How Integral Partners helped secure 7,000 globally deployed endpoints in just months using the CyberArk Endpoint Privileged Management platform
Summary
Integral Partners provided expertise and guidance in the deployment of the CyberArk Endpoint Privileged Management tool. The deployment was pushed out to an actively growing number of workstations across the globe in the United States, Europe, and Asia.
“The project allowed Elanco to take control of applications and Administrative rights on workstations across an organization. They gained insight to what is being installed and used in their environment and threat management feeds to help the classification of these applications.”
– Key Project Contributor
Project benefits included:
⦿ Inventory of applications installed on the endpoints
⦿ Removal of local admin rights
⦿ Centralized application Management
⦿ Enhanced compliance with CIS controls
Vertical
Pharmaceutical (animal)
IAM Technology
End Point Management
Team Training
Solution
CyberArk EPM
Enhanced Compliance
Solution Implemented:
CyberArk Endpoint Privilege Manager
CyberArk’s EPM tool was implemented at Elanco to centralize application management and secure their endpoints.
Key Benefits:
EPM Solution
The successful implementation and CyberArk’s EPM solution helped secure the rapidly growing number of workstations across the globe.
The Challenges
As a recently divested company, the client was building out the environment and teams from the ground up. This meant that new workstations were being deployed daily, workstation count could rapidly increase form day to day. Due to lax administrative privileges the client also did not have a strong understanding of what applications were being installed and used within their environment.
There was a strong need to remove local administrative rights, but still allow their workforce to have the ability to install approved applications and make workstation changes without involving the helpdesk or other administrative staff. In order to achieve this, they needed an experienced partner to help them deploy the solution, and sift through the logs to help determine what should be allowed in the environment.
Elanco Animal Health Incorporated is a global pharmaceutical company which produces medicines and vaccinations for pets and livestock. They have over 10,000 employees, they supply products and services to farmers, veterinarians and pet owners in more than 90 countries worldwide.
The Integral Partners Solution
Goals for the engagement at Elanco were to:
- Understand what programs and rights are needed across the workforce.
- Train support teams to be able to provide support and create a long-term sustainable program.
- Configure the installer and create a deployment plan to install the EPM solution to the endpoints.
Integral Partners began the engagement with strong High-level and low-level design documentation. We worked with the networking teams and security teams to ensure the proper ports and files were whitelisted. This ensured we did not have any deployment issues due to the EPM agent getting blocked due to antivirus or being unable to communicate with the central EPM Server.
After creating the initial set of policies to allow the agent to be deployed in a monitoring mode, we worked with the Microsoft Intune team to monitor the deployment of the EPM agent to end-user workstations. This exposed a gap with the client’s skillset and ability to review the logs, working with their security administrator we developed and documented a process to review applications. Using this process, we implemented a baseline set of policies and reported back our findings.
One of the larger challenges on this engagement was the long-term support team had not been identified until the middle of the engagement. Knowing that this may create an issue, we prepared strong documentation including SOPs and as-built documentation. The chosen support contractor was unable to being their support staff onboard until the last few weeks, we were able to work with the staff as they were onboarded to provide an application handoff and acceptance for the delivered solution.
The Value Delivered
The project provided a solid footing for controlling privilege on their endpoints. Some of the benefits included:
Inventory of applications installed on the endpoints
- The EPM solution provides an inventory of installed applications and their usages.
Elevation of privileges for predetermined applications processes
- Users are now able to run privileged applications and processes without the need for local administrative rights.
Centralized application Management
- The ability to allow or block applications across the organization from a central location.
- The ability to create workstation groups and allow groups of user’s special dynamic privileges.
Enhanced compliance with CIS controls
- Inventory and Control of Hardware Assets
- Inventory and Control of Software assets
- Continuous vulnerability management
- <Controlled use of Administrative Privileges
- Secure Configuration for hardware and software on laptops and workstations
- Maintenance, monitoring, and analysis of audit logs
Next Steps
Implementation of the CyberArk endpoint privileged management tool is only the first step in a well-rounded Privileged Management program. This client will continue to review logs and categorize what they would like to allow or disallow within their organization. They have also begun the next steps of their privilege program to look at the secure management of Privilege Accounts across their server infrastructure.