Allow-listing (aka Whitelisting) - Implementing Easy to Manage AppLocker (or other Allow-listing solutions) in an Enterprise

Kestus: 8 academic hours

Vana-Lõuna 39/1, Tallinn

In 2020 ´s the most important security measure in enterprises is „Allow-listing (aka Whitelisting)" - says Gartner and multiple other agencies. In Windows this means - you need to implement AppLocker.

Allow-listing (aka Whitelisting) ehk Lubatud toimingute loendisse lisamine on küberturbe strateegia, mille kohaselt saab kasutaja oma arvutis teha ainult selliseid toiminguid, mida administraator on selleks eelnevalt selgesõnaliselt lubanud.

Selle asemel, et pidevalt küberründajatest püüda olla samm eespool ja nende „pahatahtlikke“ koode tuvastada ja blokeerida, koostavad IT-töötajad hoopis loetelu heakskiidetud rakendustest, millele arvuti või mobiilseade juurde pääseb. Sisuliselt on kasutajal juurdepääs ainult piiratud kogusele funktsionaalsustele, mida administraator märkinud „ ohutuks“.

Lubatud toimingute loendisse lisamine on üsna äärmuslik lukustamismeede, mis korraliku rakendamise korral hoiab aga paljud küberturbe probleemid eemal!

Join this workshop, where one of the leading experts in Windows OS and Security, Sami Laiho, shows you how to effectively and securely deploy AppLocker in your environment.

Sami has deployed AppLocker for tens of companies ranging from one-man to 500000 seat companies.

 You will learn:

• how to run the project,
• how to manage AppLocker
• and how to keep it secure.

EXTRA: You will also receive prebuilt, pre-hardened, configurations that you can use at your own company.

Even if you don’t have Enterprise, but only the Pro version of Windows, or if you want to deploy the new Windows Defender Application Control, you can apply this knowledge.

Target audience:

Technical professionals (Junior and up) or project managers responsible for security projects.

Prerequisites to the course (recommended):

Basic knowledge of Windows Operating System, Networks and Active Directory.

The prerequisite for issuing the certificate is full participation in training.

Length: 8 academic hours

The training topics and description:

Module 1: Allow-listing (aka Whitelisting) in General

•   Different allow-listing (aka whitelisting) options in Windows
•   Allow-listing (aka Whitelisting) vs Deny-listing (aka BlackListing)
•   AppLocker basics
•   Windows Defender Application Control?

Module 2: Implementing AppLocker

•   How to run an AppLocker project
•   Logging what apps a company has

Module 3: Managing AppLocker

•   Using GUI and PowerShell to add trusted apps
•   Using correct rule types
•   Getting from thousands of rules to just tens
•   Keeping AppLocker safe – fighting against LOLBins

Module 4: Troubleshooting AppLocker

•   Bypassing AppLocker
•   What fails with an enterprise implementation of allow-listing (aka whitelisting)

The training price also includes:
study materials;
a trainer's consultation on the topics learned by e-mail after the training;
certificate. 

You can participate in the training with the Unemployment Insurance Fund training card.

See you at the training!

Loe koolitaja artiklit:

Uued küberturbe koolitused: kaitse võrku turvatarkvara eest maksmata, väldi administraatori õigusi