Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The 4 Pillars of Enterprise Privilege Management

October 20, 2017

  • Blog
  • Archive

A privilege management solution needs to do much more than simply manage user and application privileges for it to be adopted by the most demanding organizations. The Privilege Guard (Edit: now Defendpoint) solution has been architected around 4 key principles (or pillars), with every new release of Privilege Guard building on these core foundations.

Scalable Management Framework

While many solutions look to build their own proprietary systems to deploy policies and agents to the endpoints, Privilege Guard has been integrated tightly with Active Directory and Group Policy, and therefore requires no additional backend infrastructure to deploy the solution. This has enabled Privilege Guard to be deployed to some of largest organizations in the world, including many implementations with over 100,000 endpoints, with the biggest implementation spanning 450,000 endpoints. This tight integration with Active Directory and Group Policy gives many additional benefits, including hierarchical policy management and a strong security model that includes delegated administration.

Adaptable Privilege Management

Adaptability is crucial when dealing with the varying needs of users across an organization. Privilege Guard is extremely flexible and is built on a powerful policy engine. Discovering privileged users and applications is an important first step, which feeds into the initial creation and the on-going refinement of policies. Policies are built around applications and Privilege Guard supports a wide range of application types and criteria. The policies themselves are structured like firewall rules, where policies are evaluated in precedence order, enabling Privilege Guard to deal with highly complex scenarios with a clear and concise set of policies. In order to handle the most challenging scenarios, Privilege Guard can provide both seamless elevation of applications, as they launch, or on-demand elevation, where the user initiates the elevation of an application.

End User Experience

The user experience is often the most over-looked aspect of any endpoint security solution, and yet a poor user experience will inevitably lead to unhappy users and rejection of the solution, regardless of whether it makes the endpoint more secure. For this reason, the end user experience is at the heart of Privilege Guard. Where user interaction is required, Privilege Guard provides a highly customizable environment, ensuring the user is given clear feedback and guidance. All end user messages are fully configurable, with stylish corporate branding and full localization of all text. Users can be prompted for re-authentication, which includes support for two factor authentication, in the form of smart card and pin number.

Alternatively a secure challenge/response mechanism can be used to grant users access to specific applications on a temporary or permanent basis. The solution can also link to help desks, through a message hyperlink, email integration or scripting. The comprehensive end user experience capabilities in Privilege Guard have been fundamental to the solution being rolled out across the entire organization in most implementations.

Auditing and Reporting

No privilege management solution would be complete without a comprehensive audit trail and a centralized reporting solution. Privilege Guard provides two enterprise class reporting solutions. The Enterprise Reporting Pack is built on top of Windows Event Forwarding and Windows Remote Management, providing a scalable and secure architecture, which can cope with high volumes of events and handle the largest enterprise environments.

These events are consolidated to a SQL Server database with reporting provided through SQL Server Reporting Services. For organizations that use McAfee ePolicy Orchestrator (ePO) on the endpoints, the McAfee ePO Integration Pack enables Privilege Guard to forward events to ePO through the McAfee Agent and report on them through a range of integrated dashboards in the ePO console. In addition to reporting on privileged activity, the events stored in both of these reporting solutions can be used to create or refine policies from an integrated wizard in the Privilege Guard management console.

So there you have it – the 4 pillars of enterprise privilege management, which underpin the Privilege Guard solution. Security is a given, and must be built in at every stage, from the secure elevation of applications to the sophisticated anti-tamper mechanism that protects the solution.

Introducing Defendpoint

Edit: Privilege Guard has now evolved into the brand new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.

Mark Austin

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.