Least privilege access control for UNIX, Linux and Windows

The biggest challenge organizations face today with regards to their super-user and administrator accounts is understanding who is accessing business-critical systems and information, and when they are accessing them. Compliance regulations require control over privileged accounts to prevent exposure of sensitive information to unauthorized users. CyberArk On-Demand Privileges Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to balance security and compliance requirements with operational and end-user needs. Available for both Unix/Linux and Windows® environments, the product allows for control and continuous monitoring of administrative rights on desktops and servers. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting. CyberArk On-Demand Privileges Manager™ for Unix/Linux is a unified access control product, allowing organizations to control and monitor the commands super-users can run based on their role and task at hand. The solution replaces siloed SUDO solutions with an enterprise-ready, scalable product with unparalleled security as well as enhanced audit capabilities. CyberArk On-Demand Privileges Manager™ for Windows empowers end-users to perform tasks that require administrative rights in a controlled and fully audited manner. By defining the necessary policies for business users to perform their daily tasks, IT and security teams can achieve the optimal balance between enabling productivity while limiting privileges for security reasons.

  1. Features
  2. Benefits

CyberArk On-Demand Privileges Manager dramatically reduces the usage of privileged rights within an enterprise and enforces ‘least privilege’ policies for administrative rights.

  • Granular access control limits super-user permissions, reducing risk of exposure to abuse or error.
  • Simple policy configuration supports identifying applications to run with elevated rights and defining authentication options for specific users.
  • Flexible policy definitions allow users to be limited to applications, commands or tasks with transparent access for users.
  • Seamless integration with Windows User Account Control (UAC) replaces unnecessary UAC prompts and provides a transparent, superior user experience.
  • Application control with the ability to pre-define white list applications allows only trusted applications to run and be installed.
  • Seamless integration with SIEM products allows the enrichment of system-wide audit and event management with insight into privileged account activity.
  • Integration with the CyberArk Shared Technology Platform delivers scalability, high availability, centralized management and audit reporting.
  • Out-of-the-box integration with Privileged Account Security products provides complete management, monitoring, recording and secure single-sign-on for privileged accounts.
  • Minimize data breaches and outages associated with uncontrolled access to super-user and administrator accounts.
  • Comply with regulations by proving to auditors that administrator privileges are managed, controlled, and secure.
  • Easily pinpoint critical business system failures with advanced monitoring and reporting tools
  • Significantly reduce help desk calls and desktop management costs
  • Control application accessibility across the enterprise so that only trusted applications can be run and installed while blocking others.
  • Reduce costs with a single solution for least privileges for Unix, Linux and Windows environments.