Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

PEM Logo

Privileged Endpoint Management

Enforce “least privilege” policies while enabling productivity


The need for better endpoint management

Enforcing “least privilege” – ensuring the right people have the right level of access and no more – is a key element in any cybersecurity policy. However, that can mean users don’t have access to the applications or resources they need to get their work done without a call to the IT helpdesk. The balance between security and productivity gets tipped towards security at the cost of productivity.

Traditionally, endpoint privilege management has needed a substantial infrastructure and was complex to manage.

Osirium’s Privileged Endpoint Management (PEM) allows organisations to remove local administrator rights from users, while at the same time enabling the same users to have escalated privileges only for specific processes and executables. The balance tips back towards productivity while increasing the organisation’s security posture.

Windows Desktop Extension

A natural extension to the Windows desktop

Osirium PEM is a natural extension to the Windows desktop.

Accessed from the application icon context menu, the user requests permission to execute as an Administrator using PEM. For whitelisted applications, the application starts with elevated privileges. For new applications, the request is routed to IT, reviewed and, if approved, a policy is deployed to enable access.

Empower mobile workers

Remote or mobile workers are often the most affected when enforcing “least privilege” policies. They find themselves in a poorly connected environment and need to run an application as an Administrator, for example to connect to display or update WiFi configuration.

PEM supports offline requests using one-time passwords so control is maintained while minimising impact on remote and mobile workers.

Remote access request


Least Privilege

Enforce "Least Privilege"

End-users only need user-level accounts.

  • Remove local admin privileges
  • Whitelisted applications can be run with elevated privilege
Run Privileged Applications

Run Privileged Applications

Approved applications can be run with elevated permissions without contacting IT.

  • Permissive mode monitors application usage
  • IT defines policies based on actual usage
Show Compliance

Show Compliance

Track which privileged applications are used, by whom and when

  • Audit trail of authorisations and usage to show policy compliance
  • Elevated applications are always run in the context of the real user for audit trails
Reduce load on help desks

Reduce Help Desk Load

Reduce the need for users to call the IT help desk to run privileged applications.

  • Define and deploy policies to allow users to run approved applications as Administrator without contacting the help desk
Manage Permissions

Manage Permissions

Permissions can be granted at multiple levels to improve control and reduce IT effort.

  • Define permissions at the user or group level
  • Allow access for specific time periods – one-time or forever
Keep Mobile Workers Productive

Keep Mobile Workers Productive

Mobile workers can request elevated privilege as needed.

  • Offline workflow for remote authorisation
  • Ideal for the remote user that needs access to a local device or Wi-Fi
PEM Datasheet

Get more information

Download the Osirium PEM Datasheet for more information.