End Point Privilege Manager

CyberArk End Point Privilege Manager is a solution enabling organisations to implement least privilege control on the endpoint.

Enforce privilege security on the end point without the negative impact of removing local administrator rights.

Local administrator rights create a large and frequently exploited attack surface, yet many organizations struggle with how to most effectively address this risk.

From the business user perspective, removing local administrator rights on endpoints can dramatically reduce the attack surface, but it can also result in unintended productivity tradeoffs and high help desk costs, as users attempt to regain privileges necessary for day-to-day tasks. From the IT administrator perspective, organizations often neglect to limit these privileges, as IT administrators are typically assumed to be known, experienced and trusted.

However, this view fails to acknowledge the risks associated with malicious insiders, inexperienced administrators or potentially compromised administrative accounts. Worse, even when organizations do minimize privileges for business users and IT administrators, machines can remain vulnerable to malware that does not require privileges to run.

Containing Attacks and limiting Impact

  • WebSecure Provides Consulting Services

    WebSecure Provides policy development consulting services.

  • Managed Service

    WebSecure Provides Least Privilege Control as a cloud service.

Securing Privilege and Containing Attacks

CyberArk End Point Privilege Manager Features

  • Provide an additional critical layer of protection when an attack evades traditional perimeter and endpoint security controls

  • Privilege management for IT administrators limits which privileges, scripts and commands administrators may use on Windows Servers based on role

  • Protect against malware and non-malware based attacks with comprehensive security on the endpoint

  • Application control prevents known malicious applications from entering the environment

  • “Restricted Mode” enables unknown applications to safely run on endpoints

  • Integration with Check Point, FireEye and Palo Alto Networks solutions enable the automated analysis of unknown applications

  • Threat detection capabilities can identify the original source and all instances of malicious applications in the environment

  • Automated policy updates block malicious executables from propagating and running on all computers

  • Automated policy updates block malicious executables from propagating and running on all computers