QuickStart Phase 1 | Endpoint Privilege Manager Nugget Series

CyberArk University

1 Feb 202403:31

Summary

TLDRThis EPM Nugget introduces Quick Start, a set of starter policies designed to reduce risk without affecting user experience. It's a valuable tool for both experienced EPM managers and newcomers, teaching policy layering for desired outcomes. To activate, expand policies, select Quick Start, and confirm activation. Policies are organized in layers, addressing known good applications, common attack vectors, role-based access, and admin rights discovery. Customization is needed for application groups and layer 3 policies to suit specific environments and roles. With Quick Start, users can enjoy risk reduction and privilege access tailored to their roles.

Takeaways

🚀 Quick Start is a set of starter policies designed to reduce risk without impacting user experience and serves as a foundation for building more complex policies.
🔄 It is a time-saver for experienced users and an educational tool for newcomers in managing and maintaining EPM policies.
📚 To enable Quick Start, expand policies in the navigation bar, activate it, and confirm the action for immediate policy deployment.
🔍 Review activated policies by clicking on the 'Policies' heading, where each policy is prefixed by a number indicating evaluation sequence.
🔑 The sequence of policy evaluation is determined by configuring the priority within individual policies, not by the prefixed numbers.
🛡️ Layer One of Quick Start includes exceptions for known good applications, such as approved content handler plugins.
🚫 Layer Two focuses on closing common attack vectors exploited by malicious content and defining restricted tasks and applications.
👥 Layer Three is for defining role-based access, targeting specific users or SLG groups with tasks and apps for automatic approval.
🔎 Layer Four handles the discovery of user admin right requirements and should be reviewed to update Layers 2 and 3 accordingly.
🛠️ Quick Start policies utilize additional components like application groups, customized dialogue boxes for user feedback, and policy audit events.
✂️ Customization of Quick Start policies is necessary, including reviewing and adjusting content handlers, browsers, and application groups to fit the environment.
🔄 Duplicate and modify Layer 3 policies for known roles, or deactivate them as templates for future use, to prepare for removing users from the administrator group.

Q & A

What is the purpose of the 'Quick Start' feature in EPM?
-The 'Quick Start' feature in EPM is designed to immediately reduce risk without impacting the user experience, providing a logical foundation to build on for managing and maintaining EPM policies.
Who benefits from using the 'Quick Start' feature in EPM?
-Both experienced users who are well-versed in managing EPM policies and those new to the field can benefit from 'Quick Start' as a time-saver and an educational tool on layering policies for desired outcomes.
How can one enable the 'Quick Start' feature in EPM?
-To enable 'Quick Start', expand policies in the navigation bar, click 'Policy Recommendations', scroll down to 'Quick Start', and click the 'Activate Quick Start' button, then confirm the action.
What happens after activating the 'Quick Start' policies?
-After activating the 'Quick Start' policies, a banner notification will appear to inform you that the policies have been activated successfully.
How can the activated 'Quick Start' policies be reviewed?
-The activated 'Quick Start' policies can be reviewed by clicking on the 'Policies' heading in the navigation bar.
What do the numbers prefixing each policy in 'Quick Start' represent?
-The numbers prefixing each policy in 'Quick Start' indicate the sequence in which the policies should be evaluated, although it is the priority configured in the individual policies that dictates the actual sequence.
What is the purpose of Layer One in the 'Quick Start' policies?
-Layer One contains exceptions for known good applications, such as approved content handler plugins, to ensure they are not unnecessarily restricted.
What does Layer Two focus on in the 'Quick Start' policies?
-Layer Two focuses on closing down common attack vectors typically exploited by malicious content and defining restricted tasks and applications that should not be tampered with by end users, such as disabling security controls.
What is the role of Layer Three in the 'Quick Start' policies?
-Layer Three is where role-based access is defined, with policies targeted at specific users or SLG groups, containing tasks and apps that should be automatically approved.
What is the function of Layer Four in the 'Quick Start' policies?
-Layer Four handles the discovery of users' admin right requirements and the events these policies create, which should be reviewed and used to update Layers 2 and 3.
What additional components do the 'Quick Start' policies utilize?
-The 'Quick Start' policies utilize components such as application groups for targeting specific applications, setting the parent process context for blocked apps, customized dialogue boxes for soliciting feedback from end users, and the collection of policy audit events.
What customization is needed before using the 'Quick Start' policies?
-Before using the 'Quick Start' policies, one should review and adjust the content handlers and browsers application groups to reflect the environment, duplicate and modify Layer 3 policies for known roles, and deactivate policies that are not yet applicable, using them as templates for future use.
What is the final step after customizing the 'Quick Start' policies?
-The final step is to remove users from the administrator group and benefit from the risk reductions built into the 'Quick Start' policies while still enabling users to gain access to the privileges required to perform their roles.