BeyondTrust, global cyber security company dedicated to preventing privilege misuse and stopping unauthorised access, announced two new features in PowerBroker for Windows that help IT administrators manage privileged access by automating their security policies. 

Verizon 2018 Data Breach Investigations Report

With an increase in stolen credentials as the cause of many of today’s data breaches and hacking attacks, according to the Verizon 2018 Data Breach Investigations Report, organisations must remain vigilant in their execution of security policies across the enterprise. Considering the sheer volume of potential endpoints that an organisation must manage when implementing least privilege rules and the complexities associated with developing rules based on users’ needs and privileged elevation requirements, an automated solution speeds the time to value and reduces the risk of inconsistent or incomplete policies. 

PowerBroker Policy Accelerator, a new and revolutionary capability of the PowerBroker for Windows solution, intelligently identifies new applications

PowerBroker Policy Accelerator, a new and revolutionary capability of the PowerBroker for Windows solution, intelligently identifies new applications and privilege elevation requirements based on real activities in the network and user event logs and subsequently automates the process of defining and generating the necessary policy rules.

PowerBroker for Windows version 7.5

Additionally, PowerBroker for Windows version 7.5 includes enhanced protections against rogue scripts by allowing only those with an approved signature and other specified criteria to run. This capability is essential for scripts that manage configurations or provide privileged access to resources. Combined with Application-to-Application scripts like those used with PowerBroker Password Safe, companies can validate whether a script has been tampered with before it is granted authorisation for password or application use. This enhancement not only helps administrators and users, it helps next-generation initiatives for DevOps automate Windows environments embarking on digital transformation journeys.

PowerBroker for Windows version 7.5 also now supports Microsoft Windows 10 April Update 2018, allowing IT admins to remain up to date on the latest Windows OS

PowerBroker for Windows version 7.5 also now supports Microsoft Windows 10 April Update 2018, allowing IT admins to remain up to date on the latest Windows OS. This compatibility update demonstrates BeyondTrust’s commitment to staying in lockstep with the Microsoft community.

With the latest version of PowerBroker for Windows, IT administrators can achieve the following:

  • Reduced Attack Surfaces – Decrease attack surfaces by removing admin rights from end users and employing fine-grained policy controls for all privileged access.
  • Continuous Monitoring – Monitor and audit sessions for unauthorised access and/or changes to files, directories, and lateral movement.
  • Analyse Behavior – Detect suspicious users, accounts and asset activities through behavior analysis and Vulnerability-Based Application Management (VBAM).

PowerBroker Policy Accelerator Discovering, creating, and testing least privilege policies can be a challenge for many of today’s enterprises"

Discovering, creating, and testing least privilege policies can be a challenge for many of today’s enterprises,” said Morey Haber, CTO, BeyondTrust. “IT teams are often tasked with evaluating multiple systems and understanding a wide array of users’ needs in order to determine the privileged elevation requirements and the necessary system parameters.

What’s more, much of this work is done in test environments and doesn’t take into account all of the real-world scenarios that can happen. With the new PowerBroker Policy Accelerator feature, organizations can quickly find the elevation requirements, and then test and save required rules on the fly, while maintaining consistency without sacrificing compliance.

PowerBroker for Windows version 7.5, including the free Policy Accelerator capability, is available now along with support for the latest versions of Windows 10.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

In case you missed it

What are the security challenges of protecting utilities?
What are the security challenges of protecting utilities?

Utilities are an important element of critical infrastructure and, as such, must be protected to ensure that the daily lives of millions of people continue without disruption. Protecting utilities presents a unique range of challenges, whether one considers the electrical grid or telecommunications networks, the local water supply or oil and gas lines. Security technologies contribute to protecting these diverse components, but it’s not an easy job. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting utilities?

Q&A: how the ‘secret service of Hollywood’ protects celebrities
Q&A: how the ‘secret service of Hollywood’ protects celebrities

