BeyondTrust Defendpoint 5.3 Introduces Power Rules to Speed Endpoint Privilege Management Decisions
January 2019 by Marc Jacob
BeyondTrust has announced Defendpoint 5.3 with Power Rules to help speed decisions on whether to allow an application to run, or allow it to run with admin rights, by automating the integration of third-party intelligence sources. The first example of Power Rules integration is with ServiceNow to automatically submit an IT ticket to the IT team, so that they can make an informed and expedited decision on the user’s request to run an application, installation, script or task.
Power Rules is a business rules engine that enables customers to more easily configure Defendpoint to their unique business requirements as well as integrate Defendpoint into other systems.
Whitelisting and blacklisting rules are generally straightforward to develop and enforce, but applications where there is only limited information available can introduce risk into an environment if not properly vetted prior to allowing the application’s use.
Based on PowerShell, organizations can simply write a script and embed it in the policy itself. For example, Power Rules can trigger a service desk workflow to automatically submit a ticket, call out to a third-party to check the hash, or interface with a vulnerability management system to check for CVEs on the application.
Power Rules for ServiceNow
With the latest version of Defendpoint, IT administrators can achieve the following:
• Automatically raise an incident in ServiceNow: When a user runs an application that is targeted with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes a description of the business justification, the program name, program publisher, program path, challenge code, and the business justification the end-user provided.
• Simplify responses: Administrators can take action on the incident in ServiceNow and supply the end-user with a response code. The end-user can then use the response code to ’unlock’ the application, allowing it to run. Any application that matches the rule will then trigger the ServiceNow workflow.
Defendpoint 5.3 with Power Rules is available now.