Secure Network, IoT, ICS and SCADA Devices Against Privilege-Based Risks with PowerBroker for Networks

Scott Lang, Sr. Director, Product Marketing
February 5th, 2018

Secure Network, IoT, ICS and SCADA Devices Against Privilege-Based Risks with Powerbroker for Networks

If your network is like most networks, you likely have dozens – if not hundreds or thousands – of nodes each a critical first line of defense on the outer-most virtual boundary of your enterprise. They can be routers, switches, firewalls, IoT or SCADA devices of any kind. And while there are plenty of tools out there that can monitor and report on network activity or performance on these devices, or forensically tell you if there are security risks or compliance problems, these can be reactive measures. In order to best protect your critical network assets, what about being proactive in order to limit *who* can assess these devices, and *what* they can do with their access in the first place?

Get started now by downloading our latest paper, “Securing Network Devices Against Privilege Risks

What About Privileged Access on Devices?

Historically, it has been a challenge for many organizations to be proactive in limiting privileged access to network nodes. Let’s take a look at some of the shortcomings:

  • Simple command blacklisting isn’t granular enough, allowing for too many work-arounds
  • Most network devices do not allow for the installation of agents (especially devices you don’t own), limiting depth of control
  • Most network tools are manufacturer-specific. If you have a network with multiple vendor products, how do you manage them all?
  • Password management is a great start, but what happens when the user obtains the credential? Don’t they get all the privileges that go with it?

Introducing PowerBroker for Networks – Command Control and Auditing for Network devices such as Routers, Switches, IoT, ICS and SCADA

I’m thrilled to announce that BeyondTrust has finally solved the problem of the lack of privilege control and auditing on devices with the introduction of our new solution, PowerBroker for Networks. Building on more than 30 years of experience in pioneering the privileged access management market, PowerBroker for Networks is an industry-first solution that controls, audits, monitors and alerts on activity on network devices. Fully integrated with the PowerBroker Privileged Access Management Platform, this solution enables the same level of control and audit on network devices as is available on Windows, Unix/Linux servers, and closes a risky gap common in most corporate network environments today.

Watch a 2-minute overview of the key features of PowerBroker for Networks 

PowerBroker for Networks Use Cases

Multiple different use cases in securing network devices can be satisfied by using PowerBroker for Networks.

Centralizing Authorization and Logging

PowerBroker for Networks provides all authorization and logging functions from a centralized, high-availability infrastructure via one or more gateway servers, with no local caching of policy information to prevent any tampering. This applies to authorized activities, as well as session logs which are streamed live to log servers.

Reducing Overhead in Managing Policies

The PowerBroker for Networks policy language is both flexible and powerful and can be configured with functions and procedures to make exception handling or broad restrictions easy to manage. Building a single function to restrict access to files and applying it to many policies reduces the overhead required to manage PAM functions in an enterprise. Both regular expression handling, and explicitly defined commands are supported, and within the limits of the device operating system, commands can be validated prior to execution.

Overcoming Agent Restrictions – a Platform Agnostic Approach

PowerBroker for Network provides an agentless deployment since most network devices do not permit the installation of secondary or tertiary software. Using a proprietary method of wrapping sessions in strong controls permits full control without the possibility of voiding a warranty, or introducing software to a network device that may be under lease from a third-party provider. Since PowerBroker for Networks does not rely on an agent, but rather on the connection protocols (ssh or telnet) to broker sessions, this makes the tool platform agnostic. Virtually any session that uses telnet or ssh can be strictly controlled.

Who benefits?

With PowerBroker for Networks, network admins gain rule enforcement to reduce or eliminate misconfiguration, role-based access controls that confine activity for teams and groups to what is authorized, and audit logging to protect you with an irrefutable audit trail of activity.

Security teams gain comprehensive coverage of devices where there is little or no visibility, and visibility into user behavior and activity to enhance insider threat program reporting. Audit teams get complete coverage of devices where reporting was previously difficult or impossible, and industry-recognized event logging and reporting. CISOs gain unprecedented visibility into network security perimeter, and industry-leading audit reporting to reduce the cost of audit, and to enforce compliance of policies and standards in the network environment.

Take Control of Your Network Devices Today

Want to learn more about how PowerBroker for Networks can help? We’ve prepared a series of six (6) short videos that demonstrate key features. Watch them here.

For a complete list of features and recommended product architecture be sure to download our new white paper, “Securing Network Devices Against Privilege Risks”.

To schedule a demonstration, contact us today!

Scott Lang, Sr. Director, Product Marketing

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.