Menu
Contact Us
Free Trial
incident-response

Endpoint Hardening

Bring Zero Trust to your endpoints. An identity layer for EDR. Contain ransomware faster

Privilege and Identity - The missing layer in the cyber kill-chain.

XDR, EDR and NGAV have a device-centric view & watch for malicious files/commands, but have no visibility to privileged identities

  • Endpoint solutions will miss island hopping/lateral movement if Mimikatz (or known variants or substitutes) are not used & an attacker is posing as a real administrator
  • In counter-IR scenarios, an attacker with a compromised admin account can disable endpoint agents

Watch how standing admin rights are used in lateral movement.

Remediant focuses on removing standing administrator rights from endpoints

74%

of breached organizations admit involvement of a privileged account

480

Average number of admins with 24x7 access to each workstation

30%

of an average organization is covered by Privileged Access Management

Remediant takes an identity centric approach to complement endpoint detection and response. This is primarily because our founders observed that attackers weaponized identities (specifically, administrator accounts with “always on” 24x7x365 privileges) in the majority of incidents. These accounts created points of exposure (much like hidden open ports) that could easily be hijacked and used to move laterally. On average, at a large enterprise, Remediant finds that the average employee workstation has 480 users with 24x7 admin access (at companies with >15K devices).

endpoint-hardening

How?


Standing administrator rights are used in 74% of ransomware spread, island hopping, & counter incident response. These privileges are typically in the form of privileged group memberships or device level permissions that allow the execution of privileged commands. So, even if a user is not explicitly given access to a specific server or workstation, their domain or group level permissions would allow them access to that server or workstation whenever they need it.

Why?


Spread through group nesting, over-permissioning and role changes: Administrator rights change over time very regularly, and this is something that a lot of attackers know, and a lot of security teams don't know. Admin rights can change for many different reasons. New members are always added as Help desks and Administrator teams grow. However, old members who leave their teams or the company, aren’t always removed in a timely fashion. Group membership changes, so if an active directory group confers some amount of privileged access and the membership of that group changes, then the amount of privileged access in the ecosystem correspondingly changes. Local accounts might be added or removed, conferring or removing levels of privileged access, and GPOs can change, which can confer privileged access across the entire enterprise for a set of accounts or a set of groups.

endpoint-hardening

Introducing Remediant SecureONE

Zero Trust

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam nec auctor purus, id accumsan tellus. Vivamus massa ligula.

SecureONE

XDR Compatible

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec justo orci, cursus in tincidunt at, bibendum eu massa.

Remediant brings an identity centric view to endpoints with zero trust access.

Rapid Discovery

Constantly scans for administrator rights across the ecosystem.

Repeatable IR Playbook

Designed to minimize breach and business impact.

Single action removal of standing access

To ensure protection even if credentials are compromised.

Low business disruption

No latency added to end users.

XDR / NGAV compatible, single VM deployment

That requires no agents on endpoints.

Peaked your interest? Sign up for a 30 day free trial.

See how SecureONE can defend your enterprise with zero standing privilege.