Safeguard
Assist you in securely storing, managing, recording, and analyzing privileged access.
Hackers are continuously improving their methods to infiltrate your systems and data, with the ultimate goal of accessing your privileged accounts. In almost every recent high-profile hacking incident, privileged accounts have been compromised to gain unauthorized access to critical systems and data. With the Safeguard solution, you can mitigate potential damage by deploying a solution that ensures secure, efficient, and compliant access to privileged accounts.
For IT personnel, managing these privileged accounts with full access poses significant challenges for several reasons, including the sheer number of privileged accounts and the individuals requiring access to them. In addition to these challenges, traditional Privileged Access Management (PAM) solutions often involve complex architectures, lengthy deployment times, and heavy administrative demands.
PAM can be a significant challenge, but One Identity Safeguard is an integrated solution that combines a secure hardened password vault, connection management and monitoring, and threat detection and analytics. It enables you to securely store, manage, record, and analyze privileged access.
Gain secure privileged access without compromise
Reduce the burden of protecting privileged accounts through secure storage, management, recording, and analysis of privileged access, while meeting the needs of your administrators and auditors with One Identity Safeguard.
Safeguard Product Features
Safeguard for Privileged Passwords
One Identity Safeguard for Privileged Passwords provides automation, control, and security for the process of granting privileged credentials through role-based access management and automated workflows.
Designed with a user-centric approach, Safeguard for Privileged Passwords minimizes the learning curve, ensuring ease of use.
This solution enables you to manage passwords anytime, anywhere, from almost any device. It’s a powerful tool that protects your enterprise while delivering new levels of freedom and functionality for managing privileged accounts.
Safeguard for Privileged Sessions
One Identity Safeguard for Privileged Sessions enables you to control, monitor, and record privileged sessions of administrators, remote vendors, and other high-risk users.
The session activities are indexed in real-time, making it easy to query session events. This feature also helps simplify and automate report generation, streamlining audit and regulatory compliance processes.
Additionally, Safeguard for Privileged Sessions operates as a proxy, inspecting application protocol traffic and blocking any traffic that violates protocols, serving as a strong defense against potential attacks.
Safeguard for Privileged Analytics
One Identity Safeguard for Privileged Analytics performs user behavior analytics to identify previously unknown internal and external threats, as well as to detect and block suspicious activities.
Safeguard for Privileged Analytics prioritizes risks based on the level of potential threat, enabling you to focus on the most urgent threats and take immediate action to prevent data breaches.
Safeguard’s main features
Policy-based release control
Using a secure web browser with mobile support, you can request or approve privileged passwords and sessions. Requests can be automatically approved based on corporate policies, with options to require dual or multi-level approval.
With One Identity Safeguard, you can tailor configurations to meet your custom needs, factoring in the requester’s identity, access level, the time and date of the request, and the specific resource being accessed.
Full-session audit, recording and replay
Safeguard for Privileged Sessions can be deployed in transparent mode, requiring no changes to user workflows.
As a proxy gateway, Safeguard operates like a router within the network—completely invisible to both users and servers.
Administrators can continue using their familiar client applications to access target servers and systems without any disruption to their daily tasks.
Instant on
Safeguard for Privileged Sessions can be deployed in transparent mode, requiring no changes to user workflows. It operates like a router within the network, remaining invisible to both users and servers.
Administrators can continue using their familiar client applications to access target servers and systems without any disruption or interruption to their daily operations.
User behavioral biometrics
Every user has a unique behavioral pattern, even when performing the same actions, such as typing or moving the cursor. The algorithms built into Safeguard for Privileged Analytics analyze these behavioral characteristics (captured by Safeguard for Privileged Sessions).
Keystroke dynamics and cursor movement analysis help identify anomalous behavior and can also serve as continuous biometric authentication.
Policy-based release control
Using a secure web browser with mobile support, you can request access or approve privileged passwords and sessions. Requests can be automatically approved based on corporate policies, with options to require dual or multi-factor approvals.
One Identity Safeguard can be configured to meet your specific needs, taking into account factors such as the requester’s identity, access level, request time and date, and the specific resource being accessed.
Personal Password Vault
All your employees can store and generate random passwords for non-federated corporate accounts in a free personal password vault. This allows your organization to use an approved tool that securely shares and retrieves passwords, providing much-needed security and visibility for corporate accounts.
Favorites
Quickly access your most frequently used passwords directly from the login screen. You can centralize multiple passwords into a single "Favorites" list, allowing you to access all your accounts with just one click.
Discovery
Utilize hosts, directories, and networks as search options to quickly discover privileged accounts or systems on your network.
Real-time alerting and blocking
Safeguard for Privileged Sessions monitors traffic in real-time and performs various actions when specific patterns appear in the command line or on the screen. Predefined patterns can include detecting high-risk commands or text within text-based protocols, or suspicious window titles in graphical sessions. Upon detecting suspicious user activity, Safeguard can log the event, send alerts, or immediately terminate the session.
Command and application control
Safeguard for Privileged Sessions supports blacklisting and whitelisting of commands and window titles.
Wide protocol support
Safeguard for Privileged Sessions provides comprehensive support for SSH, Telnet, RDP, HTTP(s), ICA, and VNC protocols. Additionally, security teams can choose to enable or disable specific network services within these protocols (e.g., file transfer, shell access) for administrators.
Full-text search
The Optical Character Recognition (OCR) engine enables auditors to perform full-text searches, including commands and any text displayed on the screen during user sessions. It can even list file operations and the exact files transferred for review. The ability to search connection content and metadata accelerates and simplifies forensic investigations and troubleshooting.
Drop-in deployment
With appliance-based rapid deployment and streamlined traffic redirection, One Identity Safeguard enables you to start recording session activities within days without disrupting user operations.
RESTful API
Safeguard connects with other applications and systems using a modern REST-based API. Every feature is accessible through the API, allowing for quick and easy integration regardless of what you want to accomplish or the programming language your application is built in.
Change control
Supports configurable change control for shared credentials, including time-based and last-used changes, as well as manual or enforced changes.
The One Identity approach to privileged access management
One Identity offers the industry's most comprehensive privileged access management solutions. You can build precise authorization management solutions for UNIX root accounts and Active Directory administrator accounts on the foundation of One Identity Safeguard.
Additionally, it extends open-source sudo to enterprise-grade functionality and provides keystroke logging for UNIX root accounts. All these features are tightly integrated with the industry's leading Active Directory bridging solutions.
