Call a Specialist Today! 800-886-5369

BeyondTrust PowerBroker for Windows
Privilege and Session Management for Microsoft Windows


BeyondTrust Products
PowerBroker for Windows License
PowerBroker for Windows License, 1-499 Users
#PBWD-LIC(1-499)
Contact us for pricing!
PowerBroker for Windows License, 500-999 Users
#PBWD-LIC(500-999)
Contact us for pricing!
PowerBroker for Windows License, 1000-2499 Users
#PBWD-LIC(1000-2499)
Contact us for pricing!

Click here to jump to more pricing!

Overview:

Over 85% of Microsoft system vulnerabilities disclosed in 2015 could have been mitigated either by removing administrator rights from end users, or by implementing the best practice of least privilege access. This security gap has led to embarrassing breaches, not to mention compliance problems.

While users should not be granted local administrator or power user privileges in the first place, sometimes, certain applications require elevated privileges to run. For example, users often need to install printers or approved software, or change network settings on their own machines. The process for IT to restrict or enable privileges is complex and time consuming, but it must be done to support security and compliance mandates.

How do IT organizations reduce the risk of data breaches and compliance violations stemming from excessive end-user privileges, without obstructing productivity or overburdening the Help Desk? The answer is simple, PowerBroker for Windows.

Least Privilege and Application Control for Windows Servers and Desktops

PowerBroker for Windows, privilege manager, reduces the risk of accidental or intentional privilege misuse on physical and virtual Microsoft Windows servers and desktops. This least-privilege solution enables IT organizations to remove administrator privileges, enforce standard user permissions, simplify the enforcement of least-privilege policies, maintain application access control, and log privileged activities – all without hampering productivity. With PowerBroker for Windows, IT closes security gaps, improves operational efficiency and achieves compliance objectives faster.

  • Elevate privileges on an as-needed basis, without exposing passwords or hampering productivity
  • Enforce least-privilege access based on an application’s known vulnerabilities via patented Vulnerability-Based Application Management capabilities
  • Demonstrate compliance by monitoring event logs and file integrity for unauthorized changes to key files and directories
  • Capture keystrokes and screens when rules are triggered; with searchable playback for complete documentation of privileged activity
  • Integrate with other BeyondTrust solutions for complete privileged access management

Privilege management is extremely important for organizations to mitigate the risk of insider threats. Therefore, a privilege manager should control and audit all user endpoints from virtual environments to servers to desktops in order to prove compliance. Additionally privileged activity monitoring is a requirement for all privilege identity management solutions. PowerBroker for Windows, least privilege management solution, achieves compliance while improving IT efficiency.

The PowerBroker Privileged Access Management Platform

PowerBroker Password Safe is part of the BeyondTrust PowerBroker Privileged Access Management Platform, which delivers visibility and control over all privileged accounts, users, and assets. The platform integrates a comprehensive set of PAM capabilities to simplify deployments, reduce costs, improve system security, and reduce privilegerelated risks. PowerBroker solutions include:

  • Enterprise Password Security: Provide accountability and control over privileged credentials and sessions.
  • Server Privilege Management: Control, audit, and simplify access to business critical systems.
  • Endpoint Least Privilege: Remove excessive user privileges and control applications on endpoints.

Highlights:


Least Privilege Made Simple


Least Privilege Made Simple

Eliminate admin rights and grant privileges to applications and tasks – not users – without providing administrator credentials, helping to achieve the best practice of least privilege management and closing potential security gaps.

Activity Monitoring for Accountability


Activity Monitoring for Accountability

Privileged activity monitoring ensures accountability with included Windows Event Log. Add optional file session monitoring and integrity monitoring for comprehensive auditing, reporting and change control across all privileged activity.

Application Password Management


Vulnerability-Based Application Management (VBAM)

Leverage patented technology to automatically scan applications for vulnerabilities at run time – triggering alerts, enforcing quarantine, reducing application privileges, or preventing launch altogether based on policy.

Advanced Analytics and Reporting


Advanced Analytics and Reporting

Gain unmatched visibility into Windows user activity with centralized analytics and reporting for executives, auditors, security and operational teams.

Flexible Deployment Options


Flexible Deployment Options

BeyondTrust solutions can be deployed on premise via software or hardware appliance, or hosted in the cloud through services including Amazon Web Services and others.

Features and Benefits:

Least-Privilege for Windows Desktops and Servers

  • Eliminate administrator rights: Prevent intentional, accidental, and indirect misuse of privileges on Windows assets.
  • Block suspicious activity: Enforce restrictions on software installation, usage, and OS configuration changes.
  • Ensure compliance: Meet internal and external compliance needs by enforcing least-privilege identity management and monitoring privileged activities.
  • Ensure productivity: Default all users to standard privileges, while enabling elevated privileges for specific applications and tasks without requiring administrative credentials.
  • Protect file systems: Add optional file integrity monitoring to identify, and even deny, unauthorized changes.
  • Record sessions: Add optional session monitoring to capture screens of privileged user activity with keystroke logging to document all privileged changes to an asset.

