SlideShare a Scribd company logo

10 Steps to Better Windows Privileged Access Management

BeyondTrust, profile picture
BeyondTrust

This document discusses best practices for managing Windows privileged access, focusing on the risks associated with privileged accounts and the necessity for effective access controls. It emphasizes the importance of identifying privileged users, implementing granular authorization, and auditing access to mitigate insider threats and external attacks. Additionally, it outlines ten steps for enhancing privileged access management and highlights solutions for minimizing risks while maintaining productivity.

Software
Related topics:
Privileged Access Management
1 of 42
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
1 0 S T E P S T O B E T T E R W I N D O W S P R I V I L E G E D A C C E S S M A N A G E M E N T W I T H D E R E K A . S M I T H
INTRODUCTION
WHAT IS PRIVILEGED ACCESS MANAGEMENT? • In this presentation we will cover the best practices of Windows privileged access management (PAM). • Privileged access management is the creation and enforcement of controls over users, systems and accounts that have elevated or “privileged” entitlements—examples: admin or root accounts, application accounts.. • Many public breaches are due to the compromising of privileged accounts. External hackers and insider threats seek out and exploit shared or privileged accounts because of the entitlements they hold as “keys to the kingdom.” • Privileged access management technologies focus on providing granular authorization of users to systems and accounts, auditing and recording attempts to access, as well as vaulting and rotating the privileged account’s credentials including passwords or key/token-based authentication.
WHAT ARE PRIVILEGED WINDOWS ACCOUNTS • MicrosoftWindows privileged accounts include admin accounts,Active Directory service accounts, and domain admin accounts • "Privileged" accounts and groups in Active Directory are those to which powerful rights, privileges, and permissions are granted that allow them to perform nearly any action in Active Directory and on domain-joined systems. • Windows admin accounts are highly targeted due to their broad access and privileges, giving rise to insider threats and advanced persistent threats (APTs) onWindow Servers. • Additionally, regulatory frameworks require audits of users who have access to sensitive information and how their account privileges are used.
WHAT ARE PRIVILEGED WINDOWS ACCOUNTS CONT. • In an organization, there are different types of windows privileged accounts, categorized by the task they perform: – administrative accounts (have access to all standard privileged processes); – system accounts (are integrated into applications or systems, e.g.Windows or Linux); – operational accounts (include shared accounts for software administration or installation and service accounts for remote access to systems). • Companies should be aware of possible outsider and insider attacks on these accounts and strive to improve control measures for users with privileged access permissions.
8 D I F F E R E N T M E T H O D S T O I D E N T I F Y W I N D O W S P R I V I L E G E D U S E R S
1. MEMBERS OF PRIVILEGED GROUPS • Active Directory has built-in privileged groups for privileged accounts; this is an obvious place to start.These groups are;“Administrators”,“Domain Admins”,“Enterprise Admins”,“Schema Admins”,“DnsAdmins” and “Group Policy Creator Owners”. Other places to look are Local Administrator Groups on client systems. • A few of the built-in privileged groups can be located in the “Built-in” container, while others are in the “Users” container.The “DS Restore Mode Administrator” privileged account is not stored in Active Directory.
Figure 1: Privileged users in the Administrators group
2. PRIVILEGES TO ADMINISTER ORGANIZATIONAL UNITS • Permissions in parent OUs spread down to child organizational units, groups, users and other objects. So, if a user has been provided full control on an organizational unit, that user has privileges equal to an administrator. For example, if User1 is given “Full Control” on “Users” (a default Organizational Unit), then User1 has more privileges than a Domain Administrator. • If “Everyone” has full control on the root “Built-in”,it means that every user in your IT infrastructure has domain administrative privileges.
In this image, “Test2” user and “Everyone’ has full control on “Users” Organizational Unit, default container. Similarly, you can check permissions on all organizational units and prepare a list of users who have delegated permissions on
3. LOCAL ADMIN OR OTHER USERS WITH PRIVILEGES ASSIGNED FROM GPO • Instead of having direct privileged access within Active Directory, there are some accounts that receive administrative privileges. If a user has access to the Local Administrator account of a Domain Controller then that user has rights equivalent to a Domain Administrator. • Outside Active Directory, there can be users who have been provided Admin-like privileges through Group Policy Objects.Any privileged user or administrator can modify “Computer Configuration” “Policies” “Windows Settings” “Security Settings” “Local Policies” “User Rights Assignment” to provide administrative privileges to other users. • There are third party PowerShell scripts available that can provide you a list of users with their rights. It is recommended to use a script only from a trusted source.
Figure 3: Users with Delegated Permissions on OU
4. USERS WHO HAVE PASSWORD RESET AUTHORITY OVER OTHER USERS • Another type of privileged user is one that has authority to reset other users’ passwords. There are some applications that let a user delegate password resets to another user. If the password reset permission is delegated through Active Directory, you have to browse the permissions of a user account to check which other users have the permission to reset the password.
In this image, “User2” has “Reset Password” permission on “User1”. It means “User2” can reset a password on behalf of “User1”.
5. USERS WHO HAVE KNOWLEDGE OF ANY PRIVILEGED SERVICE ACCOUNT • Privileged service accounts, including those used for Exchange Server, SQL Server and for creating backups, have some level of elevated privileges on the computers on which those accounts are used. • So, if someone has knowledge of a privileged account’s credentials, that service account can be used maliciously. • Domain controllers are at even more of a risk as an unauthorized user can get administrative access to a domain. • To know if someone is misusing a service account you will have to audit the logon of each service account.
6. USERS WITH WRITE ACCESS TO GPOS APPLIED TO IMPORTANT COMPUTERS • Specific group policies can be created for any computer in the network. • Such computer related Group Policy Objects are crucial only for the domain controllers and for those computers that host server applications with domain-privileged access. • If a user has privileges to write to such important GPOs, then that user account is also a privileged user.
In this image, “User1” has “Edit settings, delete, modify security” rights and “User2” has “Edit settings” rights.
