Stopping Attacks at the Windows Endpoint: The Lockdown Efficacy

Presented by

Jeremy Moskowitz (CTO and Founder of PolicyPak, now part of Netwrix)

About this talk

No matter the type of attack or the initial attack vector, eventually threat actors need access to an endpoint to establish persistence and to serve as the launch point for any privilege escalation and lateral movement. And because every attacker’s capabilities are limited by the operating system they compromise, Windows remains a favorite target, with its’ many means of running code, traversing systems, and elevating privileges. A recent report showed that as many as 1 in 8 cyberattacks make it past security solutions and reach the endpoint, placing the battle for access to your environment squarely on your Windows’ endpoints. And while organizations like yours have endpoint solutions, not every solution provides the same levels of protection, making it necessary to take advantage of every means to secure the environment – which includes any native lockdown capabilities within Windows. So, just how well can native management solutions from Microsoft secure the Windows endpoint? In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia takes my seat as he first discusses: The reality of attacks reaching the endpoint Just how insecure is the default Windows endpoint? What MITRE has to say about the misuse of a compromised Windows endpoint Next up, you’ll hear from 18-time Microsoft MVP, Jeremy Moskowitz, as he covers the native limitations to consider when using Windows’ built-in policy management tools to secure the endpoint. Jeremy will also share practical strategies to address them. The session will focus on the limitations of the following native Windows endpoint management tools: - Local Administrator Password Service (LAPS) - USB GPO policy - Applocker - And more Jeremy will also discuss exploring alternative approaches and third-party solutions to optimize policy deployment.
Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (69)
Subscribers (7029)
Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks. More than 13,500 organizations across 100+ countries rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity, and infrastructure. By reducing the cybersecurity burden with Netwrix, organizations concentrate on advancing their cause while reducing cyber risk. For more information, visit