Facing a myriad of risks including the proliferation of malware and successful phishing, organizations continually look for ways to strengthen security and more effectively manage local admin rights on endpoints.
Finding the right balance is a challenge for organizations as they consider the best options to mitigate the risk of a breach. The goal is to reduce the attack surface without disrupting the authorized day-to-day tasks of business users. If an organization entirely removes local admin rights from users, then users are frequently prevented from accomplishing certain tasks necessary in their day-to-day jobs. This leads to frustrated end users, an overwhelmed support team and high help desk costs. If an organization allows users to maintain local admin rights, the machine, and the network by default, are open to a range of attacks.Given the tradeoffs, organizations often struggle with how to best balance security needs with productivity and usability requirements.
In a short video, CyberArk’s Lauren Horaist, senior product marketing manager, weighs the pros and cons of the options to manage local admin rights. She also explains how CyberArk Viewfinity enables organizations to enforce flexible least privilege policies for business and administrative users, as well as control what applications are allowed to run. Using CyberArk Viewfinity, organizations can revoke everyday local administrator privileges from business users while seamlessly elevating privileges when required by trusted applications.
Editor’s Note: CyberArk Viewfinity with enhanced protection is now CyberArk Endpoint Privilege Manager.