Delinea Privilege Manager

Delinea Privilege Manager for Windows provides privileged account passwords for domain admin accounts, root accounts, and super-user accounts are the preferred targets for hackers these days. Privileged account passwords for domain admin accounts, root accounts, and super-user accounts are the preferred targets for hackers these days. Once compromised, these privileged credentials give attackers the 'keys to the kingdom', allowing them to gain access as a trusted user to your most sensitive and critical information.

Unfortunately, these privileged accounts are all too often unknown, unmanaged, and unprotected. If they are not properly managed and secured, your organisation could suffer disastrous consequences.

Administration rights and access should be highly protected in any organisation

When a user does not have administrative rights, it is very difficult for malicious programs and users to install or run damaging applications that target critical infrastructures. Most vulnerabilities in a network can be mitigated purely by removing all administrative access from your everyday employee.

Unfortunately, in many organisations, administrative credentials are required to run a multiple applications. Additionally, it’s simply not feasible to have an IT Administrator login with their credentials every time an employee needs to install or update acceptable software.

Typically, in order to skirt this, IT Admins will either provide end users with administrative access or people will write down the admin credentials on a post-it note and pass it around. Both of these can lead to extremely dangerous situations in the event that an endpoint or account is compromised.

Protecting your business by implementing a privilege policy is the best solution

That’s where advanced Application Control solutions come in to play. By setting up a system that integrates with your endpoints, and managed in a central location by your IT Administrators, you can allow applications to elevate with privileged credentials based on a set of rules.

How does it work?

Delinea Privilege Manager for Windows operates on a simple 3-step policy driven process.

1. Application starts: Once an application starts, the installed agent on the endpoint recognises the process and begins to search for a matching policy.
   
   
2. Policy is evaluated: Each policy in Privilege Manager for Windows consists of 4 main components:
   
   
   • Identifying the application (this is photoshop.exe).
   • Inclusion filters (contextual situations that the policy should apply in “the user running it is a standard user”, “the application is running on a public network”, or “the application was downloaded from adobe.com”).
   • Exclusion filters (rules for who this policy shouldn’t apply to “this policy doesn’t apply to any admins”).
   • Identifying the target (what type of machine is this application attempting to run on “application is running on a Windows Server 2008 machine”).
   
   Once the policy is evaluated, and it’s determined if the policy matches the existing scenario - then actions are applied.
   
   
3. Action is applied: Once the agent accepts that the policy applies to the situation, it begins to go through the actions list.
   
   
   • A few possible actions include, “elevate this application with administrative privilege” “isolate this device in a sandbox environment” or “send a message and request reason for access”

With this extremely simple process, IT Admins can truly unleash an incredibly powerful tool to protect their endpoints.

Organisations typically have 3 or 4 times more privileged accounts than employees

So how many privileged accounts do you have? Could you list them all? The answer's probably no - and missing just a few accounts could be the difference between strong protection and a substantial breach.

Opinion & Resources

To help, we have put together a draft password policy to help you get started, please see:

We selected Delinea as our customers were striving to do more about safeguarding (and in deed needing a way to demonstrating as much) the control of their privileged user accounts.

They needed to regain control of the keys to the kingdom, with the least amount of resource, in the quickest possible time.

Nigel Lewis