A PAM Innovation Story: How Privilege Management for Windows & Mac Continues to Protect Organizations from Cyberthreats

BeyondTrust invests heavily in privileged access management (PAM) and identity security innovation to help our customers keep up with the ever-changing threat landscape, and to provide our customers with the tools they need to protect their IT estates while enhancing workflow productivity. This innovation includes introducing and enabling tools, features, and integrations, like SIEM integrations, role-based access controls, and passwordless authentication (to name just a few), into our PAM solutions.

The focus on innovation for productivity and security is particularly true for BeyondTrust Privilege Management for Windows and Mac (PMWM). Designed to protect organizations from constantly evolving cyberthreats by enabling them to achieve and dynamically enforce the principle of least privilege (PoLP)—without hindering end user productivity—PMWM has a particularly active innovation story.

In 2022, BeyondTrust delivered 10 new releases for Privilege Management for Windows and Mac. Together, these product updates have introduced more than 50 new features into an already robust product. Moreover, half of the new features came directly from customer suggestions, which means the upgrades we are making are tailored directly to the features and capabilities organizations need the most to bring more comprehensive security into their estates.

In this innovation series, we’ll explore how this constant innovation helps our PMWM customers to reduce their attack surfaces and protect their organizations against even the most creative, cutting-edge threat actors. Let’s start by exploring our latest release: PMWM 23.1.

Introducing PMWM 23.1

BeyondTrust is pleased to announce the availability of Privilege Management for Windows and Mac release 23.1. Our first new release of 2023 includes new features and enhancements that equip our customers to better protect their estates while enabling the productivity of their end users and reducing their overall operational complexity.

Read on to learn about new features like activity tracking, which improves the collaboration of security and IT teams and simplifies compliance by providing visibility into any changes made to policies, users, computers, or computer groups. You can also access our full release notes to learn more about all of PMWM 23.1’s new features and how you can start leveraging them to enhance the security and productivity of your estate.

Release Highlights

New Feature: Activity Tracking for Policies, Users, Computers, and Groups

In complex, fast-moving organizations, changes to policies, users, computers, and computer groups happen often. As a result, those changes frequently aren’t clearly communicated across security and IT teams. This can lead to confusion about the source of changes and can cause difficulty collaborating among teams. Activity tracking can help ensure the information that needs to be communicated between team members is quickly accessible to everyone who needs to see it.

In release 23.1, we’ve introduced activity tracking functionality that can help communicate changes to team members and boost workflow productivity. We’ve also made accessing this information quick and simple by adding an ‘Activity’ tab to the ‘View Details’ page for policies, users, computers, and computer groups. Now, PMWM users can easily view the changes made to any policy, user, computer, or computer group that they have permissions to view. This includes the time the change took place, the type of change (including edit, assign, update, and more), who the change was made by, and a summary of the change.

These changes will also flow through to the Activity Auditing feature within the Privilege Management Console. This acts as a centralized location for all auditing. With Activity Tracking, security and IT teams of all sizes now have a clear source of information on all activity, making collaboration—and compiling audit trails for security audits and compliance mandates—a lot easier.

Enhancement: Role-Based Access for Settings and Analytics

Release 22.8 introduced Role-Based Access, a feature that gives you granular control over the access and permissions your users have within the Privilege Management Console. Since release 22.8, you’ve been able to utilize Role-Based Access to enforce least privilege and just-in-time (JIT) access because it allows you to quickly and easily define roles and permissions for your users, and to easily govern which computer groups and policies they can edit, analyze, view, or assign a policy to.

With release 23.1, we’ve enhanced our Role-Based Access feature to give you even more control over your users’ access and permissions. In addition to defining your users’ permissions to view and make changes to policies and computer groups, you can now set their permissions to view and edit settings and analytics within the Privilege Management Console. With this enhancement, you can now give your users permission to view or edit settings like adapter installation, computer settings, Azure AD settings, or SIEM Settings. In addition, you can also govern their ability to view and make changes to the Analytics section of the Privilege Management Console.

These enhancements to Role-Based Access give you even more granular control over the access your users have to the Privilege Management Console, providing your organization with more ability to manage access for higher levels of security and compliance—and to help you reduce your attack surface. With enhanced flexibility to adapt to how your teams work, regardless of their size or complexity, you’ll also be supporting high levels of productivity, even as your teams scale.

