Preempt Blog

People don’t like to admit when they’re wrong. And really, who can blame them? Being wrong is uncomfortable, anxiety-inducing, and embarrassing. These are all feelings that people try their best to avoid.

One of the most common methods for avoiding them is denial, or the unwillingness to accept something as truth. This isn’t a blog explicitly about human psychology, but it is about a dangerous cybersecurity problem rooted in it: insider threat denial syndrome.

In the world of account security, we often focus on end user accounts as the weak vector vulnerable to attackers. 

On the contrary, we at Preempt see something that happens just as frequently: failing to limit exposed and vulnerable service accounts. Service accounts often differ from end user accounts in that they usually have higher privileges that are used to control or call applications and services. As a result, looking for key indicators of compromise of your service accounts should be at the forefront of your network security strategy.

In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the security ops team.

Non-malicious True Positives pose the most headaches for SOC teams because they waste valuable time that could have been better spent investigating a malicious True Positive or even worse: a False Negative. However, it’s a highly manual process to parse non-malicious True Positives from the malicious. The process demands a significant amount of time, resources, and expertise from an already busy, overworked Security Ops team whose time is better used for consequential, high-impact tasks and projects.

Preempt is happy to release version 3.1, available today! Included in the release are a brand new security assessment dashboard, exciting features offering more visibility and better password and network security, new technology partners and product integrations, and a free lightweight tool. Let’s delve into what you can expect with this release.

Logs. At best: They’re a vital part of your information security strategy to “find the bad." At worst: They’re a nightmare to manage — especially when they take up so much storage space! Of course, we all have numerous regulations to thank for the privilege of storing our logs for what seems like eternity. Perhaps you’re bound to regulations or frameworks such as PCI (one year minimum), HIPAA (open to interpretation, but many suggest 6 YEARS to be safe), NIST, COBIT, and so many others.

Whatever your reasons are, logs have become increasingly problematic as more and more data sources require a higher volume of storage.

Organizations often have incomplete views of who is accessing what, when, where and how across multiple applications and systems. Understanding a user and their behavior is critical to understanding corporate security risk. In an interview in Security Weekly's Business Security Weekly July 22 podcast, Preempt CEO Ajit Sancheti explains why organizations need to secure identity with conditional access, which allows security teams to take the appropriate remediation steps based on the level of risk.

You’re a good administrator, and you don’t take shortcuts. You adhere to information security best practices whenever possible, and you take that responsibility seriously.

With that said, a hidden setting in a Windows 10 implementation scenario might result in a precarious setup – one in which every computer in your network can be accessed with the same password. In other words, a hacker would only need to steal a single credential in order to obtain the keys to your entire kingdom. Due to an upcoming change in the Windows platform, there’s a good chance that this could happen to you – here’s how to avoid it.

On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that create a wide scale denial-of-service against exposed organizations, and potentially, identity compromise.

While Microsoft only released one patch, we believe there are two vulnerabilities that allow attackers to remotely launch brute-force attacks on AD FS servers from the outside of the network. Attackers can bypass the Extranet Lockout Protection security feature and also bypass the Microsoft AD lockout policy(!) in certain scenarios. The implications vary between account compromise (due to weak passwords) or a massive denial-of-service to all domain accounts. All AD FS versions are vulnerable.

Read the press release

In the hustle and bustle of our modern world, we can all get easily lost in the noise. One kind of noise is most frustrating for security teams: the noise of security incidents. With more and more data feeds into your security analytics products, it seems like we are creating more problems for ourselves with the all of the alerts and not enough manpower. 

Enterprises struggle to understand what is truly going on in their organization: what their users are doing and how to stop risky activity. Add in the complexity of a hybrid cloud environment, multiple legacy systems, unmanaged endpoints, and unsanctioned applications, and it's no wonder organizations struggle to get the insight needed to make real-time decisions and stop risky and potentially malicious activity. 

Preempt has always prioritized the need for contextual insight about threats and risk, using that information to enforce conditional MFA to every access attempt so that organizations can get a better grasp on security. In doing so, Preempt has partnered with Ping to give security teams the ability to extend conditional MFA to any network resource as well as any Ping-federated application on-premises or in the cloud.