Reducing Your MITRE ATT&CK Surface by Denying Admin Authority

What happens when you deny attacks privileged access? Using MITRE ATT&CK to answer that question is eye opening.

MITRE ATT&CK is such a valuable resource for organizing your thoughts around cyber security. As I was perusing ATT&CK techniques the other day I was struck by how many of them have a pretty hefty prerequisite: admin authority. This has important implications.

ATT&CK can be overwhelming sometimes when you look at it as a big buffet of methods the bad guys can choose from. But let’s not forget that we can exercise some control over which ATT&CK techniques are available. We can actively deny capabilities or at least significantly raise the difficulty for gaining them in our environments.

The key is to analyze techniques with regard to their prerequisites. Right now, ATT&CK doesn’t really contemplate pre-requisites so that makes this a great real training for free topic.

In this technical education event, I’ll take one key pre-requisite – privileged access – and we’ll identify ATT&CK techniques that can be mitigated or completely denied to attackers as long as you keep them from gaining admin or root level authority.

Then Jason Silva from BeyondTrust, our sponsor, will briefly show you how their technology helps you overcome the challenges of implementing least privilege and allowing users to get their jobs done productively while denying attacks what they most need.

Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.