Discover local administrator rights with the Least Privilege Discovery Tool
Features Explained
Discovery
Identifies which endpoints have local admin rights, including hidden or hardcoded admin privileges, and which applications can run processes that require admin rights.
Local Admin Rights Removal
Easily resets all endpoints to a “clean-slate,” removing all local admin privileges at once.
Policy-based application control
Elevates applications, never individual users. Reduces one-off application management by IT.
Whitelisting
Allow users to run known and trusted applications so they can do their jobs without IT.
Blacklisting
Uses latest information from threat intelligence databases (VirusTotal) to deny applications from running.
Greylisting
Allows apps that don’t fit into either category to be isolated for further testing and run in restricted mode with no admin rights.
Sandboxing
Quarantine applications so they are not allowed to execute, or only execute in a limited way so they don’t touch any system folders or underlying OS configurations.
Contextual control
Control over who can run certain processes, if processes can run on certain endpoints, if processes are allowed in certain regions or during certain times.
Limit child processes
Limit child processes, such as executing processes from within a PDF, which may allow malware to execute.
Inventory all local groups and users
Allows you to discover all local accounts that exist on endpoints and gives you the ability to control the exact membership of every local group. This helps mitigate the risk of backdoor accounts in the environment.
Coverage of non-domain endpoints
Not bound by users in GPO or Active Directory, so can include 3rd parties.
Auditing and reporting
Out-of-the-box and custom reports can be configured and shared with management and auditors.
How customers use it
-
To remove users from local admin groups on endpoints
Problem
Most breaches involve compromised endpoints. Endpoints are targeted because they are run by users who click malicious links or download malware. All it takes to cause severe damage is a hacker gaining local admin privileges through a single endpoint.
Solution
With IBM Security Privilege Manager, you can discover which users on what end points have local administrative rights, and which applications require the administrator access token to execute.
-
To implement a Least Privilege model
Problem
Least privilege means users should only have sufficient access and rights to do the things they need. Enforcing this on endpoints has always been a challenge. IT administrators are often left with more privileges than they need.
Solution
With IBM Security Privilege Manager, least privilege via application control reduces the attack surface by restricting the applications allowed to run, the devices allowed to connect, and the actions a system can perform.
-
To meet and adhere to audit/compliance requirements
Problem
Many compliance regulations, (including HIPAA, PCI DSS, FDDC, Government Connect, FISMA, and SOX) recommend/require that organizations apply least privilege to demonstrate proper data protection and security.
Solution
With IBM Security Privilege Manager, create reports that demonstrate how you are protecting endpoints by following security best practices for least privilege. Manipulate these reports to track/compare over time to show trends and continued progress.
-
To enforce least privilege for remote users
Problem
With remote users/contractors accessing your internal network, it’s difficult to mitigate the risk of rogue behavior. If one of these users downloads malware while being connected, it could cause severe damage by moving horizontally or vertically.
Solution
IBM Security Privilege Manager has the ability to automatically deploy policies on these types of endpoints to ensure the safety of your organization. It provides a central dashboard to control, modify and access remote or non-domain joined machines.
-
To leverage reputation engines to get real-time protection
Problem
With evolving attack vectors the chances of being compromised is at an all-time high. The ability to generate an accurate assessment of known-good apps based on various factors becomes increasingly unpredictable, leaving your company vulnerable 24x7.
Solution
IBM Security Privilege Manager performs real-time reputation checks for any unknown apps by integrating with analysis tools like VirusTotal or Symantec’s FireEye, giving the ability to prevent apps that have been flagged as malicious from running.
You may also be interested in
IBM Security Verify Privilege Vault
Password vaulting, auditing, and privileged access control for the enterprise, available both on-premises or in the cloud.
IBM Security Verify Governance
Provisioning, auditing, and reporting on user access and activity through lifecycle, compliance and analytics capabilities.
IBM Security Verify for Workforce IAM
Modular identity-as-a-service platform for the modern organization, facilitating secure access for every type of user.