At a major music festival, a fan in the crowd aggressively leapt over a barricade to approach a famous artist. Personnel from Force Protection Agency immediately implemented extrication protocol to shield the artist from physical harm, quickly reversed course and calmly led the client away from the threat. Force Protection Agency (FPA) personnel intentionally did not engage the threatening fan in any way, as local venue security personnel were present and tasked with apprehending the rogue fan. FPA’s efforts were directed expressly toward the protection of the client, avoiding unnecessary escalation or complications and minimising physical, visual, and legal exposure. Dedicated to the safety of clients Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation Specialising in protecting celebrities and high-net-worth individuals, Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation, and dedicated to the safety and success of clients. The agency was formed in 2017 by Russell Stuart, a California State Guard officer and security and entertainment industry veteran. The agency is the culmination of 20 years of experience in the fields of security, military, emergency management, logistics and technology, media and entertainment, and celebrity management. We interviewed Russell Stuart, Founder and CEO of Force Protection Agency (FPA), which has been called “the Secret Service of Hollywood,” for his insights into providing security for celebrities. Q: What unique need in the marketplace do you seek to serve, and how are you qualified to serve it? Stuart: The needs of celebrity and high-net-worth clients are complex and constantly changing. When dealing with a high-profile individual, discretion is paramount, extensive communication is required, and adaptation is ongoing. A critical objective is anticipating and planning for all types of potential negative scenarios and preventing them from even starting, all while not disrupting the normal course of operation of the client's day or their business. Force Protection Agency is poised to serve these needs by innovating and intelligently managing the planning, procedures, and personnel used in every facet of protecting the client’s interests and achieving their objectives. Q: What is the typical level of "professionalism" among bodyguards and security professionals that protect celebrities? Why does professionalism matter, and how do you differentiate yourself on this point? Stuart: Professionalism is an overall way of approaching everything to do with the business, from recruiting, to training, to making sure the right agent is with the right client. Nothing matters more; polish and precision are not only critical to mission success, but also support the comprehensive best interest of the client while preventing costly collateral damage and additional negative consequences. True “professional protective services" is intelligent strength and proper execution, not emotional or reactionary violence. Unfortunately, the latter is frequent among many celebrity bodyguards, and often incurs extremely expensive and even dangerous repercussions. Q: Your company has been described as "the Secret Service of Hollywood." How true is that comparison, and how does your work differ from (e.g.) protecting the President? Force Protection Agency prides itself on providing its services with discretion, precision, and poise Stuart: Totally true, and for this reason: the keys to success in protection are prioritization, and planning. Most people fail to even recognise the first, negating any level of effort given to the second. Establishing the true needs and the correct priority of objectives for each individual client and situation, and firmly committing to these without deviation, are what distinguishes both government secret services and Force Protection Agency from the vast majority of general security firms. Also, the term “secret service” implies an inconspicuous yet professional approach, and Force Protection Agency prides itself on providing its services with discretion, precision, and poise. Q: What is the biggest challenge of protecting celebrities? Stuart: The very nature of celebrity is visibility and access, which always increases risk. The challenge of protecting a high-profile individual is facilitating that accessibility in a strategic and controlled manner while mitigating risk factors. A client’s personal desires and preferences can often conflict with a lowest risk scenario, so careful consideration and thorough preparation are essential, along with continual communication. Q: How does the approach to protection change from one celebrity (client) to another? What variables impact how you do your job? Stuart: The approach is largely determined by the client’s specific needs, requests and objectives. The circumstances of a client's activities, location, and other associated entities can vastly disrupt operation activities. A client may prefer a more or less obvious security presence, which can impact the quantity and proximity of personnel. Force Protection Agency coordinates extensively with numerous federal, state, and municipal government agencies, which also have a variety of influence depending on the particular locations involved and the specific client activities being engaged in.  Q: Are all your clients celebrities or what other types of "executives" do you protect – and, if so, how are those jobs different? Stuart: Force Protection Agency provides protective services for a wide range of clients, from the world’s most notable superstars to corporate executives and government representatives. We also provide private investigation services for a vast variety of clientele. Force Protection Agency creates customised solutions that surpass each individual client’s needs and circumstances. The differences between protecting a major celebrity or top business executive can be quite different or exactly the same. Although potentially not as well known in popular culture, some top CEOs have a net worth well above many famous celebrities and their security needs must reflect their success. Q: What is the role of technology in protecting famous people (including drones)? Technology is crucial to the success of security operations Stuart: Technology is crucial to the success of security operations and brings a tremendous advantage to those equipped with the best technological resources and the skills required to maximise their capabilities. It affects equipment such as communication and surveillance devices like drones, cameras, radios, detection/tracking devices, GPS, defensive weapons, protective equipment, and more. Technology also brings immense capabilities to strategic planning and logistical operations through the power of data management and is another aspect of Force Protection Agency operation that sets us apart from the competition. Q: What additional technology tools would be helpful in your work (i.e., a “technology wish list”)? Stuart: The rapidly growing and evolving realm of social media is a massive digital battlefield littered with current and potential future threats and adversaries. Most mass shooters as of late have left a trail of disturbing posts and comments across social media platforms and chat rooms that telegraphed their disturbing mindset and future attacks. A tool that could manage an intelligent search for such threats and generate additional intel through a continuous scan of all available relevant data from social media sources would be extremely useful and could potentially save many lives. Q: Anything you wish to add? Stuart: Delivering consistent excellence in protection and security is both a vital need and a tremendous responsibility. Force Protection Agency is proud of their unwavering commitment to “Defend, Enforce, Assist” and stands ready to secure and satisfy each and every client, and to preserve the life and liberty of our nation and the world.

