BeyondTrust

Password Safe

Unified Password and Session Management for Seamless Accountability and Control over Privileged Account.

Continuous Auto-Discovery - Scan, identify and profile all assets and applications with auto-onboarding of privileged accounts

Management & Rotation - Store, manage and rotate privileged account passwords, eliminating embedded credentials and ensuring password strength

Monitor & Audit Sessions - Log and monitor all privileged credential activity and sessions for compliance and forensic review

Benefits of Privileged Password Management

Control Third-Party Access - > Password Safe and BeyondTrust Privileged Remote Access provide an integrated approach to secure the connection and automatically check out privileged credentials with full session recording for secure third-party vendor access.

Reduce Cloud Risk -> Password Safe facilitates safe storage and session management for cloud administrative credentials to Azure, Amazon, Google, Rackspace, and GoGrid, as well as to social networks including Facebook, LinkedIn and Twitter, mitigating the risk of weak and/or uncontrolled password policy.

Use Context to Determine Access -> Password Safe dynamically assigns just-in-time privileges via its Advanced Workflow Control engine to account for real-time risk factors such as location, day or time. For instance, access policies can limit users to fire call accounts at night but afford a broader level of access during the day. These policies can also tie into BeyondInsight Threat Analytics to quarantine at-risk resources.

Manage Access for Privileged and Non-Privileged Accounts -> Password Safe includes a dynamic, bi-directional certified integration with SailPoint IdentityIQ, enabling organizations to effectively manage user access for both privileged and non-privileged accounts.

Integrated Password and Privilege Management -> Seamlessly integrates with Endpoint Privilege Management to control both what users can access, and what they can do once they have access.

Solution highlights

Access Control

Evaluate just-in-time context and simplify access requests by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems

Permissions are often granted globally to individuals based upon job role, and do not take into account real-time risk factors such as location, day or time. Password Safe enables the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine.

Policies can be extended to block password access to some managed resources unless the request originated from the corporate network, or only allow access to certain vendor accounts if they originate from the vendor network.

Having this capability ensures that users have the right access according to the context of their request, thereby minimizing opportunities for exploiting privileged credentials.

Application Password Management

Control scripts, files, code and embedded keys to close back doors to your critical systems
Password Safe eliminates hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe:

  • Enables removal of hard-coded passwords from applications and scripts
  • Provides an extensible REST interface that supports many languages, including C/C++, Perl .NET, and Java
  • Ensures that passwords can be automatically reset upon release
  • Enforces extensive security controls to lock down access to only authorized applications
Asset and Account Discovery

Scan, identify and profile all assets and applications with auto-onboarding of privileged accounts

Password Safe leverages a distributed network discovery engine to scan, identify and profile all assets. Dynamic categorization of all assets and accounts enables auto-onboarding, and the ability for access policies to self-adjust according to environmental changes. This capability helps IT keep pace with changing environmental variables, reduces time and administrative overhead, and reduces risk by ensuring that no system is left unmonitored/unmanaged.

  • Discover and profile all known and unknown assets (web, mobile, cloud, virtual), privileged user accounts, shared accounts, and service accounts
  • Automatically bring systems and accounts under management
  • Create Smart Groups to automatically categorize, group, assess, and report on assets by IP range, naming convention, OS, domain, applications, business function, Active Directory, and more.
Session Management

Monitor and agentless manage privileged sessions for compliance and forensics

Privileged session monitoring and management is essential to achieve your compliance and security requirements, but can be complex and time-consuming to achieve. Many alternatives in the market force you to use Java, which is a notorious security risk, or require you to purchase additional licenses of what should be free tools.

Password Safe privileged session management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used management tools without the need for Java. With Password Safe, administrators can:

  • Request RDP/SSH access to authorized systems only
  • Start sessions instantly, or via workflow
  • View any active privileged session, and if required, pause or terminate the session
  • Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes
  • Avoid Java – Password Safe is a client-less solution with no agents required on the server
  • Fully integrate with native tools (MSTSC, PuTTY, MobaXterm etc.)
  • Gain full video recording with 100% accountability
Simplified SSH Key Management

Scan, identify and profile all assets and applications with auto-onboarding of privileged accounts

Password Safe leverages a distributed network discovery engine to scan, identify and profile all assets. Dynamic categorization of all assets and accounts enables auto-onboarding, and the ability for access policies to self-adjust according to environmental changes. This capability helps IT keep pace with changing environmental variables, reduces time and administrative overhead, and reduces risk by ensuring that no system is left unmonitored/unmanaged.

  • Discover and profile all known and unknown assets (web, mobile, cloud, virtual), privileged user accounts, shared accounts, and service accounts
  • Automatically bring systems and accounts under management
  • Create Smart Groups to automatically categorize, group, assess, and report on assets by IP range, naming convention, OS, domain, applications, business function, Active Directory, and more.
Threat Intelligence and Behavioral Analytics

Monitor and agentless manage privileged sessions for compliance and forensics

Privileged session monitoring and management is essential to achieve your compliance and security requirements, but can be complex and time-consuming to achieve. Many alternatives in the market force you to use Java, which is a notorious security risk, or require you to purchase additional licenses of what should be free tools.

Password Safe privileged session management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used management tools without the need for Java. With Password Safe, administrators can:

  • Request RDP/SSH access to authorized systems only
  • Start sessions instantly, or via workflow
  • View any active privileged session, and if required, pause or terminate the session
  • Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes
  • Avoid Java – Password Safe is a client-less solution with no agents required on the server
  • Fully integrate with native tools (MSTSC, PuTTY, MobaXterm etc.)
  • Gain full video recording with 100% accountability

Demo - BeyondTrust Password Safe

Why implement Password Safe?

Forum

Forum

Contact Sales

Contact Sales

Knowledge Base

Knowledge Base

Downloads

Downloads

Support

Support

Sign up for monthly PDS eNewsletter -->