Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Privilege Identity Management – A Help Desk Perspective

Posted October 12, 2012    Morey Haber

Help desk technicians within a company are the first line of defensive for a new project or system problem. Most of the time, they are informed and trained that users will be getting a new piece of security software. The solution, in this case, is called Privileged Identity Management (PIM) and is designed to manage authenticated permissions on their workstations. The technology provides administrative rights to applications and operating systems features that require administrative privileges and allows their normal daily job functions to occur as a standard user.

The most frequent questions we hear at BeyondTrust from help desk technician’s are “why are you removing administrator permissions from the end users?” and “How will I support these users when things do not operate like before?”. The answers to these are very simple. As an end user administrative permissions are designed to have complete and unrestricted control of the operating system and applications. In reality, only a subset is ever needed and the excessive permissions can lead to a gaping security hole for malware, configuration issues, and advanced persistent threats. Unfortunately as a help desk technician, you experience these problems all too often. As the solution is deployed, your clients will begin to login as a standard user, and the PIM solution will give them administrative authority to applications and operating system features they need for daily operations. Your role as a help desk technician will be to assist where the escalation rules are missing (or not working) to cover functions that users need for daily business operations.

It is important to understand that there are several reasons your organization is adopting the solution. First, like many businesses, commercial and government identities have regulatory controls that stipulate security controls on sensitive data, personal information, and applications. Your business is no different. Auditors periodically may visit your business and review security procedures, policies, and verify the employees and contractors do not have excessive access to systems and data. Tools like PowerBroker satisfy their requirements by placing a control on permissions while allowing elevation of privileges to personnel when appropriate.

One other consideration is directly related to security and malware. Malware is a superset term that encompasses all forms of malicious programs from viruses, spyware, and ransom-ware all the way through Advanced Persistent Threats (APT). Statistics show that a very large portion of malware infects computers simply based on the user having administrative access to the host. If this access is removed, the malware and its infection are thwarted. As help desk technicians, this burden should be significantly reduced from your daily support calls due to the removal of administrative privileges from your clients. As you have seen, antivirus solutions alone are not up to the latest challenges. To mitigate these threats, the most common denominator for malware is being restricted; its ability to access administrator privileges on the workstations you support.

As with any technology rollout, there are bound to be a few bumps along the way. Remember when you had your first look at the latest version of Windows? Finding where to locate common function was frustrating to many, but it only took a little while to realize it was the same thing but in a different location. PIM is the same way. Your client’s programs and applications will operate the same way, but in some circumstances may request that the end user complete a quick text box explaining why they are using a program or operating system feature. This may sound like an unnecessary step but if they are installing software or administering a phone system or database, management and auditors tend to want to know when and why. These are all part of security best practices and regulatory compliance.

One of the common questions you will receive is that some programs (and operating system features) that worked before no longer function. This is the bump in the road that as a help desk technician you will need to resolve. These may be applications, for which rules have yet to be created for applications that require administrative permissions to run or applications that have been explicitly denied from operating due to their inherent risk or potential threat they represent to the organization.  A simple discussion with the end user, justification for the application or feature, and following established procedures for information technology administrators to create a rule will rectify this type of problem. If the application is rarely ever used, or one time only, then the Challenge Response Passcode feature of PowerBroker for Windowscan provide temporary relief until decisions about a permanent rule are made.

All in all, this project is designed to increase the security of desktops and servers, prohibit common malware from infecting assets, aid in regulatory compliance, and track when sensitive applications are being executed throughout your organization. The process involves changing the way end users login into their computer but is designed to not affect daily job functions. If anything, you will notice end users will have systems that run better because common flaws that can occur as an administrator will simply be avoided.

Securing privileges are crucial to the security and operational well-being of your organization. It is being implemented to provide a safer, more standardized computing environment that can be managed better by the help desk, administrators, and information technology teams. The Help Desk is crucial in making this type of project a success and the benefits it offers. For more information, please visit BeyondTrust.

, , , , , , , ,

Additional articles


6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.


Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

, ,

On Demand Webinar: Security Risk of Mac OS X in the Enterprise

Posted August 20, 2015    BeyondTrust Software

In the last several years, Mac administrators have come to realize that they may be just as vulnerable to exploits and malware as most other operating systems. New malware and adware is released all the time, and there have been serious vulnerabilities patched by Apple in the past several years, some of which may afford attackers full control of your systems.

, ,