ManageEngine ADSelfService Plus Adds MFA for UAC To Protect Privileged Accounts
October 4, 2022 - ManageEngine, the enterprise IT management division of Zoho Corporation, today announced that ADSelfService Plus, an identity security solution with MFA, SSO and self-service password management capabilities, has released MFA for Windows User Account Control (UAC) prompts that require credentials for added security. This feature is available as part of the product's Endpoint MFA add-on.
A recent report published by Verizon states that up to 40% of data breaches are the result of stolen credentials. MFA remains one of the top-runners for mitigating credential theft. When implementing MFA to protect the enterprise network, logins to machines, VPNs and cloud applications are usually considered. However, comprehensive security policies do not stop with just login protection. UAC prompts, especially Run as administrator prompts, are another major function that requires protection, as these prompts provide non-privileged user accounts with privileged permissions to perform tasks they wouldn't be able to otherwise.
NIST SP 800-171 mandates using MFA to protect local and network access to privileged accounts, which includes UAC prompts. An increasing number of cyber liability insurance providers are also instating MFA for all network access attempts as a prerequisite for insurance eligibility or renewal.
"When implementing MFA for a stringent security framework like Zero Trust, enterprises must leave no stone unturned. Protecting UAC prompts with MFA is crucial, as misuse of administrator credentials can provide elevated permissions into the domain network and lead to sensitive data exposure and theft," said Parthiban Paramasivam, director of product management, ADSelfService Plus. "ADSelfService Plus helps secure UAC prompts and thwarts bad actors from gaining privileged domain access, without disrupting the workflow of genuine users."
ADSelfService Plus supports up to 18 different authentication methods for its MFA feature. Admins can leverage the myriad of options including biometrics, TOTP and hardware keys, and tailor the solution to fit organizational requirements.
Other unique attributes of ADSelfService Plus' MFA feature include:
- Automated adaptation of authentication policies based on the user's time of access, geolocation, IP address and device.
- Comprehensive reports to track authentication attempts and failures.
Apart from UAC, ADSelfService Plus helps protects machine logins (Windows, Linux, macOS); VPNs and other network endpoints using RADIUS; and OWA and other IIS web applications using MFA. ADSelfService Plus also helps enforce advanced password policies that go a step above the existing domain password policy through rules like banned use of palindromes, patterns and dictionary words.
ManageEngine ADSelfService Plus and all other ManageEngine solutions are available in Romania through Simple IT, ManageEngine Partner in Romania.
About Simple IT
SIMPLE IT is a distributor for software solutions and hardware appliances, adding value with consulting, training, implementation, configuration and support services, backed by certified specialists, in order to offer the best IT experience to customers and partners. For more information, please visit www.simpleit.com.ro.