MFA all the things! But wait - really all the things?
Multi-Factor Authentication is one of the de facto answers to improving any organisation's security posture, and is most likely something you already use in a corporate environment. However, the harsh reality is that it's not applicable in every security scenario:
- MFA is not supported by CLI access tools in Active Directory environments. Most key authentication protocols in this environment, such as NTLM and Kerberos, were not designed with MFA in mind.
- It does nothing to prevent lateral movement or offer resistance against ransomware attacks. Most attackers find it easy to move from the initially compromised workstation (patient zero) to other workstations via RDP.
- This in turn affects both on-premise and cloud infrastructure.
- Partial MFA is not really all that good. Having strong security on all your doors but not on your maintenance entrances is just as bad as no MFA protection at all.
MFA is a critical layer of defence; but it should be understood as one part of a broader security strategy, not a complete solution. Knowing where it falls short is just as important as knowing where to apply it.
Originally published on LinkedIn.