Privileged Endpoint Management
Enforce “least privilege” policies while enabling productivity
The need for better endpoint management
Enforcing “least privilege” – ensuring the right people have the right level of access and no more – is a key element in any cybersecurity policy. However, that can mean users don’t have access to the applications or resources they need to get their work done without a call to the IT helpdesk. The balance between security and productivity gets tipped towards security at the cost of productivity.
Traditionally, endpoint privilege management has needed a substantial infrastructure and was complex to manage.
Osirium’s Privileged Endpoint Management (PEM) allows organisations to remove local administrator rights from users, while at the same time enabling the same users to have escalated privileges only for specific processes and executables. The balance tips back towards productivity while increasing the organisation’s security posture.
A natural extension to the Windows desktop
Osirium PEM is a natural extension to the Windows desktop.
Accessed from the application icon context menu, the user requests permission to execute as an Administrator using PEM. For whitelisted applications, the application starts with elevated privileges. For new applications, the request is routed to IT, reviewed and, if approved, a policy is deployed to enable access.
Empower mobile workers
Remote or mobile workers are often the most affected when enforcing “least privilege” policies. They find themselves in a poorly connected environment and need to run an application as an Administrator, for example to connect to display or update WiFi configuration.
PEM supports offline requests using one-time passwords so control is maintained while minimising impact on remote and mobile workers.
Enforce "Least Privilege"
End-users only need user-level accounts.
- Remove local admin privileges
- Whitelisted applications can be run with elevated privilege
Run Privileged Applications
Approved applications can be run with elevated permissions without contacting IT.
- Permissive mode monitors application usage
- IT defines policies based on actual usage
Track which privileged applications are used, by whom and when
- Audit trail of authorisations and usage to show policy compliance
- Elevated applications are always run in the context of the real user for audit trails
Reduce Help Desk Load
Reduce the need for users to call the IT help desk to run privileged applications.
- Define and deploy policies to allow users to run approved applications as Administrator without contacting the help desk
Permissions can be granted at multiple levels to improve control and reduce IT effort.
- Define permissions at the user or group level
- Allow access for specific time periods – one-time or forever
Keep Mobile Workers Productive
Mobile workers can request elevated privilege as needed.
- Offline workflow for remote authorisation
- Ideal for the remote user that needs access to a local device or Wi-Fi
Get more information
Download the Osirium PEM Datasheet for more information.