Introduction to Verify Privilege Manager
Verify Privilege Manager is an endpoint least privilege and application control solution for Windows and macOS, capable of supporting enterprises and fast-growing organizations at scale. Mitigate malware and modern security threats from exploiting applications by removing local administrative rights from endpoints. The two major components are Local Security and Application Control.
Using Verify Privilege Manager discovery, administrators can automatically discover local administrator privileges and enforce the principle of through policy-driven actions. Those policy-driven actions include:
- blocking, elevating, monitoring, allowing
- application quarantine, sandbox, and isolation,
- application privilege elevation, and
- endpoint monitoring
All this is seamless for users, reduce IT/desktop support workload, and support compliance obligations.
Verify Privilege Manager does not require Verify Privilege Vault or any other IBM Security product to run. Verify Privilege Vault's vaulting and workflow capabilities can be extended to privileged endpoint accounts when the two products are used together.
The typical user is part of an IT team that is tasked with implementing and overseeing a company's security business requirements and framework. In the product, this role is known as the Verify Privilege Manager Administrator. Although there are a few other kinds of user roles that may use Verify Privilege Manager now and then for minor tasks, the Verify Privilege Manager Administrator is the main user of Verify Privilege Manager.
It is useful (although not necessary) for Verify Privilege Manager Administrators to be familiar with the basics of IT administration, such as the Group Policy feature from Microsoft.
Least Privilege Explained
Least Privilege is a security-driven management philosophy that models a system where all employees are given the minimum level of access rights necessary to carry out their job functions on endpoint machines. This is to protect each machine from malicious applications, rogue employees, or attackers. Privileged local admin or root accounts on endpoints give unfettered access to the entire endpoint and can potentially be used to access other computers, domain resources, and critical servers unless a least privilege security model is implemented. But implementing Least Privilege can be difficult for IT teams to enforce because there are plenty of daily, trusted activities that employees must perform that require access to privileged credentials.
Verify Privilege Manager's toolset is two-fold. First, Local Security discovers all accounts that exist on endpoints and allows Verify Privilege Manager Administrators to control the exact membership of every local group. This will ensure the correct admin and root accounts are permanently set. Additionally, credentials will be controlled by enforcing password rotation on those accounts.
Second, Application Control allows Verify Privilege Manager administrators to manage application activity on endpoint machines. Applications that require admin rights or root access can be automatically elevated, allowed applications are allow listed, and malicious applications are blocked.
In other words, tailoring a robust, role-based Application Control system is key to keeping your organization's employees working both securely and effectively, without notable disruptions. But managing local administrator and root accounts through Local Security is arguably the fastest way to lock down your network from malicious endpoint attacks that exploit administrator access.
Every implementation looks different when configuring Verify Privilege Manager to work best for your organization. The key is to know your goal and be smart about getting there. The Getting Started section will walk you through beginning configurations for both Local Security and Application Control.