Privileged Attack Vectors: Key DefensesBeyondTrust's Karl Lankford on Mitigating the Unmanaged Privilege Threat
Attackers crave insider-level access to IT infrastructure, and to get it, they regularly target insiders - and especially anyone with "super user" or admin-level access - to steal their credentials, says Karl Lankford of BeyondTrust.
See Also: Consumer IAM (CIAM) for Dummies
That's why all insider access to systems must be "managed, monitored and audited" while also ensuring "the principle of least privilege to only give people the access they need at the time they need it," he says.
Putting that in place requires looking at insiders and "scoping some control around what they can do and limiting their exposure once they're through the front door," Lankford says.
In a video interview at the recent Infosecurity Europe conference, Lankford discusses:
- His customers' top privileged access management challenges;
- Best practices for assessing, prioritizing and addressing internal and external privileged risks;
- Key steps for mitigating the threat posed by unmanaged privileges.
Lankford, director of solutions engineering in EMEA for BeyondTrust, is a frequent speaker at industry conferences.