SOLUTION BRIEF

Secure Desktop
Mitigate Endpoint Security Risks with CyberArk Endpoint Privilege
Manager and Adaptive Multifactor Authentication

THE CHALLENGE
HIGHLIGH TS
Today’s savvy cybercriminals always seek new ways to steal access
Strengthen Endpoint Security
credentials, escalate privileges and move laterally across a network
Protect against data breaches to wreak havoc. Lax password management practices and manual
and malicious attacks from lost,
administrative processes can lead to security vulnerabilities and privilege
stolen, or compromised
credentials. Ensure that you creep, and open the door for adversaries to infiltrate networks, steal data
protect and grant privileged and disrupt business.
access on endpoints as needed.
A wide variety of endpoints are vulnerable to attack, including physical
Optimize User Experience and virtual desktops and servers. Endpoint-targeted attacks like phishing
Provide fast, secure, frictionless and ransomware can damage a company’s reputation and lead to costly
and convenient access to lawsuits, fines, and revenue loss.
endpoints. Allow end-users to
request elevated access Businesses must find ways to secure access to desktops and servers,
privileges — quickly and easily and tightly control access to privileged accounts and applications without
— without engaging the help impairing the user experience or overburdening the help desk.
desk or entering a second set
of admin credentials.

Simplify Operations
THE SOLUTION
Streamline security operations CyberArk’s Secure Desktop solution lets businesses protect access to
and free up staff by automating endpoints and enforce the principle of least privilege without complicating
labor-intensive, time-consuming
IT operations or hindering user productivity. The unified endpoint
administrative tasks.
multifactor authentication and privilege management solution helps
True Zero Trust organizations strengthen access security, optimize user experiences, and
Endpoint Privilege Manager eliminate the manually intensive, error-prone administrative processes that
enables step-up authentication can lead to overprovisioning and privilege abuse.
for privileged applications to
verify the user’s identity. With CyberArk Secure Desktop solution, companies can improve endpoint
security by requiring users to pass secondary authentication challenges
when a user first logs in to an endpoint. If the user attempts to launch a
privileged application or gain access to a privileged account the solution
can validate the user’s identity using adaptive multifactor authentication
before temporarily elevating their privileges.

www.cyberark.com
Adaptive Multifactor and Passwordless Authentication for Endpoints
The CyberArk Adaptive Multifactor Authentication (MFA) enables
organizations to tightly control access to desktops and servers. Adaptive
MFA uses contextual information (location, time of day, device type, user
risk, etc.) and business rules to determine which authentication factors
to require when a particular user logs on to an endpoint. Adaptive MFA
provides high-level authentication assurance and protects businesses
against impersonation, credential theft, phishing scams and other endpoint-
related threats.
W H Y CY BER A RK
The solution also supports a wide range of authentication mechanisms,
including passwordless factors, hardware tokens, authenticator apps and CyberArk is the global leader
in Identity Security. Centered
SMS-based codes and certificate-based device trust. The combination
on privileged access
of context-based authentication and breadth of supported authentication management, CyberArk
factors strengthens security and reduces friction, resulting in improved end- provides the most
user satisfaction and productivity. comprehensive security
solutions for any identity —
Endpoint Privilege Manager human or machine — across
business applications,
Poorly managed privileged endpoint accounts like Windows, macOS or distributed workforces, hybrid
Linux administrator and root accounts represent one of the most significant cloud workloads and
security vulnerabilities an organization faces today. Attackers can gain throughout DevOps pipelines.
unauthorized access to privileged account credentials and traverse a The world’s leading
organizations trust CyberArk
network, taking over workstations, servers and other critical infrastructure.
to help secure their most
Bad actors can also exploit privileged endpoint accounts to disable threat critical assets.
detection programs, install malware and launch damaging cyber attacks.

The CyberArk Secure Desktop solution helps reduce privileged access

security risks by removing local admin rights from endpoints and
temporarily elevating end-user privileges with built-in adaptive MFA
for specific tasks—on-demand, in real-time—with minimal help desk
involvement. The solution protects against ransomware by intelligently
blocking or restricting suspicious or untrusted applications and defends
against credential theft by safeguarding passwords and other credentials
cached by Windows, web browsers and other programs.

K E Y F E AT U R E S
Just-in-Time Privilege Elevation
Remove local admin rights from endpoints and dynamically escalate
privileges for a predefined period of time to allow end users to install or
run applications or reconfigure endpoint settings. End users can request
elevated permissions on demand, directly from the desktop when launching
a privileged application, without having to log in as an administrator or
enter another password. Requests are approved manually by authorized
administrators or automatically based on policy.

www.cyberark.com
 Ransomware Protection
Tightly control how applications run. Allow trusted applications to run
normally. Block malicious software. Force unknown applications to run in a
restricted mode with no access to the corporate network.

Credential Theft Protection

Automatically detect and block attempts to steal credentials cached by
Windows, web browsers, password managers, single sign-on solutions and
other programs. Improve protection against impersonation, phishing, spear-
CERTIFICAT E- B A S ED phishing, social engineering and other scams by requiring two or more
DE V ICE T RU ST distinct mechanisms to validate a user’s identity.
The agent can manage the
lifecycle of a certificate on the Risk-Aware, Adaptive Multifactor Authentication
endpoint. This certificate can
act as a conditional access Strengthen endpoint access security by requiring multiple forms of
factor for sensitive apps that authentication. Reduce user frustration by using contextual information
shouldn’t be accessed on and machine learning-driven, risk-based access policies to determine
non-trusted devices. which authentication factors to apply to a particular user under particular
conditions. Take into account a range of variables, including location, time
of day, day of week, IP address, networks or device type.

Wide Range of Authentication Factors

Choose from a variety of authentication factors, including push notifications
to a mobile device, one-time password tokens, SMS messages or email
notifications.

User Behavior Analytics and Reporting

Get insights into identity and authentication incidents on the endpoint via
reports and dashboards. Investigate, explore and orchestrate automated
responses to identity incidents.

Variety of Endpoints
Improve the security of Windows Server, Windows Desktop and macOS
computers using a single solution with a common administrative console.

©Copyright 2021 CyberArk Software. All rights reserved. No portion of this publication may be reproduced in any form or by any means without the express written consent of CyberArk
Software. CyberArk ®, the CyberArk logo and other trade or service names appearing above are registered trademarks (or trademarks) of CyberArk Software in the U.S. and other jurisdictions.
Any other trade and service names are the property of their respective owners. U.S., 12.21. Doc. WRQ-242

CyberArk believes the information in this document is accurate as of its publication date. The information is provided without any express, statutory, or implied warranties and is subject to
change without notice.

www.cyberark.com