Leveraging Automation to Secure Your Windows/Mac Estate: A PAM Innovation Story

The threat landscape for organizations today is as dangerous as it’s ever been. The rising threat to organizations stems from three rising cybersecurity trends:

• Ransomware attacks are skyrocketing - with 88.9 million attacks seen in Q2 of 2023 alone, ransomware attacks have seen a 74% increase over Q1.
• Ransomware actors are adopting more ruthless tactics - the ransomware groups executing these attacks are becoming ever more aggressive and reckless with the information they steal, resorting to sometimes ruthless extortion tactics.
• Total vulnerabilities are at an all-time high - According to BeyondTrust’s 2022 Microsoft Vulnerabilities report, total Microsoft vulnerabilities hit an all-time high in 2022, with Elevation of Privilege as the #1 category for the third year running.

In order to protect your organization from the constant threats that it faces, you need your IT and security teams to be laser-focused on what matters most: maintaining a strong security posture. It’s very easy, however, for those teams to get bogged down with manual operational tasks that don’t directly help maintain and improve your organization’s security posture. That’s why it’s critical that you invest in security solutions that protect your organization and automate the operational tasks that can be a drain on your teams’ time, freeing them up to focus on building and maintaining a strong security posture, not managing software.

In this edition of our privileged access management (PAM) innovation series, we explore how our latest release – Privilege Management for Windows and Mac 23.8 – is helping to drastically reduce the amount of manual work required from IT and security teams with its newest features and enhancements.

Introducing Privilege Management for Windows and Mac 23.8

BeyondTrust is constantly innovating Privilege Management for Windows and Mac to deliver market-leading protection for our customers’ estates with streamlined operations that reduce the amount of manual work required from their IT and security teams. To ensure we are delivering the innovations that make the biggest impact, we are always listening to our customers through extensive interviews and beta programs, monitoring the latest threat trends, and iterating on our products.

BeyondTrust is pleased to announce the availability of Privilege Management for Windows and Mac 23.8. Our eighth release of 2023 includes one of our biggest new features of the year: auto update. Read on to learn more about how auto update drastically reduces the manual work required to manage Privilege Management for Windows and Mac software updates, while still allowing you to maintain the same level of control.

Auto update removes the need for manual updates via new Package Manager

With release 23.8, we’re excited to introduce auto update. Now you can automatically update both the Privilege Management for Windows adapter and agent software versions on the Windows endpoints in your estate, while maintaining the same level of control you’ve always had with updates. The ability to identify pilot and testing computer groups for each new update, define specific update approaches for different operating systems, and pause and resume updates for groups of endpoints ensures that you have all the tools you need to maintain stability and troubleshoot if necessary.

Auto update:

• Drastically reduces the amount of manual work required from your IT and security teams
• Removes the need for ongoing use of third-party tools, like Microsoft Intune
• Eliminates resource-draining sources of complexity, like managing separate agent and adapter updates and dealing with differing operating system versions.

Why do we need a solution for manual updates?

The short answer is that manual updates are resource-intensive and can take months. Managing software updates for the security solutions you use can be a resource-intensive, manual process that can drain your IT and security team resources. Historically, updating Privilege Management for Windows software on the endpoints in your estate has required you to rely on third-party tools, like Microsoft Intune, which can often require the support of multiple different teams across the IT and security organization. Managing separate agent and adapter updates, potentially across multiple operating system versions, has added even more complexity. When you add up all of that complexity and manual effort, it can take weeks, or even months, to complete a single update, causing some organizations to delay updates to their estate—until it’s too late.

How does it work?

Auto update is powered by the Package Manager, a new component that enables both the initial install and the ongoing updates of the Privilege Management for Windows adapter and agent to be managed seamlessly from the Privilege Management Console. The Package Manager can be downloaded from the “Package Manager Installation” tab within the Configurations module in the Privilege Management Console. Once installed, the Package Manager “Settings” tab allows you to choose between two approaches for updating the endpoints in your estate:

• The first approach allows you to set a computer group to always be automatically updated to the latest version of the Privilege Management for Windows agent and adapter.
• The second approach allows you to define a specific version of the agent and adapter to which a computer group will be updated.

What comes next for auto update?

Auto update via the new Package Manager removes the need for manual updates, giving your perennially overstretched IT and security teams weeks’—or even months’—worth of time back to focus on protecting your organization. We’re going to continue iterating auto update and the Package Manager to bring you new features and enhancements that make updates even more seamless and customizable. Support for macOS endpoints and scheduled update times are two enhancements that will be available soon.

Even more data is now available in Analytics v2

Enhancements to the application details view

Over the last few releases, we’ve introduced both the applications view and the application details view to Analytics v2. The applications view shows you an overview of all the applications being used in your organization. The application details view lets you deep dive into one of those applications to see detailed information about it, including how often it is being run, how often it was blocked, elevated, allowed, or cancelled at the end user level over time, and more. With release 23.8 we’re bringing even more information to the application details view with new Users Affected and Reasons Provided cards.

The new Users Affected card in the application details view provides you with visibility of how many end users within your organization are using the application you’re viewing. When a user is prompted to select a reason from a drop down or enter their own reason by text in order to run an application, these reasons are now collected and presented in the application details view via the new Reasons Provided card. These two new additions to the application details view provide you with seamless, streamlined visibility into the way any application is being used within your organization. You can quickly understand usage at a high level, or dive deep into the finest details about how a given application is being used in an easily repeatable, simple-to-access way.

Increased export & download limit

Release 23.8 also introduces an enhancement to the event export and download functionality in Analytics v2. Previously, you could only export and download up to 10,000 events in a CSV file. Now, with release 23.8, you can export and download up to 5 million events in a single CSV file. This increase gives you more flexibility to manipulate the data captured by Analytics v2 in other tools, like Excel, and to combine it with other data from your organization to contextualize it in ways that aren’t possible through Analytics v2 alone.

Web Policy Editor enhancements drive efficiency in policy management

Copy & paste application definitions

Historically, copying and pasting multiple application definitions hasn’t been possible within Privilege Management for Windows and Mac’s Web Policy Editor, but it has been supported in the Microsoft Management Console. With release 23.8, we’re introducing the copy & paste functionality for multiple Windows and Mac application definitions to the Web Policy Editor. This ease-of-use improvement will enable greater efficiency for IT and security admins, as well as safer policy editing practices.

Breadcrumb navigation

Navigating through Privilege Management for Windows and Mac’s Web Policy Editor can be difficult. Especially for admin users in large organizations with complex policy architectures. This difficulty can result in decreased efficiency in creating, editing, and testing policies. That’s why we’re introducing new breadcrumb navigation to the Web Policy Editor in release 23.8. A navigation aid that helps users understand their location within a website or application, breadcrumbs allows admin users to understand more easily what section of the Web Policy Editor they’re in, thus enabling more efficient policy management.

Next steps: start leveraging auto update across your Windows estate

If you are ready to learn more about the best solution for achieving and dynamically enforcing proven endpoint security policies, like least privilege, contact us today! Or, if you are already a BeyondTrust Privilege Management for Windows and Mac customer, here’s how you can get started with version 23.8.

Be sure to stay tuned to our PAM Innovation Series to keep up-to-date as we continue to make the feature updates and enhancements that matter most to our users!