Call a Specialist Today! 800-886-5369

BeyondTrust PowerBroker Password Safe
Privileged Password Management and Privileged Session Management


BeyondTrust Products
PowerBroker Password Safe ADD License
PowerBroker Password Safe ADD License, 1-50 Users
#PBPSADD-LIC(1-50)
Contact us for pricing!
PowerBroker Password Safe ADD License, 51-100 Users
#PBPSADD-LIC(51-100)
Contact us for pricing!
PowerBroker Password Safe ADD License, 101-250 Users
#PBPSADD-LIC(101-250)
Contact us for pricing!

Click here to jump to more pricing!

Overview:

Many organizations use shared accounts to maintain limited sets of credentials for groups of users, administrators and/or applications. However, if managed incorrectly, this practice presents significant security risks stemming from intentional, accidental or indirect misuse of shared privileges — with little to no accountability or serious consequences — when something goes wrong.

These are just a few among the litany of challenges and risks to consider:

  • Certain systems have embedded or hard-coded passwords
  • Passwords are needed for app-to-app and application-to-database access
  • Passwords are generally static, meaning they could be leaving the organization
  • Password rotation is unreliable and manual
  • Credentials for cloud apps are often not managed as well as those on-prem
  • Monitoring, auditing and reporting on access is complex and time consuming

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity?

Improve Accountability and Control Over Privileged Passwords

PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys, cloud, and social media accounts. Password Safe offers multiple deployment options and broad and adaptive device support.

  • Secure and automate the process for discovering, managing and cycling privileged account passwords and SSH keys
  • Control how people, services, applications and scripts access credentials
  • Auto-logon users onto RDP and SSH sessions, without revealing the passwords
  • Record all user and administrator activity in a comprehensive audit trail
  • Alert in real-time as passwords are released and privileged session activity is started

The PowerBroker Privileged Access Management Platform

PowerBroker Password Safe is part of the BeyondTrust PowerBroker Privileged Access Management Platform, which delivers visibility and control over all privileged accounts, users, and assets. The platform integrates a comprehensive set of PAM capabilities to simplify deployments, reduce costs, improve system security, and reduce privilegerelated risks. PowerBroker solutions include:

  • Enterprise Password Security: Provide accountability and control over privileged credentials and sessions.
  • Server Privilege Management: Control, audit, and simplify access to business critical systems.
  • Endpoint Least Privilege: Remove excessive user privileges and control applications on endpoints.

Highlights:


Network-Based Asset Discovery


Network-Based Asset Discovery

Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under Password Safe management.

Agentless Privileged Session Management


Agentless Privileged Session Management

Password Safe Privileged Session Management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client. This ensures administrators can leverage commonly used management tools without the need for Java. Live session management enables true dual control, allowing admins to investigate suspicious behavior without killing sessions – or productivity.

Dynamic Rules & Asset Groupings


Dynamic Rules & Asset Groupings

Utilize collected system details from the discovery process to categorize assets. Smart Rules can be triggered to generate alerts or auto provisioning based on system categorization.

Threat Analytics & Reporting


Threat Analytics & Reporting

Patent-pending BeyondInsight Threat Intelligenceand Behavioral Analytics capabilitiesanalyze privileged password, user and account behavior. BeyondInsight also serves as a central data warehouse for management, policy and reporting.

Simplified SSH Key Management


Simplified SSH Key Management

Automatically rotate SSH keys according to a defined schedule and enforce granular access control and workflow. Private keys stored in Password Safe can be leveraged to automatically log users onto Unix or Linux systems through the proxy with no user exposure to the key with full privileged session recording.

Application Password Management


Application Password Management

Eliminate hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe helps get control over scripts, files, code and embedded keys.

Advanced Workflow Control


Advanced Workflow Control

Provide additional context and simplify workflow requests by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.

Flexible Deployment Options


Flexible Deployment Options

BeyondTrust solutions can be deployed on premise via software or hardware appliance, or hosted in the cloud through services including Amazon Web Services and others.

Features and Benefits:

Discovery and Profiling

  • Find and manage all accounts: Discover and profile all known and unknown assets, shared accounts, user accounts, and service accounts.
  • Stay organized: Quickly identify assets with common traits and automatically place them under Password Safe management via Smart Rules.
  • Auto Discover SSH Keys: Discover all SSH keys on host systems.