7. USER WHO HAVE ACCESS TO ACTIVE DIRECTORY MANAGEMENT APPLICATIONS • Many organizations use third-party Active Directory management solutions to simplify and improve the management tasks.These solutions either use a service or proxy account with privileged access to manage Active Directory, or use accounts that are granted elevated privileges by some other means (such as membership in a built-in privileged group or OU-based permissions). • Depending on the level of delegation, gaining control over an account like this one is just as good as being a Domain Admin. • To find out who has access to such accounts, you will have to enlist all relevant applications in the network, then identify all service or proxy accounts with privileged access that these applications are using.You can enable “Audit Directory Service Access” group policy to monitor what these accounts are doing. • As far as misuse of the Active Directory management solution itself is concerned, you will have to ensure that it has a built-in audit trail to monitor inappropriate use.
8. USERS WHO HAVE ADMIN LEVEL ACCESS TO VIRTUAL INFRASTRUCTURE • Users who manage virtual environments that host domain controllers or member servers have the same privileges as those with administrative access to desktops. For example, if you are managing Hyper-V, members of the Hyper-V Administrators local group have administrator level access on the host operating system. • You should identify which accounts have privileged access to your virtual infrastructure, either by checking Local Admin groups on a given domain controller/server or by looking for privileged access within the virtual environment itself.
• Knowing who the privileged users in your IT environment are is the first step towards securing your company’s network from privileged abuse. By regularly assessing the current state of Active Directory’s user rights, permissions and delegations, you can mitigate the risk of privileged abuse.
W I N D O W S A C C O U N T S S E C U R I T Y C H A L L E N G E S
WHAT’S THE CHALLENGE? • MicrosoftWindows privileged accounts, including admin accounts,Active Directory service accounts, and domain admin accounts are prime targets for outside hackers and malicious insiders seeking to escalate privileges once endpoints are compromised.
PRIVILEGED ACCESS CONTINUES TO FACE THREE PRIMARY CHALLENGES: 1. Privileged accounts have the permissions and entitlements that, if in the wrong hands, allow an attacker to access and steal sensitive data. But organizations have struggled to control access because, historically, these accounts and their passwords are shared across multiple individuals. 2. Privileged accounts are often over-granted entitlements to perform key activities like configure, operate or maintain the underlying systems—so, removing or blocking access to these accounts is not a feasible option. Emerging best practices are now advocating to separate these into a more granular set of capabilities. 3. To validate the effectiveness and worth of restraining access, many organizations need to first discover what privileged accounts are in their environment and then implement a solution that satisfies audit, security and compliance concerns without disrupting operational efficiency.
GLOBAL PAM SURVEY RECAP
THE IMPORTANCE OF MANAGING PRIVILEGED ACCESS IN WINDOWS • Undiscovered and unprotected Windows privileged accounts and vulnerable endpoints are everywhere on servers and desktops throughout organizations worldwide.They represent one of the most significant attack surface vulnerabilities of IT systems. • Privileged user accounts have unrestricted access to all critical servers, applications and databases in an organization.They also have the permissions to add, remove or manage user profiles.With this in mind, it’s easy to see how such accounts can be misused. • Privileged accounts are those which are assigned comparatively more permissions than a normal user account.To address any potential issues with security, a systematic method is required to identify users with excessive privileges. • The best way to create a list of privileged users is by going through Active Directory Users and Computers and the Group Policy Management Console.
THE RISK OF WINDOWS LOCAL ADMINISTRATOR ACCOUNTS • Windows local admin accounts are a security problem for every organization because one set of login credentials is typically used by many IT administrators. • This can make it difficult or even impossible to implement an identity access management policy because organizations cannot track who is gaining access to what network equipment at any given time.These accounts are everywhere – Windows workstations, servers, and even your laptop fleet. • An attacker, or even a local malicious user, browsing around on a workstation they have administrator access to might be able to discover their own local administrator password (using the local SAM accounts, and some password dumping tools like mimikatz, impacket or whatever). • This, of course, is a major security issue.
ACTIVE DIRECTORY DOMAIN ADMIN ACCOUNTS VULNERABLE TO ATTACKS • Windows server administrators need to use domain admin (DA) accounts to perform standard administrative tasks. • Ideally,AD domain admin accounts should only be used when privilege is required (admins should not run as a domain admin for their regular AD account) and they should only be used by a single administrator for accountability.
ACTIVE DIRECTORY DOMAIN ADMIN ACCOUNTS VULNERABLE TO ATTACKS CONT. • Also, these accounts are highly susceptible to Pass-the-Hash attacks because their passwords are not frequently changed.This gives attackers domain admin access across the network. • A Pass-the-Hash attack is where an attacker captures and uses the plain text hash of a user’s password instead of their plain text password. It allows an attacker to impersonate another user, typically a privileged account.This type of attack can affect ANY network usingWindows machines. For the attacker, the advantage getting a hash instead of the password is it can be done without a brute-force attack, which is not as effective and takes a lot more time. • To protect these accounts, privilege management is very important.Access should be controlled and audited, and passwords must be changed frequently to prevent Pass the Hash attacks – ideally after each usage of the account.
HOW ATTACKERS COMPROMISE WINDOWS PRIVILEGED ACCOUNTS • In many cases, user credentials are stolen via phishing campaigns. Oftentimes, the attacks are highly sophisticated and highly targeted. Individual users are selected and a campaign is developed to fool them into visiting a malicious website and downloading malware or opening an infected email attachment. • Information about the target is obtained via social media networks such as Facebook,Twitter, or LinkedIn.Their contacts are identified, and a phishing email is either sent from a hacked colleagues account or is masked to make it appear that it has been sent from a trusted individual. • All too often a sophisticated attack is not necessary. If malware can be installed on just one single computer, shared-privilege accounts can be used to gain access to a wide range of systems.
