Sales Engineer

RSAC 2026 vendor spotlight: Keeper Security. The PAM consolidation play: Keeper Security targets the enterprise where CyberArk left pain behind. Two years ago, Keeper Security occupied a well-defined but somewhat modest corner of the privileged access management market - a capable password management platform with PAM-adjacent capabilities that competitors and analysts alike quietly labeled "PAM-lite." That characterization no longer applies as Keeper arrived at RSAC 2026 as a full-stack PAM platform serving 90,000 business customers across 150 countries, freshly credentialed with FedRAMP High and GovRAMP High certifications, and carrying a product architecture that has fundamentally transformed from the ground up. The company's trajectory from consumer password manager to enterprise PAM contender tells an important story about how the identity security market is being reshaped by AI, non-human identity proliferation, and the accelerating cost of complexity. Eleven PAM solutions at one agency: the tool-sprawl crisis is real. The core problem Keeper addresses is not a technology gap - it is a governance gap created by decades of accumulating point solutions. Security leaders already know the symptoms: organizations running 50 to 100 disparate security products, often with multiple redundant PAM solutions in parallel. Keeper's team described a government agency managing 11 separate PAM platforms simultaneously, a scenario that is simultaneously absurd and entirely believable to anyone who has navigated enterprise security procurement over the past decade. This fragmentation destroys visibility, multiplies administrative overhead, and creates the kind of seam-riddled environments that attackers actively exploit. Underneath the tool-sprawl problem sits an even more fundamental one: credential exposure continues to drive more than 68% of breaches. Human credential mismanagement remains the dominant attack vector, but the emergence of non-human identities - service accounts, API keys, AI agent credentials - has expanded the attack surface dramatically and largely without sufficient governance. Enterprises are deploying AI agents and hooking them directly into critical infrastructure while NHI management remains, at most organizations, a largely manual and deeply inconsistent afterthought. Persistent over-provisioning compounds the exposure: IT administrators, under perpetual pressure to keep operations running, default to granting excessive access rather than risk a 3 a.m. call from an executive locked out of a critical system. One vault, every identity: the architecture competitors can't easily copy. Keeper's architectural answer to this complexity is consolidation through a unified, vault-centric platform. Every capability - password management, secrets management, database access, zero trust network access, remote browser isolation, just-in-time provisioning, and endpoint privilege management - operates from a single interface built on a zero-knowledge architecture that Keeper has held since its founding. KeeperDB, the platform's newly launched database management capability, illustrates the practical value. Supporting eleven database types across a natural language interface, it gives non-technical users - line-of-business leaders, compliance officers, operations managers - direct, credentialed, session-recorded access to query databases without requiring SQL expertise or an engineering intermediary. Every session injects credentials automatically, records screen and keyboard activity, and maintains a full audit trail. For organizations grappling with the access-democratization challenge that AI tools are accelerating, this capability closes a meaningful gap. The MCP integration for agentic AI extends Keeper's governance posture directly into AI workflows. Through a running MCP server, AI agents operate on vault-stored secrets with human-in-the-loop permission controls - each action requires explicit approval before execution, maintaining the kind of human oversight that responsible AI deployment demands. The AI-powered session monitoring layer adds a behavioral detection capability that terminates sessions exhibiting high-risk command patterns in real time, informed by the LLM provider of the organization's choosing, with configurable aggressiveness thresholds and manual override rules. Just-in-time provisioning with ephemeral account creation and automated destruction rounds out the zero-standing-privilege model. What to know before you deploy. Keeper deploys through a gateway model - lightweight instances running on Windows, Linux, or containerized environments that communicate outbound over port 443 through TLS-encrypted tunnels, eliminating the need to open inbound security system rules. Load balancing and automatic failover are built in. For organizations migrating from legacy PAM platforms, the consolidation journey itself represents the primary complexity: rationalizing entitlements, decommissioning redundant tools, and retraining administrators who have spent years inside platforms like CyberArk. The AI session monitoring capability, currently covering SSH sessions, is expanding to RDP, remote browser isolation, and database connections, and teams evaluating the platform today should factor that roadmap into their deployment planning rather than treating current coverage as the final state. Why this matters. The enterprise security market is drowning in PAM proliferation at precisely the moment when the identity threat surface is expanding fastest. NHIs are multiplying faster than organizations can govern them, AI agents are acquiring access to critical systems with minimal oversight, and the human tendency to over-provision rather than over-restrict continues to leave standing privilege exposed across the enterprise. Keeper's platform - unified, zero-knowledge by design, and increasingly AI-native - addresses all three dimensions from a single architecture. Security teams evaluating their PAM strategy, particularly those already frustrated with the operational burden of incumbent platforms, have strong reason to put Keeper through a formal evaluation. The combination of enterprise-grade depth and an accessibility model designed for every user in the organization, not just IT administrators, positions Keeper as a genuinely differentiated option in a market that has long rewarded complexity over usability.

