To effectively protect your estate, your endpoint privilege management solution needs to have robust reporting functionality. Whether you’re monitoring and analyzing privileged activity, responding to an incident, conducting a forensic investigation, or ensuring compliance, powerful reporting capabilities are a prerequisite for a strong security posture. That’s why BeyondTrust released Analytics v2 for Privilege Management for Windows and Mac.
Analytics v2 is an upgraded version of the reporting and analytics functionality within Privilege Management for Windows and Mac. Built on entirely new technology, Analytics v2 will help you surface deep insights from your user behavior data and seamlessly turn them into actionable policy refinements. This will help you protect your estate from constantly evolving threats.
In this edition of our privileged access management (PAM) innovation series, we explore how BeyondTrust’s constant innovation helps Privilege Management for Windows and Mac customers secure their endpoints, reduce their attack surfaces, and protect their organizations against threat actors of all shapes, sizes, and creativity levels. Let’s explore our latest release: Privilege Management for Windows and Mac 23.4.
Introducing Privilege Management for Windows and Mac 23.4
BeyondTrust is pleased to announce the availability of Privilege Management for Windows and Mac release 23.4. Our fourth release of 2023 includes new features and enhancements for the cloud version of Privilege Management for Windows and Mac that make it easier to understand your user behavior data. They also enable you to seamlessly refine your policies.
Read on to learn about our new features—like VirusTotal data in Analytics v2, which show you reputational scores for application-related events in the Analytics v2 events grid.
What’s new with PMWM 23.4? It’s all about Analytics v2
Last year, in release 22.10, we unveiled the first stage of Analytics v2, an upgraded beta version of the analytics functionality within Privilege Management that provides you with more proactive insights about your users’ behavior and a more intuitive path to turn those insights into actionable policy updates. Since that initial release, we’ve been introducing more and more functionality to the Analytics v2 beta. Release 23.4 includes three new features that make it easier to interpret the data generated by your users and turn that data into actionable policy updates in a repeatable way.
Click here to read the full release notes, or read on to learn more about Analytics v2 and other new features and enhancements in release 23.4 that will help you defend your estate against cyberattacks.
New Analytics v2 features allow you to turn data into actionable policy updates
Until now, your access to user behavior data within Privilege Management's analytics functionality was limited to the event level. While event-level data can be extremely useful, using it to make policy updates can sometimes feel like trying to find a needle in a haystack. Now Analytics v2 offers an applications view, which aggregates your user behavior data at the application level.
If 15 of your users try to install or run Google Chrome, those 15 events are now aggregated under a single Google Chrome item in the applications view, showing you how many of your users have tried to install or run the application, which versions of the application, the application publisher name, and more. The applications view makes it easier for you to get a detailed picture of the applications your users are trying to install or run at any given time and simplifies the process of making policy updates based on that information.
The application view currently supports Windows Executables (exe), Windows Installer Packages (msi), Mac Bundles (bund), Mac Packages (pkg), and more. You can find the full list of support application types in the release notes.
VirusTotal for Events
VirusTotal aggregates data from multiple sources, including over 70 antivirus scanners and URL/domain blocklisting services, to provide a reputational score for an application. Organizations using VirusTotal can use their license key to integrate it with Privilege Management for Windows and Mac. This reputational data point can help enable organizations to make quick and secure decisions on whether to allow or block unknown applications and what controls should be put in place surrounding them.
With release 23.4, VirusTotal reputational data is now shown for each application-related event in Analytics v2. If the VirusTotal integration is enabled, Privilege Management users can see a VirusTotal reputational score for each event that is related to an application, both in the events grid as well as in each event’s details page.
Privilege Management users can now save customized views in Analytics v2 and quickly access them again. This enables IT and security operators to customize Analytics v2 to meet their specific needs and access that customized view again quickly as they monitor their end user’s behavior and make policy updates, driving efficiency and reducing complexity.
New enhancements streamline and simplify management and operation for IT support teams
Auto Onboard Endpoints
Prior to release 23.4, when an organization onboarded their endpoints during deployment of Privilege Management for Windows and Mac and did not specify a computer group for an endpoint, that endpoint would enter a pending state and would need to be added to a computer group manually.
Now, with release 23.4, that same endpoint without a specified computer group during onboarding is placed into a pre-defined default computer group. This enhancement streamlines the onboarding process, removing the need for manual work by IT and security operators, and delivers faster time to value for the organization.
License Data Available in Web Policy Editor
With release 23.4, organizations can now see more information associated with their added license keys in the Web Policy Editor. In the Licenses page within the Utilities menu in the Policies section, users can now see the relevant data for each license key that has been added by the organization. This includes which product each license key is associated with (Windows or Mac), whether it is valid, it’s expiry date, as well as type, target, and count, which can be optionally added.
This enhancement provides more easily accessible information to organizations and their IT and security teams in the Web Policy Editor, further simplifying management and operations.
Next steps: start leveraging Analytics v2 across your Windows and macOS Estate
If you are ready to learn more about the best solution for achieving and dynamically enforcing proven endpoint security policies, like least privilege, contact us today! Or, if you are already a BeyondTrust Privilege Management for Windows and Mac customer, here's how you can get started with 23.4.
Be sure to stay tuned to our PAM Innovation Series to keep up-to-date as we continue to make the feature updates and enhancements that matter most to our users!
Alex Bauer, Product Marketing Manager, BeyondTrust
Alex Bauer is a Product Marketing Manager at BeyondTrust, focusing on Privilege Management for Windows and Mac. Prior to joining BeyondTrust in 2022, he worked in a variety of product marketing roles at Dyson and B2B ecommerce software startups, planning and executing launch, messaging, and positioning strategies for products like robot vacuums and air purifiers. Alex brings a consumer lens to the BeyondTrust Marketing team, working to convey complex cybersecurity concepts and features in easy to understand ways.