+1-202-802-9399 (US)

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

Get Complete Application Control Management with CylancePROTECT and Privilege Manager

October 19th, 2018


Thycotic and CylancePROTECT Privilege Manager Solutions

Thycotic customers are constantly requesting integrations with other products in their arsenal, especially other security products. Thycotic’s product team for Privilege Manager—our least privilege and application control product—is asked to work with CylancePROTECT® day after day. Our common customers are using both Thycotic and Cylance products on the endpoint to provide multiple layers of malware protection. The basis of the request for integration was to use Cylance’s real-time AI-driven analysis to automatically build Thycotic’s whitelist, blacklist, and privilege elevation policies.

Below, I’ll outline 2 key points of integration:

On-Demand Reputation Checks

The first, and most obvious, point of integration is the ability to view the threat details of all files that Thycotic has discovered on the endpoint. From the Thycotic Privilege Manager interface, a user can check the Cylance score and threat details of the application or file in question.

Check the Cylance score and threat details

Additionally, the screenshot below shows a report of all inventoried applications along with Cylance’s security rating which can be used to build policies for known safe and malicious applications. Simply put, we’ve bridged the interfaces so it’s easy to navigate between the two and to view Cylance data from within Privilege Manager. We found that, typically, different teams were managing each product, so this integration makes it easy to communicate across teams and ensure both get value from the products.

Inventoried applications with Cylance’s security rating

Automatic Workflows and Remediation Based on Risk Score

Thycotic Privilege Manager can build rules that target specific applications and take a corresponding remediating action. Our customers will usually begin in “learning mode” which allows users to understand what applications are being used without taking any action. But what about currently unknown applications or potentially malicious software that your end users download in the future? Privilege Manager will implement what are called “catch-all” policies that will only be triggered if the preceding policies do not target this unknown application. As you can see in the screenshot below, a policy can be created for what Cylance deems a good, bad, or unknown application. The customer can then decide what remediating action is then taken on these kinds of apps.

Depending on how much you want to lock down your endpoints, typical catch-all remediating actions are: block execution, allow only during specified times of day, require an end user justification, or force an automated approval workflow to allow execution to continue once approved or denied by an administrator.

Cylance security rating filter

This functionality is intended to increase security on the endpoint, ease the burden of configuring Privilege Manager policies, and reduce frustration for our customer’s end users. Based on the results of the real-time reputation returned from Cylance, Privilege Manager will ensure end users can safely run the applications they need to do their job. With the power of both products working together, security teams can ensure they’ve decreased the attack surface on endpoints while maintaining end-user productivity.

Now it’s up to our customers to implement this integration. How far you take it will depend on your need for increased protection and your company culture around locking down an end user’s machine. Reach out and tell us how you’ve put this new feature into action!

FREE IT Tools

IT Admins: Our collection of free IT tools makes your life easy and your organization safer!

SHARE THIS


The following two tabs change content below.
mm

Steve Goldberg

Steve Goldberg began his career as a consultant and developer but has more recently served as a senior technical resource for solution engineering and product management teams. At Thycotic, Steve works as Senior Product Manager for the Privilege Manager solution. When not working, he’s playing tennis, watching the LA Kings, seeing as much live music as possible, and pretending like he knows a lot about wine.
mm

Latest posts by Steve Goldberg (see all)


Leave a Reply

*