11 May 2021, 11:51
These release notes provide information about the One Identity Safeguard for Privileged Sessions 6.9.3 release.
One Identity Safeguard for Privileged Sessions Version 6.9.3 is a release with new features and resolved issues. For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
New features in Safeguard for Privileged Sessions (SPS) version 6.9.3:
You can display a banner with a configurable text on the web and console login screen of SPS. Users will see the banner every time they try to log in to SPS.
On SPS, navigate to Basic Settings > Management > Authentication banner.
Figure 1: Basic Settings > Management > Authentication banner — Adding the Authentication banner
The process of creating report subchapters from search queries has been redesigned and simplified.
The process of joining SPS to Starling has been redesigned and simplified.
Figure 2: Basic Settings > Starling Integration — SPS is ready to join Starling
On SPS, navigate to Basic Settings > Starling Integration.
The Authentication mode option enables you to select only the Enable Network Level Authentication option for higher security.
On SPS, navigate to RDP Control > Settings — RDP settings.
You can configure the allowed number of unsuccessful authentication attempts and the period after which the blocked users can attempt logging in again.
On SPS, navigate to Basic Settings > Local Services > Web login.
You can configure the minimum number of characters for the web login passwords.
On SPS, navigate to Users and Access Control > Settings.
You can access the relevant sessions that contain the search keywords by using the clickable QR codes, or by using the link provided with the QR codes.
Figure 3: Example of a clickable QR code in the report output
The Timeline tab has been enhanced and you can search in the screen contents of the audit trails using the Contents button.
For Radius, you can now use the MS-CHAPv2, which is the Microsoft version of the Challenge-Handshake Authentication Protocol.
The Enable RDP4 style authentication option has been removed.
The supported private key algorithms are RSA, DSA, and EC.
With the new reuse_limit parameter, you can now set the number of times that you can reuse the authentication cache before the Authentication and Authorization (AA) plugin requires from you a new authentication for the next session. The reuse_limit parameter has been added to the authentication_cache parameter class of the AA plugin.