Least Privilege Management Software
Eliminate local admin, enforce least privilege access control, and efficiently achieve compliance across physical and virtual Microsoft Windows and Mac desktops – without disrupting user productivity or compromising security.
Why Organizations Need Windows Desktop Least Privilege Management
The majority of Microsoft system vulnerabilities disclosed in 2014 - 80% - could have been mitigated by removing administrator rights from users. This is a security gap that could lead to an embarrassing breach, not to mention a compliance problem. Although users should not be granted local administrator or power user privileges in the first place, sometimes certain applications require elevated privileges to run. For example, users often need to install printers or approved software, or change network settings on their own machines.
Additionally, almost every Mac user receives local administrator access or knows the administrator account password by default. This can create serious security, compliance and operational challenges for desktop and operations teams. Given the proliferation of corporate supported Macs and Bring Your Own Device (BYOD) programs, it’s clear that IT organizations face a growing problem. Until now, there has been no effective or efficient solution to address the problem of OS X users with excessive privileges.
The process to restrict or enable privileges – called enforcing least privilege access control – is complex and time-consuming, but it must be done to support compliance mandates and to address security risks. The real consideration is to do this without obstructing user productivity or overburdening the Help Desk.
Benefits of Least Privilege Management
A least privilege management solution should eliminate administrator privileges, simplify the enforcement of least privilege access control policies, maintain application access control, and log privileged activities across physical and virtual Microsoft Windows and Mac desktops. These capabilities will help close security gaps, improve operational efficiency and achieve compliance objectives faster by:
- Eliminating local admin rights from users accessing desktops or virtual Windows environments, gaining control over privileges and reducing risk
- Elevating privileges only when needed across applications – not users – maintaining user productivity and IT operational efficiency without compromising security
- Logging, auditing and reporting on activities that occur when privileged access is granted to applications, helping to address compliance requirements
- Helping IT be smarter and make better decisions, providing better user and asset intelligence and helping to reduce risk across the environment
Easy and Secure Least Privilege Management
BeyondTrust PowerBroker for Windows and PowerBroker for Mac reduces the risk of privilege misuse on physical and virtual Microsoft Windows desktops and Mac desktops. By eliminating Windows administrator privileges, simplifying the enforcement of least privilege policies, maintaining application access control, and logging privileged activities, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster. PowerBroker for Windows enables you to:
- Grant privileges to applications and tasks – not users - without providing administrator credentials, helping IT to achieve the best practice of least privilege access control and closing potential security gaps
- Eliminate local admin privileges from desktop machines, gaining control over user privileges
- Assign only the required privileges to specific applications, rather than giving those privileges to the user
- Reduce the attack surface while stopping malware before it is installed by ensuring users are only running approved applications with the proper privileges
- Provide a technique for using real domain or local privileges when required, helping to solve the problem of remote password change requests
- Deliver comprehensive audit and reporting capabilities including Vulnerability-Based Application Management, as well as session, event, and file integrity monitoring to protect the applications that house important data
- Meet internal and external compliance needs by ensuring all users log on with a standard user account, and monitor their activities
- Utilize the BeyondInsight IT Risk Management Platform, so security and IT teams can enforce standard user access on desktops and servers, elevate only the applications and tasks requiring administrative access, and report on findings – regardless of the size of the organization and through a single pane of glass.
Least Privilege Management Webinars
Least Privilege Management Documents
Least Privilege Management Blog Posts
Prevent Pass-the-Hash Attacks by Securing Local Windows Administrators with LAPS
Join Windows & IT Security Expert, Russell Smith in this upcoming webinar where he will show you how to configure Microsoft's free Local Administrator Password Solution (LAPS) tool to secure local administrator accounts. Organizations often use the same password for local administrator accounts across all devices, leaving them vulnerable to Pass-the-Hash (PtH) attacks, which can result in sensitive domain credentials being exposed. LAPS automates regular changes of local administrator passwords, and securely stores passwords in Active Directory (AD).
Advanced Windows Tracing: A Deep Dive into Windows Monitoring Techniques
Join Security MVP, Paula Januszkiewicz, who will show Windows administrators how to be more aware of what happens whenever somebody does something within the system. Attendees will learn what activities can be traced and monitored; starting from simple scenarios then ending with the exact steps a hacker may take to compromise a system.
