Keeper Security has announced a new feature which allows organizations to change their credentials automatically for various services.
The new Password Rotation feature covers Active Directory service accounts, Azure AD accounts, and AWS IAM accounts. It can also change SSH keys, passwords for Windows, Linux, and Mac users, database passwords, and more.
Keeper is best known for its password manager (in our view the best password manager for mid-sized firms), but Password Rotation comes as part of its Privileged Access Management (PAM) product, known as KeeperPAM, which provides “enterprise-grade password, secrets and connection management in one unified platform,” according to the company.
Keeper says that KeeperPAM was conceived to “address the cybersecurity industry’s growing demand for modern solutions that are cost-effective, easy to implement and engaging for end users.” According to its own survey data, a massive 92% of IT and security leaders who failed to fully implement a traditional PAM solution did so because they found them too complex.
What sets Password Rotation apart from features found in other PAM solutions is that it is managed through the cloud based vault and admin console interface via Keeper Gateway, a lightweight service that’s installed on the firm’s environment, be it on-prem or in the cloud. It’s multi-cloud routing infrastructure means that no firewall changes are necessary.
“Administrative passwords must be updated regularly and automatically to reduce the risk of password-based breaches and cyberattacks. Traditional PAM tools with password rotation capabilities are often expensive and difficult to deploy,” said Craig Lurey, CTO and co-founder of Keeper Security.
He added, “This leaves organizations that cannot afford or have never fully deployed those solutions vulnerable. We are excited to help minimize this risk with an affordable, modern and elegant solution that protects every user and every device in an organization.”
Password Rotation allows users to automatically rotate credentials for machines, service accounts and user accounts across their infrastructure, and schedule rotations to occur at any time or on-demand. All credentials can be stored in the Keeper Vault, and access to it can be controlled and audited.
They can also perform post-rotation actions such as restarting services or running other applications as needed. All actions can also be logged in Keeper’s Advanced Reporting and Alerts Module (ARAM), as well as third party SIEM providers. Compliance reporting on shared privileged accounts is also possible.
Password Rotation in KeeperPAM is available in the web vault, the Windows, Mac and Linux desktop apps, and the admin console. Admins can manage rotations for both the users and the records themselves, as well as create gateways, configure cloud environments and enforce least-privilege access. It employs zero-knowledge and zero-trust architecture, which encrypts and decrypts data at the local device level.