Download presentation
Presentation is loading. Please wait.
1
Reduce the attack surface overnight
Security secrets Reduce the attack surface overnight @avecto
2
80% of data breaches involve privileged credentials
The security landscape Challenges we are facing 79% businesses are aware that significant action needs to be taken with managing and restricting user privileges GOV, 2017 New malware increased to a record high of 57.6 million samples in Q3 2017 McAfee, 2017 80% of data breaches involve privileged credentials Forrester 2016 51% of IT professionals admit to providing admin rights Avecto 2017
3
“The common misconception is that a user with local admin rights can do little harm and that administrative actions taken at the endpoint are isolated to the endpoint itself. Neither assertion is true.” Gartner, Inc., “Reduce Access to Windows Local Administrator with Endpoint Privilege Management,” Lori Robinson, October 20, 2017
4
An administrator has the keys to the kingdom!
5
(Remote Connections & Firewall settings)
Top 10 secrets of an admin user What can they do with the keys to the kingdom? 1. Change registry keys Navigate around GPO and central management + policies 2. Take control of system services Disable and interfere with other security products such as anti-virus and firewall 3. Take ownership of files and folders You can own any file on the system – period: privileges always beat permissions 4. Manage certificates for the local machine Risk of phishing and man-in-the middle attacks 5. Use port scanning tools Capturing network traffic allows the potential of finding a vulnerability Local Admin vs Group Policy (Remote Connections & Firewall settings)
6
(Remote Connections & Firewall settings)
Top 10 secrets of an admin user 6-10 things you might not know… 6. Go from Admin to System Create scheduled tasks to run as System. Applications can be set to run bypassing UAC, processes can be run as System 7. Install and uninstall any application or patch Leave the environment open to vulnerabilities 8. Cover tracks Delete application, system and security event logs 9. Manage and create your own users Create multiple admins as needed 10. Local to Domain Admin Set ‘traps’ for users with higher privilege such as Domain Admin for privilege escalation attacks Local Admin vs Group Policy (Remote Connections & Firewall settings)
8
Make a whitelist of allowed applications
What’s the solution? Listening to the experts Danish Agency of Digitisation and Centre for Cyber Security under the DDIS Top 4 basic security measures Make a whitelist of allowed applications Update programs with latest security updates (critical within 2 days) Update OS with latest security updates (critical within 2 days) Limit number of user accounts with domain/local admin privileges
9
88% of all Critical vulnerabilities in the last 5 years could be mitigated
111% increase in vulnerabilities since 2013 54% increase in Critical Microsoft vulnerabilities since 2013 95% of Critical vulnerabilities in browsers could be mitigated in 2017
10
Why are we not solving the problem?
11
Perception vs reality Ponemon DAD1 = 1
Most effective mitigation techniques Ponemon DAD1 = 1 = 2 = 3 = 4 = 8 = 11 = 12 = 17 = 18 = 26 = 30 = 33 1 Intrusion prevention (network) 2 Intrusion prevention (host) 3 Web content filtering 4 content filtering 5 Multi-factor authentication 6 Operating system patching 7 Application whitelisting 8 Perimeter firewalls 9 Application patching 10 Up-to-date antivirus 11 Data loss prevention 12 Reducing admin users
12
Security Compromises Why are the attackers winning? 60%
Users require freedom & consumer-like experience System stability and uptime are the most important factors User productivity and efficiency must be maintained Users need the flexibility to run new & undefined applications Users need to configure their endpoints & install software Enforce strong security configuration & controls Ensure applications & operating systems are fully patched Protect vulnerable applications and high risk activities Stop unknown & un-approved applications from running Remove local administrative rights to achieve least privilege 40% 80% 20% 100% Locked & Well Managed 0% Unmanaged
13
Productivity vs security
The impossible compromise Underlocked (but productive) Overlocked (but secure) All users given admin rights All users locked down to standard user accounts Without admin rights users can’t do their jobs and desktops are difficult to manage Is giving admin rights least-privilege anymore? Security weakened and the threat is always escalating Poor user experience leads to privilege creep Administrator support costs increase Standard user support costs increase
14
Demos Admins in action
15
Trusted Application Protection
The Defendpoint approach Application control Privilege management Trusted Application Protection Enterprise reporting Content isolation Zero admins DATA Pragmatic whitelisting Enhanced security Actionable intelligence
16
99.9% of vulnerabilities were compromised a year after CVE published
Attack vector mitigation Anti-malware Patching Least privilege Application whitelisting Trusted Application Protection Known malware Known exploits 97%+ of threat intel is unique Install malware (i.e. root kits) Data leakage Disable/uninstall security software/policies 99.9% of vulnerabilities were compromised a year after CVE published Manipulate user accounts & Pwd (PtH) attacks Install unauthorized / licensed software System wide config changes 85%+ Windows exploits mitigated by removing admin rights Exposure networks to malware (DDOS) Replace OS files (start/stop services) Unknown user installed apps (portable) 55% of insider threats is privilege abuse APT’s/exploit kits drop files to disk (payloads) Infected content on external media Social engineering /installs ~90% of malware unique to an organization Zero day browser/Apps exploits Prevents “fileless malware” (in memory) Theft of corporate data (IPR) Document based attacks (macros, active script)
17
Simple and smart Traditional solutions Hours Days Weeks Days Weeks
Rapid deployment Protect Estate Hours Analyze Behavior Days Refine Policies Weeks Out-of-the-box policy based on experience from hundreds of deployments across even the most complex organizations Operationalizes the benefits from day one Admin rights removed overnight without productivity loss Default rules cover about 80% of use cases: high-, medium-, and low-flexibility workstyles Exception handling covers the remaining 20% Behavioral data is recorded and used to make policy improvements Consistent experience across desktops and servers Traditional solutions Discovery Mode Days Refine Policies Weeks Protect Estate Months
18
In summary… The power of admin rights is undeniable You can significantly reduce the attack surface on the endpoint simply by removing local admin privileges from users Endpoint privilege management makes it possible to achieve security and usability Become secure and compliant overnight!
19
Thank you Questions? @avecto
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.