Password Protection & Key Rotation

  • Keep passwords fresh: Randomize passwords on a scheduled basis or upon check-in to eliminate risk of passwords leaving the organization.
  • Rotate SSH keys: Automatically rotate keys according to a defined schedule and enforce granular access control and workflow.
  • Eliminate application credentials: Get control over scripts, files, code and embedded keys.
  • Ensure password strength: Define and enforce password policy to meet any complexity requirement.
  • Eliminate old passwords: Analyze password ages and proactively report policy violations.
  • Identify potential backdoors: Identify uncontrolled privileged accounts.
  • Solve the problem of remote and mobile users: Utilize PowerBroker for Windows as an agent to update passwords on remote and mobile devices.
  • Active/active targeted password change: Selectively process password change, password test, and account notification queue items for designated workgroups.

Privileged Session Monitoring, Auditing and Reporting

  • Enable true dual control: Live session management gives administrators the ability to lock, terminate or cancel a session.
  • Enforce accountability: Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP – without the need for Java.
  • Adhere to compliance mandates: Meet password protection and audit regulations listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and other mandates.
  • Communicate and comply: Build reports for usage, audit, forensics, and regulatory compliance purposes.
  • Application proxy for RemoteApp: Allow any Windows application usage to be monitored and recorded.
  • Audit and log privileged sessions: Access and watch a session, then log an acknowledgement of the review to meet audit compliance requirements.
  • Quickly search session logs: Index and text search using keystroke to pinpoint data, and then log an acknowledgement of the review for audit purposes.
  • Integrate with SailPoint IdentityIQ: Manage access for privileged and non-privileged accounts with privileged access management and identity and access management (IAM).

Workflow

  • Streamline workflow: Leverage true Role-Based Access Controls (RBAC) with Active Directory and LDAP integration for assigning roles and rights to users.
  • Simplify requests: Manage checkout workflow with seamless connectivity to RDP & SSH via native desktop tools such as puTTY and Microsoft MSTSC.
  • Accommodate firecall requests: Ensure access to password-managed systems after hours, on weekends, or in other emergency situations.
  • Advanced workflow control: Provides additional context by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.
  • Post-login command execution: Administrators can leverage a Unix or Linux Jumphost to run a specific command or script after a session connects.
  • Multi-system checkout: Allows admins to check out an account with a multi-system parameter, then launch sessions to linked systems.
  • Expedite checkout operations: Expidites checkout operations using OneClick for access to passwords, sessions and applications that would normally be approved automatically.

Deployment

  • One tool to deploy: Realize the benefit of a single solution for both password and privileged session management.
  • Simplify deployment: Implement hardware appliances, virtual appliances, or software.
  • Speed user adoption: Provide a modern, HTML-5 requester interface – no Javascript or agents required.
  • Support any system: Employ out-of-the-box connectors, plus a custom connector builder for all systems that support Telnet or SSH.

Security and Uptime

  • Ensure solution security: Rely on hardened appliances with FIPS 1402-validated components, AES256 encryption and HTTPS/TLS communications.
  • Understand risk: Analyze privileged password, user and account behavior with BeyondInsight Threat Analytics.
  • Increase uptime: Deploy appliance pairs and replicate settings for high availability.
  • Active-Active infrastructure support: Allow an unlimited number of Password Safe appliances to be connected to an external SQL AlwaysOn Availability Group for unparalleled high-availability and scalability.
  • Cache API passwords securely: Rely on password caching for APIs when administrators need access to credentials directly on a local host.
  • Ensure API credential stability: Create aliases for APIs to map to multiple accounts so that API access is not interrupted during password changes.

Enterprise Password Management:

Privileged Session Management

Privileged session monitoring and management is essential to achieve your compliance and security requirements, but can be complex and time-consuming to achieve. Many alternatives in the market force you to use Java, which is a notorious security risk, or require you to purchase additional licenses of what should be free tools.

Password Safe privileged session management uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used management tools without the need for Java. With Password Safe, administrators can:

  • Request RDP/SSH access to authorized systems only
  • Start sessions instantly, or via workflow
  • View any active privileged session, and if required, pause or terminate the session
  • Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes
  • Avoid Java – Password Safe is a client-less solution with no agents required on the server
  • Fully integrate with native tools (MSTSC, PuTTY, etc.)
  • Gain full video recording with 100% accountability

This capability helps you achieve your compliance and security objectives without the risks or complexity of Java or the cost of using additional third-party solutions

SSH Key Management

Traditional methods of SSH key management are very labor intensive, with many organizations not properly rotating their keys. As well, it is common practice for administrators to share keys. Between the lack of rotation and the sharing of keys, organizations lose accountability over their systems, which could lead to those systems being vulnerable to exploits.

