ManageEngine
announced that ADSelfService Plus, an identity security solution with
MFA, SSO and self-service password management capabilities, has released
MFA for Windows User Account Control (UAC) prompts that require
credentials for added security. This feature is available as part of the
product's Endpoint MFA add-on.
A recent report published by Verizon states that up to 40% of data breaches are
the result of stolen credentials. MFA remains one of the top-runners
for mitigating credential theft. When implementing MFA to protect the
enterprise network, logins to machines, VPNs and cloud applications are
usually considered. However, comprehensive security policies do not stop
with just login protection. UAC prompts, especially Run as administrator prompts,
are another major function that requires protection, as these prompts
provide non-privileged user accounts with privileged permissions to
perform tasks they wouldn't be able to otherwise.
NIST SP 800-171 mandates
using MFA to protect local and network access to privileged accounts,
which includes UAC prompts. An increasing number of cyber liability
insurance providers are also instating MFA for all network access
attempts as a prerequisite for insurance eligibility or renewal.
"When
implementing MFA for a stringent security framework like Zero Trust,
enterprises must leave no stone unturned. Protecting UAC prompts with
MFA is crucial, as misuse of administrator credentials can provide
elevated permissions into the domain network and lead to sensitive data
exposure and theft," said Parthiban Paramasivam, director of product
management, ADSelfService Plus. "ADSelfService Plus helps secure UAC
prompts and thwarts bad actors from gaining privileged domain access,
without disrupting the workflow of genuine users."
Using ADSelfService Plus' MFA Feature to Secure UAC Prompts
ADSelfService
Plus supports up to 18 different authentication methods for its MFA
feature. Admins can leverage the myriad of options including biometrics,
TOTP and hardware keys, and tailor the solution to fit organizational
requirements.
Other unique attributes of ADSelfService Plus' MFA feature include:
- Automated adaptation of authentication policies based on the user's time of access, geolocation, IP address and device.
- Comprehensive reports to track authentication attempts and failures.
Apart
from UAC, ADSelfService Plus helps protects machine logins (Windows,
Linux, macOS); VPNs and other network endpoints using RADIUS; and OWA
and other IIS web applications using MFA. ADSelfService Plus also helps
enforce advanced password policies that go a step above the existing
domain password policy through rules like banned use of palindromes,
patterns and dictionary words.
Pricing and Availability
MFA
for UAC is available immediately in the latest edition of ADSelfService
Plus as part of the Endpoint MFA add-on available for its Standard and
Professional editions. Pricing for the Endpoint MFA add-on of
ADSelfService Plus starts at USD 395 annually for 500 users.
Pricing
for the Standard and Professional editions starts at USD $595 and USD
$1,195, respectively. ADSelfService Plus also offers a Free edition for
up to 50 users. The Free edition offers major features of the product
including SSO, self-service password management, password expiration
notifications and advanced password policies. It can be downloaded at www.mnge.it/Kid. A fully functional, 30-day trial version is available for download at www.mnge.it/ayh.