Delinea adds new features for its privilege manager and devops secrets vault that reduce friction on workstations and help balance security and velocity. This includes enhanced privilege elevation workflows and improvements to our native MacOS agent for the latest macOS Ventura.
Expanded SAML capabilities let organizations use their preferred Identity Providers for federated access. This reduces the risk of compromised credentials enabling lateral movement and ransomware attacks.
Delinea’s Privilege Manager now supports Windows Store applications
The Delinea Privilege Manager endpoint privilege management and application control solution enables privileged access monitoring, enforcement and elevation at scale. It combines best-in-class privileged account management, advanced PAM and unified security administration with powerful cloud-scale capabilities to reduce the attack surface and improve IT productivity.
The new feature enables IT to automatically discover Windows Store applications, and allows administrators to build policies that will granularly elevate privileges on demand for these apps based on observed behavior, without the need for password prompts or MFA. Combined with Privilege Manager’s Privileged Behavior Analytics, these updates further minimize how human accounts can be exploited by attackers to bypass authentication or gain access to critical systems.
With these additions, Privilege Manager now provides complete visibility across the entire Windows Server estate, and enables IT to monitor, identify, report on and prevent all kinds of malware and other attacks that can affect a corporate environment. The solution also enables IT to enforce least privilege policies at workstation level by removing local admin rights, which attract cybercriminals and increase the risk of ransomware attacks, and by allowing a limited set of privileges to IT-approved users.
Unlike other solutions that offer isolated, siloed functionality, Delinea’s Privilege Manager integrates with LDAP, Active Directory and other identity systems to provide one central platform for all workstation and application privilege management activities. Privilege Manager supports a variety of identity sources and can be deployed on premise or in the cloud for rapid deployment, high performance, and scale.
For US government customers, Delinea’s endpoint privilege management and remote-access management (PAM) solution, Connection Manager, can now be integrated with Microsoft Azure AD Government identities. This will enable enterprises to reduce their attack surface and ensure compliance with federal and state regulations.
In addition to these features, this release includes enhancements for the Privilege Manager UI, including an improved rich text editor for dialogs that open on Windows endpoint machines. This means admins can use this feature to customize the messages that appear on user machines and make them more informative for users. The UI also now provides additional context to help IT and security teams understand why a request was rejected, reapproved or failed.
Delinea’s DevOps Secrets Vault now supports Bring Your Own Key (BYOK) encryption key management for Amazon Web Services (AWS)
DevOps teams need on-demand access to tools, test servers, and production builds to administer systems and debug code. But hardcoded credentials in scripts, applications and configuration files increase the attack surface for external and internal threats – either malicious or accidental. With delinea’s DevOps Secrets Vault, you can centrally store and manage privileged secrets and passwords in an encrypted vault. When accessed, secrets are automatically rotated, and an audit trail records who accessed them.
With our new bring your own key (BYOK) encryption feature, DevOps users can securely access their own AWS keys to decrypt and view their privileged passwords. This enables users to control their own security and eliminates the need for third parties to have access to DevOps Vault data or credentials. It also increases security and reduces risk by ensuring that secrets are only decrypted by users who need them.
In this release of delinea’s Privilege Manager and DevOps Secrets Vault, administrators can use the new Targeted Computer Groups feature to limit a user’s visibility to smaller subsets of their computer groups. This enables them to restrict actions like managing policies and viewing passwords to inside the group, adhering to least privilege best practices and reducing risk. In addition, the Privilege Manager Server console now displays computer names of up to 16 characters.
Privilege Manager for workstations and cloud suite for servers automatically discover applications with administrator rights, even on non-domain machines, and apply control policies. Elevate, allow, deny, and restrict applications in a few clicks with a policy wizard. Prevent malware propagation and achieve least privilege compliance.
Delinea’s DevOps secrets vault enables secure, on-demand access to tools for software and infrastructure deployment, testing, orchestration, and configuration without the need to share private credentials. Using dynamic secrets, which are generated only when the tool needs them and expire after a defined period, prevents potential leaks of information such as credentials or tokens.