How custom solutions meet customer needs for access control
How custom solutions meet customer needs for access control

The software-based technology running today’s access control systems is ideal for creating custom solutions for very specific end-user needs. Those needs may vary from delaying bar patrons’ access to a shooting range to reducing the risk of diamond miners pocketing precious stones. The ability to tightly integrate with and control video, intrusion, and other equipment puts access control at the heart of enterprise security. Often, off-the-shelf access systems provide most of the features an end user requires, but due to their type of business, facility or location, some organisations still have unaddressed needs. That’s where a custom solution can fulfill an essential task. Custom solutions are frequently requested by end users or the reseller to expand access control to meet those needs. Here’s a look at some custom solutions designed for end users. Area & time-based access control The owners of a popular shooting range also operate an onsite, full-service bar, and the owners wanted to delay entry to the shooting range once a customer had consumed alcoholic beverages at the bar. The custom solution works with the access cards customers use to enter the range. When a patron orders an alcoholic beverage, the bartender presents the patron’s credential to a reader at the cash register.  With each drink, the access control system puts an automatic delay on the card being used to enter the shooting range. An area and time-based control solution was created An area and time-based control solution was created for a major pharmaceutical manufacturer concerned with potential contamination between laboratories testing viral material and others designing new vaccines. If an employee uses a badge to enter a room with viral material, that employee can be denied access to a different area (typically a clean room in this case), for a customised period of time. This reduces the potential of cross contamination between ‘dirty’ and ‘clean’ rooms. The software can be customised by room combinations and times. Random screening A mine operator wanted to prevent easily portable precious stones from being taken by miners. The custom solution uses the access control system integrated with time and attendance software. As the miners clock in, the system randomly and secretly flags a user-defined percentage of them to be searched as their shifts end. Security guards monitor displays and pull selected employees aside.  A nice feature of this solution is that the random screening can be overridden at a moment’s notice. For example, if the process causes excessive delays, guards can override the system to enable pre-selected miners to pass until the bottleneck is relieved. The solution has also been adopted by a computer manufacturer looking to control theft by employees and vendors. Scheduler The system automatically unlocks and locks doors A custom solutions team integrated a university’s class scheduling and access control software to lock doors to classrooms that are not in use. With the custom solution in place, the system automatically unlocks and locks doors 15 minutes prior to and after a class. The doors remain unlocked if the room will be used again within the next 30 minutes. Readers mounted at each door enable faculty to enter rooms early for class setup or to work in a lab knowing students or others won’t be able to walk in. Event management This solution simplifies the visitor check-in process, especially for larger events with multiple guests. Efficiently moving people in and out of events booked at a working intelligent office building and conference center required integrating the access control system with a web-based solution storing the names, email addresses, and phone numbers of invited guests. Before an event, guests receive an email invitation that includes a link to a downloadable smartphone mobile credential. Upon arrival, guests present that credential to Bluetooth readers at the building’s gated parking garage. The same credential enables smaller groups (up to 50 guests) to enter the building through turnstile-mounted readers – also used throughout the day by hundreds of building employees. To avoid long lines for larger groups of visitors, the turnstiles are kept open with security guards using handheld readers to authenticate credentials as guests enter the lobby. Additionally, a third-party emergency notification system was added to this custom solution. Guests receive instructions on their smartphones should there be a need to shelter in place or evacuate during an event. The credentials and notifications are disabled as guests leave the building through the turnstiles. This allows the hospital to maintain a secure environment while providing a simplified, efficient access solution Similar custom solutions have been deployed at hospitals searching for a way to provide secure access to patients only expected to be staying a short time for surgery.  Patients are emailed a mobile credential to access both the hospital’s parking structure and surgical reception area. They can also designate family members and other visitors to receive emailed mobile credentials.  This allows the hospital to maintain a secure environment while providing a simplified, efficient access solution for patients and visitors. Custom solutions are about problem solving. It’s finding answers to needs not specifically addressed by an access control system. The robust software of modern access control systems enables the design of custom solutions to efficiently enhance security, save time and reduce redundant tasks through automated processes.