Features Explained

Discovery

Identifies which endpoints have local admin rights, including hidden or hardcoded admin privileges, and which applications can run processes that require admin rights.

Local Admin Rights Removal

Easily resets all endpoints to a “clean-slate,” removing all local admin privileges at once.

Policy-based application control

Elevates applications, never individual users. Reduces one-off application management by IT.

Whitelisting

Allow users to run known and trusted applications so they can do their jobs without IT.

Blacklisting

Uses latest information from threat intelligence databases (VirusTotal) to deny applications from running.

Greylisting

Allows apps that don’t fit into either category to be isolated for further testing and run in restricted mode with no admin rights.

Sandboxing

Quarantine applications so they are not allowed to execute, or only execute in a limited way so they don’t touch any system folders or underlying OS configurations.

Contextual control

Control over who can run certain processes, if processes can run on certain endpoints, if processes are allowed in certain regions or during certain times.

Limit child processes

Limit child processes, such as executing processes from within a PDF, which may allow malware to execute.

Inventory all local groups and users

Allows you to discover all local accounts that exist on endpoints and gives you the ability to control the exact membership of every local group. This helps mitigate the risk of backdoor accounts in the environment.

Coverage of non-domain endpoints

Not bound by users in GPO or Active Directory, so can include 3rd parties.

Auditing and reporting

Out-of-the-box and custom reports can be configured and shared with management and auditors.

How customers use it

  • To remove users from local admin groups on endpoints

    To remove users from local admin groups on endpoints

    Problem

    Most breaches involve compromised endpoints. Endpoints are targeted because they are run by users who click malicious links or download malware. All it takes to cause severe damage is a hacker gaining local admin privileges through a single endpoint.

    Solution

    With IBM Security Privilege Manager, you can discover which users on what end points have local administrative rights, and which applications require the administrator access token to execute.

  • To implement a Least Privilege model

    To implement a Least Privilege model

    Problem

    Least privilege means users should only have sufficient access and rights to do the things they need. Enforcing this on endpoints has always been a challenge. IT administrators are often left with more privileges than they need.

    Solution

    With IBM Security Privilege Manager, least privilege via application control reduces the attack surface by restricting the applications allowed to run, the devices allowed to connect, and the actions a system can perform.

  • To meet and adhere to audit/compliance requirements

    To meet and adhere to audit/compliance requirements

    Problem

    Many compliance regulations, (including HIPAA, PCI DSS, FDDC, Government Connect, FISMA, and SOX) recommend/require that organizations apply least privilege to demonstrate proper data protection and security.

    Solution

    With IBM Security Privilege Manager, create reports that demonstrate how you are protecting endpoints by following security best practices for least privilege. Manipulate these reports to track/compare over time to show trends and continued progress.

  • To enforce least privilege for remote users

    To enforce least privilege for remote users

    Problem

    With remote users/contractors accessing your internal network, it’s difficult to mitigate the risk of rogue behavior. If one of these users downloads malware while being connected, it could cause severe damage by moving horizontally or vertically.

    Solution

    IBM Security Privilege Manager has the ability to automatically deploy policies on these types of endpoints to ensure the safety of your organization. It provides a central dashboard to control, modify and access remote or non-domain joined machines.

  • To leverage reputation engines to get real-time protection

    To leverage reputation engines to get real-time protection

    Problem

    With evolving attack vectors the chances of being compromised is at an all-time high. The ability to generate an accurate assessment of known-good apps based on various factors becomes increasingly unpredictable, leaving your company vulnerable 24x7.

    Solution

    IBM Security Privilege Manager performs real-time reputation checks for any unknown apps by integrating with analysis tools like VirusTotal or Symantec’s FireEye, giving the ability to prevent apps that have been flagged as malicious from running.

Technical details

Software requirements

There are no software requirements.

    Hardware requirements

    There are no hardware requirements.

      Technical specifications

      See website linked to below.

        See a complete list of technical specifications

        You may also be interested in

        IBM Security Secret Server

        Next generation privileged account management and application control

        Learn more

        IBM Security Identity Governance & Intelligence (IGI)

        Provision, audit and report on user access and activity

        Learn more

        IBM Cloud Identity

        Easily bridge from on-prem identity and access management to the cloud

        Learn more