EPM contributes in several key ways:

• Reduces the attack surface: By removing unnecessary local admin rights, it limits the potential for attackers to gain control of a system.
• Implements foundational intelligent privilege controls: EPM protects from identity- and privilege-based attacks targeting and originating on endpoint, extending identity security and Zero Trust to endpoint.
• Protects against ransomware: It includes out-of-the-box policies specifically designed to protect against and limit ransomware impact by controlling access to sensitive data.
• Prevents credential theft: It detects and blocks attempts to steal credentials, passwords, and security tokens stored in operating systems and browsers.

CyberArk EPM is an integral part of CyberArk Identity Security Platform:

• True micro-service-based cloud solution
• Single management console and single agent
• Thousands of real implementations, protecting the largest organizations world-wide
• Out-of-the-box templates, policies and frameworks to get you up and running in no time
• CyberArk Blueprint and Success Path frameworks to operationalize best practices and streamline implementation
• Repeatedly recognized by industry analysts as a leading solution

CyberArk EPM provides protection for workstations and servers running on Windows, Windows Server, macOS, and Linux.

EPM offers a comprehensive set of features to secure your endpoints:

• Local Admin Rights Removal: Securely removes standing administrator privileges from users to minimize risk.
• Least Privilege Enforcement: Ensures users and applications only have the permissions necessary to perform their roles.
• Application Control: Uses comprehensive, flexible, policy-based controls with granular ring fencing to allow, elevate, block, or restrict applications. Unknown applications can be run in a “Restricted Mode” (ring-fenced) to prevent them from accessing sensitive resources or the internet.
• Just-In-Time (JIT) Elevation: Allows users to request temporary, audited access to elevated privileges for specific applications or tasks when needed, without granting permanent admin rights.
• Credential Theft Protection: Actively detects and blocks attempts to steal credentials from Windows and popular web browsers.
• Ransomware Protection: Provides dedicated policies to protect against ransomware by controlling file access and blocking common attack patterns.
• Linux Sudo Management and Identity Bridge: Centralizes and simplifies the management of sudo commands on Linux systems to enforce role-specific least privilege at scale. Integrates Linux with centralized accounts in Active Directory (AD-Bridging) and cloud identity providers via open industry protocols (Identity Bridge)

Once local admin rights are removed, EPM automatically and transparently elevates the privileges for trusted applications that require them based on policy, allowing users to remain productive without compromising security and enforcing the least privilege. For unhandled applications, users can request elevated access, which is then audited.

Yes. While bringing a unique vale to the table, EPM is designed to be part of a broader security ecosystem. Thanks to support of open industry standards and integrations with our technology partners It can send unknown applications to threat detection solutions like Palo Alto Networks WildFire®, Check Point, and FireEye for analysis. It also integrates with SIEM platforms through REST APIs to centralize event auditing, complementing tools like Cortex XDR and Cortex XSIAM by providing a foundational layer of privilege security.

EPM is designed for rapid deployment and quick time-to-value. It is delivered as a SaaS solution, which avoids the need for on-premises infrastructure. It also includes a set of out-of-the-box default policies (QuickStart policies) that can be activated with minimal configuration to immediately reduce risk by removing local admin rights, protecting credentials, and guarding against ransomware. CyberArk also offers a tried and proven deployment roadmap called Blueprint created to replicate and scale the success of many enterprise deployments over the years.

EPM helps integrate Linux with centralized accounts in Active Directory or modern cloud-based directories, allowing use of the same directory account for Linux login with strong phishing-resistant MFA and modern authentication methods. EPM also helps centralize and automate the management of sudo rules, eliminating the need for manual, error-prone editing of sudoers files. Using a “Learning Mode,” EPM can discover which privileged commands users need and why, allowing administrators to create and enforce granular, role-based policies for least privilege access across all Linux systems.

Yes. By enforcing the principle of least privilege, removing local admin rights, and providing detailed audit trails of all privileged activity, EPM helps organizations meet the requirements of various federal mandates and industry regulations. It aligns with security frameworks like the NIST Cybersecurity Framework, MITRE ATT&CK®, and supports key tenets of a Zero Trust architecture as outlined by directives like Executive Order (EO) 14028.