On-Demand | Removing Endpoint Admin Rights from Technical Users: Stopping the Attack While Enabling the User

It's common knowledge that removing local admin rights is one of the most straightforward ways to protect an organization from cyberthreats. Without elevated privileges, threat actors can’t easily (if at all) identify admin accounts that can be used to move laterally and further an attack. In essence, without local admin rights, the endpoint is the end of the line for an attacker.

It’s easy to remove local admin rights for end users that are in Marketing or Sales. But once you start trying to remove rights from technical users like development or QA that require more rights than just a local user, it becomes extremely difficult. It’s one of the reasons threat actors target these kinds of users in spear phishing attacks and job-themed social engineering attacks – the assumption is that the victim already has admin rights on the endpoint.

So, how can you remove local admin from even the most technical user and still keep them working?

In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia takes my seat and first will cover:

• Why local admin rights are a critical point in a cyberattack
• What MITRE ATT&CK TTPs rely on having local admin rights

After, you’ll hear from Paul Davies, Senior Solutions Architect at BeyondTrust. Paul will begin by reviewing the threat landscape and recent breaches that have involved theft of credentials from users with privileged access (including attacks against Okta, Medibank, LAUSD, DoorDash, Twilio, Uber, and more).

Paul then shares a sneak preview of BeyondTrust’s 2022 Microsoft Vulnerabilities report, sharing some of the key vulnerabilities observed in 2022. He will then share the key technical principles to keep in mind when removing local admin rights from highly technical, niche users within an organization, who are often targeted by these types of attacks, while still enabling those users to do the work needed to do their jobs.

Next, Paul illustrates those technical principles further in a demo of BeyondTrust’s Endpoint Privilege Management solution. He will go deep to show how BeyondTrust EPM makes it possible for organizations to remove local admin rights from technical users, how it can protect against the types of attacks mentioned earlier, and what added layers of security BeyondTrust adds.

This Real Training is a free session full of practical real-world technical details.

Meet the Presenters

Nick Cavalancia, Founder/Chief, Techvangelism

Nick Cavalancia has over 20 years of enterprise IT experience, 10 years as a tech marketing executive and is an accomplished technology writer, consultant, trainer, speaker, and columnist.

Nick has attained industry certifications including MCNE, MCNI, MCSE and MCT and was once accused at TechEd of "not having enough digits" in his MCP number (which only has 5). He has authored, co-authored and contributed to over a dozen books on Windows, Active Directory, Exchange and other Microsoft technologies and has spoken at many technical conferences on a wide variety of topics.

Previously, Nick has held executive marketing positions at ScriptLogic (acquired by Quest, now DELL Software), SpectorSoft and Netwrix where he was responsible for the global messaging, branding, lead generation and demand generation strategies to market technology solutions to an IT-centric customer base.