To successfully comply with a least privilege policy, you must know which privileges you need to manage. Find out which endpoints and local users have admin or root credentials, identify which apps are in use and if they require admin rights to run and understand your risk level for service accounts and apps with an elevated set of privileges.
Secure your largest attack surface with a single agent
IBM Privilege Manager can communicate with hundreds of thousands of machines at once. You can check policies and execute 24/7 control across every device and application under your purview through a single, streamlined dashboard.
You can discover which users and endpoints have local administrative rights, including hidden or hardcoded privileges across domain and non-domain machines, and automatically remove these rights as needed. This helps you control the exact membership of all local groups and users to reduce the risk of backdoor accounts.
Define flexible policies that ensure a frictionless user experience
IBM Privilege Manager automatically elevates the applications and data that users across your organization need—without requiring credentials or forcing users to request IT support. It provides granular policy-based controls that determine and maintain access to trusted applications and processes.
Through advanced real-time threat intelligence, the solution whitelists, blacklists or graylists your applications according to flexible policies you define.
- Whitelisting - Trusted applications are whitelisted and elevated, so users can easily access them without IT support.
- Blacklisting - Blacklisted applications are blacklisted based on real-time threat intelligence and are blocked from running.
- Graylisting - Potential threats are graylisted, meaning they’re moved to an isolated sandbox environment for further testing.
Additionally, any application can be quarantine and “sandboxed” at any time, as you deem necessary, regardless of its list designation. A quarantined application can be safely executed and tested without risk of exposing system folders or underlying OS configurations.
Easily manage and remove local administrative rights
Determine which accounts are members of any local group, including system administrators. If necessary, you can quickly reset all endpoints to a “clean slate” by removing all local administrative privileges at once.
Boost productivity for users and support staff
Since policy-based controls are enacted on the application level, users can access the trusted applications, systems and data they need without local administrative rights or the hassle of submitting tickets to IT support.
Achieve audit compliance through transparency
Share an easy-to-understand auditable trail of all application policies, administration credentials and privilege elevation activities with auditors. You’ll provide a clear picture of your compliance levels and what actions, if any, should be taken.