Embed Size (px)
Citation preview
DA
TA
SH
EE
T
The methods that hackers use to gain access to your systems and data are constantly evolving. Ultimately, hackers want access to your privileged accounts as they provide unlimited access to systems and data. In nearly every recent high-profile breach, privileged accounts have been compromised. To limit the damage when a breach occurs, you need a secure, efficient and compliant way to provide access to privileged accounts.
For IT managers, these all-access accounts can be difficult to manage for a number of reasons, including the sheer number of the privileged accounts and the number of people that need access to them. On top of these challenges, traditional privileged access management (PAM) solutions involve complex architectures, lengthy deployment times and onerous management requirements. Yes, PAM can be a huge challenge, but it doesn’t have to be.One Identity Safeguard provides a single architecture for managing privileged access that is delivered on a secure hardened appliance. This
Secure, manage and record privileged accessOne Identity Safeguard
Benefits
• Mitigate the potential damage of a security breaches
• Easily meet compliance requirements
• Get value faster with simplified deployment and ongoing management
• Accelerate the learning curve and maximize on-going productivity with a user centric interface design
• Reduce the effort of audit reports with quick access to all the information you need
2
architecture greatly simplifies deployment and ongoing management and accelerates the time to value. Safeguard enables you leverage a unified policy engine and management tools to securely grant access to privileged accounts.
Safeguard Appliance
The Safeguard appliance is built specifically for use only with the Safeguard software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. This approach protects the privileged management software from attacks while also simplifying deployment and management.
Safeguard for PrivilegedPasswords
One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. The user-centered design of Safeguard for Privileged Passwords means a
reduced learning curve. Plus, the solution enables you to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and gives your privileged users a new level of freedom and functionality.
Safeguard for Privileged Sessions
With One Identity Safeguard for Privileged Sessions, you can issue privileged access for a specific period - or session - to administrators, remote vendors and high-risk users with full recording and replay capabilities, which means you can easily meet your auditing and compliance demands. Plus, Safeguard for Privileged Sessions serves as a proxy to ensure that your critical assets are protected from malicious software that might be lurking on an admin’s machine. This solution provides a single point of control from which you can authorize connections, limit access to specific resources, view active connections, record all activity, receive an alert if connections exceed preset time limits and terminate connections.
Features
Workflow engine – A workflow engine that supports time restrictions, reviewers, multiple approvers, emergency access and expiration of policy. Plus, you can input reason codes and/or integrate with ticketing systems. Secure flexibility allows password requests to be approved automatically or require multiple levels of approvals depending on risk factors of the request and/or user.
Full-session audit, recording and replay – All session activity — every packet sent and action taken, including mouse movements, clicks and keystrokes — is recorded and available for review. The time and content of the session are cryptographically signed for forensics and compliance purposes. Only actual activity is recorded, and recordings are compressed to minimize offline storage requirements to a fraction of the size required by other solutions.
Always online – You get true high availability as this solution was built for distributed clustering. Plus, with load balancing
© 2017 One Identity LLC ALL RIGHTS RESERVED. One Identity, and the One Identity logo are trademarks and registered trademarks of One Identity LLC in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.oneidentity.com/legal. All other trademarks, servicemarks, registered trademarks, and registered servicemarks are the property of their respective owners.Datasheet-Safeguard-US-KJ-29792
capabilities, you get faster throughput and shorter response times as you can request passwords and sessions from any appliance.
Approval anywhere – Leveraging One Identity Starling (a cloud-based solution), you can approve or deny any request from anywhere without being on the VPN.
Discovery – Quickly discover any privileged account or system on your network with host-, directory- and network-discovery options.
RESTful API – Safeguard uses a modernized API based on REST to connect with other applications and systems. Every function is exposed through the API to enable quick and easy integration regardless of what want to do or which language your applications are written.
Multi-language support –The administrator interface supports localization through the use of language packs to provide a seamless experience for
administrators around the world. One Identity Safeguard supports Arabic, Chinese (simplified and traditional), Dutch, French, German, Italian, Japanese, Korean, Spanish and Russian.
Activity Center – Quickly and easily view all activity with a query builder. Customize reports for intended audience, such as IT operations or non-tech executives. Plus, schedule queries, and save or export the data in a variety of formats.
Two-factor authentication support – Protecting access to passwords with another password isn’t enough. Enhance security by requiring two-factor authentication to access Safeguard. Safeguard supports any RADIUS-based 2FA solution and comes with 25 free licenses to Starling Two-Factor Authentication.
The One Identity approach to privileged account management One Identity products include the industry’s most comprehensive set of privileged access
management solutions, suited to meet the needs of any organization. In addition to the powerful privileged management functionality of One Identity Safeguard, we offer targeted agent-based solutions for granular delegation of the Unix root account and Active Directory administrator account; add-ons to make open-source sudo enterprise-ready; and keystroke logging for Unix root activities – all tightly integrated with the industry’s leading Active Directory bridge solution.
About One Identity
One Identity helps organizations get identity and access management (IAM) right. With our unique combination of offerings, including a portfolio of identity governance, access management, privileged management and identity as a service solutions, organizations can achieve their full potential – unimpeded by security, yet safeguarded against threats.
Learn more at OneIdentity.com
Manage Passwords
IT AdminsDevelopers
VendorsApplications
Production Resources
Proxy ConnectionSession Request
Password Request
Approve Passwords
Release Passwords
One Identity Safeguard Appliance
Audit Passwords
Change Passwords
Monitor Sessions
Record Sessions
Replay Sessions
Archive Logs & Recordings
Audit Logs
