BeyondTrust https://www.gartner.com/technology/media-products/newsletters/beyondt...

VOLUME 2 ISSUE 1

Reducing Insider Threats with Visibility and Control

Trusted employees. Partners. Insiders. Outsiders seeking to become insiders.
What do all these groups have in common? Each one is a potential risk to your
business if their privileges are not managed appropriately. A common scenario
goes something like this: An employee falls victim to a phishing attack. Their
privileges are used to move laterally throughout an environment; the attacker
probing for an opportunity to cause untold damage to your most important
assets.

We've seen time and again the aftermath of abused or misused privileges. Yet,
too many organizations battle these threats the old way – with patchworks of
disparate tools which just leave gaps in visibility, control, and security. That is
precisely what BeyondTrust seeks to help you achieve: visibility and control with
a unified platform for privileged access management.

I have the privilege to share Gartner's latest "Market Guide for Privileged
Access Management" and invite you to learn more about BeyondTrust's
PowerBroker Privileged Access Management platform.

Kevin Hickey
President and Chief Executive Officer, BeyondTrust

Market Guide for Privileged Access Management (gartner.html)

Felix Gaehtgens | Anmol Singh
2 August 2016

Privileged access is a major focus for security and I&O leaders looking to prevent and detect breaches, maintain

1 of 4 2/22/2017 5:16 AM
BeyondTrust https://www.gartner.com/technology/media-products/newsletters/beyondt...

individual accountability, and increase operational efficiency. Products are consolidating around two major
patterns: managing privileged passwords and delegating privileged actions.

Key Findings
Prevention of both breaches and insider attacks remains the major driver for the adoption of privileged access
management (PAM) solutions, followed by regulatory compliance and operational efficiency.
PAM tools allow organizations to comply with high-trust requirements for privileged access by offering or
integrating with high-trust two-factor authentication (2FA) capabilities.
Organizations starting with PAM deployments often struggle to achieve the desired business value due to a
mixture of political and cultural issues.
Emerging use cases for PAM tools are cloud security, anomaly detection and securing the software
development life cycle.

Recommendations
Identity and access management (IAM), infrastructure and operations (I&O), and security leaders:

Don't buy too many tools at once – some of them might be shelfware for a long time. However, plan future
extension purchases for the next three years to avoid potential pricing "sticker shocks."
Use the Market Recommendations section to help choose an approach for selecting the type of PAM tool that
fits the most urgent requirements.
Small and midsize organizations: Look for integrated high availability features, bundled 2FA and value-
priced bundled offerings. Large organizations: Scrutinize vendors' offerings for 2FA integration support,
scalability and autodiscovery features.
Pay special attention to secure nonhuman service and application accounts – they are major sources of
operational and security risk, and most organizations have a significant number of them.
Engage system and network administrators early, and have them participate in the vendor selection – their
support is critical for a successful implementation.

Strategic Planning Assumption

By 2019, 30% of new PAM purchases will be delivered as a service or run in the cloud (up from less than 5%
today), reflecting needs to manage virtual infrastructure and cloud services.

Market Definition
PAM technologies help organizations to provide secured privileged access to critical assets and meet compliance
requirements by securing, managing and monitoring privileged accounts and access.

PAM tools offer features that allow users to:

Control access to privileged accounts, including shared and "firecall" (emergency access) accounts.
Automatically randomize, manage and vault passwords and other credentials for administrative, service and
application accounts.
Provide single sign-on (SSO) for privileged access, so credentials are not revealed.
Delegate, control and filter privileged operations that an administrator can execute.
Eliminate hard-coded passwords by making them available on demand to applications.
Integrate with high-trust authentication solutions to ensure required levels of trust and accountability.
Audit, record and monitor privileged access, commands and actions.

2 of 4 2/22/2017 5:16 AM
BeyondTrust https://www.gartner.com/technology/media-products/newsletters/beyondt...

BeyondTrust Content
BeyondTrust offers a comprehensive, integrated PAM platform (https://www.beyondtrust.com/products
/powerbroker/) that addresses Privileged Account and Session Management, as well as Privilege Elevation and
Delegation Management. Our PowerBroker Privileged Access Management Platform delivers unified visibility
and control over all privileged accounts and users. By uniting capabilities that other providers offer as disjointed
tools, the PowerBroker platform simplifies deployments, reduces costs, improves system security, and reduces
privilege risks.

