Administrative tool restriction limits the availability of powerful system utilities, such as PowerShell and command-line interfaces, to only specifically authorised service accounts. Attackers often “live off the land” by using these native tools to perform discovery, escalate privileges, and execute malware. By restricting these tools and using application whitelisting to block unauthorised executables, organisations can significantly reduce the internal tools available to an adversary. Discover system hardening techniques in our evolution guide.

For more information, see Industrial Cyber Security Best Practices.