A New Capability for Incident Responders: Deny Privileged Access

Presented by

Paul Lanzi, Co-founder & Chief Operating Officer, Remediant

About this talk

For a fire to spread, it needs oxygen. For a ransomware infection to spread, it needs privileged access. In this webinar, we’ll detail how several organizations stopped ransomware attacks by revoking administrator access from their Windows servers and workstations. In one example, the IR practitioners were able to revoke administrator rights across ~6000 servers in under six hours — without disrupting ongoing business operations. Learn how containing it so quickly allowed the organization to downgrade the intrusion from a major breach to a minor incident. Join Paul Lanzi, Co-founder and COO of Remediant as he discusses, in the context of the real incidents he has worked on, the role of privileged access (specifically 24x7 administrator rights) in the spread of attacks and how revoking these rights can be the fastest path to containment and attacker eviction. The webinar will cover the technical aspects of this new approach, but is equally useful for those without a deep background in Windows security.

Related topics:

More from this channel

Upcoming talks (33)
On-demand talks (2033)
Subscribers (183270)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.