Targeting intermediaries has become an all too common, especially for organizations that don't rigorously maintain the security posture of these devices. Examples of intermediaries include virtual private networks (VPNs), jump servers, virtual desktop infrastructure (VDI), as well as application publishing through access proxies.Īn attacker can attack an intermediary to attempt to escalating privileges using credentials stored on them, get network remote access to corporate networks, or exploit trust in that device if being used for Zero Trust access decisions. Intermediaries add link to the chain of Zero Trust assurance for the user or administrator's end to end session, so they must sustain (or improve) the Zero Trust security assurances in the session. Security of intermediary devices is a critical component of securing privileged access.
0 Comments
Leave a Reply. |