Let me be clear, I believe in and personally use 2-factor (2FA), Federation and cloud based identity solutions. But what I worry about (obsess?) is how they can be bypassed. (By the way, everything I talk about herein applies even more if you aren't using these technologies.)
There are 2 main ways.
- Social engineering of your own admins or the cloud service support staff. This is the lesser of the 2 risks for a number of reasons. I'll talk about that in the future.
- Compromised end-user devices. This is the big one; let's drill into it.
Here's the baseline scenario. A bad guy succeeds in embedding malicious code on your end-user’s device through phishing, drive-by download, infected USB, memory attack, - you name it.
With arbitrary code running on that device the bad guy can “become” your end-user and there are multiple ways he can defeat 2 Factor, SSO, Federation and Cloud Identity. In this real training for free ™ webinar I will show you how, including:
- Simple keystroke logging (works against single factor federation)
- Man-in-the browser
- Hidden sessions
- Form sniffing
- Piggybacking
How can you mitigate these risks? Forget traditional AV, right? OK that leaves us:
- Some very exotic jump-box / VDI solutions that I’ve actually implemented to protect some of our clients and internal processes
- Stopping the malware through more effective technologies
I will show you how both methods work and compare them in terms of benefit, end-user impact, risk and so on.
This is an exciting webinar for me to do because it provides an opportunity to share some of my deepest research and thinking over the past year and I want to thank Heat Software (formerly Lumension) for making this event possible. Chris Merritt will join me and briefly discuss how Lumension Endpoint Management and Security Suite hits the bulls eye on core issue we discuss in this event.
Don't miss this real training for free ™ event. Please register now.