BeyondTrust, the worldwide leader in Privileged Access Management, today announced Defendpoint 5.3 with Power Rules to help speed decisions on whether to allow an application to run, or allow it to run with admin rights, by automating the integration of third-party intelligence sources. The first example of Power Rules integration is with ServiceNow to automatically submit an IT ticket to the IT team, so that they can make an informed and expedited decision on the user’s request to run an application, installation, script or task.
Power Rules is a business rules engine that enables customers to more easily configure Defendpoint to their unique business requirements as well as integrate Defendpoint into other systems.
Whitelisting and blacklisting rules are generally straightforward to develop and enforce, but applications where there is only limited information available can introduce risk into an environment if not properly vetted prior to allowing the application’s use.
Based on PowerShell, organizations can simply write a script and embed it in the policy itself. For example, Power Rules can trigger a service desk workflow to automatically submit a ticket, call out to a third-party to check the hash, or interface with a vulnerability management system to check for CVEs on the application.
“This enhancement further demonstrates BeyondTrust leadership in endpoint privilege management,” said Dan DeRosa, Chief Product Officer at BeyondTrust. “Defendpoint 5.3 enables organizations to reduce risk and drive greater ROI from their existing IT investments by leveraging inputs from third-party systems to help inform privilege elevation decisions.”
Power Rules for ServiceNow
With the latest version of Defendpoint, IT administrators can achieve the following:
• Automatically raise an incident in ServiceNow: When a user runs an application that is targeted with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes a description of the business justification, the program name, program publisher, program path, challenge code, and the business justification the end-user provided.
• Simplify responses: Administrators can take action on the incident in ServiceNow and supply the end-user with a response code. The end-user can then use the response code to 'unlock' the application, allowing it to run. Any application that matches the rule will then trigger the ServiceNow workflow.
Defendpoint 5.3 with Power Rules is available now.
BeyondTrust (beyondtrust.com) is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. Our extensible platform empowers organizations to easily scale privilege security as threats evolve across endpoint, server, cloud, DevOps, and network device environments. BeyondTrust unifies the industry’s broadest set of privileged access capabilities with centralized management, reporting, and analytics, enabling leaders to take decisive and informed actions to defeat attackers. Our holistic platform stands out for its flexible design that simplifies integrations, enhances user productivity, and maximizes IT and security investments. BeyondTrust gives organizations the visibility and control they need to reduce risk, achieve compliance objectives, and boost operational performance. We are trusted by 20,000 customers, including half of the Fortune 100, and a global partner network.