Call a Specialist Today! 800-886-5369

Server Privilege Management
Control administrator / root, reduce risk, and achieve compliance on Windows, Unix and Linux servers.


Server Privilege Management

 

Overview:

An Integrated Approach to Server Privilege Management for Windows, Unix and Linux

Lack of control over root or admin passwords, super-user status, or elevated privileges could lead to a damaging breach or audit violation. Although least-privilege enforcement on tier-1 Windows, Unix and Linux servers is critical, IT leaders are usually unable to control what users can do after authenticating into a server. Traditional solutions are not integrated, requiring a password storage tool to manage access and a separate sudo or least-privilege delegation tool for policy enforcement. This approach is inefficient, complex and expensive – plus it lacks behavioral analysis to identify security anomalies. Only BeyondTrust delivers a truly integrated approach to server privilege management.

Secure Privileged Access to Unix, Linux and Windows Servers

The BeyondTrust PowerBroker Server Privilege Management solution enables IT organizations to define who can access Unix, Linux and Windows servers – and what they can do with that access – via fine-grained policy control. Delivered as an integrated solution, PowerBroker enables organizations to improve security across all servers while simplifying deployments and reducing costs.

  • Delegate Unix, Linux, and Windows privileges without disclosing root or admin passwords
  • Automatically store, rotate and monitor privileged passwords & SSH keys
  • Monitor sessions and log keystrokes for full audit accountability
  • Bridge Unix and Linux to Active Directory for simplified single sign-on
  • Report on password, user and account behavior

Control and Audit User Activity

Reduce attack surfaces by combining privileged user auditing with onboard password storage and management. When a user checks out a password to invoke a command, fine-grained policy controls limit the security exposure.

Bridge Unix & Linux to Active Directory

Manage heterogeneous server environments by bridging Unix and Linux systems into Active Directory for simplified authentication and greater visibility over user activity.

Reveal Privileged Application and Asset Security

Leverage vulnerability data from Retina and other solutions for a complete picture of privileged application and asset security. No assets are left unprotected, and privilege decisions are made with asset security in mind.

Understand Password, User and Account Behavior

Analyze privileged password, user and account behavior, and assign event Threat Levels based on the user, asset, and application launched. This makes it easier to uncover emerging risks, pinpoint and report on at-risk systems, and take action to proactively eliminate the threat.

Simplify Deployments with a Single Platform

Centrally control privileged access management policies and deployment, and report to multiple stakeholders. PowerBroker simplifies deployments, helps to control costs, and provides a foundation to reduce the evolving risks of privileged access.

Solutions:

Server Privilege Management: The PowerBroker Solution

PowerBroker Server Privilege Management enables IT organizations to define who can access Unix, Linux and Windows servers – and what they can do with that access – via fine-grained policy control. Delivered as an integrated solution, PowerBroker enables organizations to improve server security while simplifying privileged access management deployments and reducing costs.

The PowerBroker Privileged Access Management Platform

PowerBroker Server Privilege Management is part of the PowerBroker Privileged Access Management Platform, which provides visibility and control over all privileged users and accounts in your organization.

Root or admin accounts hold the keys to your critical Tier-1 servers and the data hackers covet most.

Root or admin accounts hold the keys to your critical Tier-1 servers and the data hackers covet most. Abuse or misuse of these privileged accounts means devastating consequences for your business. How do you know if an administrator poses a security threat? What if a server runs software with vulnerabilities or other security exposures?

PowerBroker Server Privilege Management provides comprehensive visibility and control over Unix, Linux and Windows servers - and the users that access them.

PowerBroker Server Privilege Management provides comprehensive visibility and control over Unix, Linux and Windows servers - and the users that access them.

With PowerBroker you can discover, store, and rotate all your privileged passwords and SSH keys.

With PowerBroker you can discover, store, and rotate all your privileged passwords and SSH keys. The ability to delegate privileges with fine-grained policy controls lets you get the balance between security and productivity right on Unix, Linux and Windows server. And, you can even bridge Mac, Unix, and Linux with Active Directory for simplified single sign-on.

PowerBroker provides complete oversight for your privileged accounts. Monitor - and even suspend-sessions, and log keystrokes for audits.

