Podcast: Addressing Credential Compromise and Insider Threats Requires a New Security Approach

Posted by Matt Culbertson on Mar 6, 2019 10:59:25 AM

How can you secure an organization by using identity, behavior and risk? Preempt CEO Ajit Sancheti recently conducted an interview with Blog Talk Radio on how the enterprise perimeter is eroding - and what to do about it. Identity and Access Threat Prevention is a critical component of an effective enterprise cybersecurity, and as Ajit explains, a strategy that combines holistic visibility and real-time enforcement addresses the complex nature of today’s enterprise IT environments.

Read More

Topics: Insider Threat

Can You Stop a Breach in 19 Minutes?

Posted by Monnia Deng on Feb 27, 2019 10:03:31 AM

Spotting an initial breach of a network is already difficult. New research begs an additional question: can you stop attackers from gaining control of your critical systems and applications in a matter of minutes? According to Crowdstrike, if you can't detect and respond to a breach in under 19 minutes, you may be vulnerable to Russian hackers. In their annual threat report, Crowdstrike found that Russian hackers had a “breakout time” - the time a hacker takes from gaining initial foothold in the network to when they start moving laterally to critical machines - of just 18 minutes and 49 seconds, which is the fastest in the world. North Korea, China, and Iran placed second, third, and fourth, respectively (English-speaking countries were not studied, but we imagine the US and UK would be among the top of the list).

Read More

Topics: Hacking

Optimize Your Okta Deployment with Preempt

Posted by Monnia Deng on Feb 21, 2019 12:16:50 PM

Enabling customers to secure their corporate assets while easily moving to the cloud has always been at the forefront of Preempt’s mission. While Preempt shines in preventing network threats with our unique detection capabilities, such as our ability to detect NTLM relay attacks in real-time, our goal has always been to bring these advanced threat detection and prevention capabilities to the cloud.

Read More

Topics: Use Case, Integration

Cybersecurity Science Project or Immediate Value: Which Do You Prefer?

Posted by Jeff Baker on Feb 14, 2019 2:40:04 PM

A C-suite IT executive recently told us about a nightmare cybersecurity implementation: after extensive network surgery and a seven-figure investment, the platform still wasn’t stood up three years later. This type of story is all too common, and among the many consequences, organizations can find themselves unprotected from common attacks (particularly credential compromise and stealthy admins) despite spending millions on point solutions. In a competitive infosecurity market, vendors are promising the world, yet project implementations can be plagued by delays and uncertainty, and sunk costs can mean security and IT teams’ hands are tied.

Read More

Topics: Informaton Security

New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

Posted by Yaron Zinar on Feb 4, 2019 11:41:13 AM

Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain domain admin privileges. Organizations that rely on Microsoft Exchange are currently at risk of a serious data breach. This attack is particularly concerning given that it obtains privileges to the domain controller, which is essentially the “keys to the kingdom.” We’ve simplified some of the specifics of this attack for the purposes of this blog, but for a full technical breakdown, please see research from Dirk-jan Mollema.

Read More

Topics: NTLM, Microsoft

The Emergence of Identity and Access Threat Prevention, as explained by 451 Research

Posted by Matt Culbertson on Feb 1, 2019 1:57:37 PM

Enterprises continue to embrace cloud-based architectures, and cloud services are a significant contributor to a forecasted $3.8 trillion in IT spending this year. But increasingly, organizations are finding the one-size-fits-all cloud approach to be obsolete. For many workloads and services, firms are surprisingly moving assets back to on-prem and hybrid environments to address unique challenges like network complexity and a chronic shortage of security staff.

Read More

Topics: Identity

Three Ways to Limit the Cybersecurity Impact of the Government Shutdown

Posted by Monnia Deng on Jan 25, 2019 10:25:25 AM

UPDATE (Jan. 25): Recent news reports state a deal has been reached to re-open the federal government through Feb 15. The issues outlined in this blog continue to apply to public and private sector organizations.

As many of you may have read in the news recently, the government shutdown has had a negative impact on both federal and enterprise security. Krebs on Security has reported possible consequences of the government shutdown on the talent pool, such as federal employees actively being recruited by the private sector, as well as delays on security clearances. Duo Security’s news arm, Decipher, has also done a great job laying out potential government shutdown impacts on enterprise security, including delays on NIST guidelines and standards, and closure of FIPS validation sites.

Read More

Topics: Risk, Credential Compromise, Hacking

With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?

Posted by Matt Culbertson on Jan 18, 2019 1:38:10 PM

What password would you use for a bank account soon to be worth $120 million?

Read More

Topics: Credential Compromise, Passwords

Making Privileged Access Management Complete: Find the JIM to your PAM

Posted by Monnia Deng on Jan 10, 2019 1:50:15 PM

You read that right. In a shameless reference to the Office, I want to be the JIM to your PAM. Jim and Pam’s relationship was undeniable from the start: both of them had a mutual understanding and fit. While they constantly denied their relationship, it was evident that being together made them stronger and better.

Read More

Topics: Privileged Users, Privileged Accounts

Catching Bloodhound Before it Bites

Posted by Nir Yosha on Jan 3, 2019 9:29:32 AM

BloodHound is a public and freely available tool that uses graph theory to automate much of the confusion behind understanding relationships in an Active Directory (AD) environment. It allows hackers and pentesters to know precisely three things: which computers give admin rights to any user, which users effectively have admin rights to any computer, and effective group membership information (see Image 1). Because Bloodhound can be used maliciously, organizations need to better understand how it is being used, how to protect privileged users, and how to prevent attacks.   

Read More

Topics: Threat Detection, Adaptive Threat Prevention, Attack Tools