Reduce risk with cross-platform vulnerability assessment and remediation, including built-in configuration compliance, patch management and compliance reporting. Password Safe features capabilities including:
BeyondTrust Password Safe features a distributed network discovery engine to scan, identify, and profile all assets. Dynamic categorization of all assets and accounts enables auto-onboarding, and the ability for access policies to self-adjust according to environmental changes.
BeyondTrust Password Safe securely stores, rotates, and controls access to privileged account passwords and other credentials. This protects sensitive assets and satisfies modern compliance requirements.
Keep Passwords Fresh: Rotate passwords on a scheduled basis or upon check-in to mitigate the risk of abuse or misuse.
Rotate SSH Keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
Eliminate Application Credentials: Get control over scripts, files, code, and embedded keys.
Ensure Password Strength: Define and enforce password policy to meet any complexity requirement.
Eliminate Old Passwords: Analyze password ages and proactively report policy violations.
Manage Remote Users: Use BeyondTrust Privilege Management for Windows and Mac as an agent to update passwords on remote devices.
Active Password Change: Selectively process password change, password test, and account notification queue items for designated workgroups.
Privileged session monitoring and management is essential to achieve compliance and security requirements.
BeyondTrust Password Safe privileged session management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used tools.
Control Access: Request RDP/SSH access to authorized systems only.
Leverage Flexible Execution: Start sessions instantly, or via workflow.
Enable True Dual Control: View any active privileged session, and if required, pause or terminate the session.
Enforce Accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP.
Capture Everything: Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes.
Communicate & Comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.
Audit and Log Privileged Sessions: Access and watch a session, then log an acknowledgement of the review to meet audit compliance requirements.
Quickly Search Session Logs: Index and text search using keystroke to pinpoint data, and then log an acknowledgement of the review for audit purposes.
RDP Enhanced Session Audit: Every click within the Windows interface, along with any keystrokes, is audited and recorded in a searchable session replay index.
Real-Time Activity Alerting: Defined user activity can generate real-time email alerts, as well as block commands, lock, and terminate SSH sessions.
Use Command Blacklisting: Connection profiles define keyword groups that can determine a specific course of action. Block commands, lock sessions, terminate sessions, or all three.
Auto Logoff & Disconnect: Utilize ‘log off on disconnect’ feature to ensure sensitive data is not exposed in subsequent RDP sessions.
Integrate with SailPoint Predictive Identity Platform (IdentityIQ & IdentityNow): Manage access for privileged and non-privileged accounts with privileged access management and identity and access management (IAM).
BeyondTrust Password Safe eliminates hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials.
Password Safe features enable:
Traditional methods of SSH key management are very labor intensive, with many organizations not properly rotating their keys. It is also common practice for administrators to share keys. Between the lack of rotation and the sharing of keys, organizations lose accountability over their systems and expose vulnerabilities.
BeyondTrust Password Safe features added security and simplifies the management of SSH keys by:
In traditional PAM workflows, permissions are granted globally to individuals based upon job role. This does not take into account real-time risk factors such as location, day, or time. BeyondTrust Password Safe enables the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine.
Policies can be extended to block password access to designated resources. Exceptions can be defined to allow requests that originate from the corporate network, another approved source, or from approved vendors.
Having this capability ensures that users have the right access according to the context of their request, thereby minimizing opportunities for exploiting privileged credentials.
The Password Safe API is designed to address single sign-on shortcomings, simplify developer access, and offer secure credential management. Legitimate user credentials are used in most data breaches, reinforcing the need for organizations to control access to sensitive systems.
Credentials retrieved automatically and securely from the Password Safe API allow application developers to earn access without entering credential information each time. In this case, end-users, like database administrators, never need administrator rights to access a database. This capability improves system security while enabling greater business agility.
The benefits of using the Password Safe API include:
Analyze privileged password, user, and account activity, along with asset characteristics to correlate application, service, and process data with a continuously updated malware database. BeyondTrust Password Safe connects the dots and flags the events you need to focus on, allowing you to act decisively and effectively prioritize risk mitigation.
Aggregate user and asset data to baseline and track behavior to:
Traditionally, smaller groups managed shared credentials manually with spreadsheets. Or in the worst cases, with sticky notes. Password Safe manages these credentials locally within each team in a secure and auditable way.
Team Passwords is designed to securely store credentials owned by small groups within Password Safe in a fully controlled environment. This feature delivers secure password practices to teams outside of traditional privileged user roles. Sensitive credentials shared by groups can now be safely stored in Password Safe and locally managed.