- a given endpoint is compromised by malware with local admin authority; and
- the admin has or will use a privileged account on/from that endpoint.
Ready to learn more? Check out my on-demand webinar "Pre-empting Mimikatz Attacks on Privileged Accounts Using Password Isolation Human Presence MFA" watch nowHere are some examples of scenarios:
- Admin logs onto endpoint with a privileged account – endpoint is then compromised by malware that harvests credential artifacts from memory or registry.
- On a given endpoint, admin remotely logs on to another system with privileged account, later malware harvests credential artifacts left behind.
- Endpoint already compromised – admin logs on locally or accesses another system with privileged account, then malware steals password as it’s typed or derived credential artifacts from memory or registry.
- Implement a parallel environment of workstations and servers simply for the use of admins. This creates all kinds of expense, complication and inconvenience.
- Implement PAM/PSM technology that never allows passwords to touch the workstation and protects and leverages human-presence 2nd factor of authentication to ensure that intruders in control of an admin’s workstation can’t initiate privileged sessions using the admin’s non-privileged credentials.