Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

One-Time Password (OTP) Solutions for Privileged Access

​A one-time password (OTP) is the password used in a credential pair that is valid for only one login session or transaction. OTPs are used to minimize the risks of traditional, static password-based authentication by making passwords variable per operation. As an added layer of security, OTP implementations can also incorporate two-factor authentication (2FA) to help verify the identity of the individual using an additional trusted source.

Read this post

What is the Difference Between a Threat Actor, Hacker, and Attacker?

During security events, we learn about the indicators of compromise, attack vectors, and the financial cost of the breach to the business and clients. Somewhere during the process, we learn if it was a threat actor, hacker, or attacker that caused the malicious activity. The questions are, “What is the difference?” and “Don’t they all mean the same thing?” Well, the truth of the matter is they don't, and many times they are used incorrectly in reporting a breach or even a minor cybersecurity incident.

Read this post

How to Mitigate the Windows DogWalk Vulnerability

​The Windows DogWalk vulnerability (CVE-2022-34713) presents a prime reminder of why a proactive approach to endpoint security is so important. This blog will discuss the DogWalk vulnerability and how organizations can proactively protect themselves from such vulnerabilities and other threats with endpoint privilege management.

Read this post

Inside Cloud Security Threats and Attack Vectors

The cloud is a brave, new (well, sort of new) world that many are running headlong into with a sense of urgency that’s, frankly, astonishing. This blog takes a quick glimpse at the thought process that went into the writing of Cloud Attack Vectors to discuss the cybersecurity problems and challenges that make understanding the attack vectors in the cloud vital.

Read this post

10 Must-Have Certifications for IT Support Professionals

Whether you are looking to start or “reboot” your IT career, or to simply stay up to date on the skills and knowledge needed to work with the ever-changing technologies, security considerations, and best-practices of the profession, it is important that you accrue the Information Technology (IT) certifications that are most likely to have the biggest impact on your organization—and your career.

Read this post

A Zero Trust Approach to Modernize the Common Office Environment (COE)

In recent years, work-from-home (WFH) and work-from-anywhere (WFA) initiatives, and accelerated digital transformation journeys, have radically impacted the traditional Common Office Environment (COE). Read on to explore how the modern COE should evolve to reflect a zero trust and identity-centric posture.Organizations must adapt their COE security controls to home networks, and even public WiFi that could be in a retail establishment, public location, or provided by an apartment building for all residents.

Read this post

The Power of Good Server and Endpoint Naming Conventions

When I first started in information technology, one of the more humorous aspects was the host naming conventions customers chose for endpoints – servers and workstations alike. For example, one customer chose starship names from Star Trek, and another customer picked characters from Disney movies. While silly, it was easy to remember “Enterprise” was a file and print server, and “Hercules” was a Domain Controller.

Read this post

Security Questions Can Pose a High Risk: Learn Tips & Tricks to Mitigate the Threat

​Every individual who has online accounts to access services or applications invariably has had to establish answers to security questions. The purpose of these questions is to periodically re-affirm our identity, or to regain access if we forget our password, by providing our answers. The problem with these security questions (and with our answers) is that they become a liability when the results are leaked online, such as through a data breach, or become public knowledge. Why? Because many (in fact, thousands) of sites potentially use identical security questions.

Read this post

Linux Attack & Defense: Matrix Breakout Edition

​As a penetration tester, I enjoy playing the Capture the Flag (CTF) challenges you'll find on VulnHub.com or at an information security conference. As a teacher, I enjoy showing people how to block the attack through proactive systems hardening.

Read this post

AWS Root vs IAM User: What to Know & When to Use Them

​In Amazon Web Services (AWS), there are two different privileged accounts. One is defined as Root User (Account owner) and the other is defined as an IAM (Identity Access Management) User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one account versus the other, and best practices for protection of these identities in the cloud.

Read this post

Top 15 Password Management Best Practices

Think passwords will soon be dead? Think again. Passwords are cumbersome and hard to remember — and just when you do remember them, you’re ordered to change them again. And guess what? The new password you do come up with is easily guessed and hackable. Nobody likes passwords, but for now, they are not going anywhere. And while some have tried to replace passwords with biometric data, such as fingerprints and face-scanning technology, these are not perfect, so many resort back to the trusty (but frustrating) old password.

Read this post