Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Protecting your network by implementing Least Privilege Policy


Written by Steve Kahan

October 27th, 2016

If you’re still weighing up whether or not to implement the least privilege model in your organization, consider this:
Cyber breaches and ransomware are a global epidemic.

According to SANS:

• 44% admitted one or more of their endpoints had been compromised in the past 24 months.
• 85% of reported breaches involved desktops, 68% involved laptops, and 55% involved servers.
• The most common type of data compromised (49%) was login and access credentials.
• 27% (of detected breaches) were discovered via notification from a third party, such as law enforcement, affected customers or business partners.

Most vulnerabilities in a network can be mitigated purely by removing all administrative access from your everyday employees

Administrative rights and access should be highly protected in any organization. When your users do not have administrative rights and the local admin and root credentials are securely managed and rotated, malicious programs cannot target critical infrastructure. Most vulnerabilities in a network can be mitigated purely by removing all administrative access from your everyday employees. This means embracing the principle of least privilege to limit network access.

But for most organizations, implementing least privilege is just not that simple

Unfortunately, in many organizations administrative credentials are required to run a lot of important applications. Additionally, any time an employee needs to install or update acceptable software, they would need an IT Administrator to login with their credentials to make those system changes. In larger organizations, having an admin provide credentials each time can be extremely taxing on the productivity of the company as a whole.

Typically, in order to skirt this, IT Admins will either provide end users with administrative access or people will write down the admin credentials on a post-it note and pass it around. Both of these can lead to extremely dangerous situations in the event that an endpoint or account is compromised.

That’s where advanced Application Control solutions come into play. By setting up a system that integrates with your endpoints, and managed in a central location by your IT Administrators, you can allow applications to elevate with privileged credentials based on a set of rules.

How does this type of privilege management work?

Thycotic’s Privilege Manager operates on a simple 3-step policy driven process.

1.) Application Starts
Once an application starts, the installed agent on the endpoint recognizes the process and begins to search for a matching policy.

2.) Policy is Evaluated
Each policy in Privilege Manager consists of 4 main components:
• Identifying the Application (eg. this is photoshop.exe).
• Inclusion Filters (contextual situations in which the policy should apply “the user running it is a standard user”, “the application is running on a public network”, or “the application was downloaded from”).
• Exclusion Filters (rules for whom this policy should not apply “this policy doesn’t apply to any admins”).
• Identifying the Target (what type of machine is this application attempting to run on “Application is running on a Windows Server 2008 machine”).

Once the policy is evaluated, and it’s determined if the privilege policy matches the existing scenario, then actions are applied

3.) Action is applied: Once the agent accepts that the policy applies to the situation, it begins to go through the actions list.
• A few possible actions include, “Elevate this application with administrative privilege” “Sandbox the application to protect the endpoint” or “Send a message and request reason for access”

With this extremely simple process, IT Admins can truly unleash an incredibly powerful tool to protect their endpoints. And contrary to common belief, adopting least privilege does not have to be hard—so don’t be tempted to procrastinate.

Start a free trial of Privilege Manager today >

Or, download our free Least Privilege Discovery Tool as your first step in implementing your least privilege policy.

risky applications scared

How many risky applications are running on your high-risk endpoints?

Find out now with our FREE Endpoint Application Discovery Tool.


Like this post?

Get our top blog posts delivered to your inbox once a month.