Technology Record - Issue 25: Summer 2022

92 P ROF I L ED : B E YONDT RU S T BeyondTrust is a leading provider of privileged access management solutions. More than 20,000 customers, including over 70 per cent of the Fortune 500, use BeyondTrust’s three core solutions to secure their environments and gain control to reduce risk, achieve compliance, and increase operational performance. Morey Haber, chief information security officer, is responsible for internal and cloud security for over 4,000 cloud deployments used by customers. After being impressed by a demo of Orca Security’s platform, Haber and his cloud team ran a trial of the solution. “We had it installed, and it was working for us within a few days,” says Haber. “The platform produced better results and more visibility than competing agents ever gave us. Before Orca Security, agents only gave us visibility into instance runtimes, but they didn’t show us the rest of the environment. We were very impressed.” While most Orca customers use the platform to assess their own cloud workloads, as a security vendor BeyondTrust monitors workloads running cloud solutions being used by its clients. “BeyondTrust’s Privileged Remote Access enables third-party access to a client’s environment to monitor heating, ventilation and air conditioning systems, make sure printers are working, or whatever the need might be,” says Haber. “Our solution performs a credential injection to target systems, so the third parties don’t know or see the passwords at all. Once they’ve logged in, the product screenrecords and documents everything they’re doing enabling a true zero-trust architecture for remote access.” The Orca platform ensures that nothing is open or misconfigured, that no instances are missing patches, and that no vulnerabilities exist in BeyondTrust’s cloud environment. “Here’s another example where Orca showed significant value,” says Haber. “We installed a new firewall for one of our products. Orca Security quickly flagged that a misconfiguration existed in the default settings and we were able to correct it right away. How else would we have seen that? An agent wouldn’t have helped since it was on the outside, but Orca caught it. To me, that is invaluable.” To earn customers’ confidence, BeyondTrust maintains Service Organisation Control and ISO compliance, which is fully certified across its Azure platform. A client might also license its technology for use in a Payment Card Industry (PCI) zone, making PCI compliance critically important. Orca Security has built-in compliance modules that help Haber document compliance requirements. When BeyondTrust has to include any agent bundles it wants to include in one of its product offerings, it has to be included for the early stages of development through quality assurance and into production. This helps to ensure that the agent provides the required output of data without crashing, but with thousands of agents, one or more will eventually fail. This requires BeyondTrust to troubleshoot and update a customer’s production environment. However, Orca enables it to avoid those problems entirely. “Agents cause multiple points of friction including installation, maintainence, and crashing. They also take up valuable CPU capacity. With Orca Security, I’m not paying for the runtime of an agent hitting a CPU, and I have no change control risk of bringing an BeyondTrust used the Orca Security platform to provide its clients with visibility into its cloud environments to ensure they remain secure and compliant Visibly secure “ The platform produced better results and more visibility than competing agents ever gave us” MOREY HABER, BEYONDTRUST

RkJQdWJsaXNoZXIy NzQ1NTk=