The Security Risks of NTLM: Proceed with Caution

Posted by Yaron Zinar on Oct 18, 2018 10:50:00 AM

NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows machines and servers. Even though it has not been the default for Windows deployments for more than 17 years, it is still very much in use, and I have not yet seen a network where it has been completely abandoned. In fact, it also supported by the latest version of Active Directory.

Read More

Topics: NTLM, Active Directory, Risk, kerberos

Is a Fragmented View of Users Increasing Your Risk of Breach?

Posted by Heather Howland on Oct 12, 2018 1:08:56 PM

Last week, I was on the road speaking with CISOs across the country. One theme emerged loud and clear: Virtually all of the organizations have invested a lot in security tools and solutions, but despite their investment, they struggle with getting a complete view of user access across platforms. So, with that, I’d like to share how our customers have been able to overcome this common challenge to gain a more holistic view of users and identity within their organizations.

Read More

Hostile by definition: Thoughts on Zero Trust Security – and its pitfalls. Part 1

Posted by Eran Cohen on Oct 4, 2018 12:03:15 PM

It’s a common question after a major breach: did you do everything you could have to protect your network? Most of the time the answer is...probably not. Often, we live in a false sense of security. We know it, and most of us are OK with it. But let's talk about what’s practical and what steps can be taken to help you get to a better sense of security.

Read More

Three Security Lessons to Keep in Mind Leading Up To the R-CISC Summit

Posted by Heather Howland on Sep 27, 2018 7:27:59 AM

It’s never been more important for retailers to harden their cybersecurity posture— especially given the documented trend of intensified attacks on retailers during the rapidly-approaching holiday season. We’re excited to attend the 2018 Retail Cyber Intelligence Summit in Denver and look forward to learning from and sharing perspective with the R-CISC community, including some of the top retail companies in the world.

Read More

Is Your PAM Solution Enough to Block Credential Theft?

Posted by Yaron Zinar on Sep 20, 2018 1:48:15 PM

I was recently working with a large US-based company that suffered from repeated breaches to their corporate network. After we deployed the Preempt Platform and started monitoring all traffic, we quickly found several hacked privileged accounts that attackers were using. The interesting thing was that all privileged accounts were protected with password vaults and their passwords were rotated every 24 hours. In that particular case, the attackers compromised a web gateway that some admins logged into each day using a plaintext password. Using this weakness, attackers easily defeated the Privileged Access Management (PAM) solution, they simply had to harvest the password each day and do whatever they wanted with it.

Read More

Three Lessons You Can Learn from A Recent Security Breach

Posted by Heather Howland on Sep 12, 2018 4:23:43 PM

After an organization has been breached, one of the most critical steps to take is to determine the root cause and to take active steps to more proactively protect the business. Recently, Preempt was brought in to help a Fortune 500 company with a critical internal threat situation. A malicious actor was able to move laterally within the company’s environment, threatening its international brand, financials and customer relationships. Capitalizing on lessons learned during and after incident response provides immediate and long-term benefits to prevent future breaches. These takeaways can also provide valuable advice for other companies who are looking to improve their security posture and prevent business critical attacks. Here, we’ll share the story and outline the top three lessons.

Read More

3 Ways to Improve Security Incident Response Time with IATP

Posted by Heather Howland on Sep 6, 2018 7:17:51 AM

Companies today are exposed to many threats and incident response (IR) teams have to respond to both real or suspected breaches. Incidents can include credential compromise, phishing, malware in the network, Denial of Service (DoS) attacks, zero day threats, and unauthorized changes to the network, hardware or software to name a few. Many organizations will also hire a red team, which is specifically hired to try to create actual attack scenarios to expose attack surfaces and test for network vulnerabilities. This all keeps an IR team pretty busy.

Read More

Transitioning applications to the cloud doesn’t have to mean sacrificing security, visibility or control

Posted by Eran Cohen on Aug 30, 2018 9:42:30 AM

A CISO recently told us that despite having an impressive array of cybersecurity solutions during their transition to the cloud, nothing was tying it all together from a threat standpoint. From her perspective, all the security tools at their disposal were great individually, but lacked visibility across all accounts and all platforms. Further, they didn’t have the ability to identify and respond to threats, as well as user access requests, in a consistent manner. It actually made the job harder and less effective. This vulnerable patchwork approach of disparate vendor solutions is all too common.

Read More

Looking Back on Black Hat 2018: Four Key Learnings from This Year’s Event

Posted by Sagi Sheinfeld on Aug 24, 2018 4:00:35 PM

Two weeks ago I attended the Black Hat USA 2018 conference: As one of the largest cybersecurity events in the world, it’s always interesting to hear the key themes and trends the industry is buzzing about. Here are my observations on four actionable takeaways from the 2018 conference.

Read More

Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols

Posted by Yaron Zinar on Aug 17, 2018 1:59:37 PM

Preventing lateral movement and unauthorized domain access due to the misuse of network credentials - especially due to reconnaissance tools looking for weak spots - is a challenge plaguing many enterprises. In fact, it’s a decades-old security problem. A major issue for enterprises has been how to detect and contain the use of reconnaissance tools like BloodHound, authentication protocols such as NTLM, DCE/RPC, Kerberos and Lightweight Directory Access Protocol (LDAP), as well as other IT tools like PsExec and Powershell that are being misused or exploited by attackers.

Read More