Privileged Activity Monitoring & Visibility

  • Pinpoint suspicious activity: Monitor Windows Event Logs for anomalies and analyze through BeyondInsight Behavioral Analytics.
  • Maintain awareness: Monitor UAC events, application rules, requested elevations, denied applications, and more.
  • Ensure accountability: Add optional session monitoring for rules-based activity recording, including screenshots and searchable keystroke logs.
  • Understand and communicate risk: Leverage an interactive, role-based reporting and analytics console, backed by a centralized data warehouse for ongoing audits of user privilege management software activities.

Granular Application Risk Management

  • Control application usage: Blacklist hacking tools, whitelist approved applications, and greylist applications based on rules to keep systems safe.
  • Allow Admin where needed: Proactively identify applications and tasks that require administrator privileges – and automatically generate rules for privilege elevation.
  • Leverage Vulnerability-Based Application Management: Scan applications at runtime for vulnerabilities and allow, deny or alter privileges based on regulatory violations, vulnerability severity, and/or vulnerability age – based on the award-winning Retina vulnerability database.
  • Quarantine files: Leverage BeyondInsight Threat Analytics for malware confidence reporting, enabling better risk decision-making
  • Simplify application management: Rules-based approach eliminates the need to manage complex whitelists with thousands of signatures for complete application control.

Built for Efficiency

  • Gain control over all accounts: Automatically discover and profile all Windows accounts, and quickly bring them under centralized management.
  • Ease policy creation and management: Set policies via Active Directory Group Policy or PowerBroker Web Services, with support for air-gapped systems and non-domain assets.
  • Support one-time-passwords (OTPs): Support any multi-factor solution that utilizes the RADIUS protocol for additional verification that the user is the intended recipient of the elevation policy.
  • Ensure adoption and usability: Provide a modern, easy-to-use interface for end-users, plus an innovative dashboard for solution owners.
  • Reduce help desk costs: Reduce support costs 40% or more by removing Admin without raising barriers to end-user productivity.

How It Works:

How It Works

Use Cases:

Reducing User-Based Risk with PowerBroker for Windows

  1. Implement Least Privilege Security
    It’s difficult to strike the balance between security and enabling end users to do their jobs. PowerBroker for Windows, user privilege management software, enforces least privilege in an adaptive model, applying situational policies and elevating by application considering the target application’s vulnerability profile. The solution also transparently grants the rights they need to do their jobs without exposing the organization to unnecessary risk.

  2. Limit Baseline / Image Drift
    When users can change settings or self-install software, it compromises the baseline configuration settings, and leads to more work for the help desk and lost productivity for the user. PowerBroker for Windows, privilege identity management, ensures that only approved tasks can be launched. This dramatically reduces the amount of time it takes to re-image problem machines.

  3. Stop Pirated Software Installs
    PowerBroker for Windows, user privilege management software, can prevent unapproved software from being installed on a machine, report on the occurrence, the number of machines a piece of software is installed on, and even deny applications from running if they were already there. It puts control of the desktop, server, and laptop in the hands of IT, the folks ultimately responsible for the uptime and security of these endpoints.

  4. Enable Efficient & Secure Run-As Access to Applications
    Through its integration with PowerBroker Password Safe, PowerBroker for Windows privilege manager provides run-as access to applications in a completely automated manner, matching credentials and providing access without exposing credentials to the end user.

Screenshots:


Dashboard
Dashboard

Privilege identity rules in group policy editor
Privilege identity rules in group policy editor

Reports
Reports

Privilege rule by publisher
Privilege rule by publisher

Risk based rule
Risk based rule

Session viewer
Session viewer

Account Delta by Month Report
Account Delta by Month Report
Account Delta by Month Report Detail
Account Delta by Month Report Detail
True-Up License Usage Report
True-Up License Usage Report

Documentation:

Download the BeyondTrust PowerBroker for Windows Datasheet (.PDF)

 

PowerBroker for Windows License, 1-499 Users
#PBWD-LIC(1-499)
Contact us for pricing!
PowerBroker for Windows License, 500-999 Users
#PBWD-LIC(500-999)
Contact us for pricing!
PowerBroker for Windows License, 1000-2499 Users
#PBWD-LIC(1000-2499)
Contact us for pricing!
PowerBroker for Windows License, 2500-4999 Users
#PBWD-LIC(2500-4999)
Contact us for pricing!
PowerBroker for Windows License, 5000-9999 Users
#PBWD-LIC(5000-9999)
Contact us for pricing!
PowerBroker for Windows Maintenance, 1-499 Users
#PBWD-Maint(1-499)
Contact us for pricing!
PowerBroker for Windows Maintenance, 500-999 Users
#PBWD-Maint(500-999)
Contact us for pricing!
PowerBroker for Windows Maintenance, 1000-2499 Users
#PBWD-Maint(1000-2499)
Contact us for pricing!
PowerBroker for Windows Maintenance, 2500-4999 Users
#PBWD-Maint(2500-4999)
Contact us for pricing!
PowerBroker for Windows Maintenance, 5000-9999 Users
#PBWD-Maint(5000-9999)
Contact us for pricing!