CyberArk Case Studies IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

Edit This Case Study Record

	IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users. CyberArk

IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

CyberArk

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Security Compliance
Applicable Functions	Business Operation
Services	System Integration Cybersecurity Services
Challenge	Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes. Read More
About Customer	An IT Services Company with more than 100 locations globally provides responsive engineering services and technical support to its customers worldwide. The company has federal contracts also provides simulation-based tools and services for training, mission planning, rehearsal, after-action reviews, virtual reality command and control and engineering analysis. Read More
Solution	CyberArk Viewfinity enables the company to apply granular-level control to all policies, including the ability to define which applications are allowed – a key requirement for selecting the privilege management product. The admin console is simple to navigate and allows significant changes to the operating environment quickly. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to identifying an allowable time of day for a user to access information. From a performance perspective, the CyberArk Viewfinity agent processes take up less than 1.5 MB of memory, and there has not been any noticeable impact on the network. The solution was installed and up and running in half a day. In approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated, and active on all of the workstations. Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. For exception circumstances, the company uses CyberArk Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Security Compliance

Applicable Functions

Business Operation

Services

System Integration

Cybersecurity Services

Challenge

Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes.

About Customer

An IT Services Company with more than 100 locations globally provides responsive engineering services and technical support to its customers worldwide. The company has federal contracts also provides simulation-based tools and services for training, mission planning, rehearsal, after-action reviews, virtual reality command and control and engineering analysis.

Solution

CyberArk Viewfinity enables the company to apply granular-level control to all policies, including the ability to define which applications are allowed – a key requirement for selecting the privilege management product. The admin console is simple to navigate and allows significant changes to the operating environment quickly. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to identifying an allowable time of day for a user to access information. From a performance perspective, the CyberArk Viewfinity agent processes take up less than 1.5 MB of memory, and there has not been any noticeable impact on the network. The solution was installed and up and running in half a day. In approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated, and active on all of the workstations. Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. For exception circumstances, the company uses CyberArk Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators.

Impact #1	The CyberArk Viewfinity solution helps secure and control the IT environment more efficiently and cost effectively at the desktop level.
Impact #2	All application control and privilege management policies propagate immediately, regardless of the worker’s location, ensuring that all remote end user machines are as equally secure as those that reside inside the corporate firewall.
Impact #3	CyberArk Viewfinity quickly detected which end users were using file sharing clients on corporate machines, allowing the IT group to instantly track down and block the application.

Impact #1

The CyberArk Viewfinity solution helps secure and control the IT environment more efficiently and cost effectively at the desktop level.

Impact #2

All application control and privilege management policies propagate immediately, regardless of the worker’s location, ensuring that all remote end user machines are as equally secure as those that reside inside the corporate firewall.

Impact #3

CyberArk Viewfinity quickly detected which end users were using file sharing clients on corporate machines, allowing the IT group to instantly track down and block the application.

Benefit #1	The CyberArk Viewfinity agent processes take up less than 1.5 MB of memory.
Benefit #2	The solution was installed and up and running in half a day.
Benefit #3	In approximately two weeks, all the newly written application control policies were created, propagated, and active on all of the workstations.

Benefit #1

The CyberArk Viewfinity agent processes take up less than 1.5 MB of memory.

Benefit #2

The solution was installed and up and running in half a day.

Benefit #3

In approximately two weeks, all the newly written application control policies were created, propagated, and active on all of the workstations.

Download PDF Version

Overview

IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

Operational Impact

Quantitative Benefit