Blogger: Mark Diodati
You may have heard about Symark’s acquisition of BeyondTrust. Symark is best known for its UNIX security product- PowerBroker. BeyondTrust’s primary product is Privilege Manager. Privilege Manager provides authorization (specifically, privilege delegation) for the Windows platform. The product provides Windows Group Policy templates, which enable more granular privilege delegation.
Symark has taken the BeyondTrust corporate name. It’s likely that BeyondTrust will rename Privilege Manager to PowerBroker for Windows. The Privilege Manager acquisition enables BeyondTrust to leapfrog most of its UNIX security product competitors into the Windows access control market. Only CA has a companion product for Windows. Centrify, IBM, Novell, and Quest have roadmapped Windows authorization capabilities for next year (for most of the vendors). It’s interesting that the UNIX security market leaders – CA and BeyondTrust – now possess Windows security products.
I have been skeptical for many years about necessity of a Windows product that is analogous to the classic UNIX security product. Microsoft Windows already provides the functionality that the UNIX security products provide, including centralized IdM, privilege delegation, event auditing, and finer-grained discretionary access control lists (as compared with the standard UNIX model). Windows systems clearly have a different security model and policy enforcement points (PEPs) as compared with UNIX systems. The different PEP model results in distinctive policy sets within the UNIX security product.
Still, “I want (fill in the blank with your favorite UNIX security product) for Windows” is a common utterance from customers; I have heard it, and I know that the UNIX security vendors have heard it, too. When the conversation goes a little deeper, product requirements become more ambiguous.
Ultimately, I think that customers are looking for common activity and forensic auditing, and a single place to analyze the access rights of privileged users. It remains to be seen if a Windows PEP or if privilege restriction capabilities are required.
We’re living in interesting times. Either by acquisition or development, the AD Bridge, UNIX security, privileged account management, and Windows authorization vendors are beginning to cross over into different product classes. Burton Group will be discussing this trend in our September TeleBriefing on September 29/30 – “Markets Colliding: UNIX Security, Active Directory Bridge, Privileged Account Management, and Windows Authorization” (subscription required).
For more information on UNIX security products, please see the IdPS report “Providing a Strong Foundation: The Resurgence of UNIX Security Products” (subscription required).