Ransomware continues to be the biggest security threat in 2021. And when malicious actors are not able to exploit unpatched vulnerabilities in software, most successful attacks use administrator privileges instead. All three of the most prevalent ransomware samples in the last year - Trickbot, Emotet, and Darkside - can elevate privileges by circumventing User Account Control (UAC) and/or executing malicious applications.
As Microsoft prepares to release Windows 11, previously optional Virtualization-Based Security features in Windows will be turned on by default. The built-in protections in Windows 10 have undoubtedly improved the security posture of consumers and business. But, are they enough to keep you protected in 2021 and beyond?
In this on-demand webinar IT & Windows Security expert, Russell Smith, looks at 3 key security protections in Windows and how they fare in real-world ransomware attacks. You will learn how they work and what their shortcomings are. By the end of the session, you will be able to:
- Justify the use of standard user accounts and explain how Protected Administrator accounts can be compromised by bypassing User Account Control.
- Add an Attack Surface Reduction (ASR) rule to block attacks that live off the land.
- Understand the difference between AppLocker and Windows Defender Application Control…and why neither is an ideal solution for your organization!
After Russell’s portion, Sean Moore walks attendees through how a true Endpoint Privilege Management solution can vastly reduce threat surface and infection rates through privilege enforcement rules, pragmatic app control, and trusted application protection.
Meet the Presenters
Russell Smith, IT Consultant & Security MVP
Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.
Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.