Managing workstations and laptops has always been a challenge for IT departments. Invariably there is a local admin account with a static password, that is known by all the IT Admins and many of the support desk staff too. Some end users also end up knowing this password as there is often that
call from outside the office where a user will need to install something whilst on client site and need the admin password to do so. This, then, inevitably gets shared with other colleagues and before you know it, half the company knows the default password.
According to the SANS Institute approximately 85% of reported breaches involve compromised endpoints and many of those take advantage of compromised credentials. If those credentials have elevated privileges, and appear on multiple devices with the same password, then the impact of the
breach is likely to be significantly higher.
Microsoft have stated that 96% of critical vulnerabilities affecting the Windows Operating System could be mitigated by removing admin rights and that 60% of all their vulnerabilities could be alleviated by adopting a least privilege model and removing admin rights.
Generally, it’s widely accepted that people should only have sufficient access and rights to do the things they need. This is the Least Privilege model. Yet, deploying this to endpoints has always been a challenge.
However, implementing a solution that allows endpoints to be locked down securely yet maintain the necessary application access controlled has always been a challenge. Either there is an impact on the productivity of employees, or there is an administrative burden on IT staff.
At Secon Cyber Security we have been working closely with our strategic partner Thycotic, primarily on solutions around their Secret Server product for Privileged Account Management. Now, with release 10.4 of Privilege Manager there is the real prospect of being able to easily and securely deploy and
manage a solution that allows IT departments to take control of the accounts on the endpoint. Local admin passwords can be rotated or changed quickly and easily, whilst group memberships and access rights can be updated or amended with a few clicks.
It can be used to identify and remove local user accounts, manage admin accounts and manage local security groups (such as Administrators, Power Users, Backup Operators etc.). Additionally, it works on both Windows OS and MAC OS platforms whilst in the office or working remotely.
Privilege Manager has a full graphical interface which is easy to use, and comprehensive reporting dashboard that can help demonstrate compliance. It can run stand alone or be integrated with the Secret Server product which then gives additional options and makes the solution even more secure