Product Announcements 
In Keeper’s effort to improve user experience and security, we're announcing the release of Keeper Browser Extension 17.1. This update introduces changes that provide an innovative
Keeper’s Endpoint Privilege Manager is an advanced Privileged Elevation and Delegation Management (PEDM) solution that provides secure, just-in-time privileged access across your endpoints, significantly reducing the threat of ransomware, insider threats and data breaches – all without sacrificing productivity or performance.
Just-in-time access: A critical Privileged Access Management (PAM) practice
So, what exactly is Just-in-Time (JIT) access, and why is it a key component of our PEDM solution? Just-in-time access is just like the term suggests: it gives users the right level of privilege, exactly when they need it and only for as long as they need it. This ensures that authorized users can access privileged systems, applications and data only if and when they need it.
Endpoint Privilege Manager is Keeper’s latest addition to the KeeperPAM® arsenal that addresses local privilege elevation on system endpoints. Once deployed, the system enforces customizable security policies through JIT access, with optional approval workflows and Multi-Factor Authentication (MFA) enforcement. All privileged actions occur through system extensions or ephemeral accounts, which are one-time-use accounts that grant users limited access to complete specific tasks, providing temporary elevated rights only when necessary and only for processes defined by policy.
Simple deployment, management and cross-platform support
Ease of use and scalability were among Keeper’s top priorities when developing a software solution that offers cross-platform protection and manages privilege elevation natively across all major operating systems, including Windows, macOS and Linux endpoints.
Deploying Endpoint Privilege Manager is simple. Administrators deploy a lightweight agent that removes standing admin rights while enabling temporary, policy-based privilege elevation only when necessary. Policies are applied to collections, and the policy is customized by your admin based on your organization’s requirements. The admin creates a custom deployment package associated with a collection of endpoints and pushes the Keeper agent to those endpoints. When the agent starts up, it immediately registers with the Keeper tenant and starts collecting basic information about the endpoint, including executables and local user accounts. By default, the Keeper agent goes into “monitoring” mode, and no action is taken.
End-user experience
Full visibility and control are achieved through a centralized dashboard that logs all events, including requests, deployments, collections and policies – fulfilling your organization’s audit and compliance requirements. The Keeper Admin Console gathers elevation requests to provide a streamlined process for approving or denying them in real time, ensuring that legitimate user needs are met while maintaining security. Within the console, the requests dashboard displays all pending elevation requests across your environment.
Intuitive navigation and an elegant user interface don’t stop with the administrator – they extend throughout the entire end-user experience. Users running the Keeper agent can view policies applied to their device and monitor approvals and elevation requests at a glance.
Elevation process
Users follow a simple elevation flow for applications or processes that require elevated permissions through the Keeper agent.
- Policy: If an application or process requires elevation, the Keeper agent checks it against the relevant policy.
- Approval: If approval is required, the request is immediately routed to the Admin Console and can be approved by an authorized admin with one click. Requests can also be reviewed through the Command-Line Interface (CLI).
- MFA: If no approval is needed, the elevation proceeds automatically. Optionally, MFA can be enforced for an additional layer of security.
An ideal addition for organizations utilizing KeeperPAM
Endpoint Privilege Manager is included as a core feature of the KeeperPAM platform and extends its zero-trust approach directly to endpoints. In contrast to the broader KeeperPAM platform’s role in securing how users connect to systems, Endpoint Privilege Manager governs what administrative rights they can exercise once connected – closing the loop on privileged access control.
Request a demo of Endpoint Privilege Manager today.
