JIT Access in Privilege Elevation EPM Windows

  • 2 minute(s) read
Prev Next

Just-in-Time (JIT) Access is a fundamental pillar of endpoint security, ensuring that elevated privileges are granted only when strictly necessary and for the shortest possible time. At Segura, the JIT concept is applied in various ways, with one of the most critical being privilege elevation for specific processes in Windows EPM.

How Does JIT Tokenization Work with EPM Windows?

When a standard user needs to run an application that requires administrator permissions, Segura EPM does not elevate the user account's permissions. Instead, it grants a temporary, specific privilege only to that application's process for the duration of its execution.

This mechanism works as follows:

In the context of EPM for Windows, the internal EPM driver will intercept the process and evaluate whether it needs a token with administrative resources according to the access lists configured in the EPM Console. Before the process starts, this validation will determine if applicable, and a token with administrative privileges will be granted to the process.

This means:

  1. Interception: The EPM driver acts as an intermediary on the endpoint, intercepting the attempt to execute a process.
  2. Validation: It queries the elevation policies defined in the console to verify if the user, application, and current context permit the elevation.
  3. Token Granting: If the policy allows it, an administrative access token is generated and linked exclusively to that process. The process then starts with the necessary privileges to perform its tasks.
  4. Automatic Revocation: As soon as the process is terminated, the token associated with it is automatically destroyed. Consequently, the privilege ceases to exist, ensuring no standing elevated permissions remain on the system.

Benefits of the JIT Tokenization Approach

  • Zero Trust Security: This approach reinforces the principle of least privilege. The user never receives direct administrative access; only the process requiring elevation gets it, and only for the duration of its execution.
  • Reduced Attack Surface: Since user accounts do not have standing administrative privileges, the risk of an attacker compromising the account and gaining full control of the system is drastically reduced.
  • Traceability and Auditing: All privilege elevations are logged, creating a complete audit trail that details which application was elevated, by which user, and at what time.

Difference from JIT Group Access

It is important to distinguish JIT Tokenization for process elevation from the JIT Access feature. While tokenization grants a temporary privilege to a process, the "JIT Access" feature temporarily adds the user account to a group with administrative privileges (such as the Windows "Administrators" group), allowing the user to perform multiple administrative tasks for a limited period.

Both are JIT mechanisms but are applied to different contexts to provide maximum flexibility and security.