PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys, cloud and social media accounts. Password Safe offers multiple deployment options and broad and adaptive device support.
Secure and automate the process for discovering, managing and cycling privileged account passwords and SSH keys Control how people, services, applications and scripts access credentials Auto-logon users onto RDP and SSH sessions, without revealing the passwords Record all user and administrator activity in a comprehensive audit trail Alert in real-time as passwords are released and privileged session activity is started.
DISCOVERY AND PROFILING
- Discover all known and unknown assets, and shared, user and service accounts.
- Identify assets with common traits and automatically place them under Password Safe management via Smart Rules.
PASSWORD PROTECTION AND SSH KEY MANAGEMENT
- Support industry-standard encryption algorithms such as AES 256 and Triple DES.
- Randomize passwords on a scheduled basis or upon check-in.
- Rotate SSH keys automatically and enforce granular access control and workflow.
- Utilise PowerBroker for Windows to update passwords on remote and mobile devices.
- Get control over scripts; eliminate application credentials, files, code and embedded keys.
PRIVILEGED SESSION MONITORING
- Manage live sessions to give admins the ability to lock, terminate or cancel sessions.
- Record privileged sessions in real time via a proxy service for SSH, RDP, and any Windows applications such as TOAD – without need for Java, or a client on the desktop.
- Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
- Use keyword search to watch privileged sessions and log all session reviews to meet compliance requirements.
- Allow any Windows application to have login credentials played in automatically with usage monitored and recorded.
WORKFLOW AND USABILITY
- Leverage true Role-Based Access Controls with Active Directory and LDAP integration for assigning roles and rights to users.
- Manage checkout workflow with seamless connectivity to RDP and SSH via native
desktop tools such as PuTTY and MSTSC.
- Accommodate fire-call requests to ensure access to password-managed systems after hours, on weekends, or in other emergency situations.
- Leverage a Unix/Linux Jumphost to run a command or script after the session connects.
- Use “OneClick' to expedite checkout operations for access to passwords, sessions and applications that would normally be approved automatically.
- Benefit from a single solution for both password and session management.
- Deploy as hardware appliances, virtual appliances or software.
- Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.
SECURITY AND UPTIME
- Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption & HTTPS/SSLv3 communications.
- Analyze privileged password, user and account behavior with BeyondInsight’s Clarity
- Threat Analytics capabilities.
- Allow an unlimited number of Password Safe appliances to be connected to an external SQL AlwaysOn Availability Group for unparalleled high-availability and scalability.
NETWORK-BASED ASSET DISCOVERY
Scan, identify and profile all users and services; automatically on-board systems and accounts under management, speeding time to value.
DYNAMIC RULES & ASSET GROUPINGS
Build Smart Rules to trigger alerts or auto provision based on system categorization, speeding time to resolution.
SIMPLIFIED SSH KEY MANAGEMENT
Schedule SSH key rotation and enforce granular access control and workflow.
UNIFIED PASSWORD AND SESSION MANAGEMENT
Use a single solution for both password management and session management, lowering cost and complexity.
AGENTLESS SESSION MANAGEMENT
Utilize native tools including Microsoft® Remote Desktop and PuTTY to connect to systems without the need for Java.
APPLICATION PASSWORD MANAGEMENT
Get control over scripts, files, code and embedded keys by eliminating hard-coded or embedded
ADVANCED WORKFLOW CONTROL
Add context to workflow requests by considering the day, date, time and location when a user accesses resources.
THREAT ANALYTICS & REPORTING
Leverage a central data warehouse to collect, correlate, trend and analyze key threat metrics; customize reports to meet specific needs.