Keeper Security expands Privileged Access Management Browser Isolation to support advanced web browsing workflows. Apr 09, 2026, 07:00 ET New capabilities remove usability barriers by enabling multi-tab browsing, secure file upload/download and KeeperAI threat detection within privileged vault sessions CHICAGO, April 9, 2026 /PRNewswire/ - Keeper Security, the leading zero-trust and zero-knowledge Privileged Access Management (PAM) platform, today announces the release of new Remote Browser Isolation (RBI) capabilities within KeeperPAM, delivering major adoption and usability improvements for modern web workflows within privileged vault sessions. These enhancements address a persistent challenge in zero-trust environments: enabling secure, policy-driven access to dynamic, multi-tab web applications and file-based workflows directly within privileged sessions. With support for multi-tab browsing, secure file uploads and full JavaScript interaction, Keeper is closing the gap between security and productivity in remote, browser-based access. Additionally, Keeper is extending its AI-powered session monitoring capabilities to additional protocols, including RBI. Powered by KeeperAI, these sessions can be continuously analyzed, summarized and evaluated in real time to detect anomalous behavior and ensure activities remain within the scope of assigned privileged tasks. "Many organizations deploy remote browser isolation selectively because traditional RBI breaks modern web workflows, forcing users to bypass controls when tasks become impractical," said Craig Lurey, CTO and Co-founder of Keeper Security. "Keeper's updates remove the most common challenges to ensure users have a seamless experience while enabling continuous monitoring and intelligent threat detection across every privileged session." KeeperPAM's RBI ensures secure, efficient and VPN-less access to cloud-based and internal web applications directly from the Keeper Vault. By hosting browsing sessions in a controlled remote environment, RBI isolates web browsing activities from end-user devices, mitigating data exposure risks if a device is compromised. All sessions are fully integrated into Keeper's privileged access workflows, providing centralized visibility, auditability and AI-driven risk analysis. Key features of RBI include: * Secure access without a VPN: Securely access non-hardened websites and tools without the need for a VPN. * Recorded web sessions: Meet compliance and auditing requirements with fully recorded website interactions, and full session visibility and control. * Controlled web browsing: Provide access to a pre-approved list of URLs within a secure browser environment. * Password auto-fill: Automatically fill login and password details into isolated browser sessions without ever transmitting credentials to the user's device. * AI-powered session monitoring: Leverage KeeperAI to analyze session activity in real time, generate summaries and detect anomalous or out-of-scope behavior. Remote Browser Isolation That Works With Real-World Web Applications Historically, RBI solutions have imposed significant usability constraints, limiting adoption and driving some users to bypass controls when workflows become too restrictive. The latest update of RBI enhancements within KeeperPAM directly addresses these challenges. * Multi-tab support inside RBI sessions allows users to open and navigate multiple tabs and windows within a single isolated browser session. This enables seamless interaction with modern web applications, including workflows that rely on pop-ups, redirects and Single Sign-On (SSO), without restarting sessions or breaking isolation boundaries. * Native JavaScript alerts, prompts and confirmation dialogs are now fully supported within RBI, ensuring web applications behave as expected. Users can also suppress excessive or malicious alert loops, maintaining control when web pages malfunction or behave unexpectedly. All activity within these sessions is continuously monitored by KeeperAI, enabling security teams to validate that user actions align with intended workflows and detect potential misuse in real time. Together, these enhancements enable organizations to deploy RBI more broadly across business-critical web access scenarios, reducing friction while maintaining strict isolation from endpoint devices. Secure File Uploads That Don't Break Isolation KeeperPAM introduces administrator-controlled file uploads through Remote Browser Isolation, addressing another common limitation that has historically forced users to step outside protected environments. When explicitly enabled by administrators, users can upload files to permitted websites directly within an isolated session, supporting workflows such as document submissions, video uploads and web-based collaboration. File uploads are disabled by default and must be intentionally authorized per connection, reinforcing Keeper's least-privilege security model. This capability is particularly valuable for organizations that need to securely access high-risk or externally hosted web platforms while preventing malware exposure, data leakage or credential compromise on local endpoints. Purpose-Built Zero-Trust Access Remote Browser Isolation is fully integrated within KeeperPAM, Keeper's cloud-native privileged access management platform, and can also be deployed as a self-hosted, on-premises solution. Built by the original creators of Apache Guacamole, Keeper's session management technology delivers fast, agentless access to infrastructure, web applications and isolated browsing sessions with full session recording and zero-knowledge encryption. By advancing remote browser isolation to support the needs of users, Keeper continues to demonstrate that strong security controls do not need to come at the expense of usability or productivity. As zero-trust architectures mature, security controls must support real-world workflows instead of forcing exceptions. These RBI enhancements will be available within KeeperPAM through Gateway 2.24 and Keeper Vault 17.6 in the coming weeks. About Keeper Security Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organizations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM(R), is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognized for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organizations to defend against modern adversaries at KeeperSecurity.com. SOURCE Keeper Security