Leonid Shtilman, CEO and Co-founder of Viewfinity, talks with Rake Narang, Editor-in-Chief, of Info Products Security Guide about the Level of IT security protection provided by removing administrative rights as
compared to other forms of endpoint protection, such as antivirus.
Rake Narang: What security threats are most enterprises least
prepared to subvert?
Leonid Shtilman: The security threats that most enterprises
are not fully prepared to mitigate are advanced security threats, i.e. threats
which are not yet covered by antivirus. One of the most popular ways to
infiltrate servers is to exploit administrative rights on endpoints and, through
that path, get into a position that allows for an attack on the vital part of
the enterprise infrastructure. A growing and highly-regarded opinion among IT
professionals is that controlling rights on personal computers and servers is a
crucial part of any security solution. Adhering to the principle of least
privilege is in the best interest of all companies, whether in the commercial
sector, healthcare, within government agencies, etc.
Rake Narang: What are some of the most common but critical mistakes
still happening in IT security?
Leonid Shtilman: In every organization there exists a
somewhat buried but very dangerous keyhole: the presence of local administrator
accounts. Local administrator accounts are often times created directly by users
and are hidden from the IT manager’s standard tracked list of administrative
accounts managed by Active Directory and can be used by malware to install
malicious software on local computers through the administrator account.
Further penetration into the IT environment is then accessible through this
loophole. It is essential that IT security and operations managers have a
method for mitigating this common but critical IT security risk.
Rake Narang: How would you compare the level of IT security
protection that removing administrative rights provides with other forms of
endpoint protection, such as antivirus?
Leonid Shtilman: Antivirus will stop known threats, while
the principle of least privilege via the removal of administrative privileges
can help to combat risks that are presently unknown to antivirus software that
can threaten to exploit administration rights. It’s the same protection
principle as anti-virus, just with a different approach. Companies wouldn’t go
without antivirus – so why would they give administrative rights to users when
there is a way for properly managing privileges without exposing the company to
unnecessary security risks?