Least-Privilege Management for Mac OS X
BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials. With PowerBroker for Mac, IT organizations simplify the enforcement of least-privilege policies, close security gaps, improve operational efficiency and achieve compliance objectives faster.
- Eliminate admin rights from Mac users without revealing the administrator account, reducing risk and potentially stopping modern OS X threats
- Elevate privileges only when needed, maintaining user productivity and IT operational efficiency without compromising security
- Log, audit and report on activities that occur when privileged access is granted to applications, helping to address compliance requirements
- Make smarter and better decisions to reduce risk by providing better user and asset intelligence across multiple platforms
Least-Privilege Made Simple
Monitor application launches on Apple Mac®, Macbook®, Macbook Pro®, Macbook Air®, or Xserve® and elevate them to the proper permissions without prompting for administrator credentials. Log rule interactions for complete visibility.
Policy Editor Enhances Productivity
Minimize the number of products needed to perform least privilege across all endpoints through the PowerBroker Policy Editor. Enhance productivity by providing the same user experience for both Windows and Mac operating systems.
Extensive Rule Library Speeds Results
Reduce risk on OS X assets immediately with rules for more than 40 of the most popular applications that require privileges from Microsoft, Adobe, Apple, and VMware. Define custom rules based on application and path, or Shell Rule. Centrally manage all policies via web services or the PowerBroker PAM platform or hosted locally for air-gapped implementations.
LEAST PRIVILEGE FOR MAC DESKTOPS
Lock it down: Elevate required tasks restricting sensitive settings and the unauthorized installation of software and updates.
Simplify the user experience: Eliminate the need for end users to require two accounts, or administrative credentials on their Mac, to perform privileged tasks.
Smart rules: Match applications to rules automatically based on asset based policies. Leverage smart rules for alerting and grouping of OS X devices and events.
Flexible policies: Create privileged identity policies to selectively target applications, installers, auto updates, and system preferences for application-based elevation. Deploy hosting policies via web services for PowerBroker for Mac clients (and PowerBroker for Windows).
Single policy across multiple environments: Enable a single policy to manage privileged applications and Windows guests for OS X users of BootCamp, VMware Fusion, Parallels, or Virtual Box for complete management of multi-operating system asset implementations.
Automatic logging for visibility: Log all privileged events automatically for complete visibility and reporting through web services hosted on the PowerBroker Privileged Access Management Platform.
Extensive reporting: Take advantage of extensive reporting for complete visibility into privileged activity and usage patterns. Deliver dedicated asset views for asset inventory and privilege event detection and elevation.
Reducing Mac End User Risks with PowerBroker for Mac
1 Enforce Least Privilege on Mac
Macs in the enterprise have gained popularity in recent years. And while there are tools available to assist with security, those tools haven’t kept pace with the needs this increased use and the resulting threats pose. PowerBroker for Mac is the only graphical software to control application privileges on Mac platforms, without necessitating privileged accounts or sudo.
2 Ensure Consistent Policy Across Platforms
BeyondTrust has provided security and management solutions for Windows, Unix and Linux platforms for years. PowerBroker for Mac extends security and acceptable use policies to Mac clients, effectively supporting organizations with heterogeneous infrastructure. This ensures consistency and reduces management requirements, saving time and resources.