The Buyer's Guide for Complete Privileged Access Management (PAM) is the most thorough tool for holistically assessing your privileged access security needs and mapping them to modern privilege management solutions.
– Suspected Iranian nation-state threat group Cobalt Dickens has launched a new global attack campaign to steal intellectual property, discovered Secureworks Counter Threat Unit (CTU) researchers. The group, also known as Silent Librarian, has been using spoofed library services login pages as part of a campaign targeting academics in order to steal intellectual property.
– A malware infection which caused the shutdown of a European Central Bank (ECB) website should not be blamed on its third-party service provider, according to a spokesperson at the ECB, as the central bank is responsible for its upkeep.
– Today, organizations work with third parties for a variety of reasons. External vendors, outsourcers, and contractors play a vital and growing role within an organization, but when given access to an institution’s network and systems, they can be difficult to monitor and manage.
– Privileged password management solutions let you create, share, and automatically change enterprise passwords. You can assign user permissions at any level, and track password usage with full audit reports.
– Have you heard the one about the toothbrush that uses artificial intelligence to tell you to brush harder? Morey Haber of BeyondTrust has and it annoys him intensely. He's seen a company sued because it claimed basic pattern recognition was AI and it just wasn't - and he's had enough.
– Attackers crave insider-level access to IT infrastructure, and to get it, they regularly target insiders - and especially anyone with "super user" or admin-level access - to steal their credentials, says Karl Lankford of BeyondTrust.
– The Internet of Things (IoT) encompasses a growing number of connected devices ranging from security cameras to smart thermostats. Many businesses use enterprise-level IoT devices to help workers get things done more efficiently or to assist with meeting facilities management needs. But, there's one area where enterprise IoT falls short — identity management
– Of the 401 exhibitors at Infosecurity Europe 2019, it is believed that just 13 percent had actually executed full DMARC protection successfully so as to stop potential phishing emails at the gateway.
– According BeyondTrust’s 2019 Privileged Access Threat Report, 64% of businesses globally believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access.
– A new global survey from BeyondTrust explores the visibility, control, and management that IT organizations in the U.S., APAC, Europe and the Middle East have over employees, contractors, and third-party vendors with privileged access to their IT networks.
– New research has revealed that 64 per cent of businesses globally believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, while 62 per cent believe they’ve had a breach due to compromised vendor access.
– Most businesses admit to breaches relating to abuse of user credentials, according to a report that highlights cyber hygiene failings in the UK and the importance of greater visibility and integration to cyber defence capability
– From the consolidation of network policies in an acquisition, to the mistrust of employees and third parties, how exactly should security teams address the issues at hand? Karl Lankford of BeyondTrust explains.
– While some may argue it is more humane to trap and release a mouse versus creating a literal mess of the rodent, the goal is the same: to keep the mouse out of the house. This is a crude analogy for cybersecurity, but it works — you have to consider the appropriate action to keep a threat actor out of your environment. Should you terminate them or practice catch and release? Both have merits, and both have serious concerns that Morey Haber, BeyondTrust's CTO and CISO, covers in this article.
– The transition to Windows 10 doesn't need to be a sprint. BeyondTrust's Kevin Alexandra describes how organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
– Realizing that most large organizations today have sophisticated security defenses, bad actors are beginning to target third-party vendors, as a means to gain access to an enterprises’ network. In this article written by Morey Haber, BeyondTrust CTO and CISO, Haber describes how threat actors are exploiting organizations via third parties and what can be done to seal this vulnerability.
– Intelligent CIO sits down with Morey Haber, Beyond Trust CISO and CTO, for a wide ranging Q&A about his advice for people interested in following his path to a CISO role, and the biggest technology and security trends that he sees developing.
– BeyondTrust's Scott Walker discusses how integrating regular and up to date security training to educate employees about cybersecurity threats will ensure they are aware of the most recent tactics used to target systems and what can be done to prevent them.
– The concept of JIT PAM, which is being promoted by security vendors such as Beyond Trust, is one of controlling access based upon a number of different policies that are further enhanced with behavioral data.
– BeyondTrust announced the release of its annual Microsoft Vulnerabilities Report. The research provides the latest insight into Microsoft security vulnerabilities facing organizations today, as well as a five-year trends analysis to better equip organizations to increase their IT security posture and keep networks and systems safe.
