SlideShare une entreprise Scribd logo

Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

T
Teemu Tiainen

The great cyber security expert Sami Laiho returned as a keynote speaker with the theme of Zero Trust, but this time from the point of view of securing endpoint applications. Sami Laiho is an internationally renowned and recognized specialist in access rights and endpoint security. In this webinar, Laiho and Centero's Juha Haapsaari discussed the Zero Trust model and securing endpoint applications – even in environments of over 100,000 workstations. These are some of the themes we covered: • How to ease your workload with allow-listing. • Is allow-listing difficult? (A hint: it is not.) • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations. Zero Trust is a new paradigm for cyber security in organizations. Modern IT environments are complex by nature, and both users and devices are constantly on the move. Traditional methods are not sufficient to properly secure this kind of environment, and that’s where Zero Trust comes in.

Logiciels
1  sur  68
Télécharger pour lire hors ligne
1 Zero Trust And Best Practices for Securing Endpoint Apps Webinar starting soon… Speakers: ⬅ Sami Laiho (Adminize) and Juha Haapsaari (Centero) ➡ 💬 Present questions in the chat.
2 Results of Survey Zero Trust Allow- listing AppLocker Keeping apps up to date Q & A Agenda 💬 Present questions in the chat.
3 Results of the survey in the LinkedIn event 💬 Present questions in the chat.
4 Special Guest ⭐ 💬 Present questions in the chat.
5 Sami’s Agenda • How to ease your workload with allow-listing. • Is allow-listing difficult? • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations.
6 Sami Laiho Senior Technical Fellow adminize.com / Sulava • IT Admin since 1996 • MCT since 2001 • MVP in Windows OS since 2011 • ”100 Most Influencal people in IT in Finland” – TiVi’2019,2020 • Specializes in and trains: • Troubleshooting • Windows Internals • Security, Social Engineering, Auditing • Centralized Management, Active Directory • Trophies: • Ignite 2018 – Session #1 and #2 (out of 1708) ! • Best Speaker at NIC, Oslo 2016, 2017, 2019 and 2020 • Best External Speaker at Ignite 2017 • TechDays Sweden 2016, 2018 – Best Speaker • Best Session at AppManagEvent 2017, 2018, Utrecht • Best Sessions (#1 and #2) at TechTalks 2017, Helsinki • TechEd Europe and North America 2014 - Best session, Best speaker • TechEd Australia 2013 - Best session, Best speaker • TechEd Europe 2013 - Best Session by an external speaker
7 What I do day to day…
8 8
9 If you’re not on Twitter get on Twitter! @samilaiho
10 Big Concepts to Harden Security
11 ”An ounce of prevention is worth a pound of cure” Benjamin Franklin
12 Why Zero Trust? • Empower your users to work more securely anywhere and anytime, on any device • Enable digital transformation with intelligent security for today’s complex environment • Close security gaps and minimize risk of lateral movement
13 Zero Trust principles Verify explicitly Use least privileged access Assume breach
14 https://centero.fi/en/centero-webinar- ft-sami-laiho-feb-2021/ If you missed the previous webinar…
15 My Take on Secure Environment • Up to date hardware and software inventory • BitLocker • Principle of Least Privilege • Allow listing • Tier Model for AD • Using PAW-model • Authenticating/Encrypting all network traffic • MFA, strong authentication • Monitoring (SIEM & SOC)
16 This time we will focus on
17 Allow-listing (aka Whitelisting)
18 Mythbusting Time!
19 Myth 1: More Manpower Needed
20 Myth 2: Allow-listing is difficult because of thousands of apps
21 Myth 3: Allow-listing requires Enterprise version of Windows
22 About the Project
23 Every Project Starts with Logging
24
25 Choose your Allow-listing solution
26 Allow-Listing options • Windows NT4 • User Policy driven whitelist for exe names • Windows XP/2003 • Software Restriction Policy • Windows 7 Enterprise+ / Server 2008 r2+ • AppLocker • Windows 10 Enterprise+ / Server 2016+ • Hypervisor-based Code Integrity (HVCI) • Third Party…
27 Common things about Allow-listing • Allow-listing is the most effective way to increase a companys security! • Effective Allow-listing works only when combined with the Principle of Least Privilege • Windows Defender Application Control works for admins as well… if it works… • No builtin reporting in native options • Allow-listing is a security barrier – Deny-listing is not! • For servers things are a little different (RDS vs others)
28 Software Restriction Policy SRPv1
29 SRPv1 – Software Restriction Policy • Allow-list or Deny-list • One ruleset • Executables • Dlls • Scripts • Windows Installers • Extensible list of filetypes • Targeted at the computer level • Can rule out admins • SRP supports four types of rules: • Hash • Path • Signature • Internet zone • No support for Universal Apps • No Audit mode • No rule exceptions • No import/export
30 DEMO
31 AppLocker SRPv2
32 AppLocker • Blacklisting and Whitelisting • Can target computers, users or groups • All software needs to be preapproved in some way • Location, hash or signature based • Is based on a native function of the Windows OS since Windows 7 • Requires Enterprise version of Windows (unless you have inTune) • Requires the AppIDSvc-service and uses a Kernel Mode driver for enforcement
33 Inheritance
34 File/Folder Rules • You can allow a Folder as c:folder* • You can allow a certain file like c:folderfile.exe • You can also use wildcard * like c:users*appdatalocalSoftware1* • AppLocker doesn’t support Windows variables • Sysvol or NETLOGON require all DC’s to be added separately • dc1SYSVOL* • dc2SYSVOL* • dc3SYSVOL* • UNC-paths might need to be added in three different formats • Server1Share* • server1.domain.localShare* • 172.16.0.21Share* • R:*
35 Publisher-rules • Best option after Path-rules • Try to stick to Company-level instead of certain filenames or versions • *-rule says that any file signed by a trusted signer is OK to run • Trust your own certificate or buy an externally trusted certificate
36 Hash-rules • Don’t use unless you can’t use Path-rules or Publisher-rules • Usable exception if the binary doesn’t change often
37 AppLocker HOW TO • Keep to containers not items – Folders vs Files, Publishers vs Hashes • Remember to audit your installation with AccessChk! • Remember NO ADMIN RIGHTS!!
38 Simplest AppLocker • Relies on the knowledge of the user
39 Simplest AppLocker for Service Providers
40 Signing • 95% of Malware is not signed – just something to think about • You can sign apps yourself • Use Timestamp if possible! • If you have the cert on your computer installed: • Signtool sign /v /s MY /n MyPrivateCert /t http://timestamp.verisign.com/scripts/timstamp.dll FileToSign.exe • If not: • Guide: https://blogs.msdn.microsoft.com/winsdk/2009/11/13/steps-to- sign-a-file-using-signtool-exe/
41 AppLocker Example Policies
42 AppLocker example • My current • Replace Matti Laiho with you companies own cert • Replace HP with your UEFI provider
43 PowerShell Denied from Limited Users That’s what I do
44 MS Recommendations for PowerShell
45 PowerShell for AppLocker in production
46 Notification when something fails • https://cloudrobots.net/2014/08/24/trig ger-a-powershell-script-from-a-windows- event/ • https://clusteringformeremortals.com/20 18/10/28/step-by-step-how-to-trigger- an-email-alert-from-a-windows-event- that-includes-the-event-details-using- windows-server-2016/
47 Hardening
48 Twitter • @Oddvarmoe • @subTee • @mattifestation • @enigma0x3 • @aionescu • @tifkin_ • @bohops • @PhilipTsukerman • @samilaiho ;)
49 Hardening Whitelisting Make sure your containers don’t leak (this is one batch file) – CHECK THE LATEST FROM GITHUB! https://gist.github.com/api0cradle/95cd51fa1aa735d93311 86f934df4df9#file-accesschk-bat
50 Higher level GPO for Hardening
51 Tools to help • Oddvar Moe’s • Ultimate AppLocker ByPass List • https://github.com/api0cradle/UltimateAppLockerByPassList • PowerAL • https://github.com/api0cradle/PowerAL • AaronLocker • https://blogs.msdn.microsoft.com/aaron_margosis/2019/01/28/aaronlocker- moved-to-github/ • Microsoft’s list of what to block: https://docs.microsoft.com/en- us/windows/security/threat-protection/windows-defender- application-control/microsoft-recommended-block-rules
52 Firewall
53 AppLocker via Intune
54 Device Guard aka Windows Defender Application Control
55 Device Guard • Single purpose machines • Currently for example Office is super difficult • No user exceptions • VERY HARDCORE!! • Especially with Hypervisor level enforcement • Drivers need to support it • Some really don’t… • IO-MMU to make it bulletproof
56 “DeviceGuard is like AppLocker on Steroids!”
57
58
59 Allow-Listing can stabilize what you have… But now that you have a strict list of what you allow you still need to keep those up to date!
60 Installed apps are always up to date without distracting users Initial app deployment Forced by admins Available for users Available apps are allow-listed by organization policies User friendly application deployment
61 End-users New features and bug fixes to applications Don’t need to worry about installations, updating etc. Always up-to-date tools IT department Standartized and managed endpoint environment is easier to maintain. It also produces less support requests to contact center License management is simpler Organization Saves end users’ and IT derpartment’s time Improves cybersecurity a lot Why endpoint applications should be managed? 💬 Present questions in the chat.
62 Installation Updating / patching apps Removal Application lifecycle management? 💬 Present questions in the chat.
63 What annoys end users on app updates? 40 % Confusion 40 % Lost time 20 % Wrong time 20 % Too much 💬 Present questions in the chat.
64 Keeping applications up to date ”manually” Monitoring software versions and vulnerabilities Repeats every working day. Downloading an installation package Packaging Testing Upload to a management system Configuring a deployment Repeats for every new application version. 💬 Present questions in the chat.
65 Installed apps are always up to date without distracting user Centero Software Manager Initial app deployment Forced by admins Silently on background Available for users Self-service (Company Portal, Software Center etc.) Available apps are allow-listed by organization policies AppLocker User friendly application deployment
66 CSM is built to automatize your application management 💬 Present questions in the chat.
67 It’s a demo time! 💬 Present questions in the chat.
68 Q & A Start a CSM trial: http://bit.ly/ csm-trial 💬 Present questions in the chat.

