AppLocker

Since 2021 the most used initial attack vector by RansomWare changed from Phishing to Unpatched Vulnerabilities – the way to limit the enormous amount of patching is to limit and control the binaries you allow. In Windows this means you need to implement AppLocker, which now is available for PRO-versions as well!

Length 1 d

500 + VAT
  • Online and class room

In 2020 the most important security measure in enterprises is whitelisting” said Gartner and multiple other agencies. Only the inventory of assets has now bypassed it on the list. On the other hand if you don’t have binary control, it’s impossible to keep software inventory up to date.
Since 2021 the most used initial attack vector by RansomWare changed from Phishing to Unpatched Vulnerabilities – the way to limit the enormous amount of patching is to limit and control the binaries you allow. In Windows this means you need to implement AppLocker, which now is available for PRO-versions as well! Join this workshop where one of the leading experts in Windows OS and Security, Sami Laiho, shows you how to effectively and securely deploy AppLocker in your environment. Sami has deployed AppLocker for tens and tens of companies ranging from one-man to 500000+ seat companies. You will learn how to run the project, how to manage AppLocker and how to keep it secure. You will also receive prebuilt, pre-hardened, configurations that you can use at your own company. Even if you don’t want to use AppLocker, but a 3rd party solution, or if you want to deploy the new Windows Defender Application Control, you can apply this knowledge.

Prerequisites

Basic knowledge of Windows administration, (Azure) Active Directory  and network infrastructure

The primary payment method is an invoice. The applicable value-added tax is added to the price of the training.
If you would like to pay by credit card, please contact sami@adminize.com

Course Contents

Module 1: Allow-listing (aka Whitelisting) in General

  • Different allow-listing (aka whitelisting) options in Windows
  • Allow-listing (aka Whitelisting) vs Deny-listing (aka BlackListing)
  • AppLocker basics
  • Windows Defender Application Control?

Module 2: Implementing AppLocker

  • How to run an AppLocker project
  • Logging what apps a company has

Module 3: Managing AppLocker

  • Using GUI and PowerShell to add trusted apps
  • Using correct rule types
  • Getting from thousands of rules to just tens
  • Keeping AppLocker safe – fighting against LOLBins

Module 4: Troubleshooting AppLocker

  • Bypassing AppLocker
  • What fails with an enterprise implementation of allow-listing (aka whitelisting)

Course Duration

1 days

Trainer

Sami Laiho

Sign up to a course

Oletko kiinnostunut asiakaskohtaisesta toteutuksesta?

Kerro tarpeesi, niin suunnittelemme koulutuksen tarpeisiinne räätälöitynä.