- a given endpoint is compromised by malware with local admin authority; and
- the admin has or will use a privileged account on/from that endpoint.
Ready to learn more? Check out my on-demand webinar "Pre-empting Mimikatz Attacks on Privileged Accounts Using Password Isolation Human Presence MFA" watch nowHere are some examples of scenarios:
- Admin logs onto endpoint with a privileged account – endpoint is then compromised by malware that harvests credential artifacts from memory or registry.
- On a given endpoint, admin remotely logs on to another system with privileged account, later malware harvests credential artifacts left behind.
- Endpoint already compromised – admin logs on locally or accesses another system with privileged account, then malware steals password as it’s typed or derived credential artifacts from memory or registry.
- Implement a parallel environment of workstations and servers simply for the use of admins. This creates all kinds of expense, complication and inconvenience.
- Implement PAM/PSM technology that never allows passwords to touch the workstation and protects and leverages human-presence 2nd factor of authentication to ensure that intruders in control of an admin’s workstation can’t initiate privileged sessions using the admin’s non-privileged credentials.
Randy Franklin Smith, Microsoft MVP & Windows Security Expert, and CEO at Monterey Technology Group, Inc.
Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.
Randy Franklin Smith began his career in information technology in the 1980s developing software for a variety of companies. During the early 1990s, he led a business process re-engineering effort for a multi-national organization and designed several mission critical, object-oriented, client/server systems. As the Internet and Windows NT took off, Randy focused on security and led his employer's information security planning team. In 1997, he formed Monterey Technology Group, Inc. where he serves as President.
- Certified Information Systems Auditor (CISA)
- Microsoft Security Most Valuable Professional (MVP)
- Systems Security Certified Professional (SSCP)
- Information Systems Security Association (ISSA)
- Information Systems Audit and Control Association (ISACA)
- Center for Internet Security (CIS)