Recommandé

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Design and Implementation of a Secure File Sharing Transfer
Design and Implementation of a Secure File Sharing TransferDesign and Implementation of a Secure File Sharing Transfer
Design and Implementation of a Secure File Sharing TransferDebabrata Halder
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 

Recommandé

CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Design and Implementation of a Secure File Sharing Transfer
Design and Implementation of a Secure File Sharing TransferDesign and Implementation of a Secure File Sharing Transfer
Design and Implementation of a Secure File Sharing TransferDebabrata Halder
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation toolsBangladesh Network Operators Group
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptxMuhammad Mazhar
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 

Contenu connexe

Tendances

CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)ENOInstitute
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 

Tendances (20)

CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development Security
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptx
 
Nikto
NiktoNikto
Nikto
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 

Similaire à Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
Kill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsKill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsScriptLogic
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches Jim Kaplan CIA CFE
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Simon Storm
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious ServersRaleigh ISSA
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2DianaGray10
 

Similaire à Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021 (20)

Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
 
Kill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsKill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin Rights
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 

Plus de Teemu Tiainen

Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariPikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariTeemu Tiainen
 
Taistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTaistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTeemu Tiainen
 
Torju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTorju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTeemu Tiainen
 
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Teemu Tiainen
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Teemu Tiainen
 
Tietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTeemu Tiainen
 
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Teemu Tiainen
 
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariEU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariTeemu Tiainen
 
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Teemu Tiainen
 
Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Teemu Tiainen
 

Plus de Teemu Tiainen (11)

Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariPikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
 
Taistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTaistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoon
 
Torju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTorju uhkat salaamalla datasi
Torju uhkat salaamalla datasi
 
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
 
Tietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaa
 
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
 
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariEU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
 
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
 
Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015
 

Dernier

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 

Dernier (20)

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

  • 1. 1 Zero Trust And Best Practices for Securing Endpoint Apps Webinar starting soon… Speakers: ⬅ Sami Laiho (Adminize) and Juha Haapsaari (Centero) ➡ 💬 Present questions in the chat.
  • 2. 2 Results of Survey Zero Trust Allow- listing AppLocker Keeping apps up to date Q & A Agenda 💬 Present questions in the chat.
  • 3. 3 Results of the survey in the LinkedIn event 💬 Present questions in the chat.
  • 4. 4 Special Guest ⭐ 💬 Present questions in the chat.
  • 5. 5 Sami’s Agenda • How to ease your workload with allow-listing. • Is allow-listing difficult? • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations.
  • 6. 6 Sami Laiho Senior Technical Fellow adminize.com / Sulava • IT Admin since 1996 • MCT since 2001 • MVP in Windows OS since 2011 • ”100 Most Influencal people in IT in Finland” – TiVi’2019,2020 • Specializes in and trains: • Troubleshooting • Windows Internals • Security, Social Engineering, Auditing • Centralized Management, Active Directory • Trophies: • Ignite 2018 – Session #1 and #2 (out of 1708) ! • Best Speaker at NIC, Oslo 2016, 2017, 2019 and 2020 • Best External Speaker at Ignite 2017 • TechDays Sweden 2016, 2018 – Best Speaker • Best Session at AppManagEvent 2017, 2018, Utrecht • Best Sessions (#1 and #2) at TechTalks 2017, Helsinki • TechEd Europe and North America 2014 - Best session, Best speaker • TechEd Australia 2013 - Best session, Best speaker • TechEd Europe 2013 - Best Session by an external speaker
  • 7. 7 What I do day to day…
  • 8. 8 8
  • 9. 9 If you’re not on Twitter get on Twitter! @samilaiho
  • 10. 10 Big Concepts to Harden Security
  • 11. 11 ”An ounce of prevention is worth a pound of cure” Benjamin Franklin
  • 12. 12 Why Zero Trust? • Empower your users to work more securely anywhere and anytime, on any device • Enable digital transformation with intelligent security for today’s complex environment • Close security gaps and minimize risk of lateral movement
  • 13. 13 Zero Trust principles Verify explicitly Use least privileged access Assume breach
  • 15. 15 My Take on Secure Environment • Up to date hardware and software inventory • BitLocker • Principle of Least Privilege • Allow listing • Tier Model for AD • Using PAW-model • Authenticating/Encrypting all network traffic • MFA, strong authentication • Monitoring (SIEM & SOC)
  • 16. 16 This time we will focus on
  • 19. 19 Myth 1: More Manpower Needed
  • 20. 20 Myth 2: Allow-listing is difficult because of thousands of apps
  • 21. 21 Myth 3: Allow-listing requires Enterprise version of Windows
  • 23. 23 Every Project Starts with Logging
  • 24. 24
  • 26. 26 Allow-Listing options • Windows NT4 • User Policy driven whitelist for exe names • Windows XP/2003 • Software Restriction Policy • Windows 7 Enterprise+ / Server 2008 r2+ • AppLocker • Windows 10 Enterprise+ / Server 2016+ • Hypervisor-based Code Integrity (HVCI) • Third Party…
  • 27. 27 Common things about Allow-listing • Allow-listing is the most effective way to increase a companys security! • Effective Allow-listing works only when combined with the Principle of Least Privilege • Windows Defender Application Control works for admins as well… if it works… • No builtin reporting in native options • Allow-listing is a security barrier – Deny-listing is not! • For servers things are a little different (RDS vs others)
  • 29. 29 SRPv1 – Software Restriction Policy • Allow-list or Deny-list • One ruleset • Executables • Dlls • Scripts • Windows Installers • Extensible list of filetypes • Targeted at the computer level • Can rule out admins • SRP supports four types of rules: • Hash • Path • Signature • Internet zone • No support for Universal Apps • No Audit mode • No rule exceptions • No import/export
  • 32. 32 AppLocker • Blacklisting and Whitelisting • Can target computers, users or groups • All software needs to be preapproved in some way • Location, hash or signature based • Is based on a native function of the Windows OS since Windows 7 • Requires Enterprise version of Windows (unless you have inTune) • Requires the AppIDSvc-service and uses a Kernel Mode driver for enforcement
  • 34. 34 File/Folder Rules • You can allow a Folder as c:folder* • You can allow a certain file like c:folderfile.exe • You can also use wildcard * like c:users*appdatalocalSoftware1* • AppLocker doesn’t support Windows variables • Sysvol or NETLOGON require all DC’s to be added separately • dc1SYSVOL* • dc2SYSVOL* • dc3SYSVOL* • UNC-paths might need to be added in three different formats • Server1Share* • server1.domain.localShare* • 172.16.0.21Share* • R:*
  • 35. 35 Publisher-rules • Best option after Path-rules • Try to stick to Company-level instead of certain filenames or versions • *-rule says that any file signed by a trusted signer is OK to run • Trust your own certificate or buy an externally trusted certificate
