BeyondTrust

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Remote Work & Digital Transformation Expanded the Attack Surface: IDSA Study Shows IT Leaders Embracing Identity-Centric Security to Close the Gaps

The IT security concepts of zero trust and identity-centric security have risen to prominence in response to the challenges of an increasingly distributed, mobile, and perimterless digital world. Most cyberattacks today revolve around identities, and the credentials and privileges of those identities. A new study sponsored by the Identity Defined Security Alliance (IDSA)-sponsored validates that a shift to identity-centric security and zero trust is clearly underway, and that organizations are making faster progress in implementing identity-based security outcomes.

Read this post

New South Wales (NSW) Auditor General Report Spotlights Cybersecurity Risks Lurking across Local Governments

​2021 has been ablaze with largescale cyberattacks causing global disruption (SolarWinds, JBS Meats, etc.) as well as more targeted attacks impacting organizations Down Under (Eastern Health, Nine Entertainment, Oxfam, and the WA Parliamentary Network – during the state election!) With digital transformation accelerating and everyone adjusting to a “new normal”, how well are local governments across Australia poised to withstand the modern cyber threat scape?

Read this post

Defining & Protecting Critical Software to Improve U.S. National Cybersecurity & Supply Chain Resilience

With a wave of industry-shaking cyberattacks kicking off the first half of 2021, the U.S. government has mobilized efforts and marshalled minds and resources to improve supply chain cyber resilience and protect critical infrastructure. Recently, President Biden issued the Executive Order (EO) on Improving the Nation’s Cybersecurity. This blog will put forth definitions and best practices to address Section 4 of Biden’s EO: Enhancing Software Supply Chain Security. I will start by defining what critical software is, and then breakdown three fundamental cybersecurity categories that all agencies and enterprises should implement to ensure a strong foundation for securing critical software and bolstering the software supply chain.

Read this post

SCADA and IoT Security: What is Broken, & Can it Be Fixed?

​Over the past decade, we've seen a vast array of different types of devices and systems connected to the Internet. While this feels like technological progress, there's a dark side to bringing the Internet of Things (IoT) online—these systems come under attack just like other connected infrastructure. Unfortunately, many SCADA environments today include connected systems with relatively weak security capabilities and configurations, leading to compromise and breach scenarios that are not only dangerous, but could be deadly.

Read this post

Dispatches from Anywhere: Securing the Next Wave of Work

​After the 2020 pandemic tipped our traditional way of work on its head, companies scrambled to support fully remote workers. But as the vaccine roll-out continues, many organizations are welcoming workers back to the office. However, that doesn’t mean all companies are planning to go back to exactly the same way things were before. Some companies, like Nationwide and VMware, have announced their decision to stay “remote first” for the long-term, while others are looking at flex solutions like 2 days in office and 3 days home -- or one week in office and the next week home. The implications for IT and ITSec departments is that they must prepare to support fully or partially remote workers well into the future.

Read this post

How to Mitigate macOS CVE-2021-30657 with BeyondTrust Privilege Management for Mac

Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper (the macOS security feature that verifies downloaded applications before allowing them to run) and bypasses File Quarantine and Application Notarization protections as well.

Read this post

Will DarkSide Pipeline Ransomware Attack Fuel Cybersecurity Upgrades for Critical Infrastructure?

​The attack against Colonial Pipeline by the cyber-criminal gang DarkSide is the latest glaring example of just how vulnerable some critical systems and infrastructure are to attack. The attack has taken 45% of the fuel supplied to the U.S East Coast region completely offline since May 7th. Along the East Coast region, the public is experiencing long lines and fuel outages at many gas stations due to panic buying, with gas prices also running higher as a consequence. While public details of the actual attack chain remain scant, early speculation is that the attack may have started with a phishing attack, leading to widespread compromise of systems over weeks or months.

Read this post

The Cyberattacker’s Path of Least Resistance is Shifting: Here’s How You Must Adapt

The attacker’s path of least resistance (POLR) to corporate data and assets is shifting, thus, so too must our IT risk management calculus and defensive priorities. The defenses I’m talking about include physical security as well as cybersecurity technologies. In this blog, we will explore how the attack surface is changing, why this is re-shaping the path of least resistance for attackers, what a recalibration of physical security and cybersecurity entails, and best practices for protecting identities, data, and corporate assets going forward.

Read this post

Rethinking Remote Access Security: Can Zero Trust Replace VPNs?

As organizations look to provide ways to secure and deploy remote access solutions to an ever-growing number of employees, many are turning to zero-trust models to replace aging VPN solutions. Zero trust can be less complex to deploy and maintain than VPN. And by design, zero trust solutions are more secure, reliable, and better performing.

Read this post