FFIEC News

Symark International Announces PowerKeeper(R) 3.0

(July 15, 2008)-- Symark International, developer of the PowerSeries information security solutions for managing privileged access, announced PowerKeeper 3.0, the latest version of the industry’s most advanced privileged account access management appliance for the secure creation, control, storage and retrieval of privileged administrative account passwords. PowerKeeper 3.0 includes support for application-to-application (A2A) and application-to-database (A2DB) connectivity, and bolsters security by replacing embedded credentials with one-time-use passwords. The new version also utilizes the HP ProLiant DL360 G5 server, which, when combined with PowerKeeper 3.0, significantly improves system availability and facilitates greater scalability to handle more users, managed systems and managed accounts per appliance.

According to key findings in a recent Gartner report by Research Vice President Ant Allan and Managing Vice President Ray Wagner, “Using passwords for application-to-application (A2A) and application-to-database (A2DB) authentication, with the passwords hard-coded in the calling application, gives rise to significant security risks. The need to periodically change such passwords gives rise to significant operational risks. Strategic authentication approaches can’t be simply retrofitted to all applications because the effort and time scale of such work would be prohibitive.” In addition, “Although organizations often have a more-robust strategic authentication approach, it’s seldom practicable to retrofit this to all applications. Wherever software-account passwords must remain, a software-account password management (SAPM) tool can mitigate security and operational risks.”1

“Despite the immense security risk, it is still common practice for many IT administrators to share passwords among those that need access to a given system or data set. This exposes an organization to insider impropriety because when someone is logged in as a privileged user, there is no way to verify which administrator actually logged in or to audit who approved that access and the reason the access was necessary,” said Bob Farber, CEO of Symark International. “Use of embedded passwords that could be viewed by anyone with access to the source code is not much different than an administrator looking over another administrator’s shoulder for the purpose of stealing and exploiting their password. Privileged access management solutions such as Symark’s PowerKeeper address this issue by providing a one-time-use password. This supports security best practices and helps companies meet SOX, HIPAA, PCI DSS and other compliance requirements.”

PowerKeeper provides the combination of a secured, hardened appliance with the use of only commercially supported FIPS-140 validated encryption components. This provides the best security techniques available for protecting passwords — and the accounts they access — from unauthorized use. PowerKeeper safeguards proprietary systems and information through a secure release mechanism that automatically changes and verifies passwords based on granular security parameters established by management. By protecting the UNIX/Linux root, Windows Administrator and other privileged accounts such as Cisco Enable — the virtual “keys to the kingdom” — PowerKeeper enables organizations to create a secure access control infrastructure that satisfies corporate governance, compliance and risk guidelines. PowerKeeper also tracks and logs all password activity — including requests and releases — and creates a comprehensive audit trail from which various reports can be generated.

“Privileged user password management (PUPM) solutions allow passwords to sensitive accounts (system administrator, root, etc.) to be centrally stored and divulged only temporarily to system administrators or applications. All password releases are audited, and passwords can also be automatically updated on managed systems once the system administrator checks in the password. Most organizations deploy PUPM to reduce the risk of managing sensitive passwords, increase operational stability, and address audit findings,” wrote Andras Cser, senior analyst with Forrester Research, in the June 18, 2008 report, Forrester TechRadar: Identity and Access Management, Q2 2008.

The new A2A and A2DB support included in PowerKeeper 3.0 provides a level of security unmatched in the marketplace. Each application is protected by a certificate and a series of administrator-selected program factors to validate that the application requesting the credentials is approved to receive them and is executing in the proper context. This provides a high level of protection from unauthorized access to the credentials, even if an attacker tries to masquerade as the approved application requesting the credentials.

PowerKeeper 3.0 also utilizes the HP ProLiant DL360 G5 server, which includes enhanced fault-tolerance functionality to ensure system availability. As a mission-critical system, PowerKeeper must be continuously available. The appliance features several layers of redundancy to protect against failures, including implementing High-Availability Pairs, where a primary PowerKeeper appliance is paired with a replica so that if the primary appliance fails or becomes unavailable, the replica appliance will automatically take over all PowerKeeper functions. The fault tolerance added to version 3.0 as part of the HP hardware further strengthens PowerKeeper’s continuous availability by adding standard redundant hot-swap mirrored disks, power supplies and fans, with redundant CPUs and hot-bank memory available as an option. These additional features supplement the solution’s existing fault tolerance measures to ensure that PowerKeeper is continuously available and performing at optimal levels.

The HP ProLiant DL360 also provides additional capacity for users, managed systems and managed accounts using PowerKeeper. PowerKeeper is extremely scalable. Utilizing the HP ProLiant DL360 hardware and a proper design and deployment plan, PowerKeeper appliances can support a virtually unlimited number of managed devices within an enterprise.

For more information, visit us at www.symark.com.

Share or bookmarklet this web page at: