Remediant Blog

With the arrival of spring, I couldn’t be more excited and thrilled to announce the release of our latest SecureONE platform update. With this month's release, Remediant leads the industry in extending privileged access management (PAM) capabilities to endpoint detection and response (EDR) solutions designed to prevent lateral movement of identity-based threats.

We recognize that many organizations have invested in EDR solutions like VMware Carbon Black to:

• Record and store endpoint system-level behaviors
• Use various data analytics techniques to detect suspicious system behavior
• Block malicious activity and provide remediation suggestions to protect and restore affected systems.

The blindside is today EDR solutions provide no visibility or context into privileged accounts on their endpoints.   A hacker may compromise one of these accounts and then move laterally (island hop) across managed endpoints undetected to install ransomware or exfiltrate sensitive data to C&C sites.

I’ve provided below some details on how this month's release helps reduce the attack surface by providing visibility into the privileged accounts sprawl and then removing or replacing them with Just-in-Time (JIT) access for VMware Carbon Black Cloud managed endpoints.

Here are the salient features of the integration:

• With Remediant SecureONE (v2.8), customers using VMware Carbon Black Cloud’s Live Response capability may now extend their reach to maintain JIT access when endpoints are outside the Remediant corporate network and VPN (see Figure 1)
  
  
• The first phase of this integration is supported on Windows systems managed by VMware Carbon Black Cloud. Linux and Mac support are expected during the second half of 2021 (see Figure 1)
  
  
• Unlike traditional PAM vendors, Remediant is agentless and leverages the existing Carbon Black Cloud agent on endpoints to provide context on privileged accounts.

Figure 1

The benefits of the combined solution are significant:

• Prevent lateral movement of compromised privileged accounts well in advance to prevent attackers from compromising VMware Carbon Black Cloud managed endpoints with identity-based threats such as ransomware and phishing
  
  
• Reduce the attack surface by removing 24X7 admin access sprawl and replacing with JIT administration to ensure Zero Standing Privilege (ZSP)
  
  
• Simplify deployment and management. Remediant SecureONE is agentless. This architectural approach dramatically reduces the complexity of employing yet another agent and simplifies support for the integration
  
  
• Enable Zero Trust security with MFA to provide the right access to the right resources for just the right amount of time

This release is just a first step in our vision and product strategy to simplify, automate and deepen the integration with EDR vendors such as VMware Carbon Black to prevent identity-based attacks.   We also recognize that organizations - including our customers - have invested a lot in complementary technologies such as SIEMs, Service Desk and Asset Management. It’s why Remediant prioritized integrations with ServiceNow, Axonius and SailPoint to provide PAM context to enhance the value provided by these essential ecosystem partners and to improve the security posture of organizations. Stay tuned for upcoming SecureONE releases to learn about our tighter integrations with VMware Carbon Black and other EDR vendors as well.  

For more details about this release visit: VMware Carbon Black Technology Integration Page