SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Delinea protects users with the Workstation Policy Framework
Wed, 28th Jun 2023

Delinea releases the new Privilege Manager, its solutions for providing privilege elevation controls for users and applications on workstations.

The latest enhancements by Delinea are designed to significantly improve ease of use for customers by preconfiguring five of the most common privilege elevation policies through the Workstation Policy Framework to simplify implementation and accelerate time to value. 

The 2023 Verizon Data Breach Investigations Report found that phishing makes up 44% of all social engineering incidents. 

According to the U.S. Cybersecurity & Infrastructure Security Agency, 70% of attached files or links containing malware were not blocked by network border protection services, and 84% of employees took the bait within 10 minutes of receiving a malicious email. 

Using this method of attack, Delinea says that bad actors compromise the endpoint, elevate privileges, and move laterally within the network to find data and exfiltrate it. Organisations are susceptible to phishing without the appropriate privileged access controls on workstations, even with other security solutions in place. 

Delinea affirms that privilege elevation policies must be set for users and applications to better protect against malware that could be delivered through phishing scams.

Delinea's Privilege Manager enforces just-enough privileges to support approved business activities while blocking or restricting privileges that malware could exploit. This approach reduces friction and enables productivity while simultaneously optimising security.

Based on Delinea's expertise and customer feedback, the new Workstation Policy Framework includes five of the most common policies to help customers quickly build a foundation for privileged access controls and create a baseline of security on Windows and Mac workstations without disrupting user productivity. 

Existing customers can compare their policies with the framework and introduce those missing in their environments.

The five preconfigured policies included are:

1.    Malware Attack Protection 

This policy prevents Living Off the Land Binaries and Scripts (LOLBAS) attacks from being executed by commonly exploited parent applications. 

2.    Allow Microsoft Signed Security Catalog   

This policy allows Microsoft-signed security catalogue application installers to run. It can be combined with blocklist policies to prevent legitimate Operating System applications from being blocked. 

3.    Software Development Tools 

This policy targets standard software development solution system processes, including child processes, and minimises delays caused by requesting privilege elevation. 

4.    Visual Studio Installers

This policy pre-approves and silently elevates four defined Microsoft Visual Studio installers. 

5.    Capture Application Elevation Attempts                                                                                                       

This policy targets non-Microsoft applications that trigger a UAC prompt and sends policy feedback to evaluate policy adjustments that can allow, elevate, or block applications. 

Another enhancement in this release provides granular control over the ability to add, modify or delete users on workstations through PowerShell, even in PowerShell sessions with fully elevated privileges. 

This reduces the risk of developers and IT administrators abusing PowerShell's capabilities and can lessen the impact of malicious code and ransomware. It can also significantly reduce the risk of lateral movement by a bad actor.

Dmitriy Ayrapetov, Vice President of Product Management at Delinea, says: "Security solutions are only valuable if they are usable and don't compromise business productivity." 

"Our mission is to make security seamless, and with this release of Privilege Manager, which leverages customer feedback, users can enjoy easier policy management, better security and less friction for an accelerated time to value of our solution." 

Additional updates in this release include the flexibility to allow workstation users to control firewall settings and accessibility improvements in the user interface.