Stopping Attacks at the Windows Endpoint: The Lockdown Efficacy

No matter the type of attack or the initial attack vector, eventually threat actors need access to an endpoint to establish persistence and to serve as the launch point for any privilege escalation and lateral movement. And because every attacker’s capabilities are limited by the operating system they compromise, Windows remains a favorite target, with its’ many means of running code, traversing systems, and elevating privileges. A recent report showed that as many as 1 in 8 cyberattacks make it past security solutions and reach the endpoint, placing the battle for access to your environment squarely on your Windows’ endpoints. And while organizations like yours have endpoint solutions, not every solution provides the same levels of protection, making it necessary to take advantage of every means to secure the environment – which includes any native lockdown capabilities within Windows. So, just how well can native management solutions from Microsoft secure the Windows endpoint? In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia takes my seat as he first discusses: The reality of attacks reaching the endpoint Just how insecure is the default Windows endpoint? What MITRE has to say about the misuse of a compromised Windows endpoint Next up, you’ll hear from 18-time Microsoft MVP, Jeremy Moskowitz, as he covers the native limitations to consider when using Windows’ built-in policy management tools to secure the endpoint. Jeremy will also share practical strategies to address them. The session will focus on the limitations of the following native Windows endpoint management tools: - Local Administrator Password Service (LAPS) - USB GPO policy - Applocker - And more Jeremy will also discuss exploring alternative approaches and third-party solutions to optimize policy deployment.