It's common knowledge that removing local admin rights is one of the most straightforward ways to protect an organization from cyberthreats. Without elevated privileges, threat actors can’t easily (if at all) identify admin accounts that can be used to move laterally and further an attack. In essence, without local admin rights, the endpoint is the end of the line for an attacker.
It’s easy to remove local admin rights for end users that are in Marketing or Sales. But once you start trying to remove rights from technical users like development or QA that require more rights than just a local user, it becomes extremely difficult. It’s one of the reasons threat actors target these kinds of users in spear phishing attacks and job-themed social engineering attacks – the assumption is that the victim already has admin rights on the endpoint.
So, how can you remove local admin from even the most technical user and still keep them working?
In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia takes my seat and first will cover:
- Why local admin rights are a critical point in a cyberattack
- What MITRE ATT&CK TTPs rely on having local admin rights
Up next, you’ll hear from Paul Davies, Senior Solutions Architect at BeyondTrust. Paul will begin by reviewing the threat landscape and recent breaches that have involved theft of credentials from users with privileged access (including attacks against Okta, Medibank, LAUSD, DoorDash, Twilio, Uber, and more).
Paul will then share a sneak preview of BeyondTrust’s 2022 Microsoft Vulnerabilities report, sharing some of the key vulnerabilities observed in 2022. He will then share the key technical principles to keep in mind when removing local admin rights from highly technical, niche users within an organization, who are often targeted by these types of attacks, while still enabling those users to do the work needed to do their jobs.
Next, Paul will illustrate those technical principles further in a demo of BeyondTrust’s Endpoint Privilege Management solution. He will go deep to show how BeyondTrust EPM makes it possible for organizations to remove local admin rights from technical users, how it can protect against the types of attacks mentioned earlier, and what added layers of security BeyondTrust adds.
This Real Training for Free session will be full of practical real-world technical details.