With a wide range of DevOps and other tools already supported, Delinea’s high-speed secrets vault provides easy integration with your development workflow. The vault enables GitHub action integration for automated deployment of code changes to source repositories, provides secure access to test servers with a single API call, and supports high-speed credentials management with Kubernetes sidecar containers.
Delinea’s DevOps Secrets Vault now supports GitHub action integration
Delinea’s flagship product, Privilege Manager, delivers granular control over local administrator rights on Windows and Mac workstations. Its privileged account management (PAM) solution includes a centralized vault, where credentials are stored securely, audited and rotated as part of an ongoing cycle. It also manages access to sensitive applications, reducing the risk of ransomware and other malware.
According to a recent study from the Ponemon Institute, 68% of organisations have experienced one or more endpoint attacks that successfully compromised data or IT infrastructure. A large number of these incidents were caused by insecure devops processes that allowed a malicious actor to gain privileged access and steal secrets from a system.
The new features in DevOps Secrets Vault eliminate a common source of these incidents by streamlining workflows and ensuring that developers use only the authorised version of a given tool. For instance, by integrating with GitHub Actions, developers will be able to fetch the latest version of a GitHub configuration from DevOps Secrets Vault and automatically apply it to their GitHub workspace. This will eliminate the need to store GitHub repository configurations on the local system, and ensure that all commands issued are traceable and accountable.
Another feature, Bring Your Own Key (BYOK) encryption key management for Amazon Web Services (AWS), provides the flexibility to allow developers full control over their own AWS keys, enabling them to encrypt and decrypt passwords and other secrets for secure use. This reduces the need for secrets to be stored in plain text and protected by the default AWS security policies, which are prone to compromise and can be exploited in lateral movement attacks.
DevOps Secrets Vault also enables developers to remove the need for hard-coded credentials in their software by allowing them to retrieve the required credentials from the centralized vault through API calls. This will enable them to create and deploy their applications with the same speed and ease that they do now, without sacrificing security or increasing vulnerability.
Delinea’s DevOps Secrets Vault now supports authentication by certificate
The unified vault of ThycoticCentrify (formed by the merger of identity security leaders Thycotic and Centrify) now supports authentication by certificate, improving its DevOps secrets management capability. It provides digital credentials that grant privileged access to applications, databases and CI/CD tools without interrupting developers’ high-velocity workflow.
Authentication by certificate is a more secure approach than traditional passwords and other types of one-time codes, because it verifies a user’s real identity based on their device, location and network. As such, it helps to prevent unauthorized access and protect sensitive information from leaking to third parties. This is particularly important for deploying privileged access management for DevOps.
In addition, Delinea has enhanced its Privilege Service solution to provide granular, browser-based access to infrastructure for IT administration teams, regardless of their physical locations or the type of devices they use to login. For example, IT admins can launch management sessions for infrastructure resources from the Privilege Service portal using SSH and RDP protocols with end-to-end encryption. This enables IT teams to manage infrastructure across the enterprise, and even from outside the corporate network, without needing to access a virtual private network (VPN).
Privilege Service also makes it easier for IT to monitor and control privileged session activity, helping to reduce the risk of unauthorized users gaining access to critical systems. The product can detect unauthorized sessions and record and audit the activities that take place during those sessions. It also provides alerts and notifications for suspicious or potentially dangerous activities, enabling IT staff to take quick action before a critical system is compromised.
Delinea’s suite of privileged access management products also includes CyberArk Privileged Access Manager, which can be deployed on-premises or in the cloud and handles the main PASM functionality for customers. In addition, it offers CyberArk Endpoint Manager for centralized access management of the corporate workstation fleet and CyberArk Vendor Management to manage remote privileged account access for vendors.
HashiCorp’s Vault solution is a popular privileged access management solution among G2 reviewers, with an average rating of 9.0 out of 10. The tool can store and securely control a variety of cryptographic objects, including passwords, tokens and certificates. Vault generates unique, ephemeral credentials for each privileged session and assigns them a time-limited lease. When the session is terminated, the ephemeral credentials are automatically destroyed.