Testing if a Corporate Laptop is actually Locked Down
Contents
Summary
Organisations with a mature approach to security will put a lot of time into the security configuration of their managed laptops. The real test is what a simulated attacker can actually do on a laptop.
Client need
We worked with a family office who are very focussed on both privacy and security. They have fully-managed, locked down laptops for all employees. Having moved from one endpoint product (EDR) to another, it was a perfect time for a technical test of the deployed protections.
What we did
As well as reviewing the laptop configuration within Microsoft 365, we completed a real test of the configuration: working on an example laptop, we tested a whole range of attacker techniques, to test both what was blocked and what was reported by their EDR software.
Our technical testing discovered some surprising gaps in the laptop configuration: macros were enabled in some Office documents, non-privileged users could install software via specific routes, and some engineering tools were still accessible.
Client benefit
Our findings allowed for these gaps in protection to be closed off, further strengthening their key assets from a range of different attacks.
