A New Capability for Incident Responders: Deny Privileged Access
Summary
This article announces an upcoming webinar that will detail how organizations have successfully stopped ransomware attacks by revoking administrator access from their Windows servers and workstations. The session will cover the technical aspects of this method and how it can expedite containment and attacker eviction during an incident.
IFF Assessment
The webinar discusses a defensive technique that helps incident responders contain and mitigate security incidents, which is beneficial for defenders.
Defender Context
This webinar highlights a critical defense strategy for combating ransomware: limiting privileged access. Defenders should consider implementing robust access control policies and readily available mechanisms to revoke administrator rights quickly during an incident, as this can significantly reduce the impact of an attack.