Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.
Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.
Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.
Keeper Security Privileged Access Management (PAM) Insight Report
Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:
- 87% of respondents said they would prefer a simplified version of PAM that is easy to deploy and easy to use.
- 68% of respondents said their current PAM solution has several features they don’t need.
- 84% said they want to streamline their PAM solution in 2023.
KeeperPAM is Revolutionizing Privileged Access Management (PAM)
With KeeperPAM, credential rotation is simple:
- No cumbersome installs
- No need to open firewalls
- No need to create certificates
- No need to make network changes
- No agents are required
- No need to open any external ports, the solution uses SSL to communicate with Keeper
- No command line tools or scripting needed
- On-demand and automated rotation with a flexible schedule
- Rotate on-premises and cloud credentials/records
- Flexible post-rotation actions
Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM – delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.
Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.
Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.
Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.
Password Rotation Features
- Automatically rotate credentials for machines, service accounts and user accounts across your infrastructure
- Schedule rotations to occur at any time or on demand
- Perform post-rotation actions such as restarting services, or running other applications as needed
- Secure storage of credentials in the Keeper vault
- Control and audit access to credentials
- Log all actions to Keeper’s Advanced Reporting and Alerts Module (ARAM)
- Create compliance reporting on shared privileged accounts
How KeeperPAM Password Rotation Works
Establish a Gateway
Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.
The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.
Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.
Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.
Source: Keeper Security