Password Safe

Unifying Privileged Credential and Secrets Management

28th July 2023

The Threat Landscape

of all breaches are due of organizations have Average time it took Average cost of breach
to compromised experienced a data to identify & contain
credentials breach breaches

Threat Actors Continue to Take Advantage

©BeyondTrust 2022 | 2
The Challenges

Privileged Lack of Limited Complex

Account Sprawl Visibility Automation Regulations

©BeyondTrust 2022 | 3
 Gain visibility of Admin account privileges
and DevOps secrets across the estate

Automate repeatable privileged tasks that

increase risk

Desired Enable frictionless access to privileged

credentials and secrets
Outcomes
Empower users with easy-to-use
customization tools

Meet and prove compliance with

increasingly complex regulations

Leverage deployment flexibility

©BeyondTrust 2022 | 4
Use Cases
Discover All Accounts
• Discover all accounts across the estate
• Leverage automation to bring under management

Store & Manage Privileged Credentials

• Store credentials in secure vault and manage them per established policies / best practices
• Broker access to credentials and DevOps secrets for human users, services and applications
• Securely store secrets (certificates, tokens, API keys), and admin credentials for cloud consoles
• Manage all accounts centrally, even if asset is disconnected from corporate network

Manage & Monitor Access to Resources

• Assign temporary access privileges based on pre-determined attributes such as day, time, location
• Establish sessions without revealing passwords
• Document session activity

©BeyondTrust 2022 | 5
 Privileged Remote Access
Manage and audit employee and
vendor remote access

Platform Remote Support

Securely access and support any
Password Safe device or system in the world
Gain visibility and control of privileged
credentials and secrets

Cloud Privilege Broker

Privilege Management Visualize and right-size entitlements
for Windows & Mac across clouds
Enforce least privilege and
control applications

Privilege Management Active Directory Bridge

for Unix & Linux Extend and manage Unix/Linux
Implement unmatched privilege authentication and group policies
access security

Identity Security Insights

Gain one holistic view of identities and access
across your IT estate from a single interface

©BeyondTrust 2023 | 6
Password Safe
Discover & Onboard All Accounts | Secure Privileged Credentials | Monitor Privileged Activity

DISCOVERY & SESSION

CREDENTIAL
ONBOARDING MONITORING
MANAGEMENT

Scan, identify, and profile all
assets with automated
onboarding of privileged
accounts.
Centrally store & manage
passwords and SSH keys.
Rotate credentials
automatically.
Store and retrieve secrets.
Seamlessly establish
sessions and document
privileged activity without
killing productivity.

©BeyondTrust 2022 | 7
 • Integration Flexibility – Integrate with a
variety of systems and orchestrate enterprise-
wide PAM with an extensive API, SDK, and other

Key
tools at no additional cost.

Capabilities • Extensive Analytics - Leverage

preconfigured templates and dashboards. Report
on compliance, benchmarks, and anomalies.

• All-in-one Solution – Deploy a complete

solution that includes Discovery, Credential
Management, Secrets Vault, Session Proxy, Audit,
API, HA.

• Governance & Administration – Leverage

comprehensive integrations with IGA partners for
full lifecycle management using the SCIM API.
©BeyondTrust 2022 | 8
Flexible Physical Appliance

Deployment
& Licensing Virtual Appliance

Options
Cloud

IaaS

ON-PREM / IaaS Cloud

• Subscription • Subscription
• Asset/User-based • Asset/User-based

©BeyondTrust 2022 | 12
Product Demo
Password Safe

©BeyondTrust 2022 | 13
1
4

Total Cost of Ownership

CLOUD-BASED MODEL
Credential and
Secrets Management
in One Solution
(Physical, Virtual or
SaaS)

Reduced Deployment
and Maintenance
High Availability Costs
(No ProServ for
Upgrades)

Faster Time to Value

Best in Class Cloud
(SaaS Rapid
Security
Implementation)

©BeyondTrust 2022 | 14
Outcomes with Password Safe
LESS RISK MORE EFFICIENCY

 Comprehensive Visibility  Enhanced Automation

 Frictionless Credential Mgmt.  Custom Systems Toolbox

 Full Audit Trail for Forensics  Use of Native Tools

 Governance & Administration  Ease of Management

LOWER COSTS CONFIDENT COMPLIANCE

 Deployment Flexibility  OOTB Templates & Dashboards

 Credentials and Secrets Vaults in  Analytics & Reporting
One Solution  Full Audit Trail & Recordings
 No ProServ Required for Upgrades

©BeyondTrust 2022 | 15
Validation
Password Safe

©BeyondTrust 2022 | 16
 PAM Market Leader
PAM Magic Quadrant 2022 PIM Wave 2020
Leadership
Compass
for PAM
2023

BeyondTrust #3

©BeyondTrust 2022 | 17

INDUSTRY
Hospitality, Tourism, Gambling
PRODUCTS
Remote Support, Password Safe,
Privilege Management for Windows
"We were looking for solutions that not
only provided ease of use and ease of
management, which we found in the
BeyondTrust solution(s), but the
integration of the multitudes of different
solutions that BeyondTrust provides gave
us the ability to integrate
seamlessly throughout those
different solutions.”
DAVID TYBURSKI, CISO
Wynn Resorts Enforces Least Privilege and
Effectively Manages Passwords
CHALLENGE
With multiple verticals — gaming, hospitality, and more — represented across
Wynn, the organization needed flexible solutions that could protect the many
different parts of the business, while allowing employees to securely do their
jobs.
OUTCOME
BeyondTrust enabled Wynn to optimize privileged access management
(PAM) across the diverse business, enforce least privilege (to minimize
risk from phishing and other end user exploits), and manage
privileged passwords according to best practices.
©BeyondTrust 2022 | 18

INDUSTRY
Higher Education
PRODUCTS
Privileged Remote Access & Password Safe
"BeyondTrust gives us a level
of control and capability that we never
had before...I would have started on
this project much sooner had I know
how painless BeyondTrust has made
it."
CHRIS STUCKER, ASSOCIATE IAM
DIRECTOR
University of Utah is Leveraging Just-in-Time
Privileged Access Management to Mitigate Risk and
Achieve Full Visibility
CHALLENGE
The University of Utah is home to many diverse user populations - just think of
all the attributes, roles and access needed for undergrad and graduate
students, faculty, university hospitals and healthcare systems, and more. In
addition, many university users belong to more than one of these populations.
This complex network requires a complete Privileged Access Management
(PAM) solution that protects and manages the many different types of
privileged accounts within the Higher Ed system, while meeting the
compliance requirements that come with the institution's hospital status.
OUTCOME
The University of Utah implemented a Just-in-Time Privileged Access
Management (JIT PAM) model to enforce true “least privilege”, in conjunction
with Password Safe. As a result, the team truly understands privileged access
at the university and has been able to mitigate internal and external threats,
provision accounts quickly, increase productivity, and achieve full visibility and
security of their robust environment of users.
©BeyondTrust 2022 | 19
Thank
You beyondtrust.com
Appendix

©BeyondTrust 2022 | 21
Why Password Safe?
• Accelerate time to value with automated discovery and
onboarding of ALL privileged accounts

• Improve security posture – bring all privileged

credentials under centralized management, monitor
privileged activity, and get anomalous activity alerts

• Empower your teams with extensive automation

designed for enterprise scalability and performance

• Minimize project complexity and cost with flexible

deployment options On-premises & Cloud (PaaS, IaaS,
SaaS)

• Meet compliance requirements with a comprehensive

audit trail and reporting capabilities
©BeyondTrust 2022 | 22
 Innovative Product Portfolio
Category
Products

Password Safe with Privileged Remote Privilege Privilege AD Cloud Privilege

Remote Support Management Management Bridge Broker
Secrets Safe Access for Unix & Linux
for Windows & Mac

Security / IAM Ops Endpoint Auditing / Auditing /

User

DevSecOps IT Operations Service Desk Security Mgrs Compliance Compliance Cloud / IT Operations​
Engineers OT Admins Support Centers IT Operations Security Admins Security Site Reliability Engineer​s
IT Admins MSPs Desktop/Server Admins Developers
Compliance Admins
Key Benefits

Session Mgmt Remote Support

Password Vaulting Screen Sharing Least Privilege Root Access Extension of AD Cloud Infrastructure
Privileged Account & Session Vault & Auditing Chat Support & Advanced Control Auditing Authentication Entitlements Management
Mgmt for Remote and ITSM Integration Application Governance for SSO to Least Privilege
Secrets Management & Security Vendor Access Unattended Control Unix & Linux Unix & Linux in Cloud Footprint
Auditing Support
Mobile Support

Cloud and On-Premises Deployments

©BeyondTrust 2022 | 23
Privileged Access
Discovery

©BeyondTrust 2022 | 24
Privileged Access Discovery App
Securely reveal privileged accounts and credentials in your
environment in minutes—for free. No installation
necessary.
 Uncover privileged accounts and credentials

 Discover remote access tools and overprivileged

accounts
 Easy to use tool – no installation, unlimited scans,
detailed scan results and a summary report

