下载PDF
CyberArk > 实例探究 > IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.
CyberArk Logo

IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

技术
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 安全合规
适用功能
  • 商业运营
服务
  • 系统集成
  • 网络安全服务
挑战
Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes.
关于客户
An IT Services Company with more than 100 locations globally provides responsive engineering services and technical support to its customers worldwide. The company has federal contracts also provides simulation-based tools and services for training, mission planning, rehearsal, after-action reviews, virtual reality command and control and engineering analysis.
解决方案
CyberArk Viewfinity enables the company to apply granular-level control to all policies, including the ability to define which applications are allowed – a key requirement for selecting the privilege management product. The admin console is simple to navigate and allows significant changes to the operating environment quickly. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to identifying an allowable time of day for a user to access information. From a performance perspective, the CyberArk Viewfinity agent processes take up less than 1.5 MB of memory, and there has not been any noticeable impact on the network. The solution was installed and up and running in half a day. In approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated, and active on all of the workstations. Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. For exception circumstances, the company uses CyberArk Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators.
运营影响
  • The CyberArk Viewfinity solution helps secure and control the IT environment more efficiently and cost effectively at the desktop level.
  • All application control and privilege management policies propagate immediately, regardless of the worker’s location, ensuring that all remote end user machines are as equally secure as those that reside inside the corporate firewall.
  • CyberArk Viewfinity quickly detected which end users were using file sharing clients on corporate machines, allowing the IT group to instantly track down and block the application.
数量效益
  • The CyberArk Viewfinity agent processes take up less than 1.5 MB of memory.
  • The solution was installed and up and running in half a day.
  • In approximately two weeks, all the newly written application control policies were created, propagated, and active on all of the workstations.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.