ENDPOINT PRIVILEGE MANAGER
Implement Least Privilege, Credential Theft Protections and Application Control at Scale.
Reduce the risk of unmanaged admin access on endpoints.
Implement least privilege to contain malware and other threats by ensuring that Windows and Mac users operate with just the permissions they need and no more.
Improve endpoint stability and reduce the cost of unmanaged admin access with minimal end-user friction.
Meet internal policy and regulatory requirements with comprehensive reporting and a searchable audit trail of permission elevations.
SECURING PRIVILEGE AND CONTAINING
ATTACKS ON THE ENDPOINT
Enforcing privilege security on the endpoint is a fundamental part of your security program, but doing so can impact user and helpdesk productivity. This short video demonstrates how CyberArk Endpoint Privilege Manager helps remove this barrier, adding a critical protection layer to strengthen your existing endpoint security and allowing you to contain attacks at the endpoint.
FEATURES: ENDPOINT PRIVILEGE MANAGER
Lock down privilege on the endpoint and prevent lateral movement.
Remove and manage local admin rights on Windows and Mac workstations and servers to prevent lateral movement. Enable just-in-time elevation and access with full audit of privileged activities.
Endpoint Privilege Manager is designed to prevent attacks that start at the endpoint by removing local admin rights on Windows workstations, servers, and Macs. Endpoint Privilege Manager allows just-in-time elevation and access on a by-request basis with a full audit of privileged activities. Full admin rights or application level access can be granted; access is time limited and can be revoked as needed. Endpoint Privilege Manager helps organizations protect against threats that take advantage of unmanaged local admin access with minimal impact to the end-user.
Detect and block suspected credential theft attempts on Windows workstations and servers. Protect OS, browser and file cache credential stores.
Credential theft plays a major part in any attack. Endpoint Privilege Manager’s advanced credential theft capabilities helps organizations detect and block attempted theft of Windows credentials and those stored by popular web browsers and file cache credential stores.
Automatically block malware including Ransomware from running. Reduce configuration drift on endpoints with minimal end user impact.
With Endpoint Privilege Manager’s Application Control capabilities, IT operations and security teams can allow approved applications to run while blocking malware, including Ransomware. Unknown applications are able to run in ‘Restricted Mode’ which prevents them from accessing corporate resources, sensitive data or the Internet. These applications can also be sent to Endpoint Privilege Manager’s cloud-based Application Analysis Service, which integrates with data feeds from CheckPoint, FireEye, Palo Alto Network, and other services for additional analysis. The solution reduces security risk and configuration drift on endpoints while reducing help desk calls from end users. Based on testing by CyberArk Labs, the removal of local administrator rights combined with application control was 100 percent effective in preventing ransomware from encrypting files.
We needed to critically address three security requirements from a global perspective: least privilege, patch management and application control; CyberArk covers two of these for us very nicely...having CyberArk Endpoint Privilege Manager takes away most of the guesswork for the ‘can I install, should I install this, is this ok?’ kind of questions and it allows us to have a more secure environment.
Laura Melton – Senior Information Technology Associate, College of Architecture, Texas A&M University
THE ENDPOINT SECURITY PUZZLE
Where does Privilege Management fit in?
ENDPOINT DETECTION & RESPONSE
Detect and respond to advanced active attacks on endpoints.
Prevent malware infection using a variety of techniques.
Manage local administrator rights while maintaining user productivity.
Apply application updates to address security issues.
Provides OS level security bug fixes.