Controlled Implementation of Policies
BeyondTrust Privilege Management solutions provide several methods to support the controlled implementation of policies, along with technology to manage policies as develop through a change control and deployment life cycle. In addition, BeyondTrust solutions incorporate role-based access control policies to limit and restrict access to only authorized users.
BeyondTrust Privilege Access Management solutions provide discovery technology to aid in the identification of accounts based on assets, applications, and privileges. This information allows for:
Policy and account ownership to be assigned to managers of information system accounts.
Users can be assigned access privileges based on contextual aware policy and just in time privileged access management initiatives.
Accounts that have not been used for a given amount of time can be flagged for mitigation procedures or removal.
,
Alert on inappropriate account changes and perform backup and restoration on Active Directory accounts.
BeyondTrust’s Privilege Access Management solutions provide native workflow capabilities and integrations into existing ITSM solutions to ensure proper authorization is granted before a user is provided access. These capabilities include:
Workflows requiring multiple approvals such that two or more individuals must approve user access before granting permissions.
Security-relevant information is logged during all access attempts and can be forwarded to other solutions of authority.
Role-based access control based on IAM integrations, Active Directory, LDAP, on native RBAC models.
Revocation of access authorization based on context or suspicious activity.
Secure remote access internally or externally based on context or just in time requirements.
Access control restrictions to limit lateral movement or attempts to exfiltrate data.
Enforcement of least privilege even when assigned tasks require administrative rights.
BeyondTrust’s Privileged Access Management solutions are designed around the principle of least privilege. They provide the controls required to manage a user’s access privileges, allowable application launches, as well as the rights associated with those applications. This includes the capabilities to:
Audit all privileged actions attempted or taken by end users for forensics, certifications, future analysis, or other forms of security and attestation reporting.
Just in time privileged elevation capabilities grant privileges to applications and tasks – not users – without providing administrator credentials.
Apply policies across Unix, Linux, Windows, MacOS, and network infrastructure to enforce least privilege on virtually any network connected asset.
Apply least privileged security controls based on the applications reputation including known vulnerabilities, source of application, and attributes like digital signatures.
BeyondTrust endpoint solutions and password management solutions allow for policies that restrict lateral movement, commands used to make remote connections, and the monitoring and restriction of applications that would violate information flow architectures and policies.
BeyondTrust’s Privileged Access Management solutions provide advanced capabilities to monitor sessions, login attempts, and session control based on a variety of security attributes. These include:
Enforce an authentication failure when a set number of failed attempts have been made for a privileged session.
Provide an account lock mechanism upon consecutive failed attempts.
Initiate a lock out based on a manual action or detected suspicious behavior.
Display and require feedback based messaging to end-users based on end user location, system details or other organizational policies based on the execution of an application.
Limit the maximum [concurrent] privileged or standard user sessions allowed to a managed device.
Terminate a user’s session based on idle time or a pre-set length of time a session is active.
Integrate with third party identity governance solutions to apply security attributes to BeyondTrust’s authentication model or conte aware policy.
