Presented to: | Presented by: Paul Kenyon & Mark Austin © 2013 Avecto Ltd Avecto | Presentation Leaders in Windows Privilege Management Presentation to <insert name> Presented by <insert presenter name>
Apr 06, 2016
Presented to: | Presented by: Paul Kenyon & Mark Austin © 2013 Avecto Ltd
Avecto | Presentation
Leaders in
Windows
Privilege
Management
Presentation to <insert name>
Presented by <insert presenter name>
© 2013 Avecto Ltdavecto.com
What is Least Privilege?
Problem and Solution
The Least Risk Windows 7 Desktop
Benefits
Customer Examples
Demonstration
Agenda
© 2013 Avecto Ltdavecto.com
Company Background
“The least privilege principle requires that each subject in a system be granted the most
restrictive set of privileges needed for the performance of authorized tasks. The application of
this principle limits the damage that can result from accident, error or unauthorized use”
Department of Defence Trusted Computer System Evaluation Criteria (Orange Book)
What is Least Privilege?
© 2013 Avecto Ltdavecto.com
StandardApplications
High Support Costs
High Security Risks
Compliance Issues
Problem Applications
Basic Admin Tasks
Software Installation
Admin User
High Support Costs
Less Productive Users
Poor User Experience
StandardApplications
Standard User
The Challenge – All or Nothing
© 2013 Avecto Ltdavecto.com
Privilege
Guard
Admin User Deploy all users as standard users
Prevent the execution of
unauthorised applications
Assign privileges to individual
applications based on user roles and
needs
Centrally managed through Active
Directory Group Policy
Detailed auditing and reporting
Standard User
Standard Applications
Problem Applications
Basic Admin Tasks
Software Installation
The Privilege Guard Solution
© 2013 Avecto Ltdavecto.com
Making the Most of Windows 7 Security, 24th August 2010 – Dan Blum
Privilege Guard is the most effective way to
deliver the least risk Windows 7 desktop - all
users operate under a standard user account
and application whitelisting further protects
the environment.
The Least Risk Windows 7 Desktop
© 2013 Avecto Ltdavecto.com
Implementing Privilege Guard can flatten the
cost curve at its lowest point.
User self-service form a secure stand user
account reduce the load on the help desk
Reduced Support Costs
© 2013 Avecto Ltdavecto.com
Applications are delivered to users based on demand
Universal demand – required by all users - part of standard image
High demand – applications packaged for distribution
Low demand – not cost effective to package, virtualize or remotely install via support
Costly to satisfy delivery of
low demand applications
10 X YApplications
Nu
mb
er
of
us
ers
re
qu
irin
g
the
a
pp
lic
ati
on
Demand The current ‘sweet spot’ for economically packaged
applications is up to this point.
Improved Business Efficiency
© 2013 Avecto Ltdavecto.com
Strategies to Mitigate Advanced Targeted Attacks
Mitigation Strategy
Effectiveness Ranking for
2012 (and 2011)
Mitigation Strategy Overall Security Effectiveness
1 (4) Application whitelisting of permitted/trusted programs, to prevent execution of malicious or unapproved programs including .DLL files e.g. using Microsoft Applocker.
Essential
2 (1) Patch applications e.g. PDF viewer, Flash Player, Microsoft Office and Java. Patch or mitigate "extreme risk" vulnerabilities with two days. Avoid Adobe Reader prior to version X.
Essential
3 (2) Patch operating system vulnerabilities. Patch or mitigate "extreme risk" vulnerabilities within two days. Avoid continuing to use Microsoft Windows XP or earlier versions.
Essential
4 (3) Minimise the number of user with domain or local administrative privileges. Such users should user a separate unprivileged account for email and web browsing.
Essential
Once organisations have implemented the top four mitigation strategies, firstly on computers used by employees most likely to betargeted by intrusions and then for all users, additional mitigation strategies
5 (17) Disable local administrator accounts to prevent network propagation using compromised local administrator credentials that are shared by several computers.
Excellent
Source: Australian Dept. of Defence, Intelligence & Security
© 2013 Avecto Ltdavecto.com
Banking Energy
Aerospace/Defence Other
Government
Manufacturing
Customer Examples
© 2013 Avecto Ltdavecto.com
Mitigate Malware Threats
Combat Insider Threats
Reduce Operational
Risk
Achieve Compliance
IncreaseUser
Productivity
ReduceOperating
Costs
Privilege Guard Benefits
Presented to: | Presented by: Paul Kenyon & Mark Austin © 2013 Avecto Ltd
Avecto | Presentation
Demo
Presentation to <insert name>
Presented by <insert presenter name>
© 2013 Avecto Ltdavecto.com
Auditing & Reporting(SQL Server and Reporting Services)
ManagedDesktops & Servers
Privilege GuardAdministrators
Policy Management(Active Directory)
Policy Management, Auditing & Reporting(McAfee ePO)
Privilege GuardAdministrators
ManagedDesktops & Servers
Privilege Guard ePO Edition
Privilege Guard Active Directory Edition
Scalable Management Framework