Least privilege and application control

Local administrator rights create a large and frequently exploited attack surface, yet many organizations struggle with how to most effectively address this risk. From the business user perspective, removing local administrator rights on endpoints can dramatically reduce the attack surface, but it can also result in unintended productivity tradeoffs and high help desk costs, as users attempt to regain privileges necessary for day-to-day tasks. From the IT administrator perspective, organizations often neglect to limit these privileges, as IT administrators are typically assumed to be known, experienced and trusted. However, this view fails to acknowledge the risks associated with malicious insiders, inexperienced administrators or potentially compromised administrative accounts. Worse, even when organizations do minimize privileges for business users and IT administrators, machines can remain vulnerable to malware that does not require privileges to run.

CyberArk Viewfinity helps organizations reduce the attack surface by removing local administrative privileges for business users, granularly controlling IT administrator privileges on Windows Servers based on role, and seamlessly elevating users’ privileges when necessary and authorized. CyberArk Viewfinity also enables organizations to closely control and monitor all applications within the environment.  Whitelisted applications may seamlessly run, malicious applications can be immediately blocked, and unknown applications can be “greylisted” and restricted, pending further analysis. With CyberArk Viewfinity’s privilege management and application control capabilities, organizations can dramatically reduce the Windows attack surface without frustrating business or IT users.

  1. Features
  2. Benefits
  • Automated policy creation generates privilege elevation and application control policies for business users based on trusted sources
  • Privilege management for IT administrators limits which privileges, scripts and commands administrators may use on Windows Servers based on role
  • On-demand privilege elevation automatically provides users with the privileges necessary to run trusted applications and carry out authorized tasks
  • Application control prevents known malicious applications from entering the environment
  • Integration with VirusTotal and NSRL enables comparison of unknown applications to databases of blacklisted applications in order to quickly identify malicious applications
  • “Restricted Mode” enables unknown applications to safely run on endpoints
  • Integration with Check Point, FireEye and Palo Alto Networks solutions enable the automated analysis of unknown applications
  • Threat detection capabilities can identify the original source and all instances of malicious applications in the environment
  • Automated policy updates block malicious executables from propagating and running on all computers
  • Deployment options include Microsoft Group Policy (GPO), on-premises server and Software-as-a-Service
  • Reduce the attack surface by removing local administrator privileges and preventing malware from entering the organization
  • Enable organizations to remove everyday local administrator privileges from business users without impacting user productivity or driving up help desk costs
  • Enable organizations to segregate duties on Windows Servers to strengthen security and reduce the risk of intentional or accidental damage to critical systems
  • Accelerate time-to-value by automating policy creation for over 90 percent of applications
  • Enable users to seamlessly run whitelisted applications
  • Maintain user productivity while IT teams investigate unknown applications
  • Accelerate threat detection by integrating with automated sandboxing tools such as Check Point, FireEye and Palo Alto Networks solutions
  • Accelerate remediation by providing visibility into every instance of a malicious application in the organization and blocking malware from running
  • Align acquisition and management costs with business needs with several flexible deployment options