HOW PAM MAKES WINDOWS SECURE
WHAT PROBLEMS PAM CAN HELP SOLVE IN YOUR WINDOWS ENVIRONMENT • Protecting against the hacking of privileged accounts is difficult. It is not possible to eliminate privileged accounts as they essential to the functioning of the business. Since these accounts cannot be eliminated, efforts must be made to make accounts more secure. Unfortunately, the management of privileged accounts is complicated and is difficult to automate. • A survey recently conducted by Dimensional Research/Dell highlights the extent of the current problem. 560 IT professionals were asked about privileged access management and 41% revealed that they did not use any software at all or rely on Excel or other spreadsheet software packages to manage their accounts. • Fewer than half of respondents did not log or monitor privileged account access. 23% did not have a defined account management process. 28% did not have a defined process for changing default passwords on new equipment and software. Passwords were also found not to be changed frequently. Only a quarter of organizations changed admin passwords every month.
WHAT PROBLEMS PAM CAN HELP SOLVE IN YOUR WINDOWS ENVIRONMENT CONT. • A real concern for enterprises today is resource access within an Active Directory environment. Particularly troubling are: – Vulnerabilities. – Unauthorized privilege escalations. – Pass-the-hash. – Pass-the-ticket. – spear phishing. – Kerberos compromises. – Other attacks. • Today, it’s too easy for attackers to obtain Domain Admins account credentials, and it’s too hard to discover these attacks after the fact.The goal of PAM is to reduce opportunities for malicious users to get access, while increasing your control and awareness of the environment. • PAM makes it harder for attackers to penetrate a network and obtain privileged account access. – PAM adds protection to privileged groups that control access across a range of domain-joined computers and applications on those computers. – It also adds more monitoring, more visibility, and more fine-grained controls. This allows organizations to see who their privileged administrators are and what are they doing. – PAM gives organizations more insight into how administrative accounts are used in the environment.
2 KEY GOALS • Lock down your Windows applications and endpoints – Organizations today need to lock down desktops for better security, stability, and lower management costs.That means removing IT admin privileges available to business users to lower risk, and limiting privileges for IT admins to improve security. • Stop endpoint exploits such as malware and ransomware across your Windows environments – Provide comprehensive endpoint privilege management and security solutions. – Assure least privilege application control. – Enable administrative user group management. – Deliver security compliance remediation.
10 STEPS TO BETTER WINDOWS PRIVILEGED ACCESS MANAGEMENT • Step #1: Make a List of All Windows Privileged Access Accounts • Step #2: Don’t Share Passwords for Shared Accounts • Step #3: Use as Few Privileged Accounts as Possible • Step #4: Minimize the Number of Rights for Each Privileged Account • Step #5: Manage Passwords Properly • Step #6: Separate Privileges for Specific Tasks • Step #7: Practice Privilege Elevation Instead of Assigning Superuser Privileges • Step #8: Use One-Time Passwords • Step #9: Use Two-Factor Authentication • Step #10: Record Privileged User Sessions
BEYOND TRUST SOLUTION TO THE PROBLEM
PowerBroker for Windows Privilege Management for Windows Servers and Desktops
Windows Management Challenges ➢Too Many Administrators ➢Breach Prevention ➢High Compliance Costs ➢Privilege Abuse ➢User Productivity How do you deal with removing user rights without obstructing productivity or overburdening the Help Desk?
Windows Management Challenges ➢ Organizations increasingly recognize that properly securing and controlling privileged credentials ranks as one of the best lines of defense against attacks from external hackers as well as from insiders. ➢ For optimal results, privilege management solutions should protect organizations at all stages of the cyber kill chain by implementing comprehensive layers of control, audit and analysis.
➢ Too Many Administrators ➢ Breach Prevention ➢ High Compliance Costs ➢ Privilege Abuse ➢ User Productivity Challenges ➢ Limit Exposure ➢ Minimize Impact ➢ Reduce Costs ➢ Limit Exposure ➢ Lower TCO Benefits PowerBroker for Windows 1. Reduce the attack surface by limiting the use of privileged accounts and by controlling access to shared privileged accounts across the enterprise 2. Monitor privileged user, session, and file activities for unauthorized access and/or changes to key files and directories 3. Analyze asset and user behavior to detect suspicious and/or malicious activities of insiders and/or compromised accounts ➢ Reduce the Attack Surface ➢ Detect & Respond to Events ➢ Automate Compliance ➢ Ensure Appropriate Use ➢ Enhance User Productivity BeyondTrust
PowerBroker for Windows Security Layer Challenge Benefit Fine Grained Access Enforcement ➢ Least Privilege Adoption ➢ Removing administrator access without impacting productivity ✓ Helps organizations realize the benefits of least privilege faster and with less complexity. ✓ Elevate privileges to applications, not users, on an as-needed basis without exposing passwords ✓ Enforce least-privilege access based on an application’s known vulnerabilities ✓ Track and control applications with known vulnerabilities or malware to further protect endpoints Session Recording ➢ Cost of Compliance ➢ Ensuring Appropriate use if privileges ✓ Gain visibility through detailed event logs and session recording capabilities and control through automated, secure logging with searchable playback ✓ Satisfy compliance/internal security standards through automated gathering of necessary data Remote Host Execution ✓ Enhance user productivity User Behavior Monitoring ➢ Ensuring appropriate use and detecting compromised account activity ✓ Gain unmatched visibility into privileged user activity with centralized analytics and reporting Child Process Monitoring & Control ➢ Back door access ✓ Close back door access File Integrity Monitoring ✓ Protect critical files from malware & privilege misuse Dynamic Threat Based Access & Audit ✓ Dynamically adjust access policies based on asset and user risk Active Threat Response Gateway ✓ Immediately respond to events by reducing or quarantining access
Endpoint Privilege Management Remove excessive user privileges and control applications on endpoints WINDOWS | MAC Enterprise Password Security Provide accountability and control over privileged credentials and sessions APPS | DATABASES | DEVICES SSH KEYS | CLOUD | VIRTUAL Server Privilege Management Control, audit and simplify access for DevOps and business-critical systems UNIX | LINUX | WINDOWS ASSET & ACCOUNT DISCOVERY THREAT & VULNERABILITY INTELLIGENCE & BEHAVIORAL ANALYTICS REPORTING & CONNECTORS POLICY & ACTION RESPONSE THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM BeyondInsight
Quick Poll + Q&A Thank you for attending!

