CyberArk Endpoint Privilege Manager (EPM) is an endpoint privilege management solution deployed by Merlin Cyber for U.S. federal government agencies. It enforces least privilege principles by removing local administrator rights from endpoints—including laptops, workstations, mobile devices, and mission systems—without disrupting user productivity. EPM addresses identity-based attack vectors such as unmanaged local admin rights, orphaned accounts, and unsecured privilege escalation pathways. It operates pre-execution to block ransomware, untrusted binaries, and script abuse before they can run, and counters EDR bypass techniques including fileless attacks, DLL side-loading, and Living-off-the-Land Binaries (LOLBins). The solution includes protections for existing EDR deployments by safeguarding telemetry integrity and preventing tampering or evasion. It supports Just-in-Time (JIT) privilege elevation with policy-driven workflows and uses decoy credentials to automate identity threat detection and response (ITDR). Merlin Cyber implements EPM through a structured four-phase process: 1. Assessment & Design – mapping current privilege practices, high-risk workflows, and EDR coverage 2. Pilot & Policy Tuning – deploying to a representative group and tuning allow lists and JIT elevation 3. Phased Rollout & Integration – scaling across endpoints and integrating with PAM, EDR, SOAR, and ticketing systems 4. Operationalize & Optimize – establishing metrics and maturing automation to reduce dwell time and MTTR The product is positioned as a Zero Trust enforcement control at the endpoint layer, enabling continuous verification and granular access control across users, workloads, and devices.