What happens when you deny attacks privileged access? Using MITRE ATT&CK to answer that question is eye opening.
MITRE ATT&CK is such a valuable resource for organizing your thoughts around cyber security. As I was perusing ATT&CK techniques the other day I was struck by how many of them have a pretty hefty prerequisite: admin authority. This has important implications.
ATT&CK can be overwhelming sometimes when you look at it as a big buffet of methods the bad guys can choose from. But let’s not forget that we can exercise some control over which ATT&CK techniques are available. We can actively deny capabilities or at least significantly raise the difficulty for gaining them in our environments.
The key is to analyze techniques with regard to their prerequisites. Right now, ATT&CK doesn’t really contemplate pre-requisites so that makes this a great real training for free topic.
In this technical education event, I’ll take one key pre-requisite – privileged access – and we’ll identify ATT&CK techniques that can be mitigated or completely denied to attackers as long as you keep them from gaining admin or root level authority.
Then Jason Silva from BeyondTrust, our sponsor, will briefly show you how their technology helps you overcome the challenges of implementing least privilege and allowing users to get their jobs done productively while denying attacks what they most need.