More Related Content

PDF
Securing DevOps through Privileged Access Management
BeyondTrust
 
PPTX
Privileged Access Management - 2016
Lance Peterman
 
PDF
The Essentials | Privileged Access Management
Ryan Gallavin
 
PDF
Privileged identity management
Nis
 
PDF
8-step Guide to Administering Windows without Domain Admin Privileges
BeyondTrust
 
PDF
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
Ryan Gallavin
 
PPTX
CyberArk
Jimmy Sze
 
PDF
Secure Management of Privileged Passwords
Hitachi ID Systems, Inc.
 
Securing DevOps through Privileged Access Management
BeyondTrust
 
Privileged Access Management - 2016
Lance Peterman
 
The Essentials | Privileged Access Management
Ryan Gallavin
 
Privileged identity management
Nis
 
8-step Guide to Administering Windows without Domain Admin Privileges
BeyondTrust
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
Ryan Gallavin
 
CyberArk
Jimmy Sze
 
Secure Management of Privileged Passwords
Hitachi ID Systems, Inc.
 

What's hot (20)

PDF
Managing privileged account security
Raleigh ISSA
 
PPTX
Privileged Access Management (PAM)
danb02
 
PDF
Privleged Access Management
Lance Peterman
 
PPTX
Con8813 securing privileged accounts with an integrated idm solution - final
OracleIDM
 
PDF
Privileged Access Manager POC Guidelines
Hitachi ID Systems, Inc.
 
PPTX
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
PPTX
Dell Quest TPAM Privileged Access Control
Aidy Tificate
 
PDF
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
 
PPS
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
PDF
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
PPTX
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
 
PDF
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
 
PDF
Presentazione-CyberArk-MDM-v3
Marco Di Martino
 
PPTX
How to Build Security and Risk Management into Agile Environments
danb02
 
PDF
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
PDF
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
Micro Focus
 
PPTX
"EL ATAQUE INTERNO"
Jose Luis Balbiano
 
PDF
CyberArk Cleveland Defend Multi-Factor
Chad Bowerman
 
PDF
SAP Identity Management Overview
SAP Technology
 
PDF
The ultimate guide to cloud computing security-Hire cloud expert
Chapter247 Infotech
 
Managing privileged account security
Raleigh ISSA
 
Privileged Access Management (PAM)
danb02
 
Privleged Access Management
Lance Peterman
 
Con8813 securing privileged accounts with an integrated idm solution - final
OracleIDM
 
Privileged Access Manager POC Guidelines
Hitachi ID Systems, Inc.
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
Dell Quest TPAM Privileged Access Control
Aidy Tificate
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
 
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
 
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
 
Presentazione-CyberArk-MDM-v3
Marco Di Martino
 
How to Build Security and Risk Management into Agile Environments
danb02
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
Micro Focus
 
"EL ATAQUE INTERNO"
Jose Luis Balbiano
 
CyberArk Cleveland Defend Multi-Factor
Chad Bowerman
 
SAP Identity Management Overview
SAP Technology
 
The ultimate guide to cloud computing security-Hire cloud expert
Chapter247 Infotech
 
Ad

Similar to 10 Steps to Better Windows Privileged Access Management (20)

PPTX
Essential Security Control Implementation in IT
Professor Lili Saghafi
 
PPTX
Chapter 7
Seth Nurul
 
PDF
Privileged Access Manager Product Q&A
Hitachi ID Systems, Inc.
 
