Security is finally getting the attention that it deserves with regard to Microsoft Windows environments. We have turned our heads to inappropriate, weak, and soft security settings for too long. The result is that the attackers are now more successful than ever before. With attacks such as Pass-the-hash, Pass-the-ticket, and other corporate attacks that take advantage of privilege access our company assets are now at risk.
In order to fix our current security issues we must take action. Unfortunately, the fix for our security situation is not a quick and immediate one. If we consider it took us a long time to get into this situation, it makes sense that the fix is not immediate either.
I don't believe that the fix is software or an application. This is like putting a band aid on a finger that has been cut off. It might help for the immediate, but in the end the solution must be much more severe. If you go with a larger, more intrusive solution, you could go with the "future" solution that Microsoft is suggesting, which is a combination of Just In Time (JIT) and Just Enough Access (JEA), which you can see first hand by watching this video. After watching this video, we at ManageEngine felt the need to develop this site, which is to guide you to a more realistic and solid solution. I give you a little insight into my views of JIT and JEA here.
Use builtin, free, and inexpensive tools to report on the current configurations that grant privileges.
Analyze the reports to discover who has privileges.
Configure the appropriate areas that grant privileges to ensure only the correct users have privlleges.(This is the security hardening!)
Now that the security hardening is in place, we know that only the correct users have elevated privileges. We only need to monitor changes to who has privileges to ensure there is no drift from our security hardening.