How Attackers Steal Credentials to Gain Stealthy Access to Your Organization

Presented by

William Largent, Security Threat Researcher, Cisco Talos, and Ted Kietzman, Product Marketing Manager, Cisco Duo

About this talk

You’ve no doubt heard the phrase, “Attackers don’t hack anyone these days. They log on.” By obtaining (or stealing) valid user account details, an attacker can gain access to a system, remain hidden, and then elevate their privileges to “log in” to more areas of the network. As a result of the level of access stolen credentials can provide, the use of valid accounts is prevalent across the threat landscape. Not only is it the second most common MITRE ATT&CK tactic, but the rise of MFA and an increase in basic phishing awareness means adversaries have gotten more creative. Often, this ends with the user being targeted for possible manipulation as part of an “insider attack.” But don't worry, at Duo, we've got you. To illustrate ways in which security practitioners can help defend against the techniques employed in credential stealing attacks, this webinar will break down an identity attack piece by piece. There will also be a discussion of methods and mechanisms to prevent or detect these techniques to stop breaches or limit their impact.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (98)
Subscribers (18879)
Duo is a cloud-based security platform that protects access to all applications, for any user and device, from anywhere. It’s designed to be both easy to use and deploy, while providing complete endpoint visibility and control. Duo verifies users' identities with strong multi-factor authentication. Paired with deep insights into your users’ devices, Duo gives you the policies and control you need to limit access based on endpoint or user risk. Users get a consistent login experience with Duo's single sign-on that delivers centralized access to both on-premises and cloud applications. With Duo, you can protect against compromised credentials and risky devices, as well as unwanted access to your applications and data. This combination of user and device trust builds a strong foundation for a zero-trust security model.