PPTX
Best practices for security and governance in share point 2013 published
AntonioMaio2
 
PPTX
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
PPTX
Operationalzing ThousandEyes in your Organization.pptx
rbudavari
 
PPTX
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
AntonioMaio2
 
PPTX
Monitoring & Administerng System & Network Security.pptx
aytenewbelay1
 
PDF
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
Lisa Niles
 
PPTX
UNIT 2_UserManagementwqqwwwww112w21a2.pdqwdptx
abayneh19
 
PDF
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CloudIDSummit
 
PPT
Data base security
Sara Nazir
 
DOCX
Network administration and support
Manas Rai
 
PPTX
database Security for data security .pptx
KarimAhmed722436
 
PPTX
Cyber Security # Lec 5
Kabul Education University
 
PPTX
Users and groups in xp
Rauf Wani
 
PPTX
SAP hybris - User Account Management
Zhuo Huang
 
PPT
4_5949547032388570388.ppt
MohammedMohammed578197
 
PDF
5 Reasons to Always Keep an Eye on Privileged Business Accounts
AnayaGrewal
 
PPTX
Module 3- Managing Active Directory Domain Service Objects .pptx
HassanAhmadAbubakar1
 
Essential Security Control Implementation in IT
Professor Lili Saghafi
 
Chapter 7
Seth Nurul
 
Privileged Access Manager Product Q&A
Hitachi ID Systems, Inc.
 
Best practices for security and governance in share point 2013 published
AntonioMaio2
 
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
Operationalzing ThousandEyes in your Organization.pptx
rbudavari
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
AntonioMaio2
 
Monitoring & Administerng System & Network Security.pptx
aytenewbelay1
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
Lisa Niles
 
UNIT 2_UserManagementwqqwwwww112w21a2.pdqwdptx
abayneh19
 
CIS13: Managing the Keys to the Kingdom: Next-Gen Role-based Access Control a...
CloudIDSummit
 
Data base security
Sara Nazir
 
Network administration and support
Manas Rai
 
database Security for data security .pptx
KarimAhmed722436
 
Cyber Security # Lec 5
Kabul Education University
 
Users and groups in xp
Rauf Wani
 
SAP hybris - User Account Management
Zhuo Huang
 
4_5949547032388570388.ppt
MohammedMohammed578197
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
AnayaGrewal
 
Module 3- Managing Active Directory Domain Service Objects .pptx
HassanAhmadAbubakar1
 
Ad

More from BeyondTrust (20)

PDF
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 
PDF
5 Steps to Privilege Readiness (infographic)
BeyondTrust
 
PDF
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
PDF
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
PDF
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
BeyondTrust
 
PDF
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
PDF
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
BeyondTrust
 
PDF
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
BeyondTrust
 
PDF
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
PDF
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
PDF
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
PDF
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
PDF
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
PDF
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
BeyondTrust
 
PDF
Prevent Data Leakage Using Windows Information Protection (WIP)
BeyondTrust
 
PDF
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
PDF
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
 
PDF
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
PDF
Managing Unix Accounts in Today's Complex World: Stop the Shadow IT and Be Mo...
BeyondTrust
 
PDF
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
BeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
BeyondTrust
 
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
BeyondTrust
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
BeyondTrust
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
BeyondTrust
 
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
BeyondTrust
 
Prevent Data Leakage Using Windows Information Protection (WIP)
BeyondTrust
 
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
Managing Unix Accounts in Today's Complex World: Stop the Shadow IT and Be Mo...
BeyondTrust
 
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
BeyondTrust
 

Recently uploaded (20)

PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
AI in Product Development-omnex systems
omnex systems
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 

