Enterprise Random Password Manager™ (ERPM) helps you enforce temporary escalation of privilege so that individual users are granted administrative access only to designated machines for a limited time. This eliminates the disclosure of potentially shared credentials, so that users or their compromised computers can’t reveal passwords that attackers could exploit to gain lateral movement.
By providing time-limited escalation only for targeted devices, you can protect your network against attacks that use Pass-the-Hash, Kerberos golden tickets, and other exploits. Users can be selectively added to Windows user groups through self-service elevation or other workflow and orchestration processes, and then later are automatically removed without further human intervention.
Get Just in Time / Just Enough Privileged Access
ERPM makes it easy for organizations to enforce fine-grained control of elevated access. Authorized users of the ERPM Web application can request to have rights elevated on selected target systems for designated periods of time. This provides a direct audit trail of their access and assures compliance with any domain level policies.
As an ERPM administrator, you can configure:
- Account groups selected for elevation
- Time limits (down to one-minute granularity) for elevation
- Permissions for selected personnel (such as help desk managers) to elevate others
- End-user email alerts to pending elevation expiration
- Selection of pre-configured “long” and “short” delegation times that you specify
Configuring Account Elevation Rules with ERPM
ERPM administrators can establish delegation rules by identity types and by management sets to allow, for example, IT staff who are responsible for a particular type of system and selected geographies to access only the appropriate systems using elevated credentials. ERPM provides an authoritative audit trail of each access request to prove compliance with your organization’s policies.
As a result, users and their computers never retain long-term knowledge of elevated credentials, greatly reducing the attack surface of your network should attackers gain a foothold on a compromised system.
Download a free whitepaper to find out how Lieberman Software can help safeguard your network against today’s Advanced Persistent Threats (APTs).
You can also contact us to learn more.