BeyondTrust announced that BeyondTrust Privilege Management for Windows is fully integrated with the company’s flagship Privileged Password Management solution Password Safe. With the release of Privilege Management for Windows 5.7, the solution utilizes Password Safe for local rotation of administrator and service accounts. The integration enables passwordless administration, eliminating a significant attack vector while improving the user experience. System administrators can perform administrative tasks by elevating applications, not users, without entering administrative credentials.
Despite the benefits delivered by least privilege and password management technologies, updating credentials for those not connected to the corporate network, including remote workers, still remains a challenge for customers with disparate systems. Without instant updates, the capabilities and benefits of enterprise password management systems are quickly negated. In some cases, the only way for privilege management tools to properly elevate application privileges is to use a real login and password combination with administrator permissions. This requires the distribution of these credentials to users, which can defeat the purpose and benefits of least privilege policies.
BeyondTrust Privilege Management for Windows 5.7 integrates seamlessly with Password Safe to overcome these obstacles, solving remote password change challenges and elevation of applications for real user credentials.
Local rotation of administrator and service accounts
For Windows endpoints under Password Safe management that are not connected to the corporate network, Privilege Management for Windows introduces the ability to apply local account password rotation on behalf of Password Safe, via BeyondTrust’s BeyondInsight platform. This allows organizations to continue to manage their credentials on endpoints for users that are working in remote locations. Based on a configurable “heartbeat,” Privilege Management for Windows will check in with Password Safe for any account passwords that require rotation, apply the change, and then verify that the change was successful.
“Run As” Password Safe User
Privilege Management for Windows 5.7 also adds the ability to run and elevate specific applications using credentials managed and protected by Password Safe. When enabled, Privilege Management for Windows will check out a pre-defined credential at the point that an application is launched, and pass the credential directly to the application session as a “Run As” command with no user intervention.
This capability significantly extends the concept of just-in-time (JIT) privilege management by providing true hands-off access to service accounts, domain level credentials, and other privileged credentials, ensuring that they are only used as part of a specific task, and only accessed at the point the task is executed.
“For developers, system administrators, and DevOps organizations, this productivity-enhancing integration provides the security of vaulting and protecting highly prized accounts within the organization”, said Dan DeRosa, Chief Product Officer at BeyondTrust. “Organizations will also appreciate the convenience of being able to perform tasks in the appropriate context without the need for manual steps and procedures or a call to the service desk.”
To learn more, visit beyondtrust.com/privilege-management.
