
Whitepapers
"This is the first time we have ever implemented a security product that made the end user’s job so much easier. Our building managers previously managed dozens of different credentials for staff and vendors. Password Safe centrally manages every credential, so they now have only one password for them, one password for vendors and one password for their staff."
BeyondTrust Password Safe features a distributed network discovery engine to scan, identify, and profile all assets. Dynamic categorization of all assets and accounts enables auto-onboarding, and the ability for access policies to self-adjust according to environmental changes.
BeyondTrust Password Safe securely stores, rotates, and controls access to privileged account passwords, DevOps secrets, SSH keys, and other credentials. This protects sensitive assets and satisfies modern compliance requirements. Password Safe credential management capabilities include:
Today's cloud-based development environments require essential security to secure these mission-critical applications. Often, these teams need to share credentials to support their rapid prototyping through deployment. Secrets Safe manages these credentials locally within each team in a secure and auditable way. Secrets Safe is fully integrated within Password Safe — no additional tooling required.
BeyondTrust Secrets Safe is designed to secure store credentials owned by cloud developers in a fully controlled environment. Any sensitive credentials required to make applications run can now be safely shared, stored, and locally managed. These include, and are not limited to:
Secrets are managed through a graphical user interface. Secrets can be uploaded and retrieved using the GUI or by using the supplied API. Non-human or service tasks can make full use of the API to retrieve secrets they require to access resources.
Teams desiring to use Kubernetes will benefit from BeyondTrust's unique secrets management using Kubernetes Sidecar, which simplifies the logic for connecting to and retrieving secrets from Secrets Safe. Using the Kubernetes Sidecar enables rapid development without requiring deep Kubernetes experience, sidestepping complex secrets management configurations within container code.
Privileged session monitoring and management is essential to achieve compliance and security requirements.
BeyondTrust Password Safe privileged session management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used tools. Password Safe session management features include:
BeyondTrust Password Safe eliminates hardcoded and embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials.
Password Safe features enable:
Traditional methods of SSH key management are very labor intensive, with many organizations not properly rotating their keys. It is also common practice for administrators to share keys. Between the lack of rotation and the sharing of keys, organizations lose accountability over their systems and expose vulnerabilities.
BeyondTrust Password Safe improves security and simplifies management of SSH keys by:
In traditional PAM workflows, permissions are granted globally to individuals based upon job role. This does not take into account real-time risk factors such as location, day, or time. BeyondTrust Password Safe enables the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine.
Policies can be extended to block password access to designated resources. Exceptions can be defined to allow requests that originate from the corporate network, another approved source, or from approved vendors.
Having this capability ensures that users have the right access according to the context of their request, thereby minimizing opportunities for exploiting privileged credentials.
The Password Safe API is designed to address single sign-on shortcomings, simplify developer access, and to provide secure credential management.
Credentials retrieved automatically and securely from the Password Safe API allow application developers to gain access, without entering credential information each time. In this case, end users, like database administrators, never need administrator rights to access a database. This capability improves system security, while enabling greater business agility.
BeyondTrust Password Safe connects the dots and flags the events you need to focus on, allowing you to act decisively and effectively prioritize risk mitigation. Analyze privileged password, user, and account activity, along with asset characteristics.
Traditionally, smaller groups managed shared credentials manually with spreadsheets. Or in the worst cases, with sticky notes. Password Safe manages these credentials locally, within each team, in a secure and auditable way.
The Team Passwords capability is designed to securely store credentials owned by small groups within Password Safe in a fully controlled environment. This feature delivers secure password practices to teams outside of traditional privileged user roles. Sensitive credentials shared by groups can now be safely stored in Password Safe and locally managed.