Protecting your network by implementing Least Privilege Policy

By Steve Kahan

Cyber breaches and ransomware are a global epidemic. According to SANS:

• 44% admitted one or more of their endpoints had been compromised in the past 24 months.
• 85% of reported breaches involved desktops, 68% involved laptops, and 55% involved servers.
• The most common type of data compromised (49%) was login and access credentials.
• 27% (of detected breaches) were discovered via notification from a third party, such as law enforcement, affected customers or business partners.

Administrative rights and access should be highly protected in any organization. When a user does not have administrative rights, it is very difficult for malicious programs and users to install or run damaging applications that target critical infrastructures. Most vulnerabilities in a network can be mitigated purely by removing all administrative access from your everyday employee.

Unfortunately, in many organizations, administrative credentials are required to run a lot of important applications. Additionally, any time an employee needs to install or update acceptable software, they would need an IT Administrator to login with their credentials to make those system changes. In larger organizations, having an admin provide credentials each time can be extremely taxing on the productivity of the company as a whole.

Typically, in order to skirt this, IT Admins will either provide end users with administrative access or people will write down the admin credentials on a post-it note and pass it around. Both of these can lead to extremely dangerous situations in the event that an endpoint or account is compromised.

That’s where advanced Application Control solutions come in to play. By setting up a system that integrates with your endpoints, and managed in a central location by your IT Administrators, you can allow applications to elevate with privileged credentials based on a set of rules.

How does it work?

Privilege Manager for Windows operates on a simple 3-step policy driven process.

1.) Application Starts: Once an application starts, the installed agent on the endpoint recognizes the process and begins to search for a matching policy.

2.) Policy is Evaluated: Each policy in Privilege Manager for Windows consists of 4 main components:
• Identifying the Application (this is photoshop.exe).
• Inclusion Filters (contextual situations that the policy should apply in “The user running it is a standard user”, “the application is running on a public network”, or “the application was downloaded from”).
• Exclusion Filters (Rules for who this policy shouldn’t apply to “this policy doesn’t apply to any admins”).
• Identifying the Target (What type of machine is this application attempting to run on “Application is running on a Windows Server 2008 machine”).

Once the policy is evaluated, and it’s determined if the policy matches the existing scenario – then actions are applied

3.) Action is applied: Once the agent accepts that the policy applies to the situation, it begins to go through the actions list.
• A few possible actions include, “Elevate this application with administrative privilege” “Isolate this device in a sandbox environment” or “Send a message and request reason for access”

With this extremely simple process, IT Admins can truly unleash an incredibly powerful tool to protect their endpoints.

Start a free trial of Privilege Manager for Windows today.

Source:: Thycotic