Credential Theft

I was fortunate enough to get the opportunity to help Skyport Systems demonstrate their product at the RSA conference last week. As I met with hundreds of people, there were 2 things that stood out in my week:

In my last post (http://bit.ly/1SxQcK4) I talked about the idea of adopting a model of IT systems management that matched how a hospital deals with sick patients. In this post, I’ll be detailing solutions for adopting this model in a corporate network.

Administrative credential theft, whether it is an actual systems administrator’s logon or the logon associated with an application or service with administrative credentials, is the most dangerous vulnerability on my customers' networks. This is for two reasons:

  1. The tools and techniques for stealing administrator credentials are well known, highly automated and generally available to threat actors

  2. Very few corporate networks were designed to mitigate this threat.

There are many different opinions regarding the right level of credential security for an organization. Depending on someone’s role, they might view security as anywhere from the most important to the least important aspect of their environment. Their perception of the importance of security can also be influenced by whether or not they have experienced a breach.