DATASHEET

PowerBroker Password Safe

Automated Password and Session Management Maintain Optimal Security, Compliance and Productivity with PowerBroker Password Safe
Many organizations make use of shared accounts to maintain limited sets of credentials for groups of users and/or applications. However, if managed incorrectly, this practice presents significant security risks stemming from intentional, accidental or indirect misuse of shared privileges with little or no accountability when something goes wrong. BeyondTrust PowerBroker Password Safe is an automated password and session management solution offering access control and auditing for any privileged account, such as shared administrative accounts, application accounts, and local administrative accounts. Password Safe is easily deployable and offers broad and adaptive device support. The solution even simplifies traditionally challenging tasks, such as managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB).

KEY FEATURES
Complete device support for operating systems, accounts, applications and devices Automated provisioning users and permission mapping via existing LDAP or Active Directory Physical appliance and secure virtual machine options for deployment flexibility in unique environments Complete logging and reporting to ensure compliance and accountability Permits users to automatically connect to systems using native remote access tools without revealing passwords

Eliminate Intentional, Accidental and Indirect Misuse of Privileges

Recent high-profile security breaches and compliance violations have been traced to system administrators, contractors, vendors and business partners with unnecessary access to internal infrastructure. PowerBroker Password Safe enables you to authorize privileged sessions or privileged passwords for specific users in a secure and controlled manner, while maintaining an indelible audit trail of sessions using privileged passwords. Key differentiators include: Password or session access permit users to automatically connect to remote systems with or without revealing passwords; supports plain-text passwords for applications or administrators DVR-style session recording and playback replay any privileged session for audit, compliance and training purposes; no agents or proprietary clients required Lightweight, robust client libraries enable existing and new application programs or scripts to securely retrieve current credentials from Password Safe, instead of requiring credentials to be hard-coded inside of applications or scripts Native remote management tools permit administrators to leverage traditional remote management tools like Microsoft Remote Desktop or Putty to connect to systems without revealing passwords Automatic password reset passwords can automatically reset upon session completion Extensive device support for several operating systems, directories, databases, routers, firewalls, hypervisors, and any system that supports SSH or Telnet connections Flexible deployment options deploy as a hardened appliance or virtual software solution, with no direct access to the sealed operating system in either case FIPS 140-2 compliant commercially supported FIPS 140-2 validated components for all encryption over passwords to critical data

PowerBroker Password Safe makes it easy to manage and audit shared password usage.

BeyondTrust PowerBroker Password Safe

Reference Architecture

How PowerBroker Password Safe Works

Managing solutions from multiple vendors can be cumbersome. BeyondTrust provides a one-stop suite of privileged access and authorization solutions that is cost-effective, scalable and helps us simultaneously secure data access and comply with strict government regulations. Additionally, having the ability to deploy PowerBroker Password Safe as a physical appliance or virtual machine gave our IT department much more flexibility. - Manager of Systems and Security, Financial Services Technology Provider
USERS REQUEST AUTHORIZATION PRODUCTION RESOURCES

SERVERS

ACCESS REQUEST

SESSION PROXY & PASSWORD RETRIEVAL

PROXY CONNECTION CREDENTIAL RETRIEVAL

WORKSTATIONS

DEVICES

AUDIT
APPLICATIONS

RECORD SESSIONS

REPLAY SESSIONS

AUDIT LOGS

ARCHIVE LOGS

DATABASES

Simplify Password and Session Management

SECURITY Provides system access without revealing passwords Supports A2A/script password retrieval with real-time validation Configurable parameters for password aging and rotation Centralized management for greater control and compliance Investment in compliance reduces the Available as a physical appliance or secure occurrence and cost impact of a data virtual machine breach. The computed probability of a Supports industry-standard encryption data breach occurrence that requires algorithms such as AES 256 and Triple DES notification for the non-compliant group Commercially supported FIPS 140-2 validated in a one-year time frame is 78 percent. components for encryption For the compliant group, the computed probability is only 31 percent. COMPLIANCE Every administrative, user-level, and application activity is logged and time-stamped Audit-ready reporting Meets password protection regulations listed in mandates such as SOX, HIPAA, GLBA, PCI DSS, FDCC and FISMA Provides true Role-based Access Control (RBAC) PRODUCTIVITY Automatically provisions users and maps permissions using an organizations existing LDAP or Active Directory environment Automatically discovers Windows systems in Active Directory, using custom filters - The State of Privacy & Data Security Compliance Report, Ponemon Institute REGULATORY COMPLIANCE One fundamental aspect of regulatory compliance is maintaining a system of checks, balances and overall accountability for privileged and embedded passwords. PowerBroker Password Safe helps protect organizations from exposing mission critical systems to intentional, accidental and indirect misuse of privileges to meet compliance.

ABOUT BEYONDTRUST
BeyondTrust is a proven IT security leader with more than 25 years of experience. More than half of the companies listed on the Dow Jones, eight of the 10 largest banks, seven of the 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies rely on BeyondTrust to secure their enterprise.

CONTACT
BeyondTrust North America Tel: 800.234.9072 or 818.575.4000 info@beyondtrust.com BeyondTrust EMEA Tel: + 44 (0) 8704 586224 emeainfo@beyondtrust.com

CONNECT
Twitter: @beyondtrust Facebook.com/beyondtrust Linkedin.com/company/beyondtrust Learn more at www.beyondtrust.com

Supported Platforms
PowerBroker Password Safe provides complete device support for automated Password and Session Management, offering 30+ out-of-the-box connectors for operating systems, databases and devices plus a custom connector builder for all systems that support Telnet or SSH connections.

2014 BeyondTrust Corporation. All rights reserved. All rights reserved. BeyondTrust, BeyondInsight and PowerBroker are trademarks or registered trademarks of BeyondTrust in the United States and other countries. Microsoft, Windows, and other marks are the trademarks of their respective owners. Feb 2014