Least privilege access control for Unix, Linux and Windows

The biggest challenge organizations face today with regards to their super-user and administrator accounts is understanding who is accessing business-critical systems and information, and when they are accessing them. Compliance regulations require control over privileged accounts to prevent exposure of sensitive information to unauthorized users. CyberArk On-Demand Privileges Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to enforce least privilege policies in order to balance security and compliance requirements with operational and end-user needs. Available for both Unix/Linux, replacing the limited sudo command, and Windows® environments, the product allows for control and continuous monitoring of administrative rights on desktops and servers. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.

CyberArk On-Demand Privileges Manager™ for Unix/Linux is a unified access control product, allowing organizations to control and monitor the commands super-users can run based on their role and task at hand. The solution replaces siloed Unix sudo command with an enterprise-ready, scalable product with unparalleled security as well as enhanced audit capabilities.

CyberArk On-Demand Privileges Manager™ for Windows empowers end-users to perform tasks that require administrative rights in a controlled and fully audited manner. By defining the necessary policies for business users to perform their daily tasks, IT and security teams can achieve the optimal balance between enabling productivity while limiting privileges for security reasons.

  1. Features
  2. Benefits

CyberArk On-Demand Privileges Manager dramatically reduces the usage of privileged rights within an enterprise and enforces ‘least privilege’ policies for administrative rights.

  • Granular access control limits super-user permissions, reducing risk of exposure to abuse or error.
  • Simple policy configuration supports identifying applications to run with elevated rights and defining authentication options for specific users.
  • Flexible policy definitions allow users to be limited to applications, commands or tasks with transparent access for users.
  • Active Directory (AD) Bridge capabilities connects Unix accounts to AD through the CyberArk Solution for integrated authentication and provisioning.
  • Seamless integration with Windows User Account Control (UAC) replaces unnecessary UAC prompts and provides a transparent, superior user experience.
  • Seamless integration with SIEM products allows the enrichment of system-wide audit and event management with insight into privileged account activity.
  • Integration with the CyberArk Shared Technology Platform delivers scalability, high availability, centralized management and audit reporting.
  • Out-of-the-box integration with Privileged Account Security products provides complete management, monitoring, recording and secure single-sign-on for privileged accounts.
  • Minimize data breaches and outages associated with uncontrolled access to super-user and administrator accounts.
  • Comply with regulations by proving to auditors that administrator privileges are managed, controlled, and secure.
  • Enforce least privilege policies by enabling Windows privilege escalation and Unix super-user escalation to enable end-user productivity while ensuring systems are secure.
  • Easily pinpoint critical business system failures with advanced monitoring and reporting tools
  • Enable Unix administrators to centrally manage and provision Unix accounts that are linked to AD through the CyberArk platform
  • Significantly reduce help desk calls and desktop management costs
  • Reduce costs with a single solution for least privileges for Unix, Linux and Windows environments.