Least-Privilege Management for Mac OS X
BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS to perform administrative tasks successfully without entering elevated credentials. With PowerBroker for Mac, IT organizations simplify the enforcement of least-privilege policies, close security gaps, improve operational efficiency and achieve compliance objectives faster.
- Eliminate admin rights from Mac users, reducing risk and potentially stopping modern OS threats
- Elevate privileges only when needed, maintaining user productivity and IT operational efficiency without compromising security
- Log, audit and report on activities that occur when privileged access is granted to applications, helping to address compliance requirements
- Make smarter and better decisions to reduce risk by providing better user and asset intelligence across multiple platforms
When deployed as part of the PowerBroker Endpoint Least Privilege Management solution, PowerBroker for Mac enables you to disrupt all stages of the cyber attack chain. The solution combines best-in-class privilege, password and vulnerability management on top of a centralized reporting and analytics platform. As a result, you can efficiently reduce your organization’s attack surface, prevent lateral movement by attackers, and actively detect and respond to in-progress breaches.
Least-Privilege Made Simple
Monitor application launches on Apple Mac®, Macbook®, Macbook Pro®, Macbook Air®, or Xserve® and elevate them to the proper permissions without prompting for administrator credentials. Log rule interactions for complete visibility.
Policy Editor Enhances Productivity
Minimize the number of products needed to perform least privilege across all endpoints through the PowerBroker Policy Editor. Enhance productivity by providing the same user experience for both Windows and Mac operating systems.
Extensive Rule Library Speeds Results
Reduce risk on OS assets immediately with rules for more than 40 of the most popular applications that require privileges from Microsoft, Adobe, Apple, and VMware. Define custom rules based on application and path, or Shell Rule. Centrally manage all policies via web services or the PowerBroker PAM platform or hosted locally for air-gapped implementations.
Least Privilege in Heterogeneous Environments
Utilize PowerBroker as a single platform to manage least privilege across Windows, Mac, Unix and Linux environments.
LEAST PRIVILEGE FOR MAC DESKTOPS
Lock it down: Elevate required tasks restricting sensitive settings and the unauthorized installation of software and updates.
Simplify the user experience: Eliminate the need for end users to require two accounts, or administrative credentials on their Mac, to perform privileged tasks.
Smart rules: Match applications to rules automatically based on asset-based policies. Leverage smart rules for alerting and grouping of OS devices and events.
User-based rules and policy: Ensures a consistent security model throughout the network by applying a policy to assets, computers, or users.
Flexible policies: Create privileged identity policies to selectively target applications, installers, auto updates, and system preferences for application-based elevation. Deploy hosting policies via web services for PowerBroker for Mac clients (and PowerBroker for Windows).
Single policy across multiple environments: Enable a single policy to manage privileged applications and Windows guests for OS users of BootCamp, VMware Fusion, Parallels, or Virtual Box for complete management of multi-operating system asset implementations.
Automatic logging for visibility: Log all privileged events automatically for complete visibility and reporting through web services hosted on the PowerBroker Privileged Access Management Platform.
Extensive reporting: Take advantage of extensive reporting for complete visibility into privileged activity and usage patterns. Deliver dedicated asset views for asset inventory and privilege event detection and elevation.
Identity-based management of policy: manage access policy by a variety of parameters, including: security group, username, computer name, IP Range, and user type (Admin/Domain/Local).
Reducing Mac End User Risks with PowerBroker for Mac
1 Enforce Least Privilege on Mac
Macs in the enterprise have gained popularity in recent years. And while there are tools available to assist with security, those tools haven’t kept pace with the needs this increased use and the resulting threats pose. PowerBroker for Mac is the only graphical software to control application privileges on Mac platforms, without needing privileged accounts or sudo.
2 Ensure Consistent Policy Across Platforms
BeyondTrust has provided security and management solutions for Windows, Unix and Linux platforms for years. PowerBroker for Mac extends security and acceptable use policies to Mac clients, effectively supporting organizations with heterogeneous infrastructure. This ensures consistency and reduces management requirements, saving time and resources.