Secure Desktop Solution Brief
Secure Desktop Solution Brief
Secure Desktop Solution Brief
Secure Desktop
Mitigate Endpoint Security Risks with CyberArk Endpoint Privilege
Manager and Adaptive Multifactor Authentication
THE CHALLENGE
HIGHLIGH TS
Today’s savvy cybercriminals always seek new ways to steal access
Strengthen Endpoint Security
credentials, escalate privileges and move laterally across a network
Protect against data breaches to wreak havoc. Lax password management practices and manual
and malicious attacks from lost,
administrative processes can lead to security vulnerabilities and privilege
stolen, or compromised
credentials. Ensure that you creep, and open the door for adversaries to infiltrate networks, steal data
protect and grant privileged and disrupt business.
access on endpoints as needed.
A wide variety of endpoints are vulnerable to attack, including physical
Optimize User Experience and virtual desktops and servers. Endpoint-targeted attacks like phishing
Provide fast, secure, frictionless and ransomware can damage a company’s reputation and lead to costly
and convenient access to lawsuits, fines, and revenue loss.
endpoints. Allow end-users to
request elevated access Businesses must find ways to secure access to desktops and servers,
privileges — quickly and easily and tightly control access to privileged accounts and applications without
— without engaging the help impairing the user experience or overburdening the help desk.
desk or entering a second set
of admin credentials.
Simplify Operations
THE SOLUTION
Streamline security operations CyberArk’s Secure Desktop solution lets businesses protect access to
and free up staff by automating endpoints and enforce the principle of least privilege without complicating
labor-intensive, time-consuming
IT operations or hindering user productivity. The unified endpoint
administrative tasks.
multifactor authentication and privilege management solution helps
True Zero Trust organizations strengthen access security, optimize user experiences, and
Endpoint Privilege Manager eliminate the manually intensive, error-prone administrative processes that
enables step-up authentication can lead to overprovisioning and privilege abuse.
for privileged applications to
verify the user’s identity. With CyberArk Secure Desktop solution, companies can improve endpoint
security by requiring users to pass secondary authentication challenges
when a user first logs in to an endpoint. If the user attempts to launch a
privileged application or gain access to a privileged account the solution
can validate the user’s identity using adaptive multifactor authentication
before temporarily elevating their privileges.
www.cyberark.com
Adaptive Multifactor and Passwordless Authentication for Endpoints
The CyberArk Adaptive Multifactor Authentication (MFA) enables
organizations to tightly control access to desktops and servers. Adaptive
MFA uses contextual information (location, time of day, device type, user
risk, etc.) and business rules to determine which authentication factors
to require when a particular user logs on to an endpoint. Adaptive MFA
provides high-level authentication assurance and protects businesses
against impersonation, credential theft, phishing scams and other endpoint-
related threats.
W H Y CY BER A RK
The solution also supports a wide range of authentication mechanisms,
including passwordless factors, hardware tokens, authenticator apps and CyberArk is the global leader
in Identity Security. Centered
SMS-based codes and certificate-based device trust. The combination
on privileged access
of context-based authentication and breadth of supported authentication management, CyberArk
factors strengthens security and reduces friction, resulting in improved end- provides the most
user satisfaction and productivity. comprehensive security
solutions for any identity —
Endpoint Privilege Manager human or machine — across
business applications,
Poorly managed privileged endpoint accounts like Windows, macOS or distributed workforces, hybrid
Linux administrator and root accounts represent one of the most significant cloud workloads and
security vulnerabilities an organization faces today. Attackers can gain throughout DevOps pipelines.
unauthorized access to privileged account credentials and traverse a The world’s leading
organizations trust CyberArk
network, taking over workstations, servers and other critical infrastructure.
to help secure their most
Bad actors can also exploit privileged endpoint accounts to disable threat critical assets.
detection programs, install malware and launch damaging cyber attacks.
K E Y F E AT U R E S
Just-in-Time Privilege Elevation
Remove local admin rights from endpoints and dynamically escalate
privileges for a predefined period of time to allow end users to install or
run applications or reconfigure endpoint settings. End users can request
elevated permissions on demand, directly from the desktop when launching
a privileged application, without having to log in as an administrator or
enter another password. Requests are approved manually by authorized
administrators or automatically based on policy.
www.cyberark.com
Ransomware Protection
Tightly control how applications run. Allow trusted applications to run
normally. Block malicious software. Force unknown applications to run in a
restricted mode with no access to the corporate network.
Variety of Endpoints
Improve the security of Windows Server, Windows Desktop and macOS
computers using a single solution with a common administrative console.
©Copyright 2021 CyberArk Software. All rights reserved. No portion of this publication may be reproduced in any form or by any means without the express written consent of CyberArk
Software. CyberArk ®, the CyberArk logo and other trade or service names appearing above are registered trademarks (or trademarks) of CyberArk Software in the U.S. and other jurisdictions.
Any other trade and service names are the property of their respective owners. U.S., 12.21. Doc. WRQ-242
CyberArk believes the information in this document is accurate as of its publication date. The information is provided without any express, statutory, or implied warranties and is subject to
change without notice.
www.cyberark.com