Implementing a Least Privilege Management Framework on Windows and macOS Devices

The crux of every cyberattack’s success or failure today is privileges – without them, the threat actor has no ability to execute anything, move laterally, infect endpoints, access data, or basically do anything remotely malicious.  While most of the time we all focus on administrative privileges to an endpoint, a server, or Active Directory, it’s critical to implement a state of least privilege – all the way down to you operating system and its applications.   Woe is the admin who hands out “local administrator rights” for any period of time, only to find out that the end user has done unmentionable things to the machine, reduced security or let the bad guys in. At the same time, we all also know that the organisation expects users to be productive and able to complete their job. So, there needs to be a happy medium – one where the cybersecurity objectives of the organisation are definitely met, while users can still get work done.   So, what should a least privilege management framework look like that meets both goals?   In this Real Training for Free webinar, 4-time Microsoft MVP, Nick Cavalancia, again takes my seat and first covers:   · Defining Least Privilege – going deeper than just “Admin” · How cyberattacks have taken advantage of privileges – from admin to application · How MITRE spells out some of the privilege types you should be including   Next up, Nick will be joined by 18-time Microsoft Windows Management MVP, Jeremy Moskowitz who will discuss:   · Ways attackers take advantage of application and operating system privileges · How implementing a least privilege framework can help prevent ransomware/malware, zero day attacks, phishing-based attacks · Pros and cons of native management tools like LAPS, Applocker, LUAbuglight and Procmon · Practical OS and applications examples where least privilege can make endpoints more secure using the context of Group Policy and Microsoft Endpoint Manager