PowerBroker Password Safe adds security and simplifies the management of SSH keys by:

  • Storing private keys like any other privileged credential
  • Automatically rotating SSH keys according to a defined schedule
  • Allowing designated ‘secondary’ accounts and SSH keys to be grouped to a ‘primary’ account to manage rotation interval, complexity and duration of SSH keys
  • Enforcing granular access control and workflow
  • Alerting when a key is released
  • Automatically logging users onto Unix or Linux systems through the proxy with no user exposure
  • Recording every privileged session with full playback and key usage auditing
  • Offering failover to a managed password for complete redundancy
  • Allowing SSH sessions to be easily established via your existing desktop tools without having to initiate with a web interface

PowerBroker Password Safe greatly simplifies the management and secures the use of SSH keys for better control, accountability and security over Unix and Linux systems.

Application Password Management

Controlling scripts, files, code and embedded keys helps to close back doors to your critical systems. But getting control is a challenge. With PowerBroker Password Safe, BeyondTrust’s enterprise password management solution, you can eliminate hard-coded or embedded application credentials automatically, simplifying management for IT and better securing the organization from exploitation of those credentials. Password Safe:

  • Allows removal of hard-coded passwords from applications and scripts
  • Provides an extensible REST interface that supports many languages, including C/C++, Perl .NET, and Java
  • Ensures that passwords can be automatically reset upon release
  • Enforces extensive security controls to lock down access to only authorized applications

This capability reduces risk by closing sometimes unknown or unmanaged back doors to your systems.

How It Works:

Password Safe automates password and session management enterprise-wide.

Password Safe automates password and session management enterprise-wide.

Use Cases:

Reducing Password Risks with Password Safe

  1. Control Third-Party Access
    Many breaches result from attacks via third-party systems. Remote access by vendors and contractors needs controlled network separation and activity monitoring. Password Safe provides a secure connection gateway with proxied access to RDP, SSH and Windows applications; protects privileged credentials; and records all privileged sessions.

  2. Reduce Cloud Risk
    Cloud management interfaces are often left unmonitored with weak and/or uncontrolled password policy. Password Safe facilitates safe storage and session management for administrative credentials to Azure, Amazon, Google, Rackspace, and GoGrid, as well as to social networks including Facebook, LinkedIn and Twitter. Learn more about cloud security.

  3. Use Context to Determine Access
    Permissions are often granted globally to individuals based upon job role, without accounting for real-time risk factors such as location, day or time. Password Safe dynamically assigns just-in-time privileges via it's Advanced Workflow Control engine. For instance, access policies can limit users to firecall accounts at night but afford a broader level of access during the day. These policies can also tie into BeyondInsight Threat Analytics to quarantine at-risk resources.

  4. Manage Access for Privileged and Non-Privileged Accounts
    While identity and access management (IAM) solutions help IT teams answer 'who has access to what', they do not account for privileged user access, addressing 'is that access appropriate?' and 'is that access being used appropriately?'

    PowerBroker Password Safe includes a dynamic, bi-directional certified integration with SailPoint IdentityIQ, allowing organizations to effectively manage user access for both privileged and non-privileged accounts.

Screenshots:


Password check-in
Password check-in

Review password request
Review password request

Leverage smart groups
Leverage smart groups

Add new accounts
Add new accounts
Workflow
Workflow
Requester interface
Requester interface

Documentation:

Download the BeyondTrust PowerBroker Password Safe Datasheet (.PDF)

 

