February 10. 2012

Leonid Shtilman Discusses IT Security Protection with Info Security Products Guide

Leonid Shtilman, CEO and Co-founder of Viewfinity, talks with Rake Narang, Editor-in-Chief, of Info Products Security Guide about the Level of IT security protection provided by removing administrative rights as compared to other forms of endpoint protection, such as antivirus.  

Rake Narang: What security threats are most enterprises least prepared to subvert?

Leonid Shtilman: The security threats that most enterprises are not fully prepared to mitigate are advanced security threats, i.e. threats which are not yet covered by antivirus. One of the most popular ways to infiltrate servers is to exploit administrative rights on endpoints and, through that path, get into a position that allows for an attack on the vital part of the enterprise infrastructure. A growing and highly-regarded opinion among IT professionals is that controlling rights on personal computers and servers is a crucial part of any security solution. Adhering to the principle of least privilege is in the best interest of all companies, whether in the commercial sector, healthcare, within government agencies, etc.

Rake Narang: What are some of the most common but critical mistakes still happening in IT security?

Leonid Shtilman: In every organization there exists a somewhat buried but very dangerous keyhole: the presence of local administrator accounts. Local administrator accounts are often times created directly by users and are hidden from the IT manager’s standard tracked list of administrative accounts managed by Active Directory and can be used by malware to install malicious software on local computers through the administrator account.  Further penetration into the IT environment is then accessible through this loophole.  It is essential that IT security and operations managers have a method for mitigating this common but critical IT security risk.

Rake Narang: How would you compare the level of IT security protection that removing administrative rights provides with other forms of endpoint protection, such as antivirus?

Leonid Shtilman: Antivirus will stop known threats, while the principle of least privilege via the removal of administrative privileges can help to combat risks that are presently unknown to antivirus software that can threaten to exploit administration rights.  It’s the same protection principle as anti-virus, just with a different approach.  Companies wouldn’t go without antivirus – so why would they give administrative rights to users when there is a way for properly managing privileges without exposing the company to unnecessary security risks?