What can we help you with?

Supercharged PAM

Combine the best of Session Management and Credential Management solutions at a new, incredible value!

Learn More Learn More

What is BeyondTrust?

Get a closer look inside the BeyondTrust identity & access security arsenal.

Learn More Learn More

Gartner Peer Insights

Find out how customers & analysts alike review BeyondTrust.

Learn More Learn More

Go Beyond Customer & Partner Conference

Our biggest customer conference of the year is happening in Miami and virtually on May 1-5, 2023.

Learn More Learn More

Watch Our Video

Find out more about our integrations.

Learn More Learn More

Leader in Intelligent Identity & Secure Access

Learn how BeyondTrust solutions protect companies from cyber threats.

Learn More Learn More

What happens when you deny attacks privileged access? Using MITRE ATT&CK to answer that question is eye opening.

MITRE ATT&CK is such a valuable resource for organizing your thoughts around cyber security. As I was perusing ATT&CK techniques the other day I was struck by how many of them have a pretty hefty prerequisite: admin authority. This has important implications.

ATT&CK can be overwhelming sometimes when you look at it as a big buffet of methods the bad guys can choose from. But let’s not forget that we can exercise some control over which ATT&CK techniques are available. We can actively deny capabilities or at least significantly raise the difficulty for gaining them in our environments.

The key is to analyze techniques with regard to their prerequisites. Right now, ATT&CK doesn’t really contemplate pre-requisites so that makes this a great real training for free topic.

In this technical education event, I’ll take one key pre-requisite – privileged access – and we’ll identify ATT&CK techniques that can be mitigated or completely denied to attackers as long as you keep them from gaining admin or root level authority.

Then Jason Silva from BeyondTrust, our sponsor, will briefly show you how their technology helps you overcome the challenges of implementing least privilege and allowing users to get their jobs done productively while denying attacks what they most need.

Photograph of Randy Franklin Smith

Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.