PowerBroker Password Safe 5.8 - New Feature Highlights

Enhanced Session Playback with Keystroke Indexing

Pinpointing the data you need when searching session recordings is now easier than ever. PowerBroker Password Safe v5.8 has an enhanced session viewer that now provides keystroke indexing with full text search capability. Any RDP and SSH activity from v5.7 and above is automatically captured and displayed. For SSH sessions, both input and output is indexed and searchable. When an index is clicked, the session immediately jumps to that section and starts playback. Instantly search for words that may have been typed or text that has been displayed. Having this capability means that IT administrators can quickly access the data they need from session logs and complete session audits faster.

One-Click Access to Passwords, Sessions and Applications

Speed up repetitive tasks by accessing passwords, sessions, and applications with a single click! Password Safe introduces OneClick, an easy-to-launch mechanism to expedite checkout operations for access that would normally be approved automatically. Simply click on a special icon in the request table, and automatic access verification is immediately performed for the default checkout period of the account. For Advanced Workflow Control, any available Access Policy for the given time period is listed for selection. Alternatively, administrators can globally configure the system to automatically select the most appropriate policy. This new capability improves usability for administrators, making access to sessions and apps secure and convenient.

New Password Caching and Account Aliasing Features

Caching Ensuring business operations continue without interruption is critical for IT environments, regardless of size. For high volume API requests, a new Password Cache utility allows credentials to be accessed directly on a local host (for close to zero latency), or from a local subnet. An unlimited number of caches may be deployed to distribute access to managed credentials for both scalability and redundancy. In the event of a catastrophic system or network failure, credentials, the credentials’ caches will provide a failsafe mechanism to ensure that critical operations may continue. Aliasing When APIs are normally accessed in extremely high volume applications, there is always a risk that a credential may be stale due to latency inherent in standard password change operations. To eliminate this issue, Password Safe v5.8 has the ability to create aliases for API usage. To set up, an account alias is first created, and then mapped to one or more managed accounts. In use, the ‘alias API’ will return both the currently active account name, and password. When a password change is needed for the actively mapped account, the alias will automatically map to the next account in the list before password change occurs. This ensures that credentials will only be returned for stable accounts that are not in the midst of a password change.

Account Password and SSH Key Synchronization

It is often operationally desirable to create groups of accounts with identical credentials. Password Safe v5.8 makes this easy to achieve by allowing designated ‘secondary’ accounts to be grouped to a ‘primary’ account. Whenever the password changes on the primary, the value for each secondary is set to identical values. Furthermore, management of account properties such as rotation interval, complexity, and duration are all managed centrally via the primary. In addition to passwords, SSH public keys may also be synchronized automatically. Whenever a new SSH key pair is generated, the new public key may be distributed to all hosts in the sync group. Password and SSH key synchronization makes it even easier for administrators to manage multiple account credentials with a scalable method that ensures adherence to password policy while maintaining security.

Additional Enhancements

Password Safe version 5.8 also includes the following enhancements to further improve usability:
  • MS SQL Server and Oracle database instance discovery
  • Additional platform support for:
    • SFDC password vaulting
    • Dropbox password vaulting
    • Xerox 6700 printer password management
  • API Enhancements
    • Requesting RDP and SSH Sessions via the API is now supported
    • Property description may be inserted in the body of Managed Accounts
    • Enhancements for GET/PUT/Delete users