100041799

Restricting access to folders and documents is one of the ways CISOs can increase protection in the enterprise. A number of security vendors are increasing the solutions they offer in this area, with Thycotic being one of the latest.

On Thursday the company announced Privilege Manager for Windows, which goes along with the previously released Privilege Manager for Unix for ensuring applications run with the lowest possible privilege and access.

Like the earlier version, Privilege Manager for Windows says this suite allows IT admins to implement a wide array of policies and controls including  Deny-First Whitelisting, Least Privilege Policy, Application Isolation, Endpoint Monitoring and Logging, and Application Self-Elevation. With a simple process of Policy Matching, Contextual Evaluation, and Applying Actions; Privilege Manager for Windows is an extremely flexible, powerful, and easy to use solution for protecting endpoints.

“Typically, attacks will try to compromise an endpoint, such as a user’s laptop, in order to gain access to privileged accounts,” Thycotic product manager Ben Yoder said in a release. “With Privilege Manager for Windows, we are offering IT Admins the ability to dramatically improve their IT security with the easiest to use and manage software solution available on the market.”

Starts at US$3,165 for 200 endpoints.

Also being released is Secret Server v10.0 for Privileged Account Management, which comes with either version of Privilege Manager (Privilege Manager can be run by itself). Together they can provide a comprehensive way to manage endpoint and privileged access security, the company says.

New capabilities with Secret Server v10.0 include

  • Extensible Discovery
    • Ability for admins to write SSH and PowerShell scripts to extend how Discovery finds accounts and devices;
    • Makes Discovery extremely flexible and customizable
  • Distributed Proxy
    • Ability to Proxy SSH and RDP connections through the Distributed Engine service, rather than through Secret Server itself
    • Engines can be deployed as jumping points into different network segments
    • Service providers can deploy engines in customer or isolated networks to proxy