EDR is Critical But Let’s Up the Ante by Deploying Preventive Controls Upstream

Webinar Registration

Attacks start on the endpoint and that’s why EDR has proven so valuable to detecting intrusions early in their lifecycle. Likewise, we’ve matured by adopting an assumption of compromise mentality, which hopefully motivates organizations to implement layer upon layer of downline defenses.

But have we rolled over a bit in our expectations for workstation security? Workstations are vulnerable because they intimately handle, parse, process and render so much content from the Internet. Yes, we have to allow macros. And yes, users can be trusted to always click on the link, always open that attachment and always click Continue on security warning dialogs. 

So, we turn to detection and response. And that’s good. Even today, not enough companies are paying attention to what’s happening on their user endpoints, in effect, just waiting for attackers to reach their actual target before discovering the intrusion.

But whether we’re already there with EDR or not, we shouldn’t turn our back on preventive controls. After all, wait for it…an ounce of prevention is worth a pound of cure.

In this real training for free event, we will look at how to build a more secure user endpoint that allows users to be productive without compromising on security. 

The first step is making sure users can do their job without being admins of their workstation. If you are unsure how valuable that is, take a look at how many techniques in MITRE ATT&CK depend on the user having admin authority. 

Then it’s a matter of allowing them to use the applications they need without allowing those applications to do the bidding of malicious content. And preventing unwanted applications from executing in the first place.

We will explore features in Windows 10 designed to accomplish these goals with candid consideration of their limitations. Here are a few areas we’ll discuss:

  • Windows 10 end user vs admin authority
  • AppLocker
  • Device Guard
  • User Account Control

Then our sponsor, Thycotic, will show how their technology helps you provide a secure but productive user endpoint environment. And how it helps both prevent and contain the seemingly inevitable attack.

Please join us for this real training for free event.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
City:  
State:  
Zip/Postal Code:  
Industry:  
Company Size:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources