Delinea Privilege Manager enhancements reduce phishing effectiveness

Delinea announced the latest release of Privilege Manager, its solution for providing privilege elevation controls for users and applications on workstations.

The latest enhancements significantly improve ease of use for customers by preconfiguring five of the most common privilege elevation policies through the Workstation Policy Framework to simplify implementation and accelerate time to value.

The 2023 Verizon Data Breach Investigations Report found that phishing makes up 44% of all social engineering incidents. According to the U.S. Cybersecurity & Infrastructure Security Agency, 70% of attached files or links containing malware were not blocked by network border protection services, and 84% of employees took the bait within 10 minutes of receiving a malicious email.

Using this method of attack, bad actors compromise the endpoint, elevate privileges, and move laterally within the network to find data and exfiltrate it.

Without the appropriate privileged access controls in place on workstations, organizations are susceptible to phishing, even with other security solutions in place. Privilege elevation policies must be set for users and applications to better protect against malware that could be delivered through phishing scams.

Simplified workstation privileged access policies lead to better security and less friction

Privilege Manager enforces just-enough privileges to support approved business activities while blocking or restricting privileges that malware could exploit. This approach reduces friction and enables productivity while simultaneously optimizing security.

Based on Delinea’s deep expertise and customer feedback, the new Workstation Policy Framework includes five of the most common policies to help customers quickly build a foundation for privileged access controls and create a baseline of security on Windows and Mac workstations without disrupting user productivity. Existing customers can compare their policies with the framework and introduce those that may be missing in their environments.

The five preconfigured policies included are:

Malware attack protection: This policy prevents Living Off the Land Binaries and Scripts (LOLBAS) attacks from being executed by commonly exploited parent applications. LOLBAS is a method of attack that misuses tools and executables that are already in place because they are part of the Operating System.

Allow Microsoft signed security catalog: This policy allows Microsoft-signed security catalog application installers to run. It can be combined with blocklist policies to prevent legitimate Operating System applications from being blocked.

Software development tools: This policy targets common software development solution system processes, including child processes, and minimizes delays caused by requesting privilege elevation.

Visual studio installers: This policy pre-approves and silently elevates four defined Microsoft Visual Studio installers.

Capture application elevation attempts: This policy targets non-Microsoft applications that trigger a UAC prompt and sends policy feedback to evaluate policy adjustments that can allow, elevate, or block applications.

Effective protection against malicious code impacts developers and IT administrative tools

Another major enhancement in this release provides granular control over the ability to add, modify or delete users on workstations through PowerShell, even in PowerShell sessions with fully elevated privileges. This reduces the risk of developers and IT administrators abusing PowerShell’s capabilities and can lessen the impact of malicious code and ransomware. Such granular control of add, modify, and delete operations also significantly reduces the risk of lateral movement by a bad actor.

“Security solutions are only valuable if they are usable and don’t compromise business productivity,” said Dmitriy Ayrapetov, VP of Product Management at Delinea. “Our mission is to make security seamless and with this release of Privilege Manager, which leverages customer feedback, users can enjoy easier policy management, better security, and less friction for an accelerated time to value of our solution.”

Additional updates in this release include the flexibility to allow workstation users to control firewall settings and accessibility improvements in the user interface.