Why Insider Threat Denial is Everyone’s Problem

Posted by Eran Cohen on Sep 11, 2019 4:54:19 AM

People don’t like to admit when they’re wrong. And really, who can blame them? Being wrong is uncomfortable, anxiety-inducing, and embarrassing. These are all feelings that people try their best to avoid.

One of the most common methods for avoiding them is denial, or the unwillingness to accept something as truth. This isn’t a blog explicitly about human psychology, but it is about a dangerous cybersecurity problem rooted in it: insider threat denial syndrome.

Read More

Topics: Insider Threats, Credential Compromise, Insider Threat

Red Flag Alert: Service Accounts Performing Interactive Logins

Posted by Monnia Deng on Aug 29, 2019 1:32:26 PM

In the world of account security, we often focus on end user accounts as the weak vector vulnerable to attackers. 

On the contrary, we at Preempt see something that happens just as frequently: failing to limit exposed and vulnerable service accounts. Service accounts often differ from end user accounts in that they usually have higher privileges that are used to control or call applications and services. As a result, looking for key indicators of compromise of your service accounts should be at the forefront of your network security strategy.

Read More

Topics: Privileged Accounts, Active Directory, Credential Compromise, Passwords, Insider Threat, Black Hat, Lateral Movement, Stealthy Admin

Reducing Investigation Time: How to Quickly Parse True Positives

Posted by Eran Cohen on Aug 20, 2019 10:45:00 AM

In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the security ops team.

Non-malicious True Positives pose the most headaches for SOC teams because they waste valuable time that could have been better spent investigating a malicious True Positive or even worse: a False Negative. However, it’s a highly manual process to parse non-malicious True Positives from the malicious. The process demands a significant amount of time, resources, and expertise from an already busy, overworked Security Ops team whose time is better used for consequential, high-impact tasks and projects.

Read More

Topics: Threat Mitigation, User Behavior, Adaptive Response, Identity Verification, Incident Response, Insider Threat, Adaptive Threat Prevention, Conditional Access

What's New in 3.1? New Dashboard, Exciting Integrations, and A Free Product!

Posted by Monnia Deng on Aug 7, 2019 10:50:42 AM

Preempt is happy to release version 3.1, available today! Included in the release are a brand new security assessment dashboard, exciting features offering more visibility and better password and network security, new technology partners and product integrations, and a free lightweight tool. Let’s delve into what you can expect with this release.

Read More

Topics: Adaptive Response, Threat Detection, continous monitoring, Adaptive Threat Prevention, Integration, Conditional Access, Security Efficiency, Ping

Solving Log Storage: How You Can Save Money and Meet Compliance Requirements

Posted by Jason Luttrell on Jul 30, 2019 10:06:28 AM

Logs. At best: They’re a vital part of your information security strategy to “find the bad." At worst: They’re a nightmare to manage — especially when they take up so much storage space! Of course, we all have numerous regulations to thank for the privilege of storing our logs for what seems like eternity. Perhaps you’re bound to regulations or frameworks such as PCI (one year minimum), HIPAA (open to interpretation, but many suggest 6 YEARS to be safe), NIST, COBIT, and so many others.

Whatever your reasons are, logs have become increasingly problematic as more and more data sources require a higher volume of storage.

Read More

Topics: Compliance, Incident Response, continous monitoring, PCI

Security Weekly Interview: Securing Identity With Conditional Access

Posted by Monnia Deng on Jul 23, 2019 11:31:17 AM

Organizations often have incomplete views of who is accessing what, when, where and how across multiple applications and systems. Understanding a user and their behavior is critical to understanding corporate security risk. In an interview in Security Weekly's Business Security Weekly July 22 podcast, Preempt CEO Ajit Sancheti explains why organizations need to secure identity with conditional access, which allows security teams to take the appropriate remediation steps based on the level of risk.

Read More

Topics: Identity Verification, Incident Response, Insider Threat, Identity, Conditional Access

Local Admin Passwords: The Hidden Security Risk

Posted by Avi Kama on Jul 16, 2019 11:33:00 AM

You’re a good administrator, and you don’t take shortcuts. You adhere to information security best practices whenever possible, and you take that responsibility seriously.

With that said, a hidden setting in a Windows 10 implementation scenario might result in a precarious setup – one in which every computer in your network can be accessed with the same password. In other words, a hacker would only need to steal a single credential in order to obtain the keys to your entire kingdom. Due to an upcoming change in the Windows platform, there’s a good chance that this could happen to you – here’s how to avoid it.

Read More

Topics: User Risk, Privileged Users, Passwords, Microsoft

Security Advisory: Targeting AD FS With External Brute-Force Attacks

Posted by Yaron Zinar on Jul 9, 2019 10:06:47 AM

On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that create a wide scale denial-of-service against exposed organizations, and potentially, identity compromise.

While Microsoft only released one patch, we believe there are two vulnerabilities that allow attackers to remotely launch brute-force attacks on AD FS servers from the outside of the network. Attackers can bypass the Extranet Lockout Protection security feature and also bypass the Microsoft AD lockout policy(!) in certain scenarios. The implications vary between account compromise (due to weak passwords) or a massive denial-of-service to all domain accounts. All AD FS versions are vulnerable.

Read the press release

Read More

Topics: password brute force, Security Advisory, ADFS

Empowering Employees to Reduce Security Incidents

Posted by Eran Cohen on Jul 2, 2019 11:15:00 AM

In the hustle and bustle of our modern world, we can all get easily lost in the noise. One kind of noise is most frustrating for security teams: the noise of security incidents. With more and more data feeds into your security analytics products, it seems like we are creating more problems for ourselves with the all of the alerts and not enough manpower. 

Read More

Topics: Adaptive Response, Multi-factor Authentication, Identity Verification, Credential Compromise, ueba, Incident Response, Threat Detection, Insider Threat, Conditional Access

Ping + Preempt: Securing All Access In Hybrid Cloud Environments

Posted by Monnia Deng on Jun 25, 2019 10:21:11 AM

Enterprises struggle to understand what is truly going on in their organization: what their users are doing and how to stop risky activity. Add in the complexity of a hybrid cloud environment, multiple legacy systems, unmanaged endpoints, and unsanctioned applications, and it's no wonder organizations struggle to get the insight needed to make real-time decisions and stop risky and potentially malicious activity. 

Preempt has always prioritized the need for contextual insight about threats and risk, using that information to enforce conditional MFA to every access attempt so that organizations can get a better grasp on security. In doing so, Preempt has partnered with Ping to give security teams the ability to extend conditional MFA to any network resource as well as any Ping-federated application on-premises or in the cloud.

Read More

Topics: Multi-factor Authentication, Cloud, Conditional Access, Ping