| Data Breaches |
Protect against the leading attack vectors for
cloud security incidents, including credential
theft, privilege abuse, compromised remote access,
and lateral movement.
|
|
Misconfiguration and Inadequate Change Control
|
Enforce appropriate access and established
workflows for change control. Enable the security
team to discover misconfigurations in privileged
accounts.
|
|
Lack of Cloud Security Architecture and Strategy
|
Provide complete asset discovery to ensure all
deployed active resources adhere to cloud security
architecture, strategy, and governance.
|
|
Insufficient Identity, Credential, Access and Key
Management
|
Discover, onboard, and manage all types of human
and non-human passwords, keys, secrets, and other
credentials across the cloud. Securely inject
credentials into sessions without revealing the
passwords, and monitor every session involved in
privileged activity. Automatically rotate secrets
to manage credential threat and provide
obfuscation.
|
| Account Hijacking |
Protect credentials and enforce password security
best practices, such as complex passwords and
password rotation. Prevent and mitigate attacks
such as pass-the-hash, password reuse, and many
others. Also, apply robust session monitoring and
management with the ability to pause or terminate
suspicious sessions.
|
| Insider Threat |
Enforce least privilege across all users and
implement advanced application control to limit
lateral movement and privilege escalation. These
controls restrict the activities a user can
perform or execute to the minimum necessary,
protecting against both malicious and inadvertent
actions or errors. Command and script filtering
and session monitoring/management capabilities
provide additional protection against
inappropriate activity.
|
| Unsecure Interfaces and APIs |
BeyondTrust eliminates credentials embedded in
code, centrally vaults all secrets using a secure
API, and rotates credentials to prevent re-use
attacks.
|
| Weak Control Plane |
Proxy access to the control plane. Eliminates
unnecessary privileges and only enables the
minimum privilege needed for administration.
Manages, monitors, and audits control plane
sessions. Enforces credential security best
practices for all accounts accessing the control
plane.
|
| Limited Cloud Usage Visibility |
Discover and onboard all cloud assets. Monitor,
manage, and audit all privileged sessions in the
cloud, including for CI/CD DevOps automation.
Provide a holistic view of identities, across
clouds.
|
| Abuse and Nefarious Use of Cloud Services |
Enforce least privilege to limit activities to
only what is authorised. Prevent privileged
credential theft. Enforce advanced application
control to ensure only approved applications are
running, and only with the minimum necessary
privileges. Gain visibility and security around
shadow IT resources. Command and script filtering
ensure only the right commands can be executed,
and only within the proper context.
|
