QuickStart Phase 1 | Endpoint Privilege Manager Nugget Series

CyberArk University

1 Feb 202403:31

Summary

TLDRThis EPM Nugget introduces Quick Start, a set of starter policies designed to reduce risk without affecting user experience. It's a valuable tool for both experienced EPM managers and newcomers, teaching policy layering for desired outcomes. To activate, expand policies, select Quick Start, and confirm activation. Policies are organized in layers, addressing known good applications, common attack vectors, role-based access, and admin rights discovery. Customization is needed for application groups and layer 3 policies to suit specific environments and roles. With Quick Start, users can enjoy risk reduction and privilege access tailored to their roles.

Takeaways

🚀 Quick Start is a set of starter policies designed to reduce risk without impacting user experience and serves as a foundation for building more complex policies.
🔄 It is a time-saver for experienced users and an educational tool for newcomers in managing and maintaining EPM policies.
📚 To enable Quick Start, expand policies in the navigation bar, activate it, and confirm the action for immediate policy deployment.
🔍 Review activated policies by clicking on the 'Policies' heading, where each policy is prefixed by a number indicating evaluation sequence.
🔑 The sequence of policy evaluation is determined by configuring the priority within individual policies, not by the prefixed numbers.
🛡️ Layer One of Quick Start includes exceptions for known good applications, such as approved content handler plugins.
🚫 Layer Two focuses on closing common attack vectors exploited by malicious content and defining restricted tasks and applications.
👥 Layer Three is for defining role-based access, targeting specific users or SLG groups with tasks and apps for automatic approval.
🔎 Layer Four handles the discovery of user admin right requirements and should be reviewed to update Layers 2 and 3 accordingly.
🛠️ Quick Start policies utilize additional components like application groups, customized dialogue boxes for user feedback, and policy audit events.
✂️ Customization of Quick Start policies is necessary, including reviewing and adjusting content handlers, browsers, and application groups to fit the environment.
🔄 Duplicate and modify Layer 3 policies for known roles, or deactivate them as templates for future use, to prepare for removing users from the administrator group.

Q & A

What is the purpose of the 'Quick Start' feature in EPM?
-The 'Quick Start' feature in EPM is designed to immediately reduce risk without impacting the user experience, providing a logical foundation to build on for managing and maintaining EPM policies.
Who benefits from using the 'Quick Start' feature in EPM?
-Both experienced users who are well-versed in managing EPM policies and those new to the field can benefit from 'Quick Start' as a time-saver and an educational tool on layering policies for desired outcomes.
How can one enable the 'Quick Start' feature in EPM?
-To enable 'Quick Start', expand policies in the navigation bar, click 'Policy Recommendations', scroll down to 'Quick Start', and click the 'Activate Quick Start' button, then confirm the action.
What happens after activating the 'Quick Start' policies?
-After activating the 'Quick Start' policies, a banner notification will appear to inform you that the policies have been activated successfully.
How can the activated 'Quick Start' policies be reviewed?
-The activated 'Quick Start' policies can be reviewed by clicking on the 'Policies' heading in the navigation bar.
What do the numbers prefixing each policy in 'Quick Start' represent?
-The numbers prefixing each policy in 'Quick Start' indicate the sequence in which the policies should be evaluated, although it is the priority configured in the individual policies that dictates the actual sequence.
What is the purpose of Layer One in the 'Quick Start' policies?
-Layer One contains exceptions for known good applications, such as approved content handler plugins, to ensure they are not unnecessarily restricted.
What does Layer Two focus on in the 'Quick Start' policies?
-Layer Two focuses on closing down common attack vectors typically exploited by malicious content and defining restricted tasks and applications that should not be tampered with by end users, such as disabling security controls.
What is the role of Layer Three in the 'Quick Start' policies?
-Layer Three is where role-based access is defined, with policies targeted at specific users or SLG groups, containing tasks and apps that should be automatically approved.
What is the function of Layer Four in the 'Quick Start' policies?
-Layer Four handles the discovery of users' admin right requirements and the events these policies create, which should be reviewed and used to update Layers 2 and 3.
What additional components do the 'Quick Start' policies utilize?
-The 'Quick Start' policies utilize components such as application groups for targeting specific applications, setting the parent process context for blocked apps, customized dialogue boxes for soliciting feedback from end users, and the collection of policy audit events.
What customization is needed before using the 'Quick Start' policies?
-Before using the 'Quick Start' policies, one should review and adjust the content handlers and browsers application groups to reflect the environment, duplicate and modify Layer 3 policies for known roles, and deactivate policies that are not yet applicable, using them as templates for future use.
What is the final step after customizing the 'Quick Start' policies?
-The final step is to remove users from the administrator group and benefit from the risk reductions built into the 'Quick Start' policies while still enabling users to gain access to the privileges required to perform their roles.

Outlines

00:00

🚀 Quick Start Deployment of EPM Policies

This paragraph introduces the Quick Start phase of deploying EPM (Endpoint Management) policies, which are designed to reduce risk without affecting user experience. It's a set of starter policies that serve as a foundation for further policy development. The Quick Start feature is beneficial for both experienced users looking for a time-saving method and newcomers needing guidance on policy layering for desired outcomes. To activate Quick Start, users expand policies in the navigation bar, find the 'Quick Start' recommendation, and click the activation button. Once activated, a notification confirms the successful implementation. Policies can be reviewed and organized by their prefixed numbers, which indicate the evaluation sequence set by priority configurations. The paragraph also explains the structure of the policy layers, from exceptions for known good applications to role-based access and admin right discovery, emphasizing the need for policy customization to fit the user's environment.

Mindmap

Keywords

💡EPM

EPM stands for Endpoint Management or Endpoint Protection Management, which is a set of tools and strategies used to manage and secure endpoints in a network. In the context of the video, EPM is the main theme, focusing on deploying policies to reduce risk and maintain a secure user experience. The script mentions managing and maintaining EPM policies as a key aspect of the process.

💡Quick Start

Quick Start is introduced as a set of starter policies designed to immediately reduce risk without impacting the user experience. It serves as a foundation for building more complex policies and is a time-saving feature for those experienced in managing EPM policies. The script emphasizes the ease of activation and the immediate benefits of implementing Quick Start policies.

💡Policy Recommendations

Policy Recommendations refer to the suggestions provided within the EPM system to help configure and manage security policies effectively. In the script, it is mentioned that users can find policy recommendations in the navigation bar, which includes the Quick Start option.

💡Risk Reduction

Risk Reduction is the primary goal of the Quick Start policies, aiming to minimize potential security threats while maintaining a seamless user experience. The script highlights that these policies are designed to achieve this objective without negatively affecting users.

💡User Experience

User Experience (UX) is the comfort, ease of use, and satisfaction a user has while interacting with a system. The video emphasizes that the Quick Start policies are designed to reduce risk without impacting the UX, indicating a balance between security and usability.

💡Policy Layers

Policy Layers refer to the structured approach of organizing and implementing policies in a hierarchical manner. The script explains that there are different layers, each with a specific purpose, such as exceptions for known good applications, closing common attack vectors, and defining role-based access.

💡Role-Based Access

Role-Based Access is a security practice where access rights are granted to users based on the roles they perform within an organization. In the script, layer three policies are mentioned as being targeted at specific users or security groups, containing tasks and apps that should be automatically approved.

💡Admin Rights

Admin Rights are the permissions granted to users to perform administrative tasks on a system. The script discusses the discovery of users' admin right requirements and suggests reviewing the events these policies create to update layers 2 and 3.

💡Content Handlers

Content Handlers are applications or plugins that handle specific types of content in a web browser or other software. The script advises reviewing and customizing the content handlers and browsers application groups to ensure they reflect the user's environment.

💡Customization

Customization refers to the process of adapting or modifying a system, application, or policy to better suit the specific needs of a user or organization. The script mentions the need for customization of the policies before continuing, including reviewing and modifying application groups and layer 3 policies.

💡Policy Audit Events

Policy Audit Events are the records or logs generated by the system when policies are executed or triggered. The script mentions the need to activate the collection of policy audit events in agent configuration, indicating the importance of monitoring and reviewing these events for policy management.

Highlights

Introduction to Quickart and its first phase of deployment called Quick Start.

Quick Start is a set of starter policies designed to reduce risk without impacting user experience.

The Quick Start policies provide a logical foundation for building more complex policies.

Quick Start is a time-saver for those experienced in managing EPM policies.

It serves as an educational tool for newcomers in the field of policy management.

Enabling Quick Start involves expanding policies and activating it through the navigation bar.

A confirmation prompt appears after activating Quick Start policies.

A banner notification confirms successful activation of the policies.

Policies can be reviewed and are prefixed by a number indicating evaluation sequence.

The sequence of policy evaluation is achieved by configuring priority within the policies themselves.

Layer One of policies contains exceptions for known good applications.

Layer Two focuses on closing down common attack vectors exploited by malicious content.

Restricted tasks and applications are defined in Layer Two to prevent end-user tampering.

Layer Three defines role-based access for specific users and SLG groups.

Layer Four handles the discovery of user admin right requirements and associated events.

Quickart policies utilize additional components like application groups and customized dialogue boxes.

Policy audit events collection needs to be activated in agent configuration.

Customization of policies is required before further deployment.

Content handlers and browsers application groups should be reviewed and customized.

Layer 3 policies should be duplicated and modified for known roles or deactivated as a template for future use.

Users can be removed from the administrator group while still benefiting from risk reductions in Quick Start policies.

Completion of Phase One allows for the practical application of the Quick Start policies.