Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reduce the attack surface overnight

Published byAshlee Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "Reduce the attack surface overnight"— Presentation transcript:

1 Reduce the attack surface overnight
Security secrets Reduce the attack surface overnight @avecto

2 80% of data breaches involve privileged credentials
The security landscape Challenges we are facing 79% businesses are aware that significant action needs to be taken with managing and restricting user privileges GOV, 2017 New malware increased to a record high of 57.6 million samples in Q3 2017 McAfee, 2017 80% of data breaches involve privileged credentials Forrester 2016 51% of IT professionals admit to providing admin rights Avecto 2017

3 “The common misconception is that a user with local admin rights can do little harm and that administrative actions taken at the endpoint are isolated to the endpoint itself. Neither assertion is true.” Gartner, Inc., “Reduce Access to Windows Local Administrator with Endpoint Privilege Management,” Lori Robinson, October 20, 2017

4 An administrator has the keys to the kingdom!

5 (Remote Connections & Firewall settings)
Top 10 secrets of an admin user What can they do with the keys to the kingdom? 1. Change registry keys Navigate around GPO and central management + policies 2. Take control of system services Disable and interfere with other security products such as anti-virus and firewall 3. Take ownership of files and folders You can own any file on the system – period: privileges always beat permissions 4. Manage certificates for the local machine Risk of phishing and man-in-the middle attacks 5. Use port scanning tools Capturing network traffic allows the potential of finding a vulnerability Local Admin vs Group Policy (Remote Connections & Firewall settings)

6 (Remote Connections & Firewall settings)
Top 10 secrets of an admin user 6-10 things you might not know… 6. Go from Admin to System Create scheduled tasks to run as System. Applications can be set to run bypassing UAC, processes can be run as System 7. Install and uninstall any application or patch Leave the environment open to vulnerabilities 8. Cover tracks Delete application, system and security event logs 9. Manage and create your own users Create multiple admins as needed 10. Local to Domain Admin Set ‘traps’ for users with higher privilege such as Domain Admin for privilege escalation attacks Local Admin vs Group Policy (Remote Connections & Firewall settings)

7

8 Make a whitelist of allowed applications
What’s the solution? Listening to the experts Danish Agency of Digitisation and Centre for Cyber Security under the DDIS Top 4 basic security measures Make a whitelist of allowed applications Update programs with latest security updates (critical within 2 days) Update OS with latest security updates (critical within 2 days) Limit number of user accounts with domain/local admin privileges

9 88% of all Critical vulnerabilities in the last 5 years could be mitigated
111% increase in vulnerabilities since 2013 54% increase in Critical Microsoft vulnerabilities since 2013 95% of Critical vulnerabilities in browsers could be mitigated in 2017

10 Why are we not solving the problem?

11 Perception vs reality Ponemon DAD1 = 1
Most effective mitigation techniques Ponemon DAD1 = 1 = 2 = 3 = 4 = 8 = 11 = 12 = 17 = 18 = 26 = 30 = 33 1 Intrusion prevention (network) 2 Intrusion prevention (host) 3 Web content filtering 4 content filtering 5 Multi-factor authentication 6 Operating system patching 7 Application whitelisting 8 Perimeter firewalls 9 Application patching 10 Up-to-date antivirus 11 Data loss prevention 12 Reducing admin users

12 Security Compromises Why are the attackers winning? 60%
Users require freedom & consumer-like experience System stability and uptime are the most important factors User productivity and efficiency must be maintained Users need the flexibility to run new & undefined applications Users need to configure their endpoints & install software Enforce strong security configuration & controls Ensure applications & operating systems are fully patched Protect vulnerable applications and high risk activities Stop unknown & un-approved applications from running Remove local administrative rights to achieve least privilege 40% 80% 20% 100% Locked & Well Managed 0% Unmanaged

13 Productivity vs security
The impossible compromise Underlocked (but productive) Overlocked (but secure) All users given admin rights All users locked down to standard user accounts Without admin rights users can’t do their jobs and desktops are difficult to manage Is giving admin rights least-privilege anymore? Security weakened and the threat is always escalating Poor user experience leads to privilege creep Administrator support costs increase Standard user support costs increase

14 Demos Admins in action

15 Trusted Application Protection
The Defendpoint approach Application control Privilege management Trusted Application Protection Enterprise reporting Content isolation Zero admins DATA Pragmatic whitelisting Enhanced security Actionable intelligence

16 99.9% of vulnerabilities were compromised a year after CVE published
Attack vector mitigation Anti-malware Patching Least privilege Application whitelisting Trusted Application Protection Known malware Known exploits 97%+ of threat intel is unique Install malware (i.e. root kits) Data leakage Disable/uninstall security software/policies 99.9% of vulnerabilities were compromised a year after CVE published Manipulate user accounts & Pwd (PtH) attacks Install unauthorized / licensed software System wide config changes 85%+ Windows exploits mitigated by removing admin rights Exposure networks to malware (DDOS) Replace OS files (start/stop services) Unknown user installed apps (portable) 55% of insider threats is privilege abuse APT’s/exploit kits drop files to disk (payloads) Infected content on external media Social engineering /installs ~90% of malware unique to an organization Zero day browser/Apps exploits Prevents “fileless malware” (in memory) Theft of corporate data (IPR) Document based attacks (macros, active script)

17 Simple and smart Traditional solutions Hours Days Weeks Days Weeks
Rapid deployment Protect Estate Hours Analyze Behavior Days Refine Policies Weeks Out-of-the-box policy based on experience from hundreds of deployments across even the most complex organizations Operationalizes the benefits from day one Admin rights removed overnight without productivity loss Default rules cover about 80% of use cases: high-, medium-, and low-flexibility workstyles Exception handling covers the remaining 20% Behavioral data is recorded and used to make policy improvements Consistent experience across desktops and servers Traditional solutions Discovery Mode Days Refine Policies Weeks Protect Estate Months

18 In summary… The power of admin rights is undeniable You can significantly reduce the attack surface on the endpoint simply by removing local admin privileges from users Endpoint privilege management makes it possible to achieve security and usability Become secure and compliant overnight!

19 Thank you Questions? @avecto

Download ppt "Reduce the attack surface overnight"

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Information Security in Real Business

Information Security in Real Business
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler.

CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection

Similar presentations

Ads by Google