Preempt Blog

You read that right. In a shameless reference to the Office, I want to be the JIM to your PAM. Jim and Pam’s relationship was undeniable from the start: both of them had a mutual understanding and fit. While they constantly denied their relationship, it was evident that being together made them stronger and better.

BloodHound is a public and freely available tool that uses graph theory to automate much of the confusion behind understanding relationships in an Active Directory (AD) environment. It allows hackers and pentesters to know precisely three things: which computers give admin rights to any user, which users effectively have admin rights to any computer, and effective group membership information (see Image 1). Because Bloodhound can be used maliciously, organizations need to better understand how it is being used, how to protect privileged users, and how to prevent attacks.   

Deck the hall with sad employees, Fa, la, la, la, la, la, la, la, la! 

'Tis the season to be swindled, Fa, la, la, la, la, la, la, la, la!

It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector [a free security tool available to download here] to help you focus on the most important security issues you might be facing.

In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a special inquiry had taken place, revealing that SingHealth had several security gaps and vulnerabilities which could have easily been exploited by attackers, including a local administrator account with a very weak password (P@ssw0rd). In fact, one of the ways which enabled the attackers to move laterally in the network was by using compromised Citrix local accounts.

The 2010 discovery of the Stuxnet worm was one of the truly seminal moments in the world of cybersecurity. The world saw firsthand how malicious code could cause crippling damage to physical assets. Virtually every industry had to stop and take notice, and none more so than the energy sector.

This week, IAM and security professionals came together in Las Vegas for the Gartner Identity and Access Management (IAM) Summit to discuss the top trends and strategies across the IAM landscape in 2018 and beyond. From best practices for implementing mature solutions to discussions about the future of the innovative technologies, the summit gave refuge for all the weary-eyed professionals looking to tackle their biggest security challenges.

Most of us still dream practical, down to earth, old fashioned dreams. And I’d place a bet that not many people, if any, dream about their credentials being stolen.  Almost all of my memories from the last 15 years or so are stored digitally. The majority of my day to day activity is managed online. My online persona is almost identical to my physical one. I imagine that  many of you are in the same situation.

Multi-factor authentication (MFA) has become an essential building block of security policy and practice, and likewise has taken on an increasingly important role in regulatory standards such as the PCI-DSS. Specifically, PCI Requirement 8.3 calls out how MFA should be used to secure both the cardholder data environment (CDE) as well as any networks connected to the CDE. And while protecting your most valuable assets with MFA makes good intuitive sense, the details can get a little tricky if you don’t have a flexible way of enforcing policy in your networks. Fortunately, Preempt’s security platform makes it easy to extend MFA to any asset based on almost context you choose. So let’s take a quick look at what PCI requires, and how you can turn a deceptively tricky requirement into a simple, automated process that you never have to think about.

Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When pen testers are able to carve through your defenses at will, it can be discouraging and hard to know where to start.