BeyondTrust Password Safe (PAM/PASM)
Increase the security and efficiency of your remote work with advanced access control, password management, and session recording
O BeyondTrust Password Safe (PAM/PASM)
BeyondTrust Password Safe is a PAM (Privileged Access Management) solution that allows for complete control and accountability of high-privileged account usage by administrators and contractors. It also automates password and key management processes for these accounts. This applies to server systems, databases, network devices, applications, and web portals. The key benefits include automatic password rotation, recording of administrative sessions, password secrecy for privileged accounts, and accountability of access to administrative accounts.
For your organization
Supervision and control over access to critical infrastructure obtained by external vendors (via VPN) as well as internal administrators
Separation of external vendor representatives (contractors) and internal administrators from high-privileged account passwords.
Recording all sessions to critical infrastructure
Accountability of privileged account usage
Automation of privileged account password rotation in Windows, Linux, Unix systems, databases, and network devices
Compliance with best practices for privileged access management through a system recognized as a leader in the PAM (Privileged Access Management) space (Gartner, Forrester, Kuppinger Cole).
Produkty BeyondTrust
Ask for a quote
Let's talk about a solution for your organization.
Protect against unauthorized access and ensure your organization's security.
Key system features
- Management of privileged account passwords (automatic password changes according to defined policies on various platforms such as Windows, Linux, Unix, network devices, and databases).
- Recording of administrative sessions (capturing RDP and SSH graphical sessions for later auditing).
- Metadata logging in sessions (e.g., recording names of opened applications, logged keystrokes for later audit purposes).
- Real-time session monitoring (auditors can monitor sessions of other users, such as RDP and SSH sessions, and terminate them if necessary).
- Approval workflow (the ability to restrict session initiation based on specific days, times, or approval by authorized personnel).
- Accountability for the usage of unnamed privileged accounts (accountability for the usage of accounts like root, administrator, etc.).
- Automatic session establishment without revealing passwords (using third-party RDP/SSH clients to initiate sessions without the need to enter credentials for privileged accounts).
- Reporting and analytics (a comprehensive reporting module to track events related to privileged accounts and sessions to critical resources).
- Automation of various configuration and maintenance processes (e.g., automating the addition of resources and managed accounts based on defined criteria).
- Built-in network scanner (providing the ability to gather information about resources in the infrastructure and detecting accounts with administrative privileges).
- Appliance-based delivery (simplifying deployment and maintenance processes).
How BeyondTrust Password Safe works
The system is built based on an on-premise appliance or delivered as a cloud service. Password Safe acts as an intermediary in facilitating remote sessions between users and systems within the organization, allowing it to record and enforce security policies on them. In a typical OnPrem implementation scenario, Password Safe is deployed within the client’s infrastructure and requires cooperation with the client’s VPN for external vendors. All remote sessions are conducted using standard RDP/SSH clients, eliminating the need for users to install additional components on their computers.
The Password Safe system can rotate the passwords of privileged accounts on managed resources. This is done using so-called functional accounts (password rotation occurs agentlessly on various endpoint systems such as Windows, Linux, databases, and network devices).
Users with auditor roles can monitor all user sessions in real-time. They can also review and audit historical sessions (searching by character strings, session notes).”
Przewagi BeyondTrust Password Safe
The solution is recognized in all PAM rankings and positioned as a market leader
The ability to rotate passwords on a very large group of endpoints (Windows, Linux/Unix, databases, network devices, etc. – a detailed list available in the documentation).
In case of the lack of a built-in platform, the possibility of creating one (providing the ability to include additional password rotations for new systems)
Built-in network scanner for resource and account detection
High degree of task automation (the ability to automate processes of adding resources, privileged accounts, and user permission assignments)
The ability to work with standard RDP and SSH clients (sessions are conducted using well-known and typical tools like MSTSC, Putty, etc.)
Advanced auditing capabilities (e.g., searching by character strings and notes for recorded sessions) and reporting
Extremely straightforward handling mechanisms for use cases involving named privileged accounts.
Get in touch with us
Would you like to learn how to improve security levels in your company?
We encourage you to get in touch with us – we are ready to answer any questions and provide professional advice in choosing the right solutions for your organization!