These release notes provide information about the One Identity Safeguard for Privileged Sessions 6.4 release.
One Identity Safeguard for Privileged Sessions Version 6.4 is a release with new features and resolved issues. For details, see:
For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
New features in SPS 6.4:
The Asian language package for external indexer OCR is included in the basic SPS license. Uploading a license enabling indexing Asian characters is no longer necessary.
SPS now allows you to control and audit MSSQL connections. You can configure the related settings both using the web UI and the REST API. For details, see "MSSQL-specific settings" in the Administration Guide and "MSSQL connections" in the REST API Reference Guide.
Due to legal reasons, installation packages of the external indexer application will be available only from the SPS web interface. After SPS versions 6.4 and 6.0.3 are released, the installation packages will be removed from our website.
The value range of Disconnect clients when disks are: x percent used field in Basic Settings > Management > Disk space fill up prevention is now limited to 50-98 percent. For more information, see "Preventing disk space fill-up" in the Administration Guide
SPS allows you to use the following public SSH hostkeys.
RSA, which is the most widely used public-key algorithm for the SSH key.
One Identity recommends using 2048-bit RSA keys (or stronger).
Ed25519, which offers a better security and faster performance compared to RSA.
In SPS, Ed25519 SSH hostkeys are supported in both OpenSSH and PKCS #8 formats.
You can also have multiple SSH keys on SPS. This allows you to keep your old RSA SSH key and generate a new one that uses Ed25519.
When verifying certificates with Certificate Authorities, DER format Certificate Revocation Lists are now accepted too, in addition to PEM format CRLs.
The SPS user interface has changed. The change includes the main menu, user menu, and about page. For more information, see "The structure of the web interface" in the Administration Guide.
You can now generate screenshots for content search results using the REST API. For details, see "Generate and retrieve screenshot for content search" in the REST API Reference Guide.
You can now configure system backups using the REST API. For details, see "System backup policy" in the REST API Reference Guide.
You can now configure Telnet Authentication Policies using the REST API. For details, see "Telnet authentication policies" in the REST API Reference Guide.
You can now delete plugins using the REST API. For details, see "Delete a plugin" in the REST API Reference Guide.