10 Steps to Better Windows Privileged Access Management

  • 1. 1 0 S T E P S T O B E T T E R W I N D O W S P R I V I L E G E D A C C E S S M A N A G E M E N T W I T H D E R E K A . S M I T H
  • 3. WHAT IS PRIVILEGED ACCESS MANAGEMENT? • In this presentation we will cover the best practices of Windows privileged access management (PAM). • Privileged access management is the creation and enforcement of controls over users, systems and accounts that have elevated or “privileged” entitlements—examples: admin or root accounts, application accounts.. • Many public breaches are due to the compromising of privileged accounts. External hackers and insider threats seek out and exploit shared or privileged accounts because of the entitlements they hold as “keys to the kingdom.” • Privileged access management technologies focus on providing granular authorization of users to systems and accounts, auditing and recording attempts to access, as well as vaulting and rotating the privileged account’s credentials including passwords or key/token-based authentication.
  • 4. WHAT ARE PRIVILEGED WINDOWS ACCOUNTS • MicrosoftWindows privileged accounts include admin accounts,Active Directory service accounts, and domain admin accounts • "Privileged" accounts and groups in Active Directory are those to which powerful rights, privileges, and permissions are granted that allow them to perform nearly any action in Active Directory and on domain-joined systems. • Windows admin accounts are highly targeted due to their broad access and privileges, giving rise to insider threats and advanced persistent threats (APTs) onWindow Servers. • Additionally, regulatory frameworks require audits of users who have access to sensitive information and how their account privileges are used.
  • 5. WHAT ARE PRIVILEGED WINDOWS ACCOUNTS CONT. • In an organization, there are different types of windows privileged accounts, categorized by the task they perform: – administrative accounts (have access to all standard privileged processes); – system accounts (are integrated into applications or systems, e.g.Windows or Linux); – operational accounts (include shared accounts for software administration or installation and service accounts for remote access to systems). • Companies should be aware of possible outsider and insider attacks on these accounts and strive to improve control measures for users with privileged access permissions.
  • 6. 8 D I F F E R E N T M E T H O D S T O I D E N T I F Y W I N D O W S P R I V I L E G E D U S E R S
  • 7. 1. MEMBERS OF PRIVILEGED GROUPS • Active Directory has built-in privileged groups for privileged accounts; this is an obvious place to start.These groups are;“Administrators”,“Domain Admins”,“Enterprise Admins”,“Schema Admins”,“DnsAdmins” and “Group Policy Creator Owners”. Other places to look are Local Administrator Groups on client systems. • A few of the built-in privileged groups can be located in the “Built-in” container, while others are in the “Users” container.The “DS Restore Mode Administrator” privileged account is not stored in Active Directory.
  • 8. Figure 1: Privileged users in the Administrators group
  • 9. 2. PRIVILEGES TO ADMINISTER ORGANIZATIONAL UNITS • Permissions in parent OUs spread down to child organizational units, groups, users and other objects. So, if a user has been provided full control on an organizational unit, that user has privileges equal to an administrator. For example, if User1 is given “Full Control” on “Users” (a default Organizational Unit), then User1 has more privileges than a Domain Administrator. • If “Everyone” has full control on the root “Built-in”,it means that every user in your IT infrastructure has domain administrative privileges.
  • 10. In this image, “Test2” user and “Everyone’ has full control on “Users” Organizational Unit, default container. Similarly, you can check permissions on all organizational units and prepare a list of users who have delegated permissions on
  • 11. 3. LOCAL ADMIN OR OTHER USERS WITH PRIVILEGES ASSIGNED FROM GPO • Instead of having direct privileged access within Active Directory, there are some accounts that receive administrative privileges. If a user has access to the Local Administrator account of a Domain Controller then that user has rights equivalent to a Domain Administrator. • Outside Active Directory, there can be users who have been provided Admin-like privileges through Group Policy Objects.Any privileged user or administrator can modify “Computer Configuration” “Policies” “Windows Settings” “Security Settings” “Local Policies” “User Rights Assignment” to provide administrative privileges to other users. • There are third party PowerShell scripts available that can provide you a list of users with their rights. It is recommended to use a script only from a trusted source.
  • 12. Figure 3: Users with Delegated Permissions on OU
  • 13. 4. USERS WHO HAVE PASSWORD RESET AUTHORITY OVER OTHER USERS • Another type of privileged user is one that has authority to reset other users’ passwords. There are some applications that let a user delegate password resets to another user. If the password reset permission is delegated through Active Directory, you have to browse the permissions of a user account to check which other users have the permission to reset the password.
  • 14. In this image, “User2” has “Reset Password” permission on “User1”. It means “User2” can reset a password on behalf of “User1”.
  • 15. 5. USERS WHO HAVE KNOWLEDGE OF ANY PRIVILEGED SERVICE ACCOUNT • Privileged service accounts, including those used for Exchange Server, SQL Server and for creating backups, have some level of elevated privileges on the computers on which those accounts are used. • So, if someone has knowledge of a privileged account’s credentials, that service account can be used maliciously. • Domain controllers are at even more of a risk as an unauthorized user can get administrative access to a domain. • To know if someone is misusing a service account you will have to audit the logon of each service account.
  • 16. 6. USERS WITH WRITE ACCESS TO GPOS APPLIED TO IMPORTANT COMPUTERS • Specific group policies can be created for any computer in the network. • Such computer related Group Policy Objects are crucial only for the domain controllers and for those computers that host server applications with domain-privileged access. • If a user has privileges to write to such important GPOs, then that user account is also a privileged user.
  • 17. In this image, “User1” has “Edit settings, delete, modify security” rights and “User2” has “Edit settings” rights.
