Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.
It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.
The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.
Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?
This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.
Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.
In a very short period of time, machine learning (ML) has had a major impact on the field of cybersecurity. Machine learning has proven to be adept at finding threats in ways that traditional signatures never could, whether detecting malware, finding vulnerabilities, or recognizing when a trusted employee has been compromised by an attacker.
The New York State Department of Financial Services (NYDFS) has recently enacted new cybersecurity regulation aimed at protecting financial services organizations and their data. The new regulation known as 23 NYCRR 500 actually went into effect earlier in the year, but the 180-day transition period ended on August 28th, meaning organizations now need to be officially in compliance. Of course financial services CISOs are no strangers to regulation, having to already comply with a dizzying array of control frameworks including NIST, COBIT, SSAE and specific regulations such as PCI-DSS and SEC OCIE just to name a few.
Credential Compromise has been a leading attack vector for the last five years. There are a variety of ways that attackers can do this. It could be by guessing passwords, phishing emails, spyware, or even pulling credentials out of memory. To detect and more proactively defend against credential compromise, organizations need to have visibility into identity, behavior and risk as well as the ability to automatically respond or take action when signs of compromise have been detected.
In a recent blog, we discussed how attackers typically follow the path of least resistance. In enterprises, this almost always involves seeking out weak passwords. Data from Verizon’s Data Breach investigation Report certainly bears this out, where they found that nearly 2/3s of breaches involved the use of weak, default, or stolen credentials. As much as the industry likes to focus on nation-state attackers and obscure 0-days, the fact remains that most battles are lost due to a lack of basic password hygiene in the network.