Overview
Appliance-based - Quick deployment – No agents to install
on managed systems.
Granular Password Control - Control password release by
user/group, system, and date/time.
Password Security - Automatic, random password resets
with definable password composition rules.
Detailed Logs and Reports - Show that audit and regulatory
compliance practices are met.
Optional "Approver" Authorization - Can require management
approval prior to password release for additional security.
Broad Platform Support - Windows, UNIX, Linux, AS/400,
Active Directory, databases, firewalls, and routers/switches.
Symark PowerKeeper® is a hardened appliance that creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system. Its highly configurable security features let you customize the product to fit your heterogeneous IT environment and compliance requirements. For additional reliability, all encryption in PowerKeeper is provided by commercially supported, FIPS 140-2 validated software. Only PowerKeeper can deliver the level of security and reliability that organizations need to satisfy compliance, auditing, operational, and internal risk-management requirements.
Privileged (or administrative) passwords are pervasive in any organization. More numerous than personal passwords, they are used to access virtually every device, every operating system and every application. These “keys to the kingdom” grant access to programs and files containing sensitive data. If they are not properly protected and managed, they represent a significant security and compliance risk to the organization.
But privileged passwords are difficult to manage. They are often shared among individuals, lost or forgotten, left as default passwords, not regularly maintained, and not protected from misuse. This results in high administration costs and lower productivity. Ignoring this reality creates unacceptable security risks, and also violates government regulations (like SOX, HIPAA, and GLBA) and industry standards (like PCI DSS and Basel II). Compliance with these regulations and standards requires the creation of a secure access-control infrastructure and adherence to security best practices. Symark PowerKeeper provides a simple to implement, straight forward solution to these problems and closes these security risks while helping you demonstrate and meet compliance requirements.
A user requests a password through PowerKeeper, “checks out” the password (which may require a manager’s approval) and uses it to log in to a privileged account. Similarly, an application requests a password and PowerKeeper authenticates the application against the approved program factors. If authenticated, PowerKeeper checks out a one-time password to the application. In either case, PowerKeeper can rotate the password after it is “checked in” or after a pre-determined time. All requests and password activity is logged by PowerKeeper.
Hardened appliance running Windows 2003 Web Server.
No direct access to the OS.
Windows software firewall with IPSEC support prevents
hacking.
FIPS 140-2 validated components for all encryption
EncryptionPlus Hard Disk AES 256-bit encryption for
whole disk encryption
Crypto API for Windows Server 2003.
SSH Tectia Server for command line interface.
PKZIP for password and document encryption.
Passwords are signed in storage with an X.509v3 certificate.
Inbound connections are only through HTTPS and SSH.
Uses the most secure encryption supported by the managed
system
LDAP & Active Directory support for single-factor
authentication.
Support for additional two-factor authentication with
tokens (RSA, Secure Computing).
User-configurable, automatic password reset schedule.
Optional “Dual Control” to meet compliance requirements
for release and approval of passwords.
Parameters are definable for password aging, automated
changes after password requests are completed, and
scheduled changes by day/date/time.
Passwords are randomly generated based on administrator-defined
composition rule sets: Length, Alphanumeric characters,
Case, Special characters (punctuation, etc.)
Password access may be restricted by day/date/time.
Windows password changes made using native RPC calls.
Password Change Agent for secure automated root password
resets via SSH.
Serves as a fire call box by storing critical passwords
such as root.
Hardware and software are integrated and pre-configured
into a single device.
Agentless technology for rapid deployment.
Powerful, intuitive web-based administration.
Consolidation of users into groups and the creation
of aliases.
Integrated SQL technology for fast searching.
Performance monitoring for enhanced reliability.
High Availability pairing ideal for global deployments.
One appliance can support thousands of systems.
Automated patch management of appliance software upgrades.
Fault tolerance configurations available.
Disaster Recovery options with automated backup for
fast swap over to backup appliances
All actions taken on or by PowerKeeper are logged.
Complete record to demonstrate compliance.
Logs cannot be changed by anyone.
Logs cannot be changed by anyone.
Activity Reports – events, I/O logs.
User Reports – entitlement (privileges/rights of each
role/user), administrator activity, requestor activity.
Password Reports – password inventory, update activity,
update schedule, testing activity
Automated patch management of appliance software upgrades.
Reports exportable in CSV or HTML format.
Administrator and auditors can subscribe to reports.
UNIX: Solaris, AIX, HP-UX (trusted and untrusted),
Tru64*, UnixWare*
Linux: Red Hat*, SuSE
Mid-range: IBM AS/400, DB2*
Windows: 2000, 2003, XP and Media Center*, Active
Directory, NT*, NT4*, NT Domains, Vista*
Databases: Oracle, Microsoft SQL, Sybase, MySQL*
Firewalls: CheckPoint, CyberGuard, Cisco PIX, NetScreen,
Nokia IPSO
BlueCoat SGOS devices
Cisco routers and switches, TACACS*
IBM z/OS and RACF
Other: BoKS*, Fujita RSB*, HP iLO, ProxySG*, Radius*,
VMware, Symark PowerPassword
Privileged Password Management - Administrator Password Reset - Administrative Passwords - Change Administrator Password
PowerKeeper GUI
Add/Modify Managed System
List Managed Accounts
User Information
User Entitlement
A2A Programs
Site MapContact UsPrivacy Policy/ California Privacy RightsHome