Enhancement: All Data Available for SIEM Integration via New ECS Format

To fully protect your organization, it’s critical that your key security tools have the capability to work together seamlessly and to offer you a full and detailed view of your estate and any incoming threats. This is where the SIEM integration becomes so critical to your privilege management tool. Security information and event management (SIEM) offers real-time monitoring and analysis of events, as well as tracking and logging of security data for compliance or auditing purposes.

Previously, if you had enabled the SIEM integration with PMWM, only a small subset of the events data that Privilege Management captures was visible to the tool. In release 23.1, we have introduced a new way to connect PMWM to your SIEM tool via a new Elastic Common Schema (ECS) format. This makes all of the event data that is captured by PMWM as well as all of the fields within each event, visible through your SIEM product.

This enhancement will help you monitor what is happening in your estate so you can track all activities, gain greater data fidelity, and better detect potential threats by enabling a more comprehensive SIEM integration with Privilege Management for Windows and Mac.

New Feature: Enable or Disable Application Rules and Definitions Within a Policy

Your estate and your end users are constantly changing. New applications are being used, new business requirements are being set, new roles and teams are being created, and more. Nothing is static about your organization, so your policies can’t be static, either.

In release 23.1, we’ve introduced the ability to enable or disable application rules and definitions within a policy. This new feature will give you a fast, flexible way to add and test new application rules and definitions as you refine your policies to meet the changes in your organization.

Previously, when making changes to an application rule within a policy, you would have had to delete the application rule, test how the policy works without the rule, and then manually add the rule back if the test failed. Now, instead of fully deleting the application rule, you can disable it, test the policy, and enable it again if the test fails. This takes the time and risk out of adding or modifying application rules within a policy and gives you the flexibility to make policy changes efficiently.

New Feature: TouchID Support in macOS

With release 23.1, end users on macOS endpoints can now use TouchID instead of their username and password to authenticate in response to a Privilege Management pop-up. This new feature improves the day-to-day experience of end users, seamlessly embedding PMWM into their everyday workflows without disrupting productivity. Providing passwordless authentication for this process also provides an added layer of security to help reduce the organization’s attack surface.

New Feature: macOS Sudo -l or Sudo -list Query

To improve the day-to-day experience of technical macOS users, we’ve introduced the ability for end users to query the Privilege Management policy applied to their endpoint using the sudo -l or sudo –list commands to know what commands they are allowed to run with sudo (root) privileges. This new feature removes roadblocks for technical macOS end users, especially those using Homebrew.

New Feature: Live Message Preview in Web Policy Editor

Previously, when editing messages that would be shown to end users, you would need to save your updates to the message in order to see a preview of them. Now, with release 23.1, you can see a live preview of the updates you’re making to a message, with no need to save before you’re finished.

Enhancement: Windows System Tray Menu

With release 23.1, Windows end users can see more information about Privilege Management for Windows and Mac on their endpoint by clicking the BeyondTrust Privilege Management logo in their Windows System Tray. The new pop-up menu shows active policies on the user’s endpoint, system info (including client version, computer name, and adapter version), and provides the ability to refresh all policies and copy all of the details shown. These updates give end users more information about their system and the policies it’s running. It also acts as an important source of information for IT service desk or support workers when troubleshooting problems.

Next Steps: How to Start Leveraging the Security and Productivity Benefits of PMWM 23.1

BeyondTrust is constantly innovating Privilege Management for Windows and Mac to help our customers protect their organizations from constantly evolving cyberthreats by enabling them to achieve and dynamically enforce the principle of least privilege without hindering end user productivity. The new features and enhancements introduced in release 23.1 are wholly dedicated to enhancing workflow productivity while ensuring high levels of visibility and control for greater monitoring, auditing, and to help reduce the attack surface.

If you are ready to learn more about the best solution for achieving and dynamically enforcing least privilege, contact us today! Or, if you are already a BeyondTrust Privilege Management for Windows and Mac customer, here’s how you can get started with version 23.1.

Be sure to stay tuned to our Innovation Series to keep up-to-date as we continue to make the feature updates and enhancements that matter most to our PMWM users!