Catch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/threat-hunting-windows-hunting-hunted/?access_code=367cc8d9187529f374fde004f70061ff
Cyber security expert and author Dr. Eric Cole walks you through in this presentation (and the associated webinar) how to control and reduce the scope of damage caused by attackers, by focusing on improving your threat hunting.
Dr. Cole explores how to:
1) Understand and identify how adversaries compromise a Windows system
2) Reduce the dwell time of a compromise
3) Apply the right metrics to track the effectiveness of your security controls
13. Summary: Why PowerBroker for Windows?
• Asset discovery, application control, risk compliance, Windows event
log monitoring included
• Optional: Session monitoring, file integrity monitoring
Deep capability
• U.S. Patent (No. 8,850,549) for the methods and systems employed
for controlling access to resources and privileges per process
Mature, patented
leader
• Tightly integrated with vulnerability management
• Deep reporting and analytics insights for compliance and operations
Centralized
reporting,
analytics and
management
• Privilege and session management on Unix, Linux and Windows
• Privileged password and session management
• Integrate Linux, Unix, and Mac OS X with Microsoft AD
• Real-time auditing of AD, File System, Exchange & SQL
Part of a broad
solution family
Validatedbycustomersandanalystsalike
14. Your solution should:
• Elevate privileges to applications, not users, on an as-needed basis without
exposing passwords
• Enforce least-privilege access based on an application’s known vulnerabilities
• Track and control applications with known vulnerabilities or malware to further
protect endpoints
• Monitor event logs and file integrity for unauthorized changes to key files and
directories
• Capture keystrokes and screens when rules are triggered with searchable
playback