  • 18. 7. USER WHO HAVE ACCESS TO ACTIVE DIRECTORY MANAGEMENT APPLICATIONS • Many organizations use third-party Active Directory management solutions to simplify and improve the management tasks.These solutions either use a service or proxy account with privileged access to manage Active Directory, or use accounts that are granted elevated privileges by some other means (such as membership in a built-in privileged group or OU-based permissions). • Depending on the level of delegation, gaining control over an account like this one is just as good as being a Domain Admin. • To find out who has access to such accounts, you will have to enlist all relevant applications in the network, then identify all service or proxy accounts with privileged access that these applications are using.You can enable “Audit Directory Service Access” group policy to monitor what these accounts are doing. • As far as misuse of the Active Directory management solution itself is concerned, you will have to ensure that it has a built-in audit trail to monitor inappropriate use.
  • 19. 8. USERS WHO HAVE ADMIN LEVEL ACCESS TO VIRTUAL INFRASTRUCTURE • Users who manage virtual environments that host domain controllers or member servers have the same privileges as those with administrative access to desktops. For example, if you are managing Hyper-V, members of the Hyper-V Administrators local group have administrator level access on the host operating system. • You should identify which accounts have privileged access to your virtual infrastructure, either by checking Local Admin groups on a given domain controller/server or by looking for privileged access within the virtual environment itself.
  • 20. • Knowing who the privileged users in your IT environment are is the first step towards securing your company’s network from privileged abuse. By regularly assessing the current state of Active Directory’s user rights, permissions and delegations, you can mitigate the risk of privileged abuse.
  • 21. W I N D O W S A C C O U N T S S E C U R I T Y C H A L L E N G E S
  • 22. WHAT’S THE CHALLENGE? • MicrosoftWindows privileged accounts, including admin accounts,Active Directory service accounts, and domain admin accounts are prime targets for outside hackers and malicious insiders seeking to escalate privileges once endpoints are compromised.
  • 23. PRIVILEGED ACCESS CONTINUES TO FACE THREE PRIMARY CHALLENGES: 1. Privileged accounts have the permissions and entitlements that, if in the wrong hands, allow an attacker to access and steal sensitive data. But organizations have struggled to control access because, historically, these accounts and their passwords are shared across multiple individuals. 2. Privileged accounts are often over-granted entitlements to perform key activities like configure, operate or maintain the underlying systems—so, removing or blocking access to these accounts is not a feasible option. Emerging best practices are now advocating to separate these into a more granular set of capabilities. 3. To validate the effectiveness and worth of restraining access, many organizations need to first discover what privileged accounts are in their environment and then implement a solution that satisfies audit, security and compliance concerns without disrupting operational efficiency.
  • 25. THE IMPORTANCE OF MANAGING PRIVILEGED ACCESS IN WINDOWS • Undiscovered and unprotected Windows privileged accounts and vulnerable endpoints are everywhere on servers and desktops throughout organizations worldwide.They represent one of the most significant attack surface vulnerabilities of IT systems. • Privileged user accounts have unrestricted access to all critical servers, applications and databases in an organization.They also have the permissions to add, remove or manage user profiles.With this in mind, it’s easy to see how such accounts can be misused. • Privileged accounts are those which are assigned comparatively more permissions than a normal user account.To address any potential issues with security, a systematic method is required to identify users with excessive privileges. • The best way to create a list of privileged users is by going through Active Directory Users and Computers and the Group Policy Management Console.
  • 26. THE RISK OF WINDOWS LOCAL ADMINISTRATOR ACCOUNTS • Windows local admin accounts are a security problem for every organization because one set of login credentials is typically used by many IT administrators. • This can make it difficult or even impossible to implement an identity access management policy because organizations cannot track who is gaining access to what network equipment at any given time.These accounts are everywhere – Windows workstations, servers, and even your laptop fleet. • An attacker, or even a local malicious user, browsing around on a workstation they have administrator access to might be able to discover their own local administrator password (using the local SAM accounts, and some password dumping tools like mimikatz, impacket or whatever). • This, of course, is a major security issue.
  • 27. ACTIVE DIRECTORY DOMAIN ADMIN ACCOUNTS VULNERABLE TO ATTACKS • Windows server administrators need to use domain admin (DA) accounts to perform standard administrative tasks. • Ideally,AD domain admin accounts should only be used when privilege is required (admins should not run as a domain admin for their regular AD account) and they should only be used by a single administrator for accountability.
  • 28. ACTIVE DIRECTORY DOMAIN ADMIN ACCOUNTS VULNERABLE TO ATTACKS CONT. • Also, these accounts are highly susceptible to Pass-the-Hash attacks because their passwords are not frequently changed.This gives attackers domain admin access across the network. • A Pass-the-Hash attack is where an attacker captures and uses the plain text hash of a user’s password instead of their plain text password. It allows an attacker to impersonate another user, typically a privileged account.This type of attack can affect ANY network usingWindows machines. For the attacker, the advantage getting a hash instead of the password is it can be done without a brute-force attack, which is not as effective and takes a lot more time. • To protect these accounts, privilege management is very important.Access should be controlled and audited, and passwords must be changed frequently to prevent Pass the Hash attacks – ideally after each usage of the account.
  • 29. HOW ATTACKERS COMPROMISE WINDOWS PRIVILEGED ACCOUNTS • In many cases, user credentials are stolen via phishing campaigns. Oftentimes, the attacks are highly sophisticated and highly targeted. Individual users are selected and a campaign is developed to fool them into visiting a malicious website and downloading malware or opening an infected email attachment. • Information about the target is obtained via social media networks such as Facebook,Twitter, or LinkedIn.Their contacts are identified, and a phishing email is either sent from a hacked colleagues account or is masked to make it appear that it has been sent from a trusted individual. • All too often a sophisticated attack is not necessary. If malware can be installed on just one single computer, shared-privilege accounts can be used to gain access to a wide range of systems.