PowerBroker provides complete oversight for your privileged accounts. Monitor - and even suspend-sessions, and log keystrokes for audits. PowerBroker also empowers you to deny privileged access or elevation based on real-time vulnerabilities and other asset exposures.

PowerBroker Server Privilege Management delivers the holistic visibility and control you need to protect your organization's most important systems and data and keeps your business moving forward.

PowerBroker Server Privilege Management delivers the holistic visibility and control you need to protect your organization's most important systems and data and keeps your business moving forward.

Highlights:


Control and Audit User Activity


Control and Audit User Activity

Reduce attack surfaces by combining privileged user auditing with onboard password storage and management. When a user checks out a password to invoke a command, fine-grained policy controls limit the security exposure.

Bridge Unix & Linux to Active Directory


Bridge Unix & Linux to Active Directory

Manage heterogeneous server environments by bridging Unix and Linux systems into Active Directory for simplified authentication and greater visibility over user activity.

Reveal Privileged Application and Asset Security


Reveal Privileged Application and Asset Security

Leverage vulnerability data from Retina and other solutions for a complete picture of privileged application and asset security. No assets are left unprotected, and privilege decisions are made with asset security in mind.

Understand Password, User and Account Behavior


Understand Password, User and Account Behavior

Analyze privileged password, user and account behavior – and assign event Threat Levels based on the user, asset, and application launched. This makes it easier to uncover emerging risks, pinpoint and report on at-risk systems, and take action to proactively eliminate the threat.

Simplify Deployments with a Single Platform


Simplify Deployments with a Single Platform

Centrally control server privilege access management policies and deployment, and report to multiple stakeholders. PowerBroker simplifies deployments, helps to control costs, and provides a foundation to reduce the evolving risks of privileged access.

Flexible Deployment Options


Flexible Deployment Options

BeyondTrust solutions can be deployed on premise via software or hardware appliance, or hosted in the cloud through services including Amazon Web Services and others.

What's Included:

Included Products

  • PowerBroker for Unix & Linux
    Control and audit Unix and Linux root account privileges with centralized management, analytics, reporting, and keystroke logging.
  • PowerBroker for Windows
    Manage privileges and control applications on physical and virtual Microsoft Windows desktops and servers, speeding least-privilege enforcement across all Windows assets.
  • PowerBroker Identity Services
    Extend Active Directory authentication & single sign-on to Unix, Linux and Mac.
  • PowerBroker Password Safe
    Discover, manage and monitor any privileged account – admin, service, OS, device, database, application, SSH keys, and cloud and social media accounts.
  • Retina CS
    Perform large-scale, cross-platform vulnerability assessment and remediation, with configuration compliance, patch management and compliance reporting.
  • PowerBroker Platform
    Centralized capabilites include: asset and account discovery; threat and vulnerability intelligence and behavioral analytics; reporting and connectors; and policy and action response.

Integrated Platform Capabilities

  • Asset & Account Discovery
    Automatically discover and manage all privileged accounts and assets in your organization.
  • Threat & Vulnerability Intelligence
    Identify high-risk users and assets by teaming behavioral analytics and vulnerability data with security intelligence from best-of-breed security solutions.
  • Reporting & Connectors
    Understand and communicate risk with over 280 privilege and vulnerability reports, and share security data via a wide range of connectors for best-of-breed security solutions.
  • Policy & Action Response
    Be alerted to in-progress attacks and automatically mitigate threats in real time.

Use Cases:

Reducing Insider Risks with PowerBroker Server Privilege Management

  1. Limit Functional Accounts
    Any user account, even one with extremely limited rights on the target system, can be granted the privileges via a simple policy. This reduces the attack surface of a server, increasing security and tightening compliance.

  2. Fine-Grained Control Over Stored Credentials
    Agents enforce centralized policy, increasing control while enabling auditing of all privileged account activity. The credential with the least amount of rights possible can be stored by default, while one-off, custom, and edge-case commands can be run at any privilege level.

  3. Simplify Directory Management
    Included Active Directory bridging capabilities enable Unix, Linux and Mac hosts to join Active Directory.  That, plus the solution’s onboard password management capabilities, enables administrators to simplify directory management by focusing on a single account for each user.

Documentation:

Download the BeyondTrust Server Privilege Management Datasheet (.PDF)