How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

Posted by Heather Howland on Apr 18, 2019 2:56:00 PM

In the past year, we have seen numerous publicly traded corporations (Marriott and T-Mobile), airlines (Cathay Pacific and Delta), and tech companies (Facebook and Google+) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that insider threats and preventing credential compromise are growing concerns for organizations.

Read More

Topics: Insider Threats, Active Directory, Credential Compromise

CEO Interview: Today’s Threat Landscape Demands Conditional Access Everywhere

Posted by Matt Culbertson on Apr 15, 2019 1:46:05 PM

Today, too many organizations are approaching complex cybersecurity challenges by attempting to hire their way out of the problem while building disjointed and ineffective security implementations. In a recent interview with Security Weekly, Preempt CEO Ajit Sancheti explains what the modern threat landscape means for today’s enterprise security teams. His conversation with Paul Asadoorian, Founder and CEO of Security Weekly, also outlines how CISOs can use a Conditional Access security posture to address the challenges of the cybersecurity talent shortage and the unfortunate reality that most organizations can’t see or respond to malicious network activity in real-time.

Read More

Topics: Conditional Access

Zero Trust is a Pipe Dream...

Posted by Monnia Deng on Apr 5, 2019 1:01:35 PM

….if you don't even know your users and what they are accessing. (Ha - I got you there with the clickbait title)

Read More

M&A cyber diligence, talent shortages, and the challenges facing CISOs [Podcast]

Posted by Monnia Deng on Mar 26, 2019 12:35:54 PM

Enterprises are often forced to implement multiple moving parts as the traditional network perimeter is no longer sufficient to protect against modern threats. These disjointed security solutions rarely talk to each other, causing security silos and an overwhelming number of distracting security alerts, Preempt CEO Ajit Sancheti explains in a podcast this week.

Read More

Topics: CISO, Risk

What DevOps Can Teach Us About Cybersecurity

Posted by Ajit Sancheti on Mar 22, 2019 10:53:10 AM

DevOps and cybersecurity are both top priorities for many enterprises, as well as areas that have experienced considerable innovation recently. And even though these are two very different sides of IT, there are lessons to be learned between the two. Both areas are in the midst of major transitions. For application development the shift is from slow, monolithic releases to fast and responsive development cycles. For cybersecurity the shift is from the old perimeter block/allow enforcement model to more adaptive security that continuously looks for threats across the enterprise.

Read More

Topics: Security Skills, Adaptive Threat Prevention

Conditional Access Establishes Trust In the Network

Posted by Heather Howland on Mar 15, 2019 9:46:16 AM

Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United States National Cybersecurity and Communications Integration Center (NCCIC) released late last year. The alert, titled “Using Rigorous Credential Control to Mitigate Trusted Network Exploitation,” outlines recommendations on how to overcome these challenges. In this blog, I’ll discuss how Conditional Access and detection of malicious use of tools and protocols can address the NCCIC’s recommendations.  

The alert provides information on how Advanced Persistent Threat (APT) actors are using multiple mechanisms to acquire legitimate user credentials. Once acquired, attackers can use the credentials to exploit trusted network relationships, in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Some of the suggested NCCIC best practices for administrators to mitigate these threats include rigorous credential controls and privileged-access management, as well as remote-access control and audits of legitimate remote-access logs.

Read More

Topics: User Behavior, Risk, Multi-factor Authentication, Privileged Accounts, APT, User and Entity Behavior Analytics, Credential Compromise, Compliance

Podcast: Addressing Credential Compromise and Insider Threats Requires a New Security Approach

Posted by Matt Culbertson on Mar 6, 2019 10:59:25 AM

How can you secure an organization by using identity, behavior and risk? Preempt CEO Ajit Sancheti recently conducted an interview with Blog Talk Radio on how the enterprise perimeter is eroding - and what to do about it. Identity and Access Threat Prevention is a critical component of an effective enterprise cybersecurity, and as Ajit explains, a strategy that combines holistic visibility and real-time enforcement addresses the complex nature of today’s enterprise IT environments.

Read More

Topics: Insider Threat

Can You Stop a Breach in 19 Minutes?

Posted by Monnia Deng on Feb 27, 2019 10:03:31 AM

Spotting an initial breach of a network is already difficult. New research begs an additional question: can you stop attackers from gaining control of your critical systems and applications in a matter of minutes? According to Crowdstrike, if you can't detect and respond to a breach in under 19 minutes, you may be vulnerable to Russian hackers. In their annual threat report, Crowdstrike found that Russian hackers had a “breakout time” - the time a hacker takes from gaining initial foothold in the network to when they start moving laterally to critical machines - of just 18 minutes and 49 seconds, which is the fastest in the world. North Korea, China, and Iran placed second, third, and fourth, respectively (English-speaking countries were not studied, but we imagine the US and UK would be among the top of the list).

Read More

Topics: Hacking

Optimize Your Okta Deployment with Preempt

Posted by Monnia Deng on Feb 21, 2019 12:16:50 PM

Enabling customers to secure their corporate assets while easily moving to the cloud has always been at the forefront of Preempt’s mission. While Preempt shines in preventing network threats with our unique detection capabilities, such as our ability to detect NTLM relay attacks in real-time, our goal has always been to bring these advanced threat detection and prevention capabilities to the cloud.

Read More

Topics: Use Case, Integration

Cybersecurity Science Project or Immediate Value: Which Do You Prefer?

Posted by Jeff Baker on Feb 14, 2019 2:40:04 PM

A C-suite IT executive recently told us about a nightmare cybersecurity implementation: after extensive network surgery and a seven-figure investment, the platform still wasn’t stood up three years later. This type of story is all too common, and among the many consequences, organizations can find themselves unprotected from common attacks (particularly credential compromise and stealthy admins) despite spending millions on point solutions. In a competitive infosecurity market, vendors are promising the world, yet project implementations can be plagued by delays and uncertainty, and sunk costs can mean security and IT teams’ hands are tied.

Read More

Topics: Informaton Security