ONE IDENTITY
SAFEGUARD

Securely store, manage, record and analyze privileged access

ONE IDENTITY SAFEGUARD

Take the stress out of protecting your privileged accounts by securely storing, managing, recording and analyzing privileged access with One Identity Safeguard. Available as a hardened appliance with an intuitive interface, it satisfies your auditors and admins. It is an integrated solution that combines a secure hardened password safe and a session management and monitoring solution with threat detection and analytics.

ONE IDENTITY SAFEGUARD

Key features

Key features

Policy-based password release

Policy-based password release

You can request access and provide approval for privileged passwords and sessions from any device. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy.

User behavioral biometrics

User behavioral biometrics

The algorithms built into Safeguard inspect behavioral characteristics captured. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.

Full-session audit, recording and replay

Full-session audit, recording and replay

All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database.

Product family

Safeguard for Privileged Passwords

Safeguard for Privileged Passwords

Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. The user-centered design of Safeguard for Privileged Passwords means a reduced learning curve. The solution enables you to manage passwords from anywhere and using nearly any device.

Safeguard for Privileged Sessions

Safeguard for Privileged Sessions

Safeguard for Privileged Sessions enables you to control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to make searching for events and automatic reporting simple so you can easily meet your auditing and compliance requirements.

Safeguard for Privileged Analytics

Safeguard for Privileged Analytics

Safeguard for Privileged Analytics monitors questionable behaviors and uncovers previously unknown threats from inside and outside of your organization. By using user behavior analytics technology, Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action -- and ultimately prevent data breaches.

Safeguard Authentication Services

Safeguard Authentication Services

Integrate Unix, Linux and Mac OS X in Active Directory, while extending the compliance and security of AD to your enterprise using Safeguard Authentication Services. It creates an AD Bridge enabling users to log on to non-Windows systems using their AD credentials. With centralized authentication and single sign-on, you can improve operational efficiencies and achieve compliance with cross-platform access control.

Benefits

Protect against privileged ID theft and privileged insider misuse

Protect against privileged ID theft and privileged insider misuse

Identify high-risk privileged users, risky behaviors and unusual events

Identify high-risk privileged users, risky behaviors and unusual events

Easier compliance with efficient audit reports

Easier compliance with efficient audit reports

Faster incident response, IT troubleshooting and forensics

Faster incident response, IT troubleshooting and forensics

Simplified, yet comprehensive privileged account management

Simplified, yet comprehensive privileged account management

No changes to privileged user workflows

No changes to privileged user workflows

Quick ROI with simplified deployment and management

Quick ROI with simplified deployment and management

Features

Policy-based password release

Policy-based password release

You can request access and provide approval for privileged passwords and sessions from any device. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So, whether your policies consider the requestor’s identity and level of access, the time and day of the request, and the specific resource requested – or all of these — you can configure Safeguard to meet your customized needs.

User behavioral biometrics

User behavioral biometrics

Each user has its own idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard inspect these behavioral characteristics. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.

Change control

Change control

Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.

Full-session audit, recording and replay

Full-session audit, recording and replay

All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.

Authentication Services

Authentication Services

Integrate Unix, Linux and Mac OS X in Active Directory, while extending the compliance and security of AD to your enterprise using Safeguard Authentication Services. It creates an AD Bridge enabling users to log on to non-Windows systems using their AD credentials. With centralized authentication and single sign-on, you can improve operational efficiencies and achieve compliance with cross-platform access control.

Granular access control

Granular access control

Full support for SSH, Telnet, RDP, HTTP(s), ICA and VNC protocols. In addition, security teams can decide which network services (e.g. file transfer, shell access, etc.) within the protocols they want to enable/disable for administrators.

Command and application control

Command and application control

Safeguard supports both black listing and white listing of commands and windows titles. Predefined blacklist could include risky commands or texts, or suspicious window titles. In the case of detecting a suspicious user action, Safeguard can send you an alert or immediately terminate the session.

Full-text search

Full-text search

With its Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.

Discovery

Discovery

Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.

Approval anywhere

Approval anywhere

Leveraging One Identity Starling Two-Factor Authentication, you can approve or deny requests from anywhere – and with nearly any device -- without being on the VPN.