Behind the Scenes: Endpoint Protection in the Cloud

June 7, 2019 | Views: 2918

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This post originally appeared on “The Lockdown” , Thycotics Cyber Security Publication

The cloud has certainly been a game changer, driving innovation and growth. Companies that adopted cloud services experienced a 20.7% average improvement in time to market, 18.8% average increase in process efficiency and a 15% reduction in IT spending. Together, these benefits led to a 19.6% increase in company growth.

These savings and benefits, among many others, are driving 90% of companies to have some portion of their portfolio in the cloud by the end of the year. Yet, when it comes to security technologies, the transition seems to be slower. Within the Privileged Access Management (PAM) space, in particular, Gartner predicts only 30% of deployments will be in the cloud by the end of this year. Though this shift may be a bit lagging on the security side, it is clearly the wave of the future. When a large consumer products enterprise with an aggressive cloud-first strategy came to Thycotic looking for a cloud solution to secure their endpoints, we jumped at the opportunity.

Like most of our customers, this retail giant was seeking to improve their security posture by removing administrative privileges from more than 40,000 endpoints. The reason is simple. When logged in as an admin, every application running has unlimited access to that computer. If malicious code gets executed from a program or browsing to a site automatically downloads something malicious, that application also gains unlimited access. So, managing privileged accounts, which includes local admin and root accounts, is a necessary element of a successful cyber security strategy – especially on endpoints. Does this endpoint problem sound familiar?

Unlike the bulk of our customers (though we see an increasing number) this large organization was seeking a cloud-based solution first and foremost—executing on their corporate-wide cloud-first strategy. Why the emphasis on a cloud-first strategy? Global enterprises with customers around the world, like this one, benefit greatly from the assurance of georedundancy found with a cloud PAM solution provided as a scalable service. Cloud is also synonymous with high availability which means 99.9% uptime. In addition, they required a solution with the ability to scale easily to match the growth of their privileged accounts, applications and users, without losing control or slowing down other resources.

This last point is critical. In the competitive world of consumer products, the productivity of business users is paramount. No level of business disruption or slow-down is acceptable—even if it comes at the expense of security. When companies remove local administrative privileges from business users without considering the downstream impact, there is great potential for end-user disruption. Suddenly unable to download applications, run programs, install printers or make other system changes, users can become confused, frustrated and unproductive. Those frustrations are going to land squarely on the plate of the IT desktop and support team.

For this reason, application control was a key part of their evaluation. Application control works behind the scenes to enable the applications users need to do their jobs without requiring local admin rights. For most tasks, users experience no change and there is no impact on the helpdesk. This type of control prevents programs not on approved lists from running and provides users attempting to run them with a message box to ask for approval. This is also customized to explain why an application or program was denied and what users need to do to justify their request.

The team chose to take a 3-stage approach to rolling out Privilege Manager to better ensure minimal impact to business users. First, they began by monitoring and taking an audit of endpoints being used. Second, they entered “teaching mode” during which time they defined and built policies based on their analysis of their initial audits. Finally, they automated whitelisting and blacklisting on end user devices and ensured unknown applications have an automated path towards approval.

Ease-of-use for their helpdesk team was also an important factor in choosing the right solution. This staged rollout allows this team to become familiar with Privilege Manager as well as respond to requests easily using an intuitive interface. As more applications are reviewed and added to global application control policies there will be less need for the helpdesk to respond to user requests.

Successfully implementing a least privilege security model and controlling rights on endpoints can seem like a daunting task. But it doesn’t need to be difficult, not even for an organization managing hundreds of thousands of endpoints. Scalable across hundreds of thousands of machines – Privilege Manager is easily installed so large enterprise organizations, like the one in this article, can complete installation on all endpoints without causing disruption. Privilege Manager automatically removes admin rights from domain and non-domain managed endpoints, including hidden or hard-coded credentials. Machines in large deployments can simultaneously communicate with Privilege Manager, check policies and execute application control 24/7, and manage through a single, streamlined dashboard.

Privilege Manager makes it possible for companies to implement least privilege policies and protect endpoints in large, diverse deployments, and manage them more effectively than ever before. Want scalable least privilege policy without the pain? Get started with a free Privilege Manager trial – now available in the cloud.
For more content like this, check out Thycotic’s Cybersecurity Publication!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. Nice article

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel