Abstract image of a woman sitting on books and studying on a laptop

OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control

Ivanti, profile picture
Ivanti

The document discusses Ivanti's approach to privilege management aimed at enhancing network security by removing local admin rights. It highlights key challenges posed by user-targeted cyberattacks and offers insights into effective strategies, such as application whitelisting and minimizing administrative privileges. Additionally, it provides success stories and tips for implementing these security measures effectively.

Software
1 of 40
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control
Shane Wescott Mark Williamson AppSense Technology Evangelist – Aust/NZ Technical Lead (AM) OSB140 - Want a safer network. you can remove local admin rights with Ivanti application control
Agenda  Who are we  Why Ivanti for Privilege Management  How does it work – What’s under the hood  Tips and Tricks  What’s the Challenge  Customer Success Stories  Demo – Show me already  Q & A
Who are we ?
What’s the challenge ?
User-Targeted Attacks Of Cyberattacks Start With A Phishing Email PhishMe 2016 Enterprise Phishing Susceptibility and Resiliency Report https://phishme.com/2016-enterprise-phishing-susceptibility-report
User-Targeted Attacks of recipients open phishing messages, and 12% click on attachments. Verizon 2016 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2016/ Up from 23% and 11%, respectively, in 2015
OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control
OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control
Mitigate Impact A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. Privilege Management Reduces Impact: 0 2 4 6 8 10 12 14 16 18 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec total Priv mgmt mitigates
SANS Training Example from Dr Eric Cole • 47 users across 47 companies • Average required rights to data 42% • Of total data loss, ONLY 17% would have been lost • Remaining 83% equated to $4.5 Million • Roughly $100K per user breached
Australian Signals Directorate
SANS – 1st Five… SANS “First Five”—as providing the most immediate increase in efficient and effective reduction in risk from advanced targeted attacks: 1) software whitelisting, 2) secure standard configurations, 3) application security patching, 4) system security patching and 5) minimization of administrative privileges.
How does it work – What’s under the hood?
ivanti User Privilege Management  Enable admin apps & features for standard users  Allow personal apps with IT control  Full auditing capability
Standard Elevation with Ivanti Application Control 16 AM Agent LSASS Amend Token? CreateProcess Regedit.exe AMAppHook.Dll NTDLL LSA Client Custom LSA Auth Package AMMessageAssist Regedit.exeReparent CreateProcess - Regedit.exe Explorer.exe
Why Ivanti for Privilege Management ?
Discover Provide Insight Take Action
Our History
History and Experience • 18 years experience Whitelisting from AppSense • 14 years experience Patching from Shavlik • 7 years experience Privilege Management from AppSense
Control Administrative Rights  Applications  OS Components  Websites  Services  Installs
Corporate App Store
Application Network Access Control Control outbound connections:  IP  Hostname  URL  UNC or Port
What Do I Need To Elevate?
Ivanti is QUICK to protect Deploy Audit Review Update Proven Methodology
Granular, Contextual Policies • Allows authorised users to access “break glass” functionality • All based on granular, contextual policies • All policy based with full auditing
85% of Windows intrusion threats Organizations can prevent up to by implementing four key disciplines PATCH OPERATING SYSTEMS 1 PATCH APPLICATIONS 2 PRIVILEGE MANAGEMENT 4 APPLICATION WHITELISTING 3 Powered ByPowered By
Our defense-in-depth products PATCH & VULNERABILITY MANAGEMENT APPLICATION CONTROL & PRIVILEGE MANAGEMENT ENDPOINT SECURITY SUITES SECURE PROGRAM MANAGEMENT • IVANTI PATCH FOR ENDPOINTS • IVANTI PATCH FOR SERVERS • IVANTI PATCH FOR SCCM • IVANTI APPLICATION CONTROL FOR ENDPOINTS • IVANTI APPLICATION CONTROL FOR SERVERS • IVANTI APPLICATION CONTROL FOR SCCM • IVANTI ENDPOINT SECURITY • IVANTI SERVER SECURITY • IVANTI SERVICE MANAGER • IVANTI ASSET MANAGER Provide Insight Compliance and monitoring by Xtraction
Customer Success Stories?
Only product Customer bought off a Beta 
Hassell – Removal of Admin/App Store
Demo – Show me already
33
Tips and Tricks
1. Follow the advice from Experts  SANS, CIS, ASD –do the most important things FIRST  Follow a proven methodology  If you want more info on this jump into this session OSB310 – Whitelisting, The Good, the Bad, the Ugly. Our Experts help you avoid Common Pitfalls Thursday 10:15- 11:15 Jamaica B
2. Get buy in from the Business • It cant just be driven by the Security Team • Communications is the key – user and departmental • Make sure people understand the business benefit
3. Do your Discovery - Don’t assume anything What’s running on your network? What apps need admin rights? How quickly user behaviour can change Xtraction can be Awesome to help get that single page view
3. Do your Discovery - Don’t assume anything Xtraction example: ASD TOP 4 Single pane view Multiple data sources
Plug for Xtraction OSL140 - Here’s Your #$@&%*! Report! Test Drive Xtraction for Security Wednesday 14:15 – 15:15 MEC C1
Q + A Thank you

More Related Content

PDF
OSB160: Trust Your Apps. See How with Ivanti Application Control
Ivanti
 
PDF
OSB120 Beat Ransomware
Ivanti
 
PDF
Stop Attacks and Mitigate Risk with Application and Device Control
Symantec
 
PDF
Infographic-1-MainFrame BlindSpots_082015
Clint Walker
 
PPTX
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
PDF
Presentazione-CyberArk-MDM-v3
Marco Di Martino
 
PDF
Effective multi factor authentication for people soft
Appsian
 
DOCX
Ambesh
Ambesh Sharma
 
OSB160: Trust Your Apps. See How with Ivanti Application Control
Ivanti
 
OSB120 Beat Ransomware
Ivanti
 
Stop Attacks and Mitigate Risk with Application and Device Control
Symantec
 
Infographic-1-MainFrame BlindSpots_082015
Clint Walker
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
Presentazione-CyberArk-MDM-v3
Marco Di Martino
 
Effective multi factor authentication for people soft
Appsian
 
Ambesh
Ambesh Sharma
 

What's hot (20)

PPTX
Securing Your Salesforce Org: The Human Factor
F Pindar
 
PPTX
Kaspersky antivirus ppt
Dipak Bamugade
 
PDF
Managing privileged account security
Raleigh ISSA
 
PDF
Security VoIP Assessment
Iron Mountain
 
PPTX
Cyber ark training
Global Online Trainings
 
PDF
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
PPTX
3 Reasons It's Time for a New Remote Access Model
Akamai Technologies
 
PDF
Security Operations Strategies
Siemplify
 
PDF
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
PPTX
Con8813 securing privileged accounts with an integrated idm solution - final
OracleIDM
 
PPTX
Application Control - Maintenance Headache or Manageable Solution?
Ivanti
 
PPTX
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
PPTX
Stop Account Takeover Attacks, Right in their Tracks
Imperva
 
PDF
Xamarin security talk slideshare
Marcus de Wilde
 
PPTX
CyberArk
Jimmy Sze
 
PPTX
SIEM Alone is Not Enough
Tripwire
 
PDF
Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai
Akamai Technologies
 
PPSX
Waratek presentation for RANT November 2016
Waratek Ltd
 
PPT
Panda Security2008
tswong
 
PDF
Simple and-smart-security-tips-for-website -design-orange949
Orange949
 
Securing Your Salesforce Org: The Human Factor
F Pindar
 
Kaspersky antivirus ppt
Dipak Bamugade
 
Managing privileged account security
Raleigh ISSA
 
Security VoIP Assessment
Iron Mountain
 
Cyber ark training
Global Online Trainings
 
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
3 Reasons It's Time for a New Remote Access Model
Akamai Technologies
 
Security Operations Strategies
Siemplify
 
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
Con8813 securing privileged accounts with an integrated idm solution - final
OracleIDM
 
Application Control - Maintenance Headache or Manageable Solution?
Ivanti
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
Stop Account Takeover Attacks, Right in their Tracks
Imperva
 
Xamarin security talk slideshare
Marcus de Wilde
 
CyberArk
Jimmy Sze
 
SIEM Alone is Not Enough
Tripwire
 
Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai
Akamai Technologies
 
Waratek presentation for RANT November 2016
Waratek Ltd
 
Panda Security2008
tswong
 
Simple and-smart-security-tips-for-website -design-orange949
Orange949
 
Ad

Similar to OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control (20)

PDF
OSB170: What a CISO Wants
Ivanti
 
PPTX
How to Cut Through the “Fog of More” to Achieve a Solid Security Foundation
Ivanti
 
PDF
Web Application Security Testing Guide | Secure Web Apps
digitaljignect
 
PDF
What’s the State of Your Endpoint Security?
IBM Security
 
PDF
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Cenzic
 
PPTX
What's New with Ivanti’s Enterprise Licensing Agreement?
Ivanti
 
PPTX
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
ODP
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
IBM Security
 
DOCX
Demand for Penetration Testing Services.docx
Aardwolf Security
 
PPT
Path Maker Security Presentation
danhsmith
 
PDF
AppTrana SECaaS (Security as a Service)
IndusfacePvtLtd
 
PDF
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
PDF
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
PPT
Isms3
aaditya
 
PPT
computer security audit ,erp audit,software systems audit
aaditya
 
PPTX
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
PPT
NH Bankers 10 08 07 Kamens
kamensm02
 
PDF
Panda Security - Adaptive Defense 360
Panda Security
 
PPTX
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
OSB170: What a CISO Wants
Ivanti
 
How to Cut Through the “Fog of More” to Achieve a Solid Security Foundation
Ivanti
 
Web Application Security Testing Guide | Secure Web Apps
digitaljignect
 
What’s the State of Your Endpoint Security?
IBM Security
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Cenzic
 
What's New with Ivanti’s Enterprise Licensing Agreement?
Ivanti
 
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
IBM Security
 
Demand for Penetration Testing Services.docx
Aardwolf Security
 
Path Maker Security Presentation
danhsmith
 
AppTrana SECaaS (Security as a Service)
IndusfacePvtLtd
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
Isms3
aaditya
 
computer security audit ,erp audit,software systems audit
aaditya
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
NH Bankers 10 08 07 Kamens
kamensm02
 
Panda Security - Adaptive Defense 360
Panda Security
 
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
Ad

More from Ivanti (20)

PDF
August Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juin
Ivanti
 
PDF
June Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mai
Ivanti
 
PDF
May Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Avril
Ivanti
 
PDF
April Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mars
Ivanti
 
PDF
March Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Février
Ivanti
 
PDF
February Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Diciembre
Ivanti
 
PDF
Français Patch Tuesday - Décembre
Ivanti
 
PDF
Patch Tuesday Italia Dicembre
Ivanti
 
PDF
December Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Noviembre
Ivanti
 
PDF
Français Patch Tuesday - Novembre
Ivanti
 
PDF
Patch Tuesday Italia Novembre
Ivanti
 
August Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juillet
Ivanti
 
July Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juin
Ivanti
 
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Ivanti
 
May Patch Tuesday
Ivanti
 
Français Patch Tuesday - Avril
Ivanti
 
April Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mars
Ivanti
 
March Patch Tuesday
Ivanti
 
Français Patch Tuesday - Février
Ivanti
 
February Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Ivanti
 
Français Patch Tuesday - Décembre
Ivanti
 
Patch Tuesday Italia Dicembre
Ivanti
 
December Patch Tuesday
Ivanti
 
Patch Tuesday de Noviembre
Ivanti
 
Français Patch Tuesday - Novembre
Ivanti
 
Patch Tuesday Italia Novembre
Ivanti
 

Recently uploaded (20)

PPTX
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
PDF
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
PDF
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PDF
Website Design Services for Small Businesses.pdf
ecomme9
 
PDF
Microsoft Office 365 Crack Download Free
wasibhadar
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
PPTX
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
PDF
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PDF
DNT Brochure 2025 – ISV Solutions @ D365
sai vignesh
 
PDF
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PPTX
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
PPTX
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
PPTX
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
AI/ML Infra Meetup | LLM Agents and Implementation Challenges
Alluxio, Inc.
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
Website Design Services for Small Businesses.pdf
ecomme9
 
Microsoft Office 365 Crack Download Free
wasibhadar
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
DNT Brochure 2025 – ISV Solutions @ D365
sai vignesh
 
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
assetexplorer- product-overview - presentation
nonameist3434
 
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 

OSB140: Want a Safer Network? You Can Remove Local Admin Rights with Ivanti Application Control

  • 2. Shane Wescott Mark Williamson AppSense Technology Evangelist – Aust/NZ Technical Lead (AM) OSB140 - Want a safer network. you can remove local admin rights with Ivanti application control
  • 3. Agenda  Who are we  Why Ivanti for Privilege Management  How does it work – What’s under the hood  Tips and Tricks  What’s the Challenge  Customer Success Stories  Demo – Show me already  Q & A
  • 6. User-Targeted Attacks Of Cyberattacks Start With A Phishing Email PhishMe 2016 Enterprise Phishing Susceptibility and Resiliency Report https://phishme.com/2016-enterprise-phishing-susceptibility-report
  • 7. User-Targeted Attacks of recipients open phishing messages, and 12% click on attachments. Verizon 2016 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2016/ Up from 23% and 11%, respectively, in 2015
  • 10. Mitigate Impact A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. Privilege Management Reduces Impact: 0 2 4 6 8 10 12 14 16 18 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec total Priv mgmt mitigates
  • 11. SANS Training Example from Dr Eric Cole • 47 users across 47 companies • Average required rights to data 42% • Of total data loss, ONLY 17% would have been lost • Remaining 83% equated to $4.5 Million • Roughly $100K per user breached
  • 13. SANS – 1st Five… SANS “First Five”—as providing the most immediate increase in efficient and effective reduction in risk from advanced targeted attacks: 1) software whitelisting, 2) secure standard configurations, 3) application security patching, 4) system security patching and 5) minimization of administrative privileges.
  • 14. How does it work – What’s under the hood?
  • 15. ivanti User Privilege Management  Enable admin apps & features for standard users  Allow personal apps with IT control  Full auditing capability
  • 16. Standard Elevation with Ivanti Application Control 16 AM Agent LSASS Amend Token? CreateProcess Regedit.exe AMAppHook.Dll NTDLL LSA Client Custom LSA Auth Package AMMessageAssist Regedit.exeReparent CreateProcess - Regedit.exe Explorer.exe
  • 20. History and Experience • 18 years experience Whitelisting from AppSense • 14 years experience Patching from Shavlik • 7 years experience Privilege Management from AppSense
  • 21. Control Administrative Rights  Applications  OS Components  Websites  Services  Installs
  • 23. Application Network Access Control Control outbound connections:  IP  Hostname  URL  UNC or Port
  • 24. What Do I Need To Elevate?
  • 25. Ivanti is QUICK to protect Deploy Audit Review Update Proven Methodology
  • 26. Granular, Contextual Policies • Allows authorised users to access “break glass” functionality • All based on granular, contextual policies • All policy based with full auditing
  • 27. 85% of Windows intrusion threats Organizations can prevent up to by implementing four key disciplines PATCH OPERATING SYSTEMS 1 PATCH APPLICATIONS 2 PRIVILEGE MANAGEMENT 4 APPLICATION WHITELISTING 3 Powered ByPowered By
  • 28. Our defense-in-depth products PATCH & VULNERABILITY MANAGEMENT APPLICATION CONTROL & PRIVILEGE MANAGEMENT ENDPOINT SECURITY SUITES SECURE PROGRAM MANAGEMENT • IVANTI PATCH FOR ENDPOINTS • IVANTI PATCH FOR SERVERS • IVANTI PATCH FOR SCCM • IVANTI APPLICATION CONTROL FOR ENDPOINTS • IVANTI APPLICATION CONTROL FOR SERVERS • IVANTI APPLICATION CONTROL FOR SCCM • IVANTI ENDPOINT SECURITY • IVANTI SERVER SECURITY • IVANTI SERVICE MANAGER • IVANTI ASSET MANAGER Provide Insight Compliance and monitoring by Xtraction
  • 30. Only product Customer bought off a Beta 
  • 31. Hassell – Removal of Admin/App Store
  • 32. Demo – Show me already
  • 33. 33
  • 35. 1. Follow the advice from Experts  SANS, CIS, ASD –do the most important things FIRST  Follow a proven methodology  If you want more info on this jump into this session OSB310 – Whitelisting, The Good, the Bad, the Ugly. Our Experts help you avoid Common Pitfalls Thursday 10:15- 11:15 Jamaica B
  • 36. 2. Get buy in from the Business • It cant just be driven by the Security Team • Communications is the key – user and departmental • Make sure people understand the business benefit
  • 37. 3. Do your Discovery - Don’t assume anything What’s running on your network? What apps need admin rights? How quickly user behaviour can change Xtraction can be Awesome to help get that single page view
  • 38. 3. Do your Discovery - Don’t assume anything Xtraction example: ASD TOP 4 Single pane view Multiple data sources
  • 39. Plug for Xtraction OSL140 - Here’s Your #$@&%*! Report! Test Drive Xtraction for Security Wednesday 14:15 – 15:15 MEC C1
  • 40. Q + A Thank you