ONE IDENTITY
SAFEGUARD
Securely store, manage, record and analyze privileged access
Take the stress out of protecting your privileged accounts by securely storing, managing, recording and analyzing privileged access with One Identity Safeguard. Available as a hardened appliance with an intuitive interface, it satisfies your auditors and admins. It is an integrated solution that combines a secure hardened password safe and a session management and monitoring solution with threat detection and analytics.
Key features
Key features
Policy-based password release
You can request access and provide approval for privileged passwords and sessions from any device. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy.
User behavioral biometrics
The algorithms built into Safeguard inspect behavioral characteristics captured. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.
Full-session audit, recording and replay
All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database.
Product family
Safeguard for Privileged Passwords
Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. The user-centered design of Safeguard for Privileged Passwords means a reduced learning curve. The solution enables you to manage passwords from anywhere and using nearly any device.
Safeguard for Privileged Sessions
Safeguard for Privileged Sessions enables you to control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to make searching for events and automatic reporting simple so you can easily meet your auditing and compliance requirements.
Safeguard for Privileged Analytics
Safeguard for Privileged Analytics monitors questionable behaviors and uncovers previously unknown threats from inside and outside of your organization. By using user behavior analytics technology, Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action -- and ultimately prevent data breaches.
Safeguard Authentication Services
Integrate Unix, Linux and Mac OS X in Active Directory, while extending the compliance and security of AD to your enterprise using Safeguard Authentication Services. It creates an AD Bridge enabling users to log on to non-Windows systems using their AD credentials. With centralized authentication and single sign-on, you can improve operational efficiencies and achieve compliance with cross-platform access control.
Benefits
Protect against privileged ID theft and privileged insider misuse
Identify high-risk privileged users, risky behaviors and unusual events
Easier compliance with efficient audit reports
Faster incident response, IT troubleshooting and forensics
Simplified, yet comprehensive privileged account management
No changes to privileged user workflows
Quick ROI with simplified deployment and management
Features
Policy-based password release
You can request access and provide approval for privileged passwords and sessions from any device. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So, whether your policies consider the requestor’s identity and level of access, the time and day of the request, and the specific resource requested – or all of these — you can configure Safeguard to meet your customized needs.
User behavioral biometrics
Each user has its own idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard inspect these behavioral characteristics. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.
Change control
Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.
Full-session audit, recording and replay
All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.
Authentication Services
Integrate Unix, Linux and Mac OS X in Active Directory, while extending the compliance and security of AD to your enterprise using Safeguard Authentication Services. It creates an AD Bridge enabling users to log on to non-Windows systems using their AD credentials. With centralized authentication and single sign-on, you can improve operational efficiencies and achieve compliance with cross-platform access control.
Granular access control
Full support for SSH, Telnet, RDP, HTTP(s), ICA and VNC protocols. In addition, security teams can decide which network services (e.g. file transfer, shell access, etc.) within the protocols they want to enable/disable for administrators.
Command and application control
Safeguard supports both black listing and white listing of commands and windows titles. Predefined blacklist could include risky commands or texts, or suspicious window titles. In the case of detecting a suspicious user action, Safeguard can send you an alert or immediately terminate the session.
Full-text search
With its Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.
Discovery
Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.
Approval anywhere
Leveraging One Identity Starling Two-Factor Authentication, you can approve or deny requests from anywhere – and with nearly any device -- without being on the VPN.
