Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Cyber security is easy! Don’t believe me? It’s all about quick and effective implementation

October 20, 2017

  • Blog
  • Archive

I know from my experience of deploying privilege management in global organizations that people think it’s going to be hard. Every organization is facing an endpoint security balancing act. On one hand employees, and their endpoints, need to be secure. But on the other hand, many employees require a free and flexible operating environment.

The paradox that exists between these two polar opposites is what organizations most struggle with, and it’s why projects get delayed or avoided. IT and security professionals hear removal of admin rights and allow listing and believe it’s going to be too difficult – but it seriously doesn’t have to be...

Think of security as a sliding scale

Let’s consider zero to be least secure and 10 to be the security ideal. With a simple and smart approach to its deployment, Defendpoint can enable an organization to significantly move up the security scale, quickly and easily, without impeding usability.

If we take a closer look at the security scale, position zero would result in the following:

  1. Everyone is given local administrator privileges
  2. All unknown applications are allowed to run
  3. All unknown content, emails, downloads and the like are able to be opened, with full access to the endpoint
  4. Ransomware and malicious payloads are able to embed deep into the system

At the other end of the scale, position 10 would result in:

  1. Everyone running with standard user privileges
  2. Applications requiring elevated privileges have custom-built privilege tokens applied, granting only the required privileges.
  3. Only approved line-of-business applications are allowed to run and are specifically identified
  4. Unknown and untrusted applications and content are automatically blocked

I see many organizations allowing a significant percentage of their users to log onto their endpoints as local administrators. If you allow this you are effectively at level zero. Corporate policies can be bypassed; security software can be disabled and users can run and install what they like. Removing admin rights can mitigate 94% of vulnerabilities on a Windows endpoint!

Everybody wants to get their security dial turned all the way up to 10 and Defendpoint can get you there. However, it’s important that we make sure the user experience isn’t hindered during this journey. If our desktops are secured to the extent that users can’t do their jobs, there will be resistance and typically the project will fail.

Defendpoint is a turnkey solution

We need to find the right balance between user freedom and security and that’s where Avecto’s expertise with Defendpoint comes in. We’ve used years of experience in policy config to develop an “out of the box” deployment experience with our brand new Quick Start policy. This approach significantly moves your organization up the security scale, getting to a 7 overnight and then working with you on fine-tuning.

We achieve this by:

  1. Enabling all users to run with standard user rights
  2. Automatically detecting applications requiring admin rights and elevating them if they’re safe applications
  3. Automatically approving line-of-business applications
  4. Providing gated access to user-introduced applications that may have a valid business use
  5. Automatically blocking potentially malicious user-introduced applications: users will be asked for varying levels of secure justification based on an application’s risk profile
  6. Empowering the user to self-elevate applications that they need

This allows your end users to continue to work uninterrupted, but with significantly less risk. If the user introduces unknown/untrusted applications, they can be blocked or asked for secure justification.

The Quick Start policy provides three workstyles out of the box: low flexibility, medium flexibility, and high flexibility. These have been developed from our experiences deploying to over 8 million endpoints and are designed to cater to the majority of implementation use cases.

Defendpoint’s enterprise reporting capabilities with trend analysis gather accurate user behavior data, identifying which applications have run with elevated privileges, which are executing from within the user’s profile area, and which applications are being installed. This data allows you to further turn the dial closer to 10, while maintaining a positive end-user experience.

See how Avecto's Quick Start policy can offer you the best time-to-value in privilege management:


For more information on how to achieve admin rights removal in your organization, you can check out my book, The Endpoint Security Paradox, available on Amazon <click here>

Read the press release announcing Defendpoint v5.0, now featuring the brand new Quick Start policy to make it quicker and easier than ever to achieve overnight success.

Andrew Avanessian,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.