IT Services Company deploys CyberArk Viewfinity to reduce the attack surface on endpoints by limiting local administrative privileges for business users.
Customer Company Size
Large Corporate
Product
- CyberArk Viewfinity
Tech Stack
- Windows
- Virtual Server 2008
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Cost Savings
- Productivity Improvements
- Customer Satisfaction
Technology Category
- Cybersecurity & Privacy - Endpoint Security
- Cybersecurity & Privacy - Security Compliance
Applicable Functions
- Business Operation
Services
- System Integration
- Cybersecurity Services
About The Customer
An IT Services Company with more than 100 locations globally provides responsive engineering services and technical support to its customers worldwide. The company has federal contracts also provides simulation-based tools and services for training, mission planning, rehearsal, after-action reviews, virtual reality command and control and engineering analysis.
The Challenge
Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes.
The Solution
CyberArk Viewfinity enables the company to apply granular-level control to all policies, including the ability to define which applications are allowed – a key requirement for selecting the privilege management product. The admin console is simple to navigate and allows significant changes to the operating environment quickly. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to identifying an allowable time of day for a user to access information. From a performance perspective, the CyberArk Viewfinity agent processes take up less than 1.5 MB of memory, and there has not been any noticeable impact on the network. The solution was installed and up and running in half a day. In approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated, and active on all of the workstations. Since 95% of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. For exception circumstances, the company uses CyberArk Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.