Build the Attacker's Playground

Introduction

In the modern threat landscape, breach is inevitable. But this does not mean defenders are helpless. Your goal is not to stop attackers, but to irritate them. You can control their playground, and make their jobs more difficult - and perhaps more importantly, more noisy. By following the principles below, you can build a robust network that stands up to attackers, making it so the compromise of one computer does not lead to the loss of your entire network.  By not focusing on the incredibly difficult task of preventing the execution of malicious code, by building what is sometimes referred to as a "zero trust network" you can spend your efforts on sustainable solutions that will severely inhibit the ability of attackers to spread throughout your network from one compromised endpoint. 

These principles were covered in a talk at Ignite 2017 and are broken down into 4 basic categories:

Credential Hygiene 

Remediate Pass-the-hash

• https://microsoft.com/pth/
• https://aka.ms/laps

Network Segmentation 

• https://channel9.msdn.com/Events/Ignite/New-Zealand-2016/M377

Least Privilege 

• /en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations
• https://blogs.msdn.microsoft.com/aaron_margosis/2015/06/30/lua-buglight-2-3-with-support-for-windows-8-1-and-windows-10/

Targeted Monitoring 

• https://aka.ms/wef 

Want to learn even more? 

• https://aka.ms/securitylinks
• https://adsecurity.org
• https://attack.mitre.org/wiki/Main_Page