Delinea, a provider of Privileged Access Management (PAM) solutions, has announced enhancements to its Privilege Manager, a system known for offering privilege elevation controls for user and application workstations. These updates aim to mitigate the risk of identity-based cyberattacks through optimising just-in-time (JIT) access for users of Windows workstations. The control for macOS workstations has also been expanded, allowing elevated access solely for certified or trusted publishers and covertly enabling privileged access when necessary.

As stated in Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches saw human involvement through error, privilege misuse, stolen credentials, or social engineering. Exploiting elevated privileges on workstations is a common tactic for nefarious actors, and better controls must be applied to reduce the likelihood of cyberattacks. Privileged accounts and applications can serve as avenues for attackers to access sensitive data and vital systems. This could lead to operational downtime, harmful brand damage and significant financial loss.

The latest update to Privilege Manager simplifies the elevation of application installers' administrative rights by enabling policies based on the signing certificate of trusted publishers. These enhancements facilitate macOS users in installing approved applications while aiding administrators in fortifying against ransomware threats.

Furthermore, Privilege Manager bolsters protection policies for macOS that smartly permit developers and power users to perform common elevated Sudo commands whilst restraining uncommon activities that may suggest a potential security breach. Privilege elevation is done covertly, thereby eliminating interruptions to user productivity or the need to request privileges for routine tasks.

The new release broadens the workstation policy framework by introducing seven novel policies designed specifically for regular macOS tasks. This simplifies the rollout and continuous administration of Privilege Manager for macOS Workstations. "Managing privileged access for workstation users should be a top priority for IT and security leaders since this is a primary vector for identity-based attacks," said Dmitriy Ayrapetov, Vice President of Product Management at Delinea. "We focus on continually introducing stronger privileged access controls for Windows and macOS workstations that are easy for administrators to use and seamless for end users."

The latest version of Privilege Manager allows IT teams to grant fully elevated privileges for a specified period when troubleshooting on a workstation, after which privileges are automatically removed. Full auditing capabilities are in place for such elevated privilege activities.