Release Notes
One Identity Safeguard for Privileged Sessions 6.2
Release Notes
September 2019
These release notes provide information about the One Identity Safeguard for Privileged Sessions 6.2 release.
Topics:
About this release
One Identity Safeguard for Privileged Sessions Version 6.2 is a release with new features and resolved issues. For details, see:
|
|
NOTE:
For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide. |
About the Safeguard product line
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software suite
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
-
One-stop solution for all privileged access management needs
-
Easy to deploy and integrate
-
Unparalleled depth of recording
-
Comprehensive risk analysis of entitlements and activities
-
Thorough Governance for privileged account
The suite includes the following modules:
- One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
-
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
-
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
New features
New features in SPS 6.2:
Search improvements
-
Analytics information can now be displayed also on the Search Master node of an SPS cluster.
-
Frequent Item Set (FIS) analysis is available on the Search interface. The FIS flow view is similar to the flow view analytics overview, except that the FIS flow view only displays data narrowed down to a single user's previous sessions in the analysis period. For details, see "Visualizing Frequent Item Sets on the FIS flow view" in the Administration Guide.
Figure 1: Search — The FIS flow view (close-up)
Using SPS with SPP
To further improve the cooperation of SPS and SPP, using the two deployments in a Sessions-initiated workflow has been greatly improved. For details, see "Configuring the Sessions-initiated workflow" in the Administration Guide.
SSH improvements
-
If you do not specify the username or the address in nontransparent SSH and Telnet connections, One Identity Safeguard for Privileged Sessions (SPS) displays an interactive prompt where you can enter the username and the server address.
-
Kerberos-based authentication in SSH sessions has been improved. For details, see "Kerberos authentication settings" in the Administration Guide.
-
Resolving hostnames in Channel Policies can now use a custom Domain Name server. For details, see "Creating and editing channel policies" in the Administration Guide.
RDP improvements
-
Transferring files between the target server and the client host using the Clipboard can now be audited. The transferred files can be extracted from the audit trail using a command-line tool. For details, see "Export files from an audit trail after RDP file transfer via clipboard" in the Safeguard Desktop Player User Guide.
Join SPS to SPP improvements
Joining your One Identity Safeguard for Privileged Sessions (SPS) deployment to your One Identity Safeguard for Privileged Passwords (SPP) deployment now supports the Sessions-initiated (SPS-initiated) workflow as well. For details, see "Joining SPS to SPP" in the Administration Guide.
Changes in the external indexer
|
|
NOTE:
Due to legal reasons, installation packages of the external indexer application will be available only from the SPS web interface. After SPS versions 6.3 and 6.0.2 are released, the installation packages will be removed from our website. |
REST API improvements
You can now configure Telnet Connection Policies from the /api/coniguration/telnet endpoint of the API.