PowerBroker Password Safe Certification with McAfee ePolicy Orchestrator

Martin Cannard
January 30th, 2018

Today’s security workplace consists of a myriad of interfaces running across a plethora of platforms. This can mean that to perform a simple task such as accessing a server, you have to leave the management platform you are on and open a different security tool to log on.

What if you had the ability to perform privileged management, and session management tasks from a single console?

Today, we announced that BeyondTrust PowerBroker Password Safe versions 6.3.1 and 6.4.4 have been certified on McAfee ePolicy Orchestrator (ePO) version 5.9.x.

This integration provides joint McAfee ePO and BeyondTrust customers with automated privileged password and privileged session management capabilities through a single platform. It’s exciting news, because now BeyondTrust is fully integrated with McAfee ePO to provide complete lifecycle management of privileged accounts directly from the ePO console.

Tasks such as bringing new systems under privileged access management, and securely accessing the resources can be performed via simple contextual controls in the McAfee ePO console. In addition, RBAC controls to the managed systems may be dynamically controlled according to ePO tags. For example, a tag named ‘High Risk’ applied manually or via DXL, could automatically quarantine the system in Password Safe, and prevent further access until a threat has diminished.

Below are some of the new feature highlights:

Discover and Onboard Assets into Password Safe Directly from McAfee ePO

McAfee ePO provides synchronization options to identify whether a system is currently under management by Password Safe, and if desired, an unmanaged system may be onboarded directly from the ePO console.

Add/Remove Managed Accounts from the ePO console

By selecting any Password Safe managed system, new accounts may be brought under management or existing accounts unmanaged directly via contextual actions.

Launch Secure Sessions Through the ePO Console Using Powerbroker Password Safe

PowerBroker Password Safe offers customers the ability to remotely connect to devices and end points without knowledge of the credentials being used.  The policies managed through Password Safe also control which users can utilize this functionality, and to what devices they can connect.

From the McAfee ePO console, the user can select a Password Safe managed system, and then select an action to automatically launch an SSH or RDP session to the asset without displaying the credentials.

This integration provides seamless, and secure access for connectivity to systems requiring privileged access. In addition, all activity may be centrally monitored, and recorded for audit compliance and accountability.

Release Privileged Credentials Through the ePO Console

With this feature, the user logged into the ePO console can select a system, and then select a managed credential they are authorized to retrieve the password for.

Manage and Rotate Account Passwords on Selected Devices

From within the McAfee ePO console, a user can select one or more systems, and choose to cycle the passwords for all associated managed accounts.

Pass McAfee ePO Tags as Keyword Attributes in PowerBroker Password Safe

Systems in Password Safe may be tagged with specific keywords from ePO Tags. This allows Smart Rules to dynamically group assets for such actions such as quarantine, or role reassignment.

In addition to the integration with McAfee ePO, there are over 200 enhancements and new features in this release of PowerBroker Password Safe. Check out the new features document for more information, and if you would like to learn more about PowerBroker Password Safe, contact us or request a free trial!

 

Martin Cannard

Martin has been helping organizations solve challenges in the privileged account management and identity and access management space for over 24 years. At Dell Software, Martin managed a team of Solution Architects, focused on designing and implementing solutions in the Privileged Account Management (PAM) space. Prior to joining Dell, Martin was Sr. Product Manager for Novell Privileged User Manager, a privilege management application acquired from Fortefi, an organization where he served as Vice President, Corporate Development. Prior to this, he was Program Manager of Client Technologies at Symantec where he was responsible for many ground-breaking field and channel enablement applications. Additionally, Martin managed the European QA group at Axent Technologies and has held various management positions in consulting, systems development, and operations. Martin is a regular speaker for security events, and webinars.