PowerBroker Password Safe ADD License, 1-50 Users
#PBPSADD-LIC(1-50)
Contact us for pricing!
PowerBroker Password Safe ADD License, 51-100 Users
#PBPSADD-LIC(51-100)
Contact us for pricing!
PowerBroker Password Safe ADD License, 101-250 Users
#PBPSADD-LIC(101-250)
Contact us for pricing!
PowerBroker Password Safe ADD License, 251-500 Users
#PBPSADD-LIC(251-500)
Contact us for pricing!
PowerBroker Password Safe ADD License, 501-1000 Users
#PBPSADD-LIC(501-1000)
Contact us for pricing!
PowerBroker Password Safe ADD License, 1001-2000 Users
#PBPSADD-LIC(1001-2000)
Contact us for pricing!
PowerBroker Password Safe ADD License, 2001-5000 Users
#PBPSADD-LIC(2001-5000)
Contact us for pricing!
PowerBroker Password Safe ADD License, 5001-10000 Users
#PBPSADD-LIC(5001-10000)
Contact us for pricing!
PowerBroker Password Safe ADD License, 10001-15000 Users
#PBPSADD-LIC(10001-15000)
Contact us for pricing!
PowerBroker Password Safe ADD License, 15001-20000 Users
#PBPSADD-LIC(15001-20000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 1-50 Users
#PBPSADD-Maint(1-50)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 51-100 Users
#PBPSADD-Maint(51-100)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 101-250 Users
#PBPSADD-Maint(101-250)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 251-500 Users
#PBPSADD-Maint(251-500)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 501-1000 Users
#PBPSADD-Maint(501-1000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 1001-2000 Users
#PBPSADD-Maint(1001-2000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 2001-5000 Users
#PBPSADD-Maint(2001-5000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 5001-10000 Users
#PBPSADD-Maint(5001-10000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 10001-15000 Users
#PBPSADD-Maint(10001-15000)
Contact us for pricing!
PowerBroker Password Safe ADD Maintenance, 15001-20000 Users
#PBPSADD-Maint(15001-20000)
Contact us for pricing!
PowerBroker Password Safe Desktop License, 1-500 Users
#PBPSD-LIC(1-500)
Contact us for pricing!
PowerBroker Password Safe Desktop License, 501-5000 Users
#PBPSD-LIC(501-5000)
Contact us for pricing!
PowerBroker Password Safe Desktop License, 5001-10000 Users
#PBPSD-LIC(5001-10000)
Contact us for pricing!
PowerBroker Password Safe Desktop Maintenance, 1-500 Users
#PBPSD-Maint(1-500)
Contact us for pricing!
PowerBroker Password Safe Desktop Maintenance, 501-5000 Users
#PBPSD-Maint(501-5000)
Contact us for pricing!
PowerBroker Password Safe Desktop Maintenance, 5001-10000 Users
#PBPSD-Maint(5001-10000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Hardware, 1-100 Users
#PBPS-HW(1-100)
Contact us for pricing!
PowerBroker Password Safe HA Pair Hardware, 101+ Users
#PBPS-HW(101+)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 1-50 Users
#PBPS-LIC(1-50)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 51-100 Users
#PBPS-LIC(51-100)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 101-250 Users
#PBPS-LIC(101-250)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 251-500 Users
#PBPS-LIC(251-500)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 501-1000 Users
#PBPS-LIC(501-1000)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 1001-2000 Users
#PBPS-LIC(1001-2000)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 2001-5000 Users
#PBPS-LIC(2001-5000)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 5001-10000 Users
#PBPS-LIC(5001-10000)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 10001-15000 Users
#PBPS-LIC(10001-15000)
Contact us for pricing!
PowerBroker Password Safe HA Pair License, 15001-20000 Users
#PBPS-LIC(15001-20000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 1-50 Users
#PBPS-Maint(1-50)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 51-100 Users
#PBPS-Maint(51-100)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 101-250 Users
#PBPS-Maint(101-250)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 251-500 Users
#PBPS-Maint(251-500)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 501-1000 Users
#PBPS-Maint(501-1000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 1001-2000 Users
#PBPS-Maint(1001-2000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 2001-5000 Users
#PBPS-Maint(2001-5000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 5001-10000 Users
#PBPS-Maint(5001-10000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 10001-15000 Users
#PBPS-Maint(10001-15000)
Contact us for pricing!
PowerBroker Password Safe HA Pair Maintenance, 15001-20000 Users
#PBPS-Maint(15001-20000)
Contact us for pricing!
PowerBroker Password Safe Virtual Cold Spare License
#PBPSVCS-LIC
Contact us for pricing!
PowerBroker Password Safe Virtual High Availability Appliance, 1-100 Users
#PBPSV-HW(1-100)
Contact us for pricing!
PowerBroker Password Safe Virtual High Availability Appliance, 101+ Users
#PBPSV-HW(101+)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 1-50 Users
#PBPSV-LIC(1-50)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 51-100 Users
#PBPSV-LIC(51-100)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 101-250 Users
#PBPSV-LIC(101-250)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 251-500 Users
#PBPSV-LIC(251-500)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 501-1000 Users
#PBPSV-LIC(501-1000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 1001-2000 Users
#PBPSV-LIC(1001-2000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 2001-5000 Users
#PBPSV-LIC(2001-5000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 5001-10000 Users
#PBPSV-LIC(5001-10000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 10001-15000 Users
#PBPSV-LIC(10001-15000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance License, 15001-20000 Users
#PBPSV-LIC(15001-20000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 1-50 Users
#PBPSV-Maint(1-50)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 51-100 Users
#PBPSV-Maint(51-100)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 101-250 Users
#PBPSV-Maint(101-250)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 251-500 Users
#PBPSV-Maint(251-500)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 501-1000 Users
#PBPSV-Maint(501-1000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 1001-2000 Users
#PBPSV-Maint(1001-2000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 2001-5000 Users
#PBPSV-Maint(2001-5000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 5001-10000 Users
#PBPSV-Maint(5001-10000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 10001-15000 Users
#PBPSV-Maint(10001-15000)
Contact us for pricing!
PowerBroker Password Safe Virtual Appliance Maintenance, 15001-20000 Users
#PBPSV-Maint(15001-20000)
Contact us for pricing!