The crux of every cyberattack’s success or failure today is privileges – without them, the threat actor has no ability to execute anything, move laterally, infect endpoints, access data, or basically do anything remotely malicious. While most of the time we all focus on administrative privileges to an endpoint, a server, or Active Directory, it’s critical to implement a state of least privilege – all the way down to you operating system and its’ applications.
Woe is the admin who hands out “local administrator rights” for any period of time, only to find out that the end user has done unmentionable things to the machine, reduced security or let the bad guys in.
At the same time, we all also know that the organization expects users to be productive and able to complete their job. So, there needs to be a happy medium – one where the cybersecurity objectives of the organization are definitely met, while users can still get work done.
So, what should a least privilege management framework look like that meets both goals?
In this webinar, 4-time Microsoft MVP, Nick Cavalancia, first covers:
- Defining Least Privilege – going deeper than just “Admin”
- How cyberattacks have taken advantage of privileges – from admin to application
- How MITRE spells out some of the privilege types you should be including
Next up, Nick will be joined by 18-time Microsoft Windows Management MVP, Jeremy Moskowitz who will discuss:
- Ways attackers take advantage of application and operating system privileges
- How implementing a least privilege framework can help prevent ransomware/malware, zero day attacks, phishing-based attacks
- Pros and cons of native management tools like LAPS, Applocker, LUAbuglight and Procmon
- Practical OS and applications examples where least privilege can make endpoints more secure using the context of Group Policy and Microsoft Endpoint Manager