Download a PDF overview of the PowerBroker PAM Platform (https://www.beyondtrust.com/wp-content

/uploads/ds-powerbroker.pdf?1464902330)
Request free trials of PowerBroker PAM solutions (https://www.beyondtrust.com/free-trial-request/)
Watch a 2-minute overview of the PowerBroker PAM Platform (https://www.beyondtrust.com/resources/video
/powerbroker-privileged-access-management-platform-overview/)

Privileged Account and Session Management (PASM) (https://www.beyondtrust.com

/solutions/enterprise-password-management/)
The BeyondTrust PowerBroker Enterprise Password Security solution provides visibility and control over all
privileged accounts and SSH keys, as well as over the assets and systems they protect. Included session
monitoring capabilities ensure maximum security and accountability. This integrated approach enables IT and
security staff to reduce risk, simplify privileged access management deployments, and consolidate costs across
the organization.

Discover, manage and monitor all privileged accounts and SSH keys in any asset or application
Reveal application and asset vulnerabilities before granting privileged access
Monitor privileged sessions in real-time, providing true dual control
Analyze, record and report on privileged password, user and account behavior
Leverage integrated privileged threat analytics for better decision making

Watch a 2-minute overview of the PowerBroker Enterprise Password Security Solution

(https://www.beyondtrust.com/resources/video/powerbroker-enterprise-password-security-overview/)

Privilege Elevation and Delegation Management (PEDM) for Servers

(https://www.beyondtrust.com/solutions/server-privilege-management/)
The BeyondTrust PowerBroker Server Privilege Management solution enables IT organizations to define who
can access Unix, Linux and Windows servers – and what they can do with that access – via fine-grained policy
control. Delivered as an integrated solution, PowerBroker enables organizations to improve server security while
simplifying privileged access management deployments and reducing costs.

Automatically discover, manage and monitor privileged passwords and SSH keys
Specify fine-grained policy controls over what privileged Windows, Unix and Linux users can do once they are
logged on
Bridge Unix, Linux and Mac systems into Windows for single sign-on and simplified policy
Provide risk visibility into applications targeted for privilege elevation
Analyze, record and report on privileged password, user and account behavior

Watch a 2-minute overview of the PowerBroker Server Privilege Management Solution

(https://www.beyondtrust.com/resources/video/powerbroker-server-privilege-management-overview/)

Privilege Elevation and Delegation Management (PEDM) for Endpoints

3 of 4 2/22/2017 5:16 AM
BeyondTrust https://www.gartner.com/technology/media-products/newsletters/beyondt...

(https://www.beyondtrust.com/solutions/least-privilege-management/)
The BeyondTrust PowerBroker Endpoint Least Privilege solution enforces least privilege across all endpoints
while providing visibility and control over all privileged applications and accounts. Delivered as an integrated
solution, PowerBroker enables users to be productive while reducing risk, simplifying privileged access
management deployments, and reducing costs.

Remove excessive rights, elevating privileges to applications, not users

Use rules to blacklist, whitelist and greylist without managing a massive database of signatures
Provide risk visibility into applications targeted for privilege elevation
Automatically discover, manage and monitor privileged passwords
Analyze, record and report on privileged password, user and account behavior

Watch a 2-minute overview of the PowerBroker Endpoint Least Privilege Solution

(https://www.beyondtrust.com/resources/video/powerbroker-endpoint-least-privilege-overview/)

For more information, please email info@beyondtrust.com (mailto:info@beyondtrust.com) or call +1

800-234-9072.

(http://www.gartner.com)

PAM Solutions Center is published by BeyondTrust. Editorial content supplied by BeyondTrust is independent of Gartner analysis. All Gartner
research is used with Gartner's permission, and was originally published as part of Gartner's syndicated research service available to all entitled
Gartner clients. © 2016 Gartner, Inc. and/or its affiliates. All rights reserved. The use of Gartner research in this publication does not indicate
Gartner's endorsement of BeyondTrust's products and/or strategies. Reproduction or distribution of this publication in any form without Gartner's
prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims
all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject to change without
notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its
research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have
financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds.
Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For
further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity"
(/technology/about/ombudsman/omb_guide2.jsp), on its website.

About Gartner (/technology/about.jsp) | Careers (/technology/careers/) | Newsroom (/it/products/newsroom/) | Policies (/technology/about

/policies/guidelines_ov.jsp) | Site Index (/technology/site-index.jsp) | IT Glossary (/technology/it-glossary) | Contact Gartner (/technology/contact
/contact_gartner.jsp)

4 of 4 2/22/2017 5:16 AM