Article

Are You Really Protecting Your Endpoints?

According to Gartner, “Endpoint hardening, including vulnerability, patch, privilege and policy management and application control, is currently the most effective form of malware defense; however, most organizations are unwilling or unable to invest in the upfront effort required to reduce the attack surface.”

The 2015 Verizon Data Breach Investigations Report stated that “95 percent of successful cyberattacks start with an endpoint exploit.” Given this information, why are organizations so reluctant to invest time in locking down and securing privilege on the endpoint? These are some of the reasons I hear from clients:

  • Calls to the help desk will increase if users don’t have local administrative rights
  • Users won’t be able to install drivers or patches
  • Certain applications may need elevated privileges to run correctly (WebEx, Microsoft Visual Studio, etc.)
  • Developers need to frequently install and update applications
  • We already have an endpoint tool

Industry security experts believe that by removing local administrative rights from endpoints, a company’s attack surface would be reduced by 25 percent. So, if 95 percent of attacks start on the endpoint and if most malware needs administrative privileges to deliver its payload, why are we not doing more to stop attacks where they begin? 62 percent of organizations have not removed local admin rights.

I previously listed five examples of the desire for local admin privileges that I run across in the field, but there is a sixth: ease of implementation and administration of the application. No one wants a call from their CIO asking why he/she can’t run Skype, WebEx or Java, or update a driver. The IT staff doesn’t want to manage a list of trusted applications that can run with elevation, or administer a complicated solution.

Terence Jackson

Terence Jackson won CyberArk’s
SME of the Year award in 2016

What if I told you there was a way that we could keep users productive, not increase calls to the help desk, allow approved applications to run with elevated privileges, provide on demand privilege elevation and application control, and reduce your attack surface while providing endpoint behavioral analysis?

CyberArk’s Endpoint Privilege Manager (EPM) provides all of these features and integrates with CyberArk’s Privileged Account Security Solution built on its patented vaulting technology. EPM will complement, not replace, your existing endpoint tool, whether it’s Tanium, Carbon Black, Cylance or Kaspersky. EPM will strengthen this protection, and add another layer of protection not offered by those vendors: Credential Theft Blocking and Least Privilege Management. This will allow us to break the attack chain and make it harder for an attacker to move laterally.



____________________________________________

To get more information on EPM or for a demo, please reach out to one of our
Privileged Account Management experts by sending an email to: info@dtec.com

Leave a Comment