  • 31. WHAT PROBLEMS PAM CAN HELP SOLVE IN YOUR WINDOWS ENVIRONMENT • Protecting against the hacking of privileged accounts is difficult. It is not possible to eliminate privileged accounts as they essential to the functioning of the business. Since these accounts cannot be eliminated, efforts must be made to make accounts more secure. Unfortunately, the management of privileged accounts is complicated and is difficult to automate. • A survey recently conducted by Dimensional Research/Dell highlights the extent of the current problem. 560 IT professionals were asked about privileged access management and 41% revealed that they did not use any software at all or rely on Excel or other spreadsheet software packages to manage their accounts. • Fewer than half of respondents did not log or monitor privileged account access. 23% did not have a defined account management process. 28% did not have a defined process for changing default passwords on new equipment and software. Passwords were also found not to be changed frequently. Only a quarter of organizations changed admin passwords every month.
  • 32. WHAT PROBLEMS PAM CAN HELP SOLVE IN YOUR WINDOWS ENVIRONMENT CONT. • A real concern for enterprises today is resource access within an Active Directory environment. Particularly troubling are: – Vulnerabilities. – Unauthorized privilege escalations. – Pass-the-hash. – Pass-the-ticket. – spear phishing. – Kerberos compromises. – Other attacks. • Today, it’s too easy for attackers to obtain Domain Admins account credentials, and it’s too hard to discover these attacks after the fact.The goal of PAM is to reduce opportunities for malicious users to get access, while increasing your control and awareness of the environment. • PAM makes it harder for attackers to penetrate a network and obtain privileged account access. – PAM adds protection to privileged groups that control access across a range of domain-joined computers and applications on those computers. – It also adds more monitoring, more visibility, and more fine-grained controls. This allows organizations to see who their privileged administrators are and what are they doing. – PAM gives organizations more insight into how administrative accounts are used in the environment.
  • 33. 2 KEY GOALS • Lock down your Windows applications and endpoints – Organizations today need to lock down desktops for better security, stability, and lower management costs.That means removing IT admin privileges available to business users to lower risk, and limiting privileges for IT admins to improve security. • Stop endpoint exploits such as malware and ransomware across your Windows environments – Provide comprehensive endpoint privilege management and security solutions. – Assure least privilege application control. – Enable administrative user group management. – Deliver security compliance remediation.
  • 34. 10 STEPS TO BETTER WINDOWS PRIVILEGED ACCESS MANAGEMENT • Step #1: Make a List of All Windows Privileged Access Accounts • Step #2: Don’t Share Passwords for Shared Accounts • Step #3: Use as Few Privileged Accounts as Possible • Step #4: Minimize the Number of Rights for Each Privileged Account • Step #5: Manage Passwords Properly • Step #6: Separate Privileges for Specific Tasks • Step #7: Practice Privilege Elevation Instead of Assigning Superuser Privileges • Step #8: Use One-Time Passwords • Step #9: Use Two-Factor Authentication • Step #10: Record Privileged User Sessions
  • 36. PowerBroker for Windows Privilege Management for Windows Servers and Desktops
  • 37. Windows Management Challenges ➢Too Many Administrators ➢Breach Prevention ➢High Compliance Costs ➢Privilege Abuse ➢User Productivity How do you deal with removing user rights without obstructing productivity or overburdening the Help Desk?
  • 38. Windows Management Challenges ➢ Organizations increasingly recognize that properly securing and controlling privileged credentials ranks as one of the best lines of defense against attacks from external hackers as well as from insiders. ➢ For optimal results, privilege management solutions should protect organizations at all stages of the cyber kill chain by implementing comprehensive layers of control, audit and analysis.
  • 39. ➢ Too Many Administrators ➢ Breach Prevention ➢ High Compliance Costs ➢ Privilege Abuse ➢ User Productivity Challenges ➢ Limit Exposure ➢ Minimize Impact ➢ Reduce Costs ➢ Limit Exposure ➢ Lower TCO Benefits PowerBroker for Windows 1. Reduce the attack surface by limiting the use of privileged accounts and by controlling access to shared privileged accounts across the enterprise 2. Monitor privileged user, session, and file activities for unauthorized access and/or changes to key files and directories 3. Analyze asset and user behavior to detect suspicious and/or malicious activities of insiders and/or compromised accounts ➢ Reduce the Attack Surface ➢ Detect & Respond to Events ➢ Automate Compliance ➢ Ensure Appropriate Use ➢ Enhance User Productivity BeyondTrust
  • 40. PowerBroker for Windows Security Layer Challenge Benefit Fine Grained Access Enforcement ➢ Least Privilege Adoption ➢ Removing administrator access without impacting productivity ✓ Helps organizations realize the benefits of least privilege faster and with less complexity. ✓ Elevate privileges to applications, not users, on an as-needed basis without exposing passwords ✓ Enforce least-privilege access based on an application’s known vulnerabilities ✓ Track and control applications with known vulnerabilities or malware to further protect endpoints Session Recording ➢ Cost of Compliance ➢ Ensuring Appropriate use if privileges ✓ Gain visibility through detailed event logs and session recording capabilities and control through automated, secure logging with searchable playback ✓ Satisfy compliance/internal security standards through automated gathering of necessary data Remote Host Execution ✓ Enhance user productivity User Behavior Monitoring ➢ Ensuring appropriate use and detecting compromised account activity ✓ Gain unmatched visibility into privileged user activity with centralized analytics and reporting Child Process Monitoring & Control ➢ Back door access ✓ Close back door access File Integrity Monitoring ✓ Protect critical files from malware & privilege misuse Dynamic Threat Based Access & Audit ✓ Dynamically adjust access policies based on asset and user risk Active Threat Response Gateway ✓ Immediately respond to events by reducing or quarantining access
  • 41. Endpoint Privilege Management Remove excessive user privileges and control applications on endpoints WINDOWS | MAC Enterprise Password Security Provide accountability and control over privileged credentials and sessions APPS | DATABASES | DEVICES SSH KEYS | CLOUD | VIRTUAL Server Privilege Management Control, audit and simplify access for DevOps and business-critical systems UNIX | LINUX | WINDOWS ASSET & ACCOUNT DISCOVERY THREAT & VULNERABILITY INTELLIGENCE & BEHAVIORAL ANALYTICS REPORTING & CONNECTORS POLICY & ACTION RESPONSE THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM BeyondInsight
  • 42. Quick Poll + Q&A Thank you for attending!