Secure and compliant endpoints
Prevent breaches without hindering productivity. Defendpoint combines privilege management and application control technology in a single agent, making admin rights removal simple and scalable across desktop and servers.
Combining privilege management and application control technology
Eliminate admin rights, achieve least privilege
Whitelist trusted apps and block malware
Insight and analysis to make informed decisions
Eliminate admin rights
Defendpoint allows you to grant privileges to individual applications, tasks and scripts, never to users. Ensure a positive user experience with customized messaging, seamless elevation and flexible prompts.
- All users run as standard users
- Delegation of privileged actions
- On-demand elevation of privileges
- Customised messages and prompts
- Trusted applications are whitelisted
- Detailed reports and analysis
We’ll keep you on track with compliance requirements
Defendpoint allows you to meet least privilege and access management guidelines by removing privileges and whitelisting trusted applications across all endpoints, even in the data center.
With Defendpoint Insights you gain access to trend reporting and analysis to demonstrate compliance with NIST, DFARS, HIPAA, PCI DSS, GDPR and many more.
Free your users from security barricades
Defendpoint provides the tools you need to manage an environment without admin rights.
With a focus on the end user experience, you can drastically reduce helpdesk tickets and IT costs. Maintenance is simple, with a single lightweight agent that integrates with your existing infrastructure. Out of the box implementation means you can achieve security benefits from day one.
Remove the keys to the kingdom
Remove admin rights from all users - even sysadmins in the data center - and assign privileges to the applications, tasks and scripts they need, rather than to the individuals.
By ensuring all employees have just the right level of access to perform in their daily job functions, you create a highly secure environment to mitigate accidental or deliberate insider threats.
Don't leave cyber security to chance
80% of security breaches involve privileged credentials*. Proactively prevent attackers from gaining access to data by removing local admin rights, and prevent malware from executing by controlling the applications allowed to run in your environment.
Available for desktops and servers
Defendpoint for desktops
Defendpoint protects your Windows and macOS desktops, enabling least privilege across even the largest enterprises and most highly regulated environments.
Moving from an older OS such as Microsoft XP to Windows 10 provides the ideal opportunity to review your best practice security measures. Defendpoint makes your migration easier, providing auditing and reporting capabilities and increased user flexibility.
Visibility of privileges
Defendpoint ensures that you have control and visibility over activities within your business. You see which applications are being used and installed, which tasks and applications require privileges and how many users are running with local admin rights.
Legacy systems / applications
Old software and outdated applications create vulnerabilities and are used as a target for hackers, particularly where admin rights are needed for them to run. Defendpoint allows you to create pragmatic whitelists to manage trusted applications and block unauthorized or old versions of software.
Up to 90% of malware is unique to your organization, with hackers drawing on social engineering tactics to gain entry to systems and data. Detection-based antivirus solutions are unable to prevent unknown strains of malware. Defendpoint’s proactive approach prevents malware from executing and spreading.
Home or mobile users typically require flexibility to change settings, install software and update applications regardless of their location. Defendpoint’s policy approach based on Workstyles allows you to grant the privileges needed based on job role, ensuring productivity and security.
A common misconception is that macOS endpoints are more secure than Windows equivalents. With a rise in malware targeting Mac users, the same security principles apply regardless of platform. Defendpoint allows you to achieve least privilege for all Windows and macOS users.
Defendpoint for servers
Extend protection to the data center and remove admin rights from your most powerful users. You benefit from the same management console and experience as with Defendpoint for desktops.
On-demand privilege elevation
Through integration into the Windows shell menu, Defendpoint can be configured to replace the “Run as Administrator” option, providing specific users with the ability to elevate their privileges using an appropriate approval method. This ensures users can gain the access they need for one-off requests, without ever exposing the administrator account or password.
With in-built security, Avecto’s patented anti-tamper feature prevents any changes to local privilege groups (including the administrator account/group) to prevent any user elevating their privileges. Users are also prevented from changing or altering the Defendpoint technology, ensuring the deployment is protected.
One of the most common administrative tasks performed on servers is the stopping and starting of Windows services. The Windows Service type allows individual service operations to be whitelisted, so standard users are able to start, stop and configure services without the need to elevate tools such as the Service Control Manager.
Remote PowerShell management
Remote PowerShell authorizes targeted sysadmins to connect remotely to a computer via WinRM with standard user credentials, which would normally require local administrator rights. Once connected, the sysadmin is then able to execute PowerShell scripts or cmdlets that Defendpoint can elevate, block or audit using a flexible rules engine.
Advanced policy filtering
Defendpoint policies can be filtered to accommodate for advanced use cases associated specifically with servers. Filters can be based on Security Group membership, machine or host name, time of day/week, and can be set with a date/time to expire.
Third party access
Granting admin rights to external users is a security risk. Defendpoint ensures third parties are able to just do the job they need to, on only the servers required, using only approved applications and processes and during a specific timeframe from an approved location.
Ready to learn more?
Eliminating privileges is one of the most essential risk mitigation strategies for any organization. Learn what makes Avecto a leader in Privilege Elevation and Delegation Management and how Defendpoint helps organizations achieve secure and compliant endpoints.
Why choose Avecto?
Leader in privilege management since 2008
Trusted by over 1100 global brands
Over 8 million users work productively without admin rights
Proven to scale from 100 to 500,000 desktops
Integrated desktop and server technology from a single vendor
Avecto is an accredited McAfee SIA partner for certified integration with McAfee ePolicy Orchestrator. This option provides easy deployment into your existing ePO infrastructure, delivering Defendpoint policy with ePO's precise targeting features. Extensive auditing and reporting is accessed directly in the ePO console.
You also benefit from informed policy changes with McAfee Threat Intelligence Exchange (TIE/DXL) integration.
Group Policy edition
Defendpoint for Windows deploys into your existing Microsoft enterprise technology, with minimal new hardware requirements. It aligns with your existing enterprise change control processes for endpoint configuration.
Deliver policy based on Active Directory groups and organizational units with extensive auditing and reporting on endpoint activities.
Avecto's own management platform provides scalable cloud-based management for Defendpoint for Windows and Mac. Built to capitalize on Microsoft Azure, iC3 may be used as the primary Defendpoint management platform. You can dynamically scale to adjust capacity as needed and maintain contact with your endpoints wherever they are deployed.
With iC3, decisions to allow unknown activity and applications to run become smarter, faster and more dynamic.
140,000 endpoints protected at an American aerospace & defense organization
What Avecto did
"Avecto initially replaced a competitor product thanks to our simplicity and ease of use. We have worked collaboratively with the customer over the last seven years, developing product functionality to support the expanding needs of this global organization."