CyberArk > Case Studies > IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.

CyberArk Logo
Customer Company Size
Large Corporate
Product
  • CyberArk Viewfinity
Tech Stack
  • Windows
  • Virtual Server 2008
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Cost Savings
  • Productivity Improvements
  • Customer Satisfaction
Technology Category
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Functions
  • Business Operation
Services
  • System Integration
  • Cybersecurity Services
About The Customer
An IT Services Company with more than 100 locations globally provides responsive engineering services and technical support to its customers worldwide. The company has federal contracts also provides simulation-based tools and services for training, mission planning, rehearsal, after-action reviews, virtual reality command and control and engineering analysis.
The Challenge
Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes.
The Solution
CyberArk Viewfinity enables the company to apply granular-level control to all policies, including the ability to define which applications are allowed – a key requirement for selecting the privilege management product. The admin console is simple to navigate and allows significant changes to the operating environment quickly. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to identifying an allowable time of day for a user to access information. From a performance perspective, the CyberArk Viewfinity agent processes take up less than 1.5 MB of memory, and there has not been any noticeable impact on the network. The solution was installed and up and running in half a day. In approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated, and active on all of the workstations. Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. For exception circumstances, the company uses CyberArk Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators.
Operational Impact
  • The CyberArk Viewfinity solution helps secure and control the IT environment more efficiently and cost effectively at the desktop level.
  • All application control and privilege management policies propagate immediately, regardless of the worker’s location, ensuring that all remote end user machines are as equally secure as those that reside inside the corporate firewall.
  • CyberArk Viewfinity quickly detected which end users were using file sharing clients on corporate machines, allowing the IT group to instantly track down and block the application.
  • The company can automatically create and store a screen recorded video of user activity based upon a particular application or policy as well as create an audit log that tracks the administrator’s actions related to CyberArk Viewfinity policy configuration and enforcement activity.
  • With the level of control offered and instant notifications of any policy infringement, both the IT administrator and the company save time and money by being able to proactively tackle issues as they arise.
Quantitative Benefit
  • The CyberArk Viewfinity agent processes take up less than 1.5 MB of memory.
  • The solution was installed and up and running in half a day.
  • In approximately two weeks, all the newly written application control policies were created, propagated, and active on all of the workstations.
  • Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.