The cloud is a brave, new (well, sort of new) world that many are running headlong into with a sense of urgency that’s, frankly, astonishing. This blog takes a quick glimpse at the thought process that went into the writing of Cloud Attack Vectors to discuss the cybersecurity problems and challenges that make understanding the attack vectors in the cloud vital.
Whether you are looking to start or “reboot” your IT career, or to simply stay up to date on the skills and knowledge needed to work with the ever-changing technologies, security considerations, and best-practices of the profession, it is important that you accrue the Information Technology (IT) certifications that are most likely to have the biggest impact on your organization—and your career.
In recent years, work-from-home (WFH) and work-from-anywhere (WFA) initiatives, and accelerated digital transformation journeys, have radically impacted the traditional Common Office Environment (COE). Read on to explore how the modern COE should evolve to reflect a zero trust and identity-centric posture.Organizations must adapt their COE security controls to home networks, and even public WiFi that could be in a retail establishment, public location, or provided by an apartment building for all residents.
When I first started in information technology, one of the more humorous aspects was the host naming conventions customers chose for endpoints – servers and workstations alike. For example, one customer chose starship names from Star Trek, and another customer picked characters from Disney movies. While silly, it was easy to remember “Enterprise” was a file and print server, and “Hercules” was a Domain Controller.
Every individual who has online accounts to access services or applications invariably has had to establish answers to security questions. The purpose of these questions is to periodically re-affirm our identity, or to regain access if we forget our password, by providing our answers. The problem with these security questions (and with our answers) is that they become a liability when the results are leaked online, such as through a data breach, or become public knowledge. Why? Because many (in fact, thousands) of sites potentially use identical security questions.
As a penetration tester, I enjoy playing the Capture the Flag (CTF) challenges you'll find on VulnHub.com or at an information security conference. As a teacher, I enjoy showing people how to block the attack through proactive systems hardening.
In Amazon Web Services (AWS), there are two different privileged accounts. One is defined as Root User (Account owner) and the other is defined as an IAM (Identity Access Management) User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one account versus the other, and best practices for protection of these identities in the cloud.
Think passwords will soon be dead? Think again. Passwords are cumbersome and hard to remember — and just when you do remember them, you’re ordered to change them again. And guess what? The new password you do come up with is easily guessed and hackable. Nobody likes passwords, but for now, they are not going anywhere. And while some have tried to replace passwords with biometric data, such as fingerprints and face-scanning technology, these are not perfect, so many resort back to the trusty (but frustrating) old password.
Privileged task automation (PTA) entails automating tasks and workflows that involve privileged credentials and elevated access. In this blog, I will explore what privileged task automation is, what it requires, and the benefits it confers for employees and organizations. But first, let’s take a look at how task automation in general works.
Today is an exciting day for me personally and for BeyondTrust, as I officially assume the role of CEO. After six years in leadership roles at BeyondTrust, including Chief Operating Officer and Chief Financial Officer, I’m honored to move into the next phase of my career at BeyondTrust and build on the incredible success we’ve experienced as a company.
This year’s IDSA report findings painted a jarring picture of the growing complexity of identity management and its impact on organizations. Here’s a detailed breakdown of the key findings outlined in the 2022 Trends in Securing Digital Identities report.
Time and again, security has taken a back seat to innovation. This blog will explore factors contributing to the lag between innovation and security in the Microsoft Windows ecosystem (i.e. technical debt), the biggest problems with the risks created by that security lag, and proven ways to mitigate (and even eliminate) threats inherent to the Microsoft ecosystem.