We are pleased to announce the 5.3 release of BeyondTrust Defendpoint, our market-leading solution for enabling users and administrators to work securely and efficiently—without the need for Windows admin rights. Version 5.3 introduces Power Rules, a business rules engine that enables customers to more easily configure Defendpoint to their unique business requirements and integrate Defendpoint into other systems. Power Rules helps speed decisions on whether to allow an application to run, or allow it to run with admin rights, by automating the integration of third party intelligence sources.
Based on PowerShell, organizations can simply write a script and embed it in the policy itself. For example, when it runs, the PowerShell script can automatically trigger a service desk workflow, raising a ticket with your helpdesk that provides all of the information they require about the application or task. Or, it can call out to a third party to check the hash, or to a vulnerability management system to check for CVEs on the application, thereby adding custom logic to building Defendpoint rules.
Power Rules for ServiceNow
The first Power Rules integration available is with ServiceNow. This integration enables the submission of a ticket to the IT team, so that they can make an informed and expedited decision on the user’s request to run an application, installation, script, or task.
In the default configuration, when a user runs an application that you are targeting with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes caller, a short description, and a complete description that includes the business justification, the program name, program publisher, program path, challenge code, and the business justification the end user provided.
Administrators can then take action on the incident in ServiceNow and supply the end user with a response code. The end user can then use the response code to 'unlock' the application, allowing it to run.
Using the ServiceNow integration is simple - just create a new Power Rule in any workstyle or set any existing rule to use a Power Rule and import the integration script. Any application that matches the rule will then trigger your ServiceNow workflow. And because the integration is scripted, it can easily be tailored based on your own ServiceNow workflows.
Kris Zentek, Senior Product Manager
Kris Zentek is a Senior Product Manager at BeyondTrust, focusing on Endpoint Privilege Management solutions. Based in the UK, he has over 20 years of experience working in the cybersecurity industry.