00:00 - Who is Thycotic & What is Thycotic Secret Server
03:26 - User Permissions and Role-Based Access
04:16 - Strong Authentication
05:04 - Active Password Management
07:37 - Reduce Exposure
10:00 - Your IT Admin Leaves
10:54 - Managing Service Accounts
12:14 - Securing Local Accounts
13:13 - Sensitive File Vaulting
13:57 - Break the Glass
http://thycotic.com/products/secret-server | Secret Server is a web-based repository where you can store all your privileged account information, and with over 3,500 customers worldwide about 200,000 IT admins use the product on a daily basis.
This is a summary of the content of this video:
‘Privileged accounts’ refers to Unix root accounts, local Windows admin accounts, active directory domain accounts, database accounts—accounts shared between administrators within your organization. All admins can access their accounts just using the browser. There's nothing they have to install on their desktop in order to access these particular accounts. It's an asp.net web application so it's on the Microsoft stack all the way down through SQL server.
What are ‘secrets’?
Accessing Secret Server is very simple. (Architecture diagram)
Secret Server is a security tool. Everything is fully and completely audited. You have the entire history of everything that a user has done within the system: every time a secret is looked at, or anybody accessing anything within the system itself.
Secret Server changes and maintains passwords for you … You simply hit a button saying a person has left [the organization], and Secret Server will automatically change all the passwords that particular person has seen.
Role-based access control is fully customizable … You might want an auditor, who can't see any of the data or any of the passwords, to look at the logs and make sure that the accounts are changing on the appropriate schedule, or ensure that the people from the proper teams are the only ones that have access to a particular account or password. This is very different than having an encrypted Excel spreadsheet or a key pass database where, once you have access to the database, you have access to everything.
Secret Server’s security features. [Screen images]
Risks that today’s companies are facing. Failing compliance audits … PCI, HIPAA, and SOX compliance.
External threats … external hackers are trying to get into businesses by using privileged account escalation to elevate their privileges across the network, and then doing real damage.
Internal threats … these come from disgruntled employees, or people that are hired with malicious pretenses.
Automatically rotate your privileged account passwords, especially on service accounts, either on a schedule or on demand. With Secret Server it's very easily done just with a click of a button.
Reduce exposure to passwords with Secret Server.
Secret Server’s one-time passwords.
Request access and approve access to a secret.
What happens when somebody leaves the organization, especially an IT admin who's been critical around your infrastructure and has access to a lot of accounts? Within Secret Server there's a custom built-in report where you can just click a button to see everything that this person has accessed within a given time frame. Once you have that report, you can click one more button that expires every single one of these secrets.
Manage your service accounts with Secret Server … A service account can be any type of account that has that password stored and used in other locations.
Discover accounts with Secret Server … Let's say, for example, you have a service account that you've been using for years and it's just running Windows services left, right, and center. You can run discovery once, find that account, find all of the places where it's being used, and then just with a few clicks of a button, bring all of that data into Secret Server. You can manage that account, change the password, and then update all of the services where it's being used.
Manage local account credentials with Secret Server. Using Secret Server you can automate the process of rotating and controlling access to local account passwords very easily.
Store any type of data you want with Secret Server, for example, file attachments and SSH keys.
Secret Server’s Break the Glass feature.
Secret Server delivers the best value in the industry. It is designed to be the fastest to deploy, easiest to use, most customizable enterprise-class tool, and delivered to you at substantially less money. We make great products, with great support, delivered at a great price. That is what sets us apart from the rest.
Start a free trial to see for yourself: