Endpoint Privilege ID Protection - Endpoint Privilege Manager

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product

User stories

support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

CyberArk

cyber arc

*Zero Standing Privilege: An approach to minimize attack vectors by having privileged IDs not exist on a system and only exist when a user uses them.

Endpoint admin privileges and security

Attackers use the intrusion of endpoint terminals as a foothold to expand their intrusion within the environment. In this case, if the compromised user has administrative privileges, the attacker can abuse those privileges.

Risks of giving administrator privileges

An environment in which users are given administrator privileges has the following advantages from the attacker's point of view.

Change system configuration

Attackers can freely change the settings to make it easier for them to attack
・Service installation and execution
・Installation of malicious software
・Disable antivirus, uninstall, etc.

Steal password information

Credential theft, including access to password hashes that remain in memory

Create or modify user accounts

Create a backdoor account and use it for persistent infiltration

CHALLENGES IN ENDPOINT PRIVILEGE MANAGEMENT

The biggest challenge is how to balance convenience and security.

CyberArk solves your endpoint privilege management headaches! !

Endpoint Privilege Manager (EPM) Functional Overview

Achieving Least Privilege

Revoking administrator privileges from user terminals
Users can use privileges only for necessary operations according to pre-defined policies
Monitoring privileged behavior

Application control

Set application execution permission or prohibition
Applications not present in the rules can be allowed to run in restricted mode
example)
・Allows the execution of applications, but does not allow operations that require administrator privileges.
・Do not allow applications to communicate with the Internet
・Do not allow applications to access other files

Privilege protection, threat detection

Detects and blocks access to credentials that remain in memory or browsers
Detect and block file access by ransomware

Usage image

By creating a policy, it is possible to control permission/non-permission for operations involving administrator privileges.

architecture

The management console and policy server are provided on SaaS.
Install the EPM agent on the customer terminal.

Features of EPM Agent

It is very lightweight and uses less than 1% CPU on average.
It supports Windows OS and MacOS.
HTTPS/443 communication to the Internet is required from the EPM Agent installation terminal.
Installation does not require OS reboot.

Download materials here

On-demand video available here