DOWNLOAD FOR FREE HERE

©BeyondTrust 2022 | 25
Cloud Deployment
Architecture

©BeyondTrust 2022 | 26
Password Safe Cloud Architecture

HTTPS |
443

©BeyondTrust 2022 | 27
Use Cases
Deep Dive

©BeyondTrust 2022 | 28
Discover and Bring All Privileged
Accounts Under Management
The Problem Password Safe Discovery Engine is deployed
Unmanaged privileged accounts are a threat vector
that can result in a data breach. Most organizations
don’t know the extent of privileged account sprawl in
their networks All privileged accounts are discovered

Discovering and managing privileged accounts

manually is virtually impossible

Smart Rules configured

The Benefits
Automatically and continuously locating all privileged
Privileged credentials are stored in Password Safe
accounts in a network means none will be left
unmanaged

Risk of privileged account theft or misuse is mitigated.

Organization strengthens security posture
Privileged accounts are now under management

©BeyondTrust 2022 | 29
Secrets vault included with
Password Safe
The Problem Password Safe with secrets safe is deployed
Unmanaged and shared secrets used in cloud and
infrastructure development and deployment are a threat
vector that can result in a data breach. Organizations
maintain a fast pace of spinning up both static and Unified environment for secrets and Team Passwords
ephemeral environments that have access to critical
resources and data.
Often SecOps are unaware of new apps and their reach.
Upload tokens, API keys, certificates with access rules

The Benefits
Quickly secures secrets (tokens, API keys, certificates)
Auto-authenticate using Kubernetes sidecar
in an encrypted vault. Supports integration with
Kubernetes without requiring Kubernetes development
expertise.

Risk of privileged account theft or misuse is mitigated.

Organization strengthens security posture through DevOps secrets are now safe, managed, & reportable
secrets management and reporting.

©BeyondTrust 2022 | 30
Monitor Privileged Sessions For
Security & Compliance
PASSWORD SAFE
The Problem
Organizations have limited visibility into privileged
access to critical systems or data
Forensic analysis is difficult without the ability to easily
search, locate and review suspicious privileged activity
To meet compliance companies must monitor access
to systems that contain sensitive and regulated data

The Benefits
Monitor privileged session activity in real time. Pause or
terminate the session if suspicious activity is detected
Generate reports to prove regulatory compliance with
detailed audit trail and video recordings

©BeyondTrust 2022 | 31
Manage Disconnected Accounts

The Problem On Disconnect Endpoint –

Install Privilege Management Client
Systems that do not regularly connect to the network,
still need automatic and regular changes to the
credentials on powerful administrator and root accounts.
Password Safe can now register,
Organizations cannot meet regulatory compliance onboard and rotate/manage accounts on endpoint
mandates and are at risk from cyber attacks like pass-
the-hash.

Privileged credentials are stored in Password Safe and

can be configured for a “heartbeat interval” for rotation

The Benefits
Change administrative passwords on offline systems Zero-Trust on Endpoint - Least privilege policies
automatically, mitigate pass-the-hash attacks and meet can be built utilizing EPM policy Editor
regulatory compliance requirements.

Organizations can quickly move to enforce zero-trust

model on the same disconnected accounts – utilizing
Endpoint has both accounts managed and zero-trust
EPM (separate licensing), least-privilege policies can be
Enforced with least privilege polices
applied.

©BeyondTrust 2022 | 32
Store Cloud Admin Credentials

The Problem User requests access

Companies have limited visibility on how hosted cloud
accounts are being accessed and managed
Most organizations underestimate the number of
Approval rules
cloud applications being used in the enterprise
Managing privileged accounts for cloud apps
manually is difficult and risky
Password is checked-out

The Benefits
Full visibility and control of privileged accounts for hosted User accesses cloud hosted application
cloud apps
Organization can detect, alert and respond to suspicious
activity through the automatic correlation of vulnerability
data, asset characteristics and privileged user behavior.
Password is checked-in

©BeyondTrust 2022 | 33
Extra Validation

©BeyondTrust 2022 | 34
“BeyondTrust’s PAM offering is notable for its account discovery, logging and reporting
capabilities, and for its analytics, which includes an extensive number of preconfigured
templates and dashboards. Privileged governance and administration is above
average.”

“BeyondTrust’s Password Safe offering is above average for credential management

and has several connectors; there is also a software development kit (SDK) that clients
could use to create custom connectors for password rotation.”

Gartner – Critical Capabilities Report for PAM 2022

©BeyondTrust 2022 | 35