KeeperPAM Automatic Password Rotation Increases Security and Simplifies Compliance.

Why Password Rotation?

According to the 2023 Verizon Data Breach Investigations Report (VDBIR), 74% of all data breaches involve the human element and 49% involve stolen credentials. Protecting passwords, credentials and secrets is a vital component to any cybersecurity strategy.

There are 24 billion passwords available for sale on the dark web, but organizations can reduce the time a compromised password is valid by limiting the lifespan of that password with rotation.

By enabling automatic credential rotation, organizations drastically reduce their risk of credential-based attacks while also enabling admins to:

• Enforce the use of strong passwords across systems and devices
• Prevent password reuse across multiple accounts
• Ensure passwords for privileged accounts have a limited lifespan
• Easily meet compliance standards and enforce internal policies for credential health

KeeperPAM – The Next-Gen Privileged Access Management (PAM) Solution

Designed to protect multi-cloud and perimeterless environments, KeeperPAM simplifies privilege management for every user, on every device, from every location.

KeeperPAM is enterprise-grade privileged access management that includes Keeper Security’s award-winning Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM). This zero-knowledge, zero-trust solution allows organizations to secure their most critical assets through a simple, unified platform.

Why Use KeeperPAM?

• Increase credential security via enforcement policy and audit trails
• Easily maintain and prove compliance during an audit
• Simple deployment with no agents required on every device
• No SSL certificates required for the gateway and no open external ports
• Uses built-in operating system tools for rotation so no custom software is required
• Seamlessly integrates into Keeper Secrets Manager and Keeper Connection Manager

Password Rotation is Essential to Meet Compliance

For many organizations, internal and compliance policies mandate regular password rotation. To meet these mandates, organizations must rotate passwords on all devices, including computers, servers and IoT devices.

With KeeperPAM, your team can define best practices and requirements for end users. Automation can also handle post-rotation operations such as restarting services or containers.

How KeeperPAM Password Rotation Works

Establishing a gateway

Keeper’s password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. An outbound connection to Keeper’s cloud security vault is created by the gateway, which establishes a secure tunnel for retrieving rotation requests.

The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets to perform rotation and communicate with the target device. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.

Vault configuration

The credential rotation is configured, managed and maintained completely through the Keeper Web Vault or Desktop App. Credential rotation schedules and settings are all stored as encrypted records in Keeper’s cloud vault.

Keeper’s automated password rotation is easy to deploy and manage. Users can quickly share access to records and manage which secrets are visible to the gateway using shared folders.