Threat Hunter
3 months, 4 weeks ago
CISA Got It Partially Right. Here\'s What They Missed.
CISA published an advisory on endpoint management hardening after the Stryker wipe. Their Multi Admin Approval recommendation is a speed bump, not a wall. Here is what actually stops a Global Admin compromise: no standing privileges, PIM with Authentication Context, FIDO2 hardware keys, and automated session revocation.