Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Golden opportunity to tame application privileges

October 20, 2017

  • Blog
  • Archive

What is it about Windows XP that has made getting rid of an obsolete operating system so difficult? On the face of it, it should be no contest; XP is inherently less secure than its successors, will no longer receive essential updates, cybercriminals target it more often, and it doesn’t even support the latest secure applications. These factors add up to higher support costs and risk.

Despite this, a hardcore of businesses will continue to use it beyond April's cut-off date in order to support legacy applications they can't do without. Organizations facing this situation are in a bit of a bind, aware they must somehow keep XP on secure life support while planning for the inevitable migration to Windows 7 or 8 later on.

Securing XP while migrating to a completely different OS is a big ask but there are plenty of short term fixes on offer, including visualization and isolation, backed up by incredibly pricey extended support contracts at up to $200 a seat. These will do the job but they also turn XP into a patient demanding expensive full time care.

The alternative is to minimize the risks associated with XP using privilege management. This approach not only cuts XP’s security exposure on PCs where it remains still in use but gives organizations a powerful tool to aid their Windows 7 migration roll-out and security going forward.

Securing XP

The weakness of XP was its assumption that admin rights were an affordable luxury. Many programs needed them to work, as did laptop users making simple changes to settings such as adding printers. Pragmatically, admins granted admin rights because it made life easy, creating a hole cybercriminals exploited to install malware.

A least privilege system supporting XP in addition to Vista, Windows 7 and 8 provides an integrated way to lock down admin rights through Windows Group Policy, distributing them only when really needed while creating an audit trail of events. In XP’s case, this doesn’t remove all risk (for instance OS or application vulnerabilities) but it does greatly reduce the attack surface to the absolute minimum and gives admins some visibility on how the OS is being used in real time.

Migrating to Windows 7

The same benefits of least privilege apply to Windows 7 and 8 too, but the strategic gain from a system such as Avecto's Defendpoint is the advantages it offers during the migration process itself.

When moving from XP to 7 it is essential to look at the bigger picture. Users are going to have to cope with User Account Control (UAC) prompts as standard users, throwing up time management challenges for users and admins alike. The admins, meanwhile, will need to model which applications are in use and by whom, and which need admin rights and when.

This underlines the way that privilege management can be a powerful tool for understanding what is actually happening on the network as a way of getting more visibility on the security risks. Think of it as a radical rationalization, pulling out old and unused apps, stripping privileges back to a minimum on an application by application basis and smoothing out complexity. Increasingly, this is what migration means on modern networks.

The shift from XP to Windows 7 is hard work but it doesn't have to be a killer. XP can be supported in a locked-down state using the same technology used to manage new Windows 7 or 8 seats. The critical thing is not to waste the potential offered by the end of Windows XP to reform application and user security. This opportunity comes along once in a generation.

John Dunn

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.