Overview

Datasheets & Brochures FAQ Reviews Technical Information Appliance FAQ & Support White Papers Demos & Webcasts

Tomorrow's Technology Today

Privileged Access and Administrator Password Management

Appliance-based - Quick deployment – No agents to install on managed systems.

Granular Password Control - Control password release by user/group, system, and date/time.

Password Security - Automatic, random password resets with definable password composition rules.

Detailed Logs and Reports - Show that audit and regulatory compliance practices are met.

Optional "Approver" Authorization - Can require management approval prior to password release for additional security.

Broad Platform Support - Windows, UNIX, Linux, AS/400, Active Directory, databases, firewalls, and routers/switches.

Symark PowerKeeper® is a hardened appliance that creates and secures privileged accounts through automated password resets and management, encryption, secure storage of credentials, and a sealed operating system. Its highly configurable security features let you customize the product to fit your heterogeneous IT environment and compliance requirements. For additional reliability, all encryption in PowerKeeper is provided by commercially supported, FIPS 140-2 validated software. Only PowerKeeper can deliver the level of security and reliability that organizations need to satisfy compliance, auditing, operational, and internal risk-management requirements.

Privileged (or administrative) passwords are pervasive in any organization. More numerous than personal passwords, they are used to access virtually every device, every operating system and every application. These “keys to the kingdom” grant access to programs and files containing sensitive data. If they are not properly protected, managed, and reset from their default passwords, they represent a significant security and compliance risk to the organization.

But privileged passwords are difficult to manage. They are often shared among individuals, lost or forgotten, left as default passwords, not regularly maintained, and not protected from misuse. This results in high administration costs and lower productivity. Ignoring this reality creates unacceptable security risks, and also violates government regulations (like SOX, HIPAA, and GLBA) and industry standards (like PCI DSS and Basel II). Compliance with these regulations and standards requires the creation of a secure access-control infrastructure and adherence to security best practices. Symark PowerKeeper provides a simple to implement, straight forward solution to these problems and closes these security risks while helping you demonstrate and meet compliance requirements.

PowerKeeper Diagram - How PowerKeeper Works

A user requests a password through PowerKeeper, “checks out” the password (which may require a manager’s approval) and uses it to log in to a privileged account. Similarly, an application requests a password and PowerKeeper authenticates the application against the approved program factors. If authenticated, PowerKeeper checks out a one-time password to the application. In either case, PowerKeeper can reset the password after it is “checked in” or after a pre-determined time. All requests and password activity is logged by PowerKeeper.

Securing Privileged Accounts

Hardened appliance running Windows 2003 Web Server.

No direct access to the OS.

Windows software firewall with IPSEC support prevents hacking.

FIPS 140-2 validated components for all encryption.

EncryptionPlus Hard Disk AES 256-bit encryption for whole disk encryption.

Crypto API for Windows Server 2003.

SSH Tectia Server for command line interface.

PKZIP for password and document encryption.

Passwords are signed in storage with an X.509v3 certificate.

Inbound connections are only through HTTPS and SSH.

Uses the most secure encryption supported by the managed system.

LDAP & Active Directory support for single-factor authentication.

Support for additional two-factor authentication with tokens (RSA, Secure Computing).

Password Management

User-configurable, automatic password reset schedule.

Optional “Dual Control” to meet compliance requirements for release and approval of passwords.

Parameters are definable for password aging, automated changes after password requests are completed, and scheduled changes by day/date/time.

Passwords are randomly generated based on administrator-defined composition rule sets: Length, Alphanumeric characters, Case, Special characters (punctuation, etc.)

Password access may be restricted by day/date/time.

Windows password changes made using native RPC calls.

Password Change Agent for secure automated root password resets via SSH.

Serves as a fire call box by storing critical passwords such as root.

Performance, Reliability, Manageability

Hardware and software are integrated and pre-configured into a single device.

Agentless technology for rapid deployment.

Powerful, intuitive web-based administration.

Consolidation of users into groups and the creation of aliases.

Integrated SQL technology for fast searching.

Performance monitoring for enhanced reliability.

High Availability pairing ideal for global deployments.

One appliance can support thousands of systems.

Automated patch management of appliance software upgrades.

Fault tolerance configurations available.

Disaster Recovery options with automated backup for fast swap over to backup appliances.

Logs and Reports for Audits and Regulatory Compliance

All actions taken on or by PowerKeeper are logged.

Complete record to demonstrate compliance.

Logs cannot be changed by anyone.

Activity Reports – events, I/O logs.

User Reports – entitlement (privileges/rights of each role/user), administrator activity, requestor activity.

Password Reports – password inventory, update activity, update schedule, testing activity.

Automated patch management of appliance software upgrades.

Reports exportable in CSV or HTML format.

Administrator and auditors can subscribe to reports.

Supported Platforms

Symark PowerSeries: PowerADvantage, PowerBroker, PowerPassword

UNIX: Solaris, AIX, HP-UX (trusted and untrusted), Tru64, UnixWare*, Mac OS*

Linux: Red Hat*, SuSE

Mid-range: IBM AS/400

Windows: 2000, 2003, XP, 2008, NT4*, NT Domains, Vista*

Directories: Active Directory, LDAP*

Databases: Oracle, Microsoft SQL, Sybase, MySQL*, DB2*

Firewalls: Cisco PIX, NetScreen, Nokia IPSO, CyberGuard

Web Proxy/Cache: BlueCoat Security Gateway devices*

Cisco routers, switches*, TACACS*

IBM z/OS and RACF

Other: HP iLO, VMware, Avocent MPT, BoKS*, Fujita RSB*, Radius*

* Please consult the Product Readme for more information

Product README

Screenshots

PowerKeeper GUI

Add/Modify Managed System

List Managed Accounts

User Information

User Entitlement

A2A Programs

Site Map Contact Us Privacy Policy/ California Privacy Rights Home