The Insider Threat is Real
Join Derek A, Smith, Director of Cybersecurity Initiatives, National Cybersecurity Institute at Excelsior College, for a discussion of how to detect, deter and mitigate insider threats.
A Security Expert's Guide: The Windows Events You Should be Tracking and Why
Join Windows Security Expert and MCSE, Russell Smith, who will discuss the Windows Events you should be tracking right now and why. He will also show you how to set up Event Log subscriptions so you have better monitoring across your Windows environments.
How to Stop Pass-the-Hash Attacks on Windows Desktops
Join BeyondTrust and Dave Shackleford, SANS analyst and owner of Voodoo Security, for a discussion of how Pass-the-Hash attacks work and how to secure your organization against them.
Improving Windows Security and User Empowerment
Join this engaging webcast with Derek Schauland, Microsoft MVP, and learn how you can effectively amp up your Windows desktop security while still empowering users to get their jobs done. Learn how PowerBroker for Windows helps companies work with User Account Control to ensure that employees can access the applications they need without needing it to disable the feature.
Minimizing the Impact of Restricting Admin Privileges for End Users
Join BeyondTrust security experts to learn about how this forced change impacts your operations and what you can do today to minimize that impact.
Securing Windows Server with Security Compliance Manager
In this webinar, Russell Smith explains how to use Microsoft's free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.
PowerBroker for Windows
Download this overview document containing capabilities, highlights and competitive advantages of our PowerBroker for Windows privilege and session management for Microsoft Windows. PowerBroker for Windows is a simple, fast and flexible solution for privilege management and application control on physical and virtual Microsoft® Windows desktops and servers, helping administrators protect against both internal and external threats, including the accidental or intentional misuse of privileged access.
PowerBroker for Mac
Download this overview document containing capabilities, highlights and competitive advantages of our PowerBroker for Mac privilege and session management for Mac OS X. PowerBroker for Mac is a simple, fast and flexible solution for privilege management and application control on Apple Mac®, Macbook®, Macbook Pro®, Macbook Air®, or Xserve®, helping administrators protect against both internal and external threats, including the accidental or intentional misuse of privileged access.
Application Control: The PowerBroker for Windows Difference
Discusses how application control solutions are designed to block the execution of unauthorized applications and how PowerBroker for Windows is the next-generation solution for application control. When integrated with Windows, application privileges are simply controlled with just a few rules.
PowerBroker for Windows: Risk Compliance
BeyondTrust has developed patent-pending technology to fuse the risk of vulnerable applications, application control, regulatory compliance, and least privilege into the next generation of endpoint security solutions. This fusion addresses the concerns of whitelisting vulnerable applications and can match application privileges and runtime operations to regulatory compliance requirements based on abstract and industry standard risk concepts.
Not too long ago, I was sitting in a room with a very fluffy sales guy. In between words such as "we'll make this happen" and "leave it with me, I'll get it sorted" he asked the question "What is Privileged Account Management"? more
This webinar looks at using technologies native to Windows to minimize the risk of system and data compromise, including solving problems with legacy application compatibility in least privilege environments, application control, User Account Control (UAC), and embracing Microsoft’s application architecture (Windows Store apps) in Windows 8. more
Is 2015 the year you get a better handle on security? The news last year was grim – so much so, in fact, that many in the information security community despaired a bit. Really, the end-of-the-year infosec cocktail parties were a bit glum. OK, let’s be honest, infosec cocktail parties are usually not that wild... more
In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report... more
Before we start, let’s agree on three fundamental principles of protecting data: 1. Data is the most valuable asset your organization has (besides the folks who work for you anyway) 2. Data is like water – it will find the path of least resistance out of its current location 3. Based on its value and... more
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers. more
Part of working in IT means you put in your time “on-call.” Companies either don’t realize there is a better way to allow users to maintain administrative access to endpoints, or they remove admin rights from users but don’t account for the resulting operational inefficiencies. more
Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs. IT and security leaders have several technology alternatives to consider when seeking to implement application control in their... more
At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others.... more
It’s time to get back to business. Here in the U.S., summer vacations are wrapping up and businesses are looking forward to closing out 2014. Over the past year, we’ve seen several incidents that warrant changes in the ways consumers make purchases and businesses conduct transactions. Consider last week’s theft of a whopping 1.2 billion... moreSee all least privilege management blog posts