A newly released eBook, The Definitive Guide to Endpoint Privilege Management (EPM), makes a strong case for why vulnerable endpoints must be secured from the perspective that all users are privileged users. In the guide’s Foreword, I emphasize that user identity has become the new “perimeter” of cybersecurity. That’s because a single compromised credential on a home desktop, laptop, or mobile device can result in an undetected escalation of privileges by cybercriminals that turns a simple breach into a cybersecurity disaster.
Given the recent headline-grabbing hacks of both government and major corporate networks, all users (not just IT staff) must be considered privileged users, including business users and third-party users. Bottom line: enterprise endpoint management means that securing privileged accounts is no longer just about authorization but must encompass all aspects of access.
Organizations are riddled with overprivileged human and non-human privileged accounts
And when it comes to access, most organizations are riddled with hundreds (maybe even thousands) of overprivileged human and non-human privileged accounts. Endpoints running Windows, Linux, macOS, or Unix operating systems are prime targets because their users, applications, and services typically have elevated privileges that give cybercriminals a pathway to your entire network.
You can download the guide for free here.
Applying a zero-trust security model with least privilege
By now, many organizations recognize their cybersecurity strategy should start with zero trust to make sure only authorized access to sensitive information is permitted. Once a user’s identity is verified, the user should be classified according to the level of access needed to perform their jobs. This is where the principle of least privilege is applied. Zero trust is the baseline to creating a Digital Trust based on risk. Zero trust should not be the goal, it is the means to ensure the appropriate security controls are in place to reduce business risk.
The Definitive Guide to Endpoint Privilege Management provides you with a blueprint for implementing least privilege so you can enforce a zero-trust, risk-based security model with automated tools. These tools ensure that once a user’s identity is verified, access is limited to only what is necessary to accomplish a specific task or job. If any user action requires more access than is granted via policy rules, permissions to elevate privileges are strictly controlled and monitored.
Endpoint privilege management helps you integrate a set of technologies that your IT security team can use to automatically contain threats long before they become damaging exploits. By limiting access to only the functionality each user, application, and service needs to do its job, least privilege with application control keeps any compromise or breach limited or contained. The concept is straightforward. However, the implementation of enterprise endpoint security is more challenging. Fortunately, there are automated tools that can make it possible as well as reasonably manageable.
The Endpoint Privilege Management blueprint
The Definitive Guide to Endpoint Privilege Management covers a lot of essential territories, beginning with a basic understanding of EPM that describes the three foundational technologies and six defining elements of EPM and least privilege.
It goes into more detail by:
- Explaining how least privilege sits at the core of every EPM strategy and how Privileged Access Management solutions are used to implement it across your organization.
- Exploring endpoint application control and how least privilege must be applied to applications and services.
- Showing how you can integrate EPM into your existing IT Security ecosystem, and where EPM fits in your overall endpoint cybersecurity strategy and technology landscape.
- Describing common EPM pitfalls and how to avoid them along with different strategies you can use for a successful EPM roll-out.
- Suggesting where to get started with the technologies and processes you will need to begin your EPM journey.
- Helping you select the EPM solution that will work best for your organization, including features and functions you should look for before committing to any technology purchase.
An automated approach is essential to making enterprise endpoint management a reality
In more than 25 years immersed in the cybersecurity industry, my greatest lesson in considering technology solutions is that complexity kills. Too many endpoint security initiatives fail when complex solutions end up hindering user productivity. Unless the security solution is relatively seamless and hidden from the user, it will not solve your endpoint security challenges.
Whatever automated tools you choose to help implement your endpoint privilege management strategy need to be highly usable, policy-driven, flexible, and automated. Here are several capabilities you should look for to achieve simplicity and ease of use without impacting effectiveness or user productivity.
- Application restricting and sandboxing – Your IT security teams need to investigate and vet applications before they run—especially those applications that require admin rights for certain processes like installing updates.
- Management of non-domain endpoints – A robust EPM solution must extend least privilege to non-domain endpoints. Because these machines are not joined directly to a domain managed by your IT department, they are potent threat vectors into your organization.
- Integrated threat intelligence – Your EPM solution must utilize threat intelligence to perform real-time reputation checks for all unknown applications. This will keep your allow, deny, and restrict lists up to date and your employees productive and safe.
- Integration with common ITSM tools – Look for a solution that integrates with popular ITSM platforms like ServiceNow so support requests and IT responses can be managed, tracked, and reported via the ticketing system itself.
- Automated discovery – Expect an EPM solution to automate the privileged account discovery process so that all privileged accounts on all endpoints are continually identified as roles change, people come and go, and assets and applications are added and removed.
- Automated reporting and analytics – Dashboard-based automated reporting and analytics are key to keeping your strategic decision-makers informed and for tracking the effectiveness of your EPM strategy.
- Automated privilege elevation – To get users to accept and embrace your EPM solution, the vast majority of application elevation requests must be managed automatically. Contextual policies should enable most applications to be either approved or denied without any work from IT, and only specialized or custom applications need a hands-on review and approval.
- Multiple deployment options – You should have the option to deploy your EPM solution on prem, in the cloud, or as a managed service.
- Regulatory compliance – Your EPM solution should align and demonstrate compliance with the specific requirements and standards your organization must meet.
- Child process control – Child processes are easily overlooked because they execute from within a file, such as a PDF or Word document. Look for an EPM solution that allows you to prohibit the execution of child processes to ensure unknown executables are not allowed to run.
Finally, make sure any EPM technology solution you choose is customizable, scalable, and extensible, so it changes to meet your organization’s needs, not the other way around.
Besides The Definitive Guide to Endpoint Privilege Management eBook, Delinea has free tools and resources to help get started on your journey. One place to start is identifying your overprivileged accounts with our Least Privilege Discovery Tool that gives you a quick scan of your environment to generate a report that indicates which accounts may be overprivileged, and therefore vulnerable to insider threats and malware attacks.
Delinea’s Privilege Manager endpoint privilege management and application software let you deploy a single agent to discover application usage with admin rights, even on non-domain machines so you can manage and remove local admin rights. You can define flexible policies to elevate, allow, deny, and restrict applications with a few clicks in a policy wizard as well as enable trusted applications to run based on least privilege. By automating bulk or repeatable operations, you can reduce help desk tickets and protect all users while maintaining productivity.