Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Seven reports you can share with auditors and execs to demonstrate proactive privilege management


Written by Steve Goldberg

May 8th, 2018

All major compliance bodies recommend or require a least privilege policy to protect sensitive data. Removing local administrative access on user workstations is a fundamental strategy for endpoint security to protect against both internal and external threats.

Auditors will see that you have implemented a proactive security strategy to prevent malicious activity and accidental data breaches

By removing admin rightsincluding hidden or hard-coded passwordsyou can block malware from hijacking local credentials to infiltrate your IT environment. Adhering to a least privilege policy also demonstrates that you have taken necessary steps to ensure users have access only to the information and systems they require to do their jobs. Auditors will see that you have implemented a proactive security strategy to prevent malicious activity and accidental data breaches.

Simple, sharable reports for an actionable audit trail

Achieving compliance can be a time-consuming process that impacts many parts of your IT operations, from the InfoSec group to systems administrators, desktop support teams, and application developers. Whether you are working to achieve PCI, HIPAA, EUGDPR or any other compliance standards, you are going to need an audit trail that demonstrates the steps you have taken to ensure data security.

Having an effective audit trail means having the ability to easily construct and share reports at any time. It also means being able to explain to internal and external reviewers what the reports indicate and taking action on what you learn.

We built Privilege Manager reports (Privilege Manager is our privilege management and application control software) so that you can easily view, customize and share them with your InfoSec and audit/compliance teams. You’ll be able to demonstrate how you are protecting endpoints by following security best practices for least privilege and application control. On an ongoing basis, reports will help you manage your least privilege and application control policies and enhance them over time.

Reports Our Customers Love

1. Passwords that have been disclosed.

Views users who requested passwords, users who disclosed them, as well as date and time.

2. All executables across all endpoints.

Reports can be customized for certain time periods, publishers, and endpoint/computers.

Report 2: All executables across all endpoints

3. Membership audit of all built-in (“well known”) groups and all customer (“non-well known”) groups.

This quick report is a good double check to confirm that groups have the correct membership and whether custom groups are being created, possibly with privileged access.

Report 3: Membership audit of all built-in (“well known”) groups and all customer (“non-well known”) groups

4. Endpoints transitioned to/in compliance with a least privilege policy.

This dashboard will show you how many users have admin rights and how many are managed by least privilege and application control policies. Those numbers should be the same to ensure full compliance with least privileged standards. At least one group should be managed (the second row of numbers in the dashboard). At first, that group should be the administrators. As other privileged groups within the organization become managed as well, that number will increase.

Thycotic also includes tips on the dashboard to guide users to the administrators’ group and to managing the admin accounts. The tips will disappear once you are in compliance with least privileged best practices.

Report 4: Endpoints transitioned to/in compliance with a least privilege policy

5. Applications reviewed and governed by a policy for application control.

You can list all applications that have gone through approval workflow, including those applications that have been approved with a valid reason.

Report 5: Applications reviewed and governed by a policy for application control

6. Malicious applications successfully blocked from executing. 

Imagine the latest ransomware attack is in the news and your leadership wants to know if you have been targeted as well? You can demonstrate that your proactive strategy has successfully blocked malware by pulling up the file security rating reputation report.

Report 6: Malicious applications successfully blocked from executing

7. Endpoints that are targeted more than average. 

This report is a great example of actionable insight. An admin can glean info on number of times an unknown application has executed across endpoints or simply a large number of file executions of a particular file on a computer. This could indicate that a particular system needs additional protections, or a particular user needs additional education to avoid being a victim of social engineering.


Note the filtering on the left panel that allows users to narrow down the results to a certain computer/set of computers, to certain files that are most often executed, or to blacklisted, whitelisted or elevated apps only.

See for Yourself

You can manipulate these reports to track and compare over time to show trends and continued progress.

To get started, run some reports against your own data. Register for our free 30-day trial of Privilege Manager.


Like this post?

Get our top blog posts delivered to your inbox once a month.


The following two tabs change content below.

Steve Goldberg

Steve Goldberg began his career as a consultant and developer but has more recently served as a senior technical resource for solution engineering and product management teams. At Thycotic, Steve works as Senior Product Manager for the Privilege Manager solution. When not working, he’s playing tennis, watching the LA Kings, seeing as much live music as possible, and pretending like he knows a lot about wine.