SERVER PRIVILEGE MANAGEMENT AND SESSION MANAGEMENT
for Unix & Linux
Achieve control over root account privileges with centralized analytics, reporting, and keystroke logging. Reduce risk and address compliance concerns more comprehensively than with sudo.
Proven Privilege and Session Management for Unix & Linux Servers
PowerBroker for Unix & Linux allows system administrators to delegate Unix and Linux privileges and authorization without disclosing passwords for root or other accounts. The solution can also record all privileged sessions for audits, including keystroke information. Use PowerBroker to meet the privileged access control requirements of government and industry mandates including SOX, HIPAA, PCI DSS, GLBA, PCI, FDCC and FISMA.
- Enable users to perform specified administrative tasks without disclosing passwords
- Integrate all policies, roles and log data via a web-based console
- Automate workflows for policies and audit-ready logging
- Broker permissions transparently, ensuring user productivity and compliance
- Record and index all sessions for quick discovery during audits
- Leverage across more than 100 flavors of Unix and Linux
Need help easing the pain of managing sudo? Check out PowerBroker for Sudo, which provides centralized policy, logging and version control with change management for multiple sudoers files.
Achieve System-Level Control and Accountability
Enhance security through fine-grained, role-based policy control of privileged accounts. Conduct asset and privilege discovery. Prevent unapproved privileged account activity. Granularly delegate root admin privileges. Achieve policy driven command elevation and auditing – down to the system level – with no change to the user experience.
Migration Path from Sudo
With support for more than 100 flavors of Unix and Linux, PowerBroker is one of the most comprehensive solutions to enable users to run commands at a higher privilege level. This breadth, in addition to industry-standard encryption, provides the confidence to replace existing open-source options such as sudo with a commercially supported solution.
Comply with Ease
Compartmentalize IT tasks that require privileged accounts, enabling segregation of duties. Gain visibility through detailed, centralized event logs of elevated commands and keystroke logging capabilities, featuring DVR-style recording of all activity performed by the user. Enable change management of all settings and policy configurations, including rollback.
Gain Greater Insights to Reduce Risk
Free for all PowerBroker for Unix & Linux customers, the fully-integrated BeyondInsight IT Risk Management platform provides advanced features including dynamic asset discovery and targeting, flexible alerting and reporting, advanced analytics, and centralized I/O index and search capabilities.
System-level control and audit: Provides control over applications down to the system level, regardless of how the application is initiated.
Segregation of duties: Centralized control allows for true separation of duties, limiting users, administrators and auditors access to only the data relevant to them.
Flexible authentication and authorization: Pluggable Authentication Module (PAM) support enables PowerBroker for Unix & Linux to utilize industry-standard authentication systems.
Track and record activity: Time-stamped logs for every administrative, user-level, and application activity ensures that no suspicious activity goes unnoticed. DVR-style recording and indexing ensures all activity is available for quick discovery and playback.
Granular delegation of privileged accounts: Partitions privileged accounts such as root, granting users and admins access to only the specific entitlements required to perform a given task, achieving a least-privilege model.
Centralized administration and auditing: Greatly reduces the administration and overhead normally associated with policies and audit tasks.
Flexible policy language: Determines who can do what, where, when, and why providing granular options to the administrator.
Extensive platform support: Supports more than 100 flavors of Unix and Linux (full list).
User management: Granularly controls user access to programs, files, and directories as well as brokering system tasks, without sudo.
Secure logging: Centralized log data facilitates controlled access to session activity information.
Encrypted: Supports 30 encryption methods for policies, logs, and network traffic, assuring compatibility within virtually any IT infrastructure. Ensures all user and admin activity are encrypted to selectable, industry-standard algorithms and stored in a secure, centralized location.
Reducing Insider Risks with PowerBroker for Unix & Linux Servers
Remove the Need to Login as Root
PowerBroker for Unix & Linux implements a true least privilege delegation model, allowing users to run any command at a higher privilege level so long as allowed by the centralized policy. Removing the need for users to logon as root allows the root user account to have much tighter security controls or be moved to a password management system such as PowerBroker Password Safe.
Achieve Compliance for Root
PowerBroker for Unix & Linux allows standard named user accounts to elevate to a root level with full session logging, providing a centralized indelible audit trail and ultimate accountability for each individual system administrator.
Make Up for sudo's Shortfalls
PowerBroker for Sudo provides a way to quickly and simply centralize one or more sudoers files. Connecting hosts can be optionally grouped or run in a hybrid of one to one plus grouped hosts, allowing simple and controlled access to specific sudoers files located on one or more centralized servers based on the requesting hosts group membership.
Seamlessly Integrate with Password Management
PowerBroker for Unix & Linux integrates seamlessly with PowerBroker Password Safe. This allows you to control both what users can access and what they can do once they have access.