Delinea, a provider of solutions that extend privileged access management (PAM, released Privilege Manager, its solution for providing privilege elevation controls for users and applications on workstations.
The enhancements improve ease of use for customers by preconfiguring five of the most common privilege elevation policies through the Workstation Policy Framework to simplify implementation and accelerate time to value.
The 2023 Verizon Data Breach Investigations Report found that phishing makes up 44 percent of all social engineering incidents. According to the U.S. Cybersecurity & Infrastructure Security Agency, 70 percent of attached files or links containing malware were not blocked by network border protection services, and 84 percent of employees took the bait within 10 minutes of receiving a malicious email.
Using this method of attack, bad actors compromise the endpoint, elevate privileges, and move laterally within the network to find data and exfiltrate it.
Without the appropriate privileged access controls in place on workstations, organizations are susceptible to phishing, even with other security solutions in place.
Privilege elevation policies must be set for users and applications to protect against malware that could be delivered through phishing scams.
Privilege Manager enforces enough privileges to support approved business activities while blocking or restricting privileges that malware could exploit. This approach reduces friction and enables productivity while optimizing security.
Based on Delinea’s deep expertise and customer feedback, the Workstation Policy Framework includes five of the most common policies to help customers build a foundation for privileged access controls and create a baseline of security on Windows and Mac workstations without disrupting user productivity.
Existing customers can compare their policies with the framework and introduce those that may be missing in their environments.
The five preconfigured policies included are:
- Malware Attack Protection – This policy prevents Living Off the Land Binaries and Scripts (LOLBAS) attacks from being executed by commonly exploited parent applications. LOLBAS is a method of attack that misuses tools and executables that are in place because they are part of the Operating System.
- Allow Microsoft Signed Security Catalog – This policy allows Microsoft-signed security catalog application installers to run. It can be combined with blocklist policies to prevent legitimate Operating System applications from being blocked.
- Software Development Tools – This policy targets common software development solution system processes, including child processes, and minimizes delays caused by requesting privilege elevation.
- Visual Studio Installers – This policy pre-approves and elevates four defined Microsoft Visual Studio installers.
- Capture Application Elevation Attempts – This policy targets non-Microsoft applications that trigger a UAC prompt and sends policy feedback to evaluate policy adjustments that can allow, elevate, or block applications.
Another enhancement in the release provides granular control over the ability to add, modify or delete users on workstations through PowerShell, even in PowerShell sessions with elevated privileges.
This reduces the risk of developers and IT administrators abusing PowerShell’s capabilities and can lessen the impact of malicious code and ransomware. Such granular control of add, modify and delete operations also significantly reduces the risk of lateral movement by a bad actor.
Additional updates in the release include the flexibility to allow workstation users to control firewall settings and accessibility improvements in the user interface.
Organizations can start a free trial of the latest version of Privilege Manager at https://delinea.com/products/privilege-manager.
