Security software vendor Avecto has announced the forthcoming release of the 5.0 version of their Defendpoint endpoint protection software, which combines privilege management with application control, trusted application protection and behavioral analytics. New in this version is Quick Start, a new policy which allows most use cases to begin implementing privilege management immediately, not in the usual eight to twelve months. Also new is Trusted Application Protection, which is designed to prevent malware attacks targeting pre-approved applications like Microsoft Office, Adobe, and web browsers.
Avecto began as a direct player selling a pure privilege access management solution, Privilege Guard. Within the last five years, they have shifted their emphasis into the endpoint security space and their Defendpoint software, as well as gearing up a channel presence with an eventual 100 per cent channel goal.
“With this release, we have incorporated Quick Start features, which will revolutionize this whole space,” said Andrew Avanessian, Chief Operating Officer at Avecto. “Quick Start is a policy designed from our implementations across eight million endpoints that enable Defendpoint to be a turnkey solution. No one else can implement privilege account management as turnkey in this way. Typically, it takes 8 to 12 months for the solution to understand the environment before the customer gets to see it work and get a return on their investment.”
Avanessian said Avecto has been able to make this breakthrough in the industry because of a perfect storm of things coming together.
“We’ve got the easiest to use administrative model, and a broad set of features that are very configurable,” he said. “This configurability gives us an architecture that hooks in easily, and lets us create a policy that works everywhere, without having to make compromises in policy. We’ve also done the biggest deployments, and have more experience. These all culminate in being able to develop a turnkey solution.”
Quick Start will cover the majority of setup scenarios. It uses a small number of rules based on specific roles, from office workers through to system admins. Each rule caters to the differing flexibility requirements of the user with varying levels of exception handling for unknown or untrusted applications.
“I think this will give us a significant advantage for a long period of time,” Avanessian said. “Our architecture is fundamentally different from our competitors and what we are able to do more easily with our design would require a complete rewrite of their code. I expect they will try and get to where we are, but that they will have to come up with compromise policies.”
The other major change to Defendpoint v5.0 enhances application control capabilities with the addition of a new Trusted Application Protection feature.
“5.0 protects trusted applications like Word, Excel, Adobe, and Internet browsers,” Avanessian said. “We take admin privileges off individuals and reduce the attack surface. The statistics around that are phenomenal. It’s the most impactful thing you can do. 95 per cent of malware won’t affect your organization if you take away admin rights, because it can’t drop payloads if it can’t get in.”
Avecto here is leveraging their pre-existing capability to add administrative tokens for specific processes that require a token for one-time use.
“We take full admin rights away, but when they request admin rights on their endpoint, Defendpoint checks and decides whether that token should be granted for that one thing,” Avanessian said. “We aren’t giving users admin rights for short periods of time. We identify individual processes that require a token for a specific thing. If it’s a safe application we allow it, and if it’s not safe we don’t allow it.”
Avanessian indicated that Avecto thinks the enhancements to 5.0 will both make likely customers be more inclined to get privilege account management more quickly, and will interest new customers who wouldn’t have considered it at all before.
“The people that know they need it will be more likely to do it sooner,” he said. “Companies who weren’t seriously considering it because it was too complicated and took too long to set up will, we think, be more likely to look at it now.”
