Support Option
Within environments where security implementations require smart card use for authentication, BeyondTrust enables the user to pass administrative credentials to a remote computer from a smart card resident on the representative's local system. In this release, we have updated the Virtual Smart Card feature to support Extended APDU. This feature allows for reading data from the smart card up to 65535 bytes at a time.
Privileged Remote Access Next Steps
The new features and enhancements with version 21.1 broaden what’s already possible with BeyondTrust’s Privileged Remote Access, helping you control, manage, and audit vendor and internal remote privileged access, and to also better secure OT environments.
Ready to experience the most secure solution for enabling remote access to vendors and employees? Contact us today!
Julissa Caraballo, Product Marketing Manager
Julissa Caraballo is a Product Marketing Manager at BeyondTrust. She has over 10 years of experience in software product marketing and lead generation. Previously, Julissa worked as a Marketing Director for a medical management software company. She holds a BA in Business Administration/Marketing and a MBA in Healthcare Management. Her certifications include, Certified Digital Marketing Manager, Pragmatic Marketing Certified and Certified Medical Practice Executive. She can be found on LinkedIn and all social media platforms.
