BalaBit IT Security - CSI

One Identity Safeguard

Securely store, manage, record and analyze privileged access

The methods that hackers use to gain access to your systems and data are constantly evolving. Ultimately, hackers want access to your privileged accounts as they provide unlimited access to systems and data. In nearly every recent high-profile breach, lapses in privileged account management have been exploited. To limit the damage when a breach occurs, you need a secure, efficient and compliant way to provide access to privileged accounts.

Take the stress out of protecting your privileged accounts by securely storing, managing, recording and analyzing privileged access with One Identity Safeguard. Available as a hardened appliance with an intuitive interface, Safeguard can detect and halt unknown threats while satisfying your auditors and admin. It is an integrated solution that combines a secure hardened password safe and a session management and monitoring solution with threat detection and analytics.



Policy-based release control

Using a secure web browser with support for mobile devices, you can request access and provide approval for privileged passwords and sessions. Requests can be approved automatically or require dual/multiple approvals based on your organization’s policy. So whether your policies consider the requestor’s identity and level of access, the time and day of the request attempt, and the specific resource requested – or all of these — you can configure One Identity Safeguard to meet your customized needs. Plus, you can input reason codes and/or integrate with ticketing systems.

Full-session audit, recording and replay

All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed, and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.

Change control

Supports configurable, granular change control of shared credentials, including time-and last-use-based, and manual or forced change.

User behavioral biometrics

Each user has its own idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard for Privileged Analytics inspect these behavioral characteristics captured by Safeguard for Privileged Sessions. Keystroke dynamics and mouse movement analysis not only help you identify breaches, but also serve as a continuous, biometric authentication.


Quickly discover privileged accounts or systems on your network with host-, directory- and network-discovery options.