Eran Cohen

Eran Cohen is Director of Product Management at Preempt.
Find me on:

Recent Posts

Reducing Investigation Time: How to Quickly Parse True Positives

Posted by Eran Cohen on Aug 20, 2019 10:45:00 AM

In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the security ops team.

Non-malicious True Positives pose the most headaches for SOC teams because they waste valuable time that could have been better spent investigating a malicious True Positive or even worse: a False Negative. However, it’s a highly manual process to parse non-malicious True Positives from the malicious. The process demands a significant amount of time, resources, and expertise from an already busy, overworked Security Ops team whose time is better used for consequential, high-impact tasks and projects.

Read More

Topics: Threat Mitigation, User Behavior, Adaptive Response, Identity Verification, Incident Response, Insider Threat, Adaptive Threat Prevention, Conditional Access

Empowering Employees to Reduce Security Incidents

Posted by Eran Cohen on Jul 2, 2019 11:15:00 AM

In the hustle and bustle of our modern world, we can all get easily lost in the noise. One kind of noise is most frustrating for security teams: the noise of security incidents. With more and more data feeds into your security analytics products, it seems like we are creating more problems for ourselves with the all of the alerts and not enough manpower. 

Read More

Topics: Adaptive Response, Multi-factor Authentication, Identity Verification, Credential Compromise, ueba, Incident Response, Threat Detection, Insider Threat, Conditional Access

10 Things You Need to Know About Kerberos

Posted by Eran Cohen on Jun 24, 2019 9:36:00 AM

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above Windows 2000.

Enter Kerberos. Every child who grew up playing Dungeons and Dragons learned about the mythical creature of Kerberos (also known as Cerberus in Ancient Greek mythology)  - a three headed dog who guards the gates of Hell and prevents dead souls from returning to the world of the living.  

While that memory is nostalgic, most security professionals know Kerberos as a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography.

Read More

Topics: Security Skills, NTLM, kerberos, Microsoft

Taming Network Chaos By Understanding User Behavior

Posted by Eran Cohen on May 20, 2019 3:31:17 PM

Enterprises are badly burned by security tools that don’t work. When they finally see a solution that does what it purports to do, the shock is palpable.

Read More

Topics: User and Entity Behavior Analytics, ueba, Incident Response, Threat Detection, Insider Threat, Identity, Adaptive Threat Prevention, Security Efficiency

6 Tips for Living a Healthy Digital Life and Avoiding Credential Theft This Holiday Season

Posted by Eran Cohen on Nov 29, 2018 7:51:00 AM

Most of us still dream practical, down to earth, old fashioned dreams. And I’d place a bet that not many people, if any, dream about their credentials being stolen.  Almost all of my memories from the last 15 years or so are stored digitally. The majority of my day to day activity is managed online. My online persona is almost identical to my physical one. I imagine that  many of you are in the same situation.

Read More

Topics: Credential Compromise

Zero Trust: Why Implementation Doesn’t Have to Mean Painful Surgery On Your Network – Pt. 2

Posted by Eran Cohen on Oct 24, 2018 7:50:17 AM

Across the conference circuit and the general cybersecurity community this year, Zero Trust – a term originally coined in 2010 – has been perhaps the industry’s hottest buzzword. Move over, blockchain and machine learning. In my previous blog, I outlined what Zero Trust means and what lessons the framework offers for the security community. To recap the challenges of Zero Trust: organizations face hurdles around securing legacy applications/network resources and tools and protocols; regulatory headwinds given that the framework can theoretically conflict with global legislation, including GDPR; and the looming reality that the typical large global enