Least Privilege and Application Control
Least Privilege means to give access to a user the bare minimum privileges required to perform their tasks. This also means that only users that are required to access a particular resource have access to it.
Application control is a practice that blocks or restricts applications from executing in ways that puts data at risk. The controls vary based on the application and also the business purpose. At a macro level, application control includes
- Ensuring the input data is accurate, complete and valid
- Ensuring the internal processes produce the expected results
- Ensuring the output and the reports and protected from unauthorized disclosure
- Ensuring the users have access only to applications that they are authorized to use
This means that the application control ensures CIA (Confidentiality, Integrity and Availability) of the application and the data associated with it.
Example of a Power User Security Breach
Power user security breach is one of the most sensitive aspects of an organization. Many a times unintentional actions can result in serious security breaches. For example, if a user who has admin privileges can unintentionally install a software that has malware or virus in it. Some software installs can also cause network outage with increase in network activity which results in system/network outages (Ex :- Melissa virus in the 2000’s)
How does Least Privilege and Application Control Work?
With the advent of cloud computing, the biggest challenges companies face is to monitor and control data security threats and vulnerabilities while still operating efficiently. This is where least privilege and application control work in tandem. Consider a real world scenario, where a normal user on a regular basis requires to install software or change settings on the system which requires administrative privileges. Normal users should not have the administrative privileges, but most organizations give access to the users to reduce sys-admin overhead. But this is a potential security risk. But with our solution of Cyberark viewfinity, we can elevate the admin privileges on demand and also give access only to the software which the user wants and is accepted by the organizational controls. This ensures that
- The user privileges can automatically be withdrawn post a particular process
- The user installs only approved software that is listed by the organization
- Privilege accounts are not compromised
Our Execution Process
We at Unique performance can help organizations in variety of ways. Our process and system implementation can be customized based on the customer requirements and the infrastructure. The following would be our typical steps
- Step 1: We install the software either at the customer premises or on the cloud.
- Step 2 : We install a small agent software on the customer end points/end user systems.
- Step 3 : We monitor users on policy elevation and application control. This is done in a non-intrusive way and does not affect the day to day operations of the users or the organization.
- Step 4: Once all the required details are collected, we discuss our findings with the IT team and the CTO to decide on the privileges and applications required. We suggest a plan of action and some applications that might be useful based on our experience.
- Step 5 : We agree on the process with the stakeholders and configure the privileges and the applications. We ensure that all of these are in line with the organization policy.
Platforms Supported
Windows Desktop:
- Windows (32-bit/64-bits supported),
- Windows Vista SP1
- Windows 7 32-bit & 64-bit
- Windows 8 32-bit & 64-bit
- Windows 8.1 32-bit & 64-bit
- Windows 10
Windows Server:
- Windows Server 2003 SP2 32-bit & 64-bit
- Windows Server 2008 32-bit & 64-bit
- Windows Server 2008 R2 64-bit
- Windows Server 2012
- Windows Server 2012 R2
Comprehensive Application Support:
- Executable
- MSI, MSU
- Administrative Tasks
- Management console snap-ins
- Scripts
- Registry settings
- ActiveX controls
- COM objects
- Web Applications
Deployment Options:
- Microsoft Group Policy (GPO)
- On-premises server
- Software-as-a-Service
Flexible and Secure Application Rules:
- File path matching
- Command line matching
- File hashing (SHA-1)
- Product and file information
- Trusted publisher
- Trusted Source SCCM
- Trusted Software Distribution system
- Trusted Updater
- Trusted Network
- Trusted Computer image
- Trusted AD group
- Trusted product
Want Visibility & Control?
Request on-demand demo to learn more on endpoint security and how to eliminate administrative overhead while ensuring security
Resources
Brochures and Datasheets:
CyberArk Viewfinity
