Identity Access & Security Best Practices Highlighted at Identity Management Day 2022
Read on to learn more about this year’s Identity Management Day, along with some of the supplemental best practices that were shared during the event.
Applying Access Control Lists in the Cloud
An Access Control List (ACL) provides a security mechanism to define who or what has access to your assets, buckets, network, storage, file, etc. Read on to learn how to use ACLs in the cloud to apply the principle of least privilege and segmentation.
The Axeda Vulnerability and Lessons Learned
In March, a vulnerability that impacts Parametric Technology Corporation’s (PTC) Axeda agent and Axeda Desktop Server was announced. The Cybersecurity and Infrastructure Security Agency (CISA) issued advisory ICSA-22-068-01 stating that the vulnerability is exploitable remotely with a low attack complexity… a particularly bad combination. This event serves as an apt moment to reflect on the underlying security deficiencies and what we can learn from them.
What is Vendor Privileged Access Management (VPAM)?
This blog will explore vendor access risks, the building blocks of VPAM, why VPAM is more than the some of its parts, core VPAM capabilities, and what a holistic vendor privileged access management solution should look like.
How to Prepare for 2022 Cyber Insurance Renewals and What to Expect
Cyber insurance premiums in 2021 continued to climb to record highs, spurned by a significant spike in successful cyberattacks. According to the Council of Insurance Agents & Brokers, the average premium for cyber insurance coverage increased 27.6% during Q3 2021, which was on top of an increase of 25% in the previous quarter.
Celebrating International Women’s Day and Women’s History Month at BeyondTrust!
In celebration of International Women’s Day and Women’s History Month, the Women and Allies BeyondTrust Employee Resource Group (BTRG) hosted a robust slate of events to highlight and celebrate the incredible women of BeyondTrust.
Export Implications of the Conflict in Ukraine
Russia’s invasion of Ukraine has spurred several new regulatory actions on the global trade front. Governments, including the United States and the United Kingdom, have imposed new sanctions programs and tightened export restrictions against individuals, companies, and organizations with ties to Russia and Belarus. Learn what BeyondTrust is doing.
Lapsus$ Breaches Remind us Service Desks & Insiders often Weakest Link
Last week was a busy one for the criminal hacking group Lapsus$, also known as DEV-0537. On Monday, Lapsus$ announced that it had a “super user” administrative account for identity as a service (IDaaS provider) Okta, via a third-party support engineer. On Thursday, seven purported members of Lapsus$--ages 16 to 21—were apprehended by City of London Police. Read on for more BeyondTrust Labs insight on the Lapsus$ group, their modus operandi, and security practices you should implement to stay protected from Lapsus$-like attacks.
From FBI Raid to CTO, Free Mountain Dew, and Hacker and Security Culture: Marc Maiffret’s ModernCTO Conversation
Marc Maiffret, CTO of BeyondTrust, recently sat down with Joel Beasley, the author of ModernCTO and host of the ModernCTO podcast, to discuss eventful career beginnings, technology leadership strategies, and hacking and security culture. Read the transcript from their conversation or listen to the podcast now.
Password Cracking 101: Attacks & Defenses Explained
Password cracking (also called, password hacking) is an attack vector that involves hackers attempting to crack or determine a password. Password hacking uses a variety of programmatic techniques and automation using specialized tools. These password cracking tools may be referred to as ‘password crackers’. Credentials can also be stolen via other tactics, such as by memory-scraping malware, and tools like Redline password stealer, which has been part of the attack chain in the recent Lapsus$ ransomware attacks. This in-depth blog highlights password vulnerabilities and risks that give attackers and edge, and provides an overview of password cracking motives, techniques, tools, and defenses.
Azure AD Security Best Practices: Access, Controls, & Roles
Two cybersecurity experts explore the state of security and privileged access in Azure Active Directory (AD) and demonstrate best practices.
Turbocharging your IT Service Desk
The demands on IT Service Management (ITSM) have never been greater. Internal and external ITSM customers demand more efficient, “one-stop-shop” service. Management requires greater productivity and demonstrable ROI. Together BeyondTrust and ServiceNow seamlessly enable your enterprise to increase productivity, strengthen your security, and meet compliance requirements.