DATASHEET

PowerBroker for Windows

Privilege and Session Management for Microsoft Windows
BeyondTrust PowerBroker for Windows is a simple, fast and flexible solution for privilege management and application control on physical and virtual Microsoft Windows desktops and servers. Our patented technology can leverage Active Directory Group Policy or BeyondTrusts BeyondInsight Web Services to eliminate administrator privileges. This speeds least privilege enforcement across all Windows assets, while enabling granular application control and privileged activity logging. With PowerBroker, you can protect against both internal and external threats, including the accidental or intentional misuse of privileged access.

KEY BENEFITS
Enables end users to run applications and perform operating system functions without administrator permissions Monitors critical directories and files on the system for unauthorized modifications* Advanced session monitoring captures keystrokes and screens when rules are triggered and allows advanced playback and search from a centralized console* Collections and item-level targeting features make it easy to organize policies into logical groups and apply multiple policies to specific users, groups, locations or devices Supports desktop virtualization vendors including Microsoft, Citrix and VMware Seamless operations on Windows servers and desktop operating systems Automatic rule generation detects all applications used in an organization, and determines which require elevated privileges Allows standard users to self-install approved applications and ActiveX controls Application control provides whitelisting and blacklisting capabilities, allowing users to run only approved, safe applications Supports Windows, XP, Server 2003/2008, Vista, 7, 8, and Windows 64-bit platforms Challenge / response authentication allows users to elevate privileges with a passcode, even without an Internet connection

The Best Solution for Microsoft Windows Privilege Management

For a secure and compliant Windows environment, users must not be granted local administrator or even power user privileges. However, certain applications require elevated privileges to run. Also, users often need to manage certain elements of the system, such as installing printers, changing network settings, or installing approved software. The traditional solution to this problem has been to grant end users additional privileges, which creates significant security risks. With PowerBroker for Windows, you assign only the required privileges to specific applications, rather than giving those privileges to the user. This enables enterprises to adopt the best practice of least privilege and dramatically improves security without disrupting user productivity.

Mitigate Known and Unknown Threats

Nearly 80% of the Microsoft vulnerabilities disclosed in 2013 could be mitigated by removing administrator rights from users, according to the Microsoft vulnerability database. However, one of the greatest challenges we face in information security is the unknown threat such as a zero-day exploit or custom-crafted code intended to be used against a single target: you. Whether this manifests as a virus, trojan or other malware, or is the result of an Advanced Persistent Threat (APT), PowerBroker can help via patent-pending Risk Compliance technology to selectively elevate applications based on vulnerabilities.

Simplify Granular Control of User Privileges

With PowerBroker for Windows, organizations control the execution of applications, software installs, ActiveX controls, and system tasks that require elevated or administrative privileges all while keeping the user safe and productive and preserving the users security context. Policies can be created and hosted within either Active Directory Group Policy or our management console. This allows air-gapped systems and non-domain assets to process the latest rules and forward critical event data back for processing, reporting and alerting. 44% of employees have unnecessary access rights 43% of organizations allow sensitive data to be stored on employee workstations / laptops - BeyondTrust 2013 survey of 250+ IT decision makers

Extensive Reporting and Automation

PowerBroker introduces powerful new usability enhancements and features that streamline deployment, making it the fastest, easiest and most cost-effective way to achieve least privilege in Windows. - Derek Melber Group Policy MVP and MSPress Author PowerBroker includes an extensive, enterprise-grade reporting infrastructure that integrates with central, role-based reporting and analytics. The solutions executive dashboards can effectively track the progress of removing administrative rights across an organization. In addition, our dashboards have drill-down capabilities that can provide the detailed reporting critical to demonstrating compliance with industry-specific regulations, as well as to sharing progress towards meeting audit goals.

Comprehensive System Monitoring

PowerBroker for Windows contains modules for advanced session monitoring, event log monitoring, vulnerability risk compliance, and file integrity monitoring. Based on privileged identity rules, administrators can trigger screen shot capturing, pattern match the Windows event logs, identify vulnerable applications, and monitor the file system for unauthorized changes all via the BeyondInsight IT Risk Management Platform.

The BeyondInsight platform for unified asset & user risk intelligence
E VILEG PRI GEMENT NA MA
ACTIVE D BRID IRECTO GIN RY G

AUDITI PROTEC NG & TION

P
D SWOR PAS T GED MEN ILE NAGE RIV MA

PowerBroker

Privileged Account Management

BeyondInsight
WE BS SC A ECU RIT Y NNE R
VULNE

PowerBroker for Windows is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include: Centralized solution management and control via common dashboards Asset discovery, profiling and grouping Reporting and analytics Workflow and ticketing Data sharing between Retina and PowerBroker solutions The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments. www.beyondtrust.com/beyondinsight

E RIS AG ERP AN E N T LIT Y M I RAB

Vulnerability Management

Retina

EM

G EN NE A AS NIN T T WO N DS SC AN RK SEC O Y E B SED SC AN U RIT Y A NER CLOUD B

Please visit our website at www.beyondtrust.com/Products/PowerBrokerForWindows for more information or to download a free trial.

CONTACT
BeyondTrust North America Tel: 800.234.9072 or 818.575.4000 info@beyondtrust.com BeyondTrust EMEA Tel: + 44 (0) 8704 586224 emeainfo@beyondtrust.com

CONNECT
Twitter: @beyondtrust Facebook.com/beyondtrust Linkedin.com/company/beyondtrust Learn more at www.beyondtrust.com

2014 BeyondTrust Corporation. All rights reserved. All rights reserved. BeyondTrust, BeyondInsight and PowerBroker are trademarks or registered trademarks of BeyondTrust in the United States and other countries. Microsoft, Windows, and other marks are the trademarks of their respective owners. Feb 2014 * Additional licensing charges may apply