How BeyondTrust Enables Secure Remote Support

BeyondTrust Remote Support has always been designed with security at the forefront. Not only is the product architecture superior from a security standpoint, the product itself has a number of features that strengthen the security on a day to day basis.

Businesses today must not only meet increasingly stringent company security policies, but many are also subject to industry compliance mandates such as HIPAA or PCI. With BeyondTrust, you can focus on solving user problems, not security concerns.

Authentication & Permissions

Most remote support solutions require you to create support rep accounts manually or with a convoluted semi-automated process. BeyondTrust seamlessly integrates with external user directories, such as LDAP, for simple and secure user management.

With BeyondTrust, you can leverage your existing directories (LDAPS, Kerberos, Smart Card, RADIUS) so that if you change a support rep’s account in Active Directory, it is automatically reflected in BeyondTrust Remote Support.

BeyondTrust lets you associate group policies in BeyondTrust with groups in your directory, so that if you move a rep from one group to another in LDAPS, their permissions in BeyondTrust are automatically updated to reflect their new role.

Auditing & Reporting

Session logging allows for the review of all customer and support representative interactions, and all the events of an individual support session are logged as a text-based log. This log includes representatives involved, permissions granted by the customer, chat transcripts, system information, and any other actions taken by the BeyondTrust representative.

BeyondTrust also allows enabling video session recordings. This records the visible user interface of the customer screen for the entire screen sharing session. Session logging data is available on the appliance in an un-editable format for up to 90 days, but it can be moved to an external database using the BeyondTrust API or the BeyondTrust Integration Client.

Remote Connection Security

Grant access with even more granularity so that just the right levels of access are granted to those who need it, enforcing the concept of "least privilege" in your service desk. BeyondTrust includes a large number of granular permissions that can be granted to manage which features in BeyondTrust a representative has access to and can require end-user prompting so that the user receiving support must approve representative actions.

Policies can be set for users, groups, or sessions, giving administrators significant flexibility and control. Group policies integrate easily with external directory stores to assign permissions based on your existing structures. Session permission policies enable building a security model for each specific support scenario. You can also restrict BeyondTrust use logins to certain times of day.

Architectural Security

With BeyondTrust, each each customer gets a segmented, single-tenant environment. Your data is never co-mingled with data from any other customer.

BeyondTrust offers the greatest number of deployment options, so you can select the choice that corresponds with the security requirements of your business. From on-premises and virtual appliances to the BeyondTrust Cloud, get the best deployment option for your business.

Watch a Demo