Issue 2

PAM Solutions Center

Privileged Access Management Research & Solutions

Matt Dircks

Reducing Insider Threats with Visibility and Control

Employees. Third-party vendors. Malicious outsiders seeking to become insiders. What do these groups have in common? Each poses a threat to your business if you don't manage privileges appropriately. Massive data breaches can start with a single person falling for a phishing attack or clicking on the wrong link. After that, it doesn't take much for an attacker to hijack the victim's privileges and move laterally, flying under the radar to steal or damage your most important assets.

Time and again, we've seen the devastating aftermath of abused or misused privileges. Yet, too many organizations battle these threats the old way—with patchworks of disparate tools that leave gaps in visibility, control, and security. BeyondTrust's unified Privileged Access Management platform fills these gaps, enabling you to confidently reduce risk, maintain productivity, and stay out of the headlines.

With that, it's my privilege to share Gartner's latest "Magic Quadrant for Privileged Access Management" and invite you to learn more about BeyondTrust's comprehensive, integrated PAM solutions.

Matt Dircks
Chief Executive Officer, BeyondTrust

Magic Quadrant for Privileged Access Management

  • Felix Gaehtgens, Abhyuday Data, Dale Gardner, Michael Kelley, Justin Taylor
  • 3 December 2018

Privileged access management is one of the most critical security controls, particularly in today’s increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.

Strategic Planning Assumptions

By 2022, more than half of enterprises using privileged access management (PAM) tools will emphasize just-in-time privileged access over long-term privileged access, up from less than 25% today.

By 2021, 40% of organizations (up from less than 10% in 2018) that use formal change management practices will have embedded and integrated PAM tools within them, significantly reducing the overall risk surface.

By 2021, over 50% of organizations using DevOps will adopt PAM-based secrets management products, rising rapidly from less than 10% today.

Market Definition/Description

PAM tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. PAM tools offer features that enable security and risk leaders to:

  • For all use cases:
    • Discover privileged accounts on systems, devices and applications for subsequent management.
    • Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.
    • Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.
    • Isolate, monitor, record and audit privileged access sessions, commands and actions.
  • For human users:
    • Provide single sign-on (SSO) for privileged sessions, commands and actions securely to not reveal account credentials (passwords, cryptographic keys, etc.).
    • Delegate, control and filter privileged operations that an administrator can execute.
    • Ensure required levels of trust and accountability for privileged access by providing robust authentication capabilities or integrating with external authentication products or services.
  • For services and applications:
    • Eliminate hardcoded passwords by making them available on-demand to applications. Two distinct tool categories have evolved as the predominant focus for security and risk management leaders considering investment in PAM tools:
      • Privileged account and session management (PASM). Privileged accounts are protected by vaulting their credentials. Access to those accounts is then brokered for human users, services and applications. Privileged session management (PSM) functions establish sessions with possible credential injection, and full session recording. Passwords and other credentials for privileged accounts are actively managed, such as being changed at definable intervals or upon occurrence of specific events. PASM solutions can also provide application-to-application password management (AAPM).
      • Privilege elevation and delegation management (PEDM). Specific privileges are granted on the managed system by host-based agents to logged in users. This includes host-based command control (filtering) and privilege elevation, the latter in the form of allowing particular commands to be run with a higher level of privileges. Vendors covered in this Magic Quadrant must at least provide a fully functional PASM product and, optionally, PEDM tools as well. In the write-ups for each vendor, we comment on the quality of individual product components, and use terms such as “well above average,” “above average,” “average,” “below average” and “well below average.” The average for a particular component refers to the average score for all vendors evaluated in this research for that component. Please refer to the entry for “Product or Service” in the Evaluation Criteria section for a full description of these components and what was evaluated.

BeyondTrust Content

BeyondTrust Privileged Access Management Platform

BeyondTrust delivers a comprehensive, integrated PAM platform that includes Privileged Account and Session Management; Privilege Elevation and Delegation Management; and Privileged Remote Access capabilities. With on-premise, cloud and hybrid deployment options, the BeyondTrust Privileged Access Management Platform provides complete visibility and control over privileged accounts and users across all desktop, server, DevOps, and network device platforms.

Unlike competitive offerings of disjointed tools, BeyondTrust unites best-of-breed PAM capabilities under a single management, reporting and analytics console. This simplifies deployments, reduces costs, improves system security, and closes gaps to reduce privilege risks. With BeyondTrust, IT and security leaders can:

  • Reduce the attack surface by not only eliminating shared and embedded application credentials, but also enforcing least privilege on all endpoints
  • Monitor privileged user activities and third-party vendor sessions for unauthorized access and/or changes to key files and directories
  • Analyze asset and user behavior to detect malicious and/or suspect activity from insiders, trusted third parties, or compromised accounts

Request a demonstration of BeyondTrust PAM solutions

Privileged Account and Session Management (PASM)

The BeyondTrust Privileged Password & Session Management solution provides visibility and control over all privileged accounts and SSH keys, as well as the assets and systems they protect. Included session monitoring capabilities ensure maximum security and accountability. This integrated approach enables IT and security staff to reduce risk, simplify privileged access management deployments, and consolidate costs across the organization.

  • Discover, automatically onboard, and manage all privileged accounts and SSH keys
  • Eliminate hard-coded or embedded application credentials
  • Reveal application and asset vulnerabilities before granting privileged access
  • Monitor sessions in real-time to ensure accountability
  • Report on password, user, and account behavior, revealing risky accounts and assets through threat and behavioral analytics

Privilege Elevation and Delegation Management (PEDM) for Desktops and Servers

The BeyondTrust Endpoint Privilege Management solution enables IT organizations to define who can access Windows, Mac, Unix, Linux, and network devices – and what they can do with that access – via fine-grained policy control. Delivered as an integrated solution, BeyondTrust enables organizations to improve security while simplifying privileged access management deployments and reducing costs.

  • Enforce least privilege by elevating rights to applications and commands, not users
  • Delegate privileges with fine-grained policy controls
  • Control applications and reveal vulnerabilities before delegating privileges
  • Bridge Unix, Linux and Mac to Active Directory for simplified single sign-on
  • Monitor and audit password, user and account behavior, revealing risky users and assets through threat and behavioral analytics

Privileged Remote Access

The BeyondTrust Privileged Remote Access solution controls, manages, and audits remote privileged access to critical IT systems by authorized employees, contractors, and third-party vendors. By providing greater visibility and control over third-party vendor access, organizations can better secure their most critical assets.

  • Enable granular access to specific systems, eliminating "all or nothing" access
  • Control access pathways into IT networks used by vendors
  • Create an audit trail to provide visibility into vendor activity
  • Integrate with Password & Session Management to enable direct access into a session
  • Provide seamless, out-of-the-box integrations with common business software solutions, such as ITSM, SIEM, and SCIM

For more information, please email info@beyondtrust.com or call +1 800-234-9072.