Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Privilege Management SaaS Hardens Windows & Mac Endpoint Security, Protecting On-Prem & Remote Workers & Systems

May 26, 2020

  • Blog
  • Archive

Protect against phishing, ransomware, and malware attacks with least privilege and application control that deploys in hours and keeps your workers productive.

Today, BeyondTrust announced our industry-leading Privilege Management for Windows & Mac solution is now available as SaaS (software-as-a-service). Our SaaS-based solution empowers organizations to eliminate admin rights quickly and efficiently across Windows and Mac endpoints, without disrupting user productivity. With BeyondTrust PAM SaaS solutions, customers get the best of both worlds, removing the burden of managing their infrastructure, while enjoying the feature-richness of the cloud and the flexibility of a subscription-based model.

According to BeyondTrust’s Microsoft Vulnerabilities Report 2020, of the 192 Critical Microsoft vulnerabilities reported by Microsoft, 77% could be mitigated by removing local admin rights from users. BeyondTrust Endpoint Privilege Management deployments protect over 50 million endpoints across the globe, including for the most demanding security and compliance-driven environments across government and industry. Our solutions are built to effectively protect under the most challenging scenarios and broadest range of edge use cases to help organizations ensure their entire universe of privileges is secure.

Why Cloud-Based Endpoint Privilege Management, & Why Now?

The trend toward increased reliance on SaaS solutions has been well underway for IT security and has only accelerated due to the COVID-19 pandemic. For instance, social distancing has necessitated remote work, and sometimes BYOD, suddenly and at great scale. While these challenges, along with the recent growth spurt of shadow IT, are themselves drivers for endpoint privilege management and application control, they also benefit from the agility and flexibility of the Cloud. Thus, it’s unsurprising that we’re seeing an increased push toward SaaS deployments and to privilege management and application control solutions. Today, more than 3,000 customers leverage full management capabilities of BeyondTrust solutions in the Cloud.

Privilege Management for Windows & Mac, along with BeyondTrust’s Secure Remote Access and other privilege management solutions, is strongly poised to help organizations rapidly and effectively address the urgent needs of today’s environment, and well beyond.

Key Capabilities and Benefits of SaaS Privilege Management for Windows & Mac

The SaaS deployment of BeyondTrust’s Privilege Management for Windows & Mac solution provides the same robust features and capabilities as the on-premises deployment. Privilege Management for Windows & Mac securely enables the precise level of privileged access end users need to perform their daily roles, without giving them full administrative rights. The solution dynamically enforces true least privilege – enabling just enough access and just-in-time access.

Here are some of the cloud-based solution’s key features and benefits:

  • Removes admin rights and enforces least privilege policies across Windows desktops/servers and MacOs quickly
  • Protects desktop and server endpoints from malicious attacks like phishing, malware, and ransomware
  • Achieves rapid time-to-value with SaaS deployments and Quick Start policies for immediate risk reduction
  • Empowers employees with the access to applications they need for maximum productivity
  • Minimizes costs from IT staff and infrastructure
  • Reduces the burden on IT and Service Desk teams
  • Monitors, controls, and audits sessions
  • Addresses rigorous compliance initiatives with in-depth reporting available at your fingertips
  • Ensures employees have the tools they need for maximum productivity

What Differentiates BeyondTrust Privilege Management for Windows & Mac Versus Competitor Solutions

BeyondTrust not only offers a more complete endpoint privilege management solution than competitors, but also one that can be deployed overnight and at scale. Our solution also complements the traditional privilege elevation and delegation capabilities expected of an endpoint privilege management solution with advanced application controls capabilities. Working together, these capabilities dramatically lower your attack surface, while also boosting business and operational productivity.


With powerful least privilege and application controls working together, BeyondTrust's Privilege Management for Windows & Mac dramatically reduces endpoint risk, while ensuring end users have the access they need to trusted applications and services.

Beyond privilege elevation and delegation, here are some powerful features unique to our solution:

QuickStart Templates: These flexible workstyle templates for Windows & Mac devices enable overnight policy implementation across all users or groups of users to immediately—from Day 1—reduce the risk of unmanaged endpoints.

Application Control: This encompasses allow listing, block listing, and greylisting. Leverage a flexible policy engine to set broad rules, choose automatic approval for advanced users - protected by full. audit trails, or even utilize challenge-response codes.

Trusted Application Protection (TAP): Building on the foundation of privilege management and application control, TAP provides pre-built templates that stop malware and living off the land attacks in Windows systems. Trusted Application Protection adds context to the process tree, allowing restriction of common attack chain tools, such as PowerShell and Wscript that are spawned from commonly used applications, such as browsers or document handlers (Word, PowerPoint, Excel). TAP does not rely on reputation or signatures.

Power Rules: Business rules for Windows systems decide which applications are safe, speed decisions on whether to allow an application to run, or allow it to run with admin rights, by automating the integration of third-party intelligence sources. Based on PowerShell, organizations can simply write a script and embed it in the policy itself. For example, when it runs, the PowerShell script can automatically trigger a service desk workflow, generating a helpdesk ticket that provides all of the information they require about the application or task. Another example would be for it to call out to a third party to check the hash, or to a vulnerability management system to check for CVEs on the application

Our cloud-based Privilege Management for Windows & Mac solution is rounded out by best-in-class privileged threat analytics, a wealth of free and customizable reports, and the industry’s best session auditing and management capabilities. Our solution’s unique capabilities, combined with our experience securing privileges for the largest number of endpoints, has benefitted our customers with a roll-out approach that gives them leaps in endpoint protection, risk reduction, and productivity from Day 1.


We understand that some IT teams have had, a sub-optimal experience in rolling out alternative privilege management solutions. In some of the worst instances, these solutions become shelfware because they’re exasperatingly difficult to deploy and manage. BeyondTrust’s SaaS deployment of Windows and Mac endpoint privilege management is the closest thing to flipping a switch. The solution’s security features and QuickStart capabilities deliver rapid time-to-value. Here’s a simple visualization of what that timeline looks like:


Unlike competitor privilege management products that can take months to properly configure, Privilege Management SaaS overnight policy implementation across all users or groups of users to immediately reduce the risk of unmanaged endpoints. Over time, you can continue to refine your deployment to reaping additional risk-reduction and enhanced productivity benefits.

Learn More about Privilege Management for Windows & Mac

Privilege Management SaaS is a core offering within BeyondTrust’s complete Privileged Access Management (PAM) portfolio.

Related Resources

A Guide to Endpoint Privilege Management (white paper)

Quick Start Privilege Management for Windows & Mac (data sheet)

Privilege Management for Windows and Mac (web page)

Privilege Management for Windows & Mac (Desktops) (data sheet)

Privilege Management for Windows & Mac (Servers) (data sheet)

Quick Guide: Enable & Secure Your Remote Force (white paper)

​Peter Knight, Senior Product Manager

I have been working in a variety of product management roles since 2006 across diverse industries. I firmly believe in putting the customer at the heart of what I do, and that delivering quality solutions and products is based on a deep understanding of your customers’ world. As a senior product manager, I care about the experience we deliver to our customers, not just the technology or functionality wrapped into a product. I always enjoy discussing issues and challenges with customers to get a clear picture of what we need to solve today, tomorrow, and into the future.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From May 21, 2020:
Password & Session Checkout Duration – 4 Steps to Achieving Best Practices
From May 29, 2020:
The Clock Strikes 13 on the 2020 Verizon Data Breach Investigations Report

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

Webcasts

Ransomware in 2021: How to Strengthen and Fund Your Cyber Protection Measures

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.