Get Your Global Excellence Awards Entry Kit Now
Join the Cyber Security Worldwide Community on LinkedIn
 Home Executive Briefings Security Predictions Entry Kit Global Excellence Volunteer as Judge Register Awards About
A CSOs guide to keeping desktops and servers secured

Avecto is the leader in Windows privilege management, helping organizations to deploy secure and compliant desktops and servers. With its award winning Privilege Guard technology, organizations can now empower all Windows based desktop and server users with the privileges they require to perform their roles, without compromising the integrity and security of their systems. Customers of all sizes rely on Avecto to reduce operating expenses and strengthen security across their Windows based environments.

Info Security PG: What are the common threats to desktops and servers in Windows based environments?

Mark Austin: Most Windows users log on to corporate desktops and servers with excessive privileges, exposing the organization to increased threats from malware. Malware will take advantage of a privileged account by burying itself deep inside the operating system, often cloaking itself from anti-malware security solutions. Insider attacks are also a concern, as having too many employees logging into the network with privileged accounts increases the likelihood that one of these accounts might be used by a disgruntled employee in a malicious or inappropriate manner. External hackers will also look to compromise privileged users - another reason why privileges should be granted to applications, and not employees.

Info Security PG: What are some of the most common but critical mistakes still happening in keeping desktops and servers secured?

Mark Austin: Besides assigning users an excess of privileges, another common and frequently overlooked mistake is a lack of end user education. A large majority of today's breaches continue to result not from external threats, but from human error. Employees who unknowingly download unauthorized software, or click on a link hosting infected exploits are opening their entire organization up to attack. We saw several high-profile instances of this last year, including the South Carolina Department of Revenue breach, which cost the state $14 million and compromised the financial data of millions of residents. Clearly, the consequences of lacking user education can be devastating, and it all could have been avoided simply by open communication between IT and end users. Of course, communication only comes as a secondary security solution, the first is removal of administrative rights.

Info Security PG: What are the main benefits of Windows privilege management?

Mark Austin: A least privilege environment translates into a least risk scenario because users are granted the privileges necessary to complete their job, and no more. If you think about removing admin rights completely, users are left struggling to perform simple, day-to-day tasks. On the other hand, if you're too lenient with privileges, you're potentially opening your entire organization up to exploits. With least privilege, administrative rights don't have to exist at either extreme and organizations can strike a perfect balance between user productivity and safeguarding the corporate network. A reduction in operating costs is another key benefit. With a least privilege environment reducing the number of potential threats, this then translates into a reduction of IT support costs. In fact, Gartner stated that a locked down and managed PC can be 42% less expensive to support than an unmanaged one, resulting in a cost-savings of $1,278 per desktop, per year!

Info Security PG: How can CSOs rapidly deploy Windows privilege management solutions with multiple offices and mobile devices with various other operating systems?

Mark Austin: Privilege Guard extends Active Directory Group Policy, enabling it to handle the largest enterprises, while still appealing to small and medium size businesses. It leverages all of the benefits of Active Directory, including hierarchical management and a strong security model. This architecture enables Privilege Guard to be deployed easily to all desktops and servers across an organization. Once deployed to the endpoints, policies are automatically cached in a secure location and are also protected by the Privilege Guard anti-tamper mechanism. These cached policies continue to be applied, even when the computer is offline or remote.

Company: Avecto
Hobart House, Cheadle Royal Business Park, Cheadle, Cheshire SK8 3SR United Kingdom

Founded in: 2008
CEO: Mark Austin
Public or Private: Private
Head Office in Country: United Kingdom
Products: Privilege Guard 3.6 - Privilege Guard is the most complete privilege management solution on the market today, with a comprehensive feature set that includes application discovery, privileged account monitoring, seamless application elevation, on-demand capabilities and application control.

Enterprise Reporting Pack - Features rich dashboards, trend analysis and the ability to drill down to detailed reports. It allows you to track application usage, user requests and privileged account log-ons across the enterprise. McAfee ePO Integration Pack - Enables Privilege Guard to integrate with

McAfee ePolicy Orchestrator (ePO), which is widely acknowledged as the most advanced and scalable security management software in the industry.
Company's Goals: Our mission is to enable our customers to lower operating costs and improve system security by implementing least privilege.