Spotlight on Administrator Rights and Credential Theft
With defense in depth as a mantra in security, organizations have a natural tendency to deploy a variety of solutions in their security portfolio. There is a fundamental layer of protection that many organizations miss – the removal of local administrative rights. In this presentation, we’ll talk about why the removal the local admin rights is the foundation of endpoint security and highlight some of the threats that remain on the endpoint including credential theft.
While the removal of local admin rights greatly reduces the threats landscape, end users can still store a variety of passwords on their laptops. This might be corporate social media accounts, such as Twitter and Facebook, or administrative credentials stored in IT applications and remote access tools.
In this session, we review:
- How credentials are stored
- How attackers can easily access credentials
- How to prevent and audit this malicious behavior