BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Control Access and Reduce Risk

Post by Bill Virtue June 14, 2013

In my last blog I discussed bringing the NOC and SOC closer together, providing IT Operations with tools that improve security. This week I’ll go into more specifics of the solution and show how PowerBroker for Windows is used by both IT Operations and Security Operations teams.

The Challenge
Supporting a security principle such as Least Privilege which prescribes that a user only receive the privilege level required to complete authorized tasks can be complex for both IT Operations and Security Operations.

One of the challenges of implementing least privilege is understanding the environment with regard to application management. Questions surface such as, who are the users who need access to certain applications and of those, which [applications] will run without administrator privileges and how do you make these applications available to users who need them?

The Workaround
Applications often require administrative permissions to execute and therefore restrict users without these elevated privileges from accessing them. As a workaround a process is implemented to include administrator rights for users who need access to these applications which opens up other security related concerns. It’s all too common that users have administrator rights on local assets, which puts the entire enterprise at risk.

The Solution
Using PowerBroker for Windows (PBW) allows you to implement a least privilege environment, providing users with access to applications they need without, ‘elevating the user’. PBW reporting provides details which enables an understanding of which application’s required permissions, who is running these applications, how often, and much more. Having this additional context allows you to make more effective security decisions. Reports can be assigned and reviewed by IT / application management and operations teams to determine business needs and rules can be created directly from the PBW Reporting console and implemented by IT, placing them in the PowerBroker GPO snap-in or delivered directly to the client over a secured internet connection.

PowerBroker-img1

PowerBroker for Windows Reporting and Auditing can also be used to identify vulnerability data for applications running in your environment. This allows the Security Operations team to identify risks associated with elevating or even allowing to run applications on your endpoints or servers.

PowerBroker-Events-Img2

 

Summary
BeyondTrust’s Context Aware Security Intelligence delivers a unique and powerful perspective to allow IT Operations and Security Operations teams to collaborate using a business-oriented approach to providing access to applications while promoting a secure environment.

About BeyondTrust
At BeyondTrust, we offer a well-rounded suite of products that fit nicely into your current infrastructure and help you accomplish these steps in a single platform. Imagine being able to provide the required rights of an application or seeing what software users have installed post image. And, before you do anything with an application, determine how safe it is before it executes in your organization; PowerBroker for Windows does this.

As an information technology security professional, you may want a full scan of your enterprise for vulnerabilities, and package updates to be pushed out via SCCM or WSUS; these can be done with Retina.

Finally, there may be a requirement to audit changes made to Active Directory, Exchange, or even MS SQL, and quickly roll back changes that may be accidental; PowerBroker Auditor is a great solution for this.

For more information on how BeyondTrust can solve these problems, and many more, please visit us on the web.

Tags:
, , , , , ,

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,