– A new analysis of Microsoft's security updates in 2018 suggests the company's long-standing efforts to build more secure products continue to be very much a work in progress. But the good news is that removing admin privileges can mitigate most Microsoft security vulnerbilities, a new study by BeyondTrust shows.
– With the amount of data dominating the current tech landscape, CIOs and business leaders must prioritise how they manage consumer data to avoid the repercussions. Morey Haber, CTO of BeyondTrust, gives his views on how companies should be approaching it correctly.
– It is always a philosophical debate as to whether to use open source software in a regulated environment. In the case of ‘sudo’—a package designed to provide privileged access included in many Linux distributions—the debate is whether it meets the requirements of an organization, and to what level it can be relied upon to deliver compliance information to auditors. While every organization is different, BeyondTrust CTO Morey Haber says there are four specific risks/costs that you should consider before deciding if sudo is right for your organization.
– A zero-trust security model redefines the architecture of a trusted network inside a defined corporate perimeter. This is relevant today since technologies and processes like the cloud, DevOps, and IoT have either blurred, or completely dissolved, the idea of a traditional perimeter. But, as BeyondTrust CTO Morey Haber explains in this byline article, while zero trust has become a trendy catchword in IT, in practice, it remains more of a theoretical concept as opposed to one that organizations can implement, for a couple of reasons.
– New statistics from the UK government’s Department for Digital, Culture, Media and Sport (DCMS) have shown a reduction in the percentage of businesses suffering a cyberbreach or attack in the last year.
– Vendors, service providers and even government agencies have been rapidly deploying chat-based features to field requests from sales to support. It is typically unknown to the user if they are getting a real person or a machine. With a little social engineering, a threat actor can determine which one is behind the scenes. Regardless of human or machine, there are some interesting security risks to chat-based services.
– RewardExpert recently spoke with Donald Hasson, BeyondTrust’s senior director of product management, about how the company’s privileged access management (PAM) portfolio can help other businesses reduce their risks of a data breach with simple to integrate solutions that enhance user productivity and maximize IT security.
– Karl Lankford, for BeyondTrust, explores previous attacks to industry and draws on findings from an access threat report: Cyberattacks are putting lives at risk via administrative back doors left open.
– According to our own Privileged Access Threat Report, 66% of surveyed organizations claimed that they could have experienced a cybersecurity breach due to third-party access in the last 12 months, and 62% due to insider credentials.
– BeyondTrust has announced the winners of its annual Partner Awards – Asia Pacific and Japan, recognising ten top-performing individuals and businesses that played a pivotal role in elevating BeyondTrust’s operations in the region throughout 2018.
– To secure privileged accounts - a major source of breaches - it's essential to gain an understanding of how they can be attacked. Here are six of the most common privileged account attack vectors:.....
– BeyondTrust, formerly known as Bomgar, is great software for remote PC access support around the world. The software allows cross-platform access and can integrate with multiple platforms. It is accessible via your own device or the cloud, depending on the plan you purchase. Each plan allows unattended access, screen sharing and collaboration.
– If you travel frequently for work or are responsible for purchasing merchandise or services for your employer, is it acceptable to use your work email address to complete a transaction, or should you use your personal email? This question, and your departure from an organization for not making the right choice, can create a complicated situation and security risk that most employers are ignoring. Morey Haber explores the ramifications in this Forbes article.
– Privileged access management should not only be considered for new projects and legacy systems to stop privileged attack vectors. It should be considered for forensics and remediation control after an incident or breach.
– 2019 will see an increasing number of attacks coordinated with the use of artificial intelligence and machine learning. Artificial intelligence will analyse available options for exploit and develop strategies that will lead to an increase in number of successful attacks
– Group FaceTime allowed someone to listen in on a conversation, without the other person knowing about. It calls into question how secure are the microphones in the devices we have with us all the time.
– BeyondTrust has announced Defendpoint 5.3 with Power Rules to help speed decisions on whether to allow an application to run, or allow it to run with admin rights, by automating the integration of third-party intelligence sources.
– No one wants to respond to a security incident or a breach, particularly at the start of a new year! Instead the highest priority should be to stop a cyber threat before it compromises the organization.