  • 36. 36 Hash-rules • Don’t use unless you can’t use Path-rules or Publisher-rules • Usable exception if the binary doesn’t change often
  • 37. 37 AppLocker HOW TO • Keep to containers not items – Folders vs Files, Publishers vs Hashes • Remember to audit your installation with AccessChk! • Remember NO ADMIN RIGHTS!!
  • 38. 38 Simplest AppLocker • Relies on the knowledge of the user
  • 39. 39 Simplest AppLocker for Service Providers
  • 40. 40 Signing • 95% of Malware is not signed – just something to think about • You can sign apps yourself • Use Timestamp if possible! • If you have the cert on your computer installed: • Signtool sign /v /s MY /n MyPrivateCert /t http://timestamp.verisign.com/scripts/timstamp.dll FileToSign.exe • If not: • Guide: https://blogs.msdn.microsoft.com/winsdk/2009/11/13/steps-to- sign-a-file-using-signtool-exe/
  • 42. 42 AppLocker example • My current • Replace Matti Laiho with you companies own cert • Replace HP with your UEFI provider
  • 43. 43 PowerShell Denied from Limited Users That’s what I do
  • 46. 46 Notification when something fails • https://cloudrobots.net/2014/08/24/trig ger-a-powershell-script-from-a-windows- event/ • https://clusteringformeremortals.com/20 18/10/28/step-by-step-how-to-trigger- an-email-alert-from-a-windows-event- that-includes-the-event-details-using- windows-server-2016/
  • 48. 48 Twitter • @Oddvarmoe • @subTee • @mattifestation • @enigma0x3 • @aionescu • @tifkin_ • @bohops • @PhilipTsukerman • @samilaiho ;)
  • 49. 49 Hardening Whitelisting Make sure your containers don’t leak (this is one batch file) – CHECK THE LATEST FROM GITHUB! https://gist.github.com/api0cradle/95cd51fa1aa735d93311 86f934df4df9#file-accesschk-bat
  • 50. 50 Higher level GPO for Hardening
  • 51. 51 Tools to help • Oddvar Moe’s • Ultimate AppLocker ByPass List • https://github.com/api0cradle/UltimateAppLockerByPassList • PowerAL • https://github.com/api0cradle/PowerAL • AaronLocker • https://blogs.msdn.microsoft.com/aaron_margosis/2019/01/28/aaronlocker- moved-to-github/ • Microsoft’s list of what to block: https://docs.microsoft.com/en- us/windows/security/threat-protection/windows-defender- application-control/microsoft-recommended-block-rules
  • 54. 54 Device Guard aka Windows Defender Application Control
  • 55. 55 Device Guard • Single purpose machines • Currently for example Office is super difficult • No user exceptions • VERY HARDCORE!! • Especially with Hypervisor level enforcement • Drivers need to support it • Some really don’t… • IO-MMU to make it bulletproof
  • 56. 56 “DeviceGuard is like AppLocker on Steroids!”
  • 57. 57
  • 58. 58
  • 59. 59 Allow-Listing can stabilize what you have… But now that you have a strict list of what you allow you still need to keep those up to date!
  • 60. 60 Installed apps are always up to date without distracting users Initial app deployment Forced by admins Available for users Available apps are allow-listed by organization policies User friendly application deployment
  • 61. 61 End-users New features and bug fixes to applications Don’t need to worry about installations, updating etc. Always up-to-date tools IT department Standartized and managed endpoint environment is easier to maintain. It also produces less support requests to contact center License management is simpler Organization Saves end users’ and IT derpartment’s time Improves cybersecurity a lot Why endpoint applications should be managed? 💬 Present questions in the chat.
  • 62. 62 Installation Updating / patching apps Removal Application lifecycle management? 💬 Present questions in the chat.
  • 63. 63 What annoys end users on app updates? 40 % Confusion 40 % Lost time 20 % Wrong time 20 % Too much 💬 Present questions in the chat.
  • 64. 64 Keeping applications up to date ”manually” Monitoring software versions and vulnerabilities Repeats every working day. Downloading an installation package Packaging Testing Upload to a management system Configuring a deployment Repeats for every new application version. 💬 Present questions in the chat.
  • 65. 65 Installed apps are always up to date without distracting user Centero Software Manager Initial app deployment Forced by admins Silently on background Available for users Self-service (Company Portal, Software Center etc.) Available apps are allow-listed by organization policies AppLocker User friendly application deployment
  • 66. 66 CSM is built to automatize your application management 💬 Present questions in the chat.
  • 67. 67 It’s a demo time! 💬 Present questions in the chat.
  • 68. 68 Q & A Start a CSM trial: http://bit.ly/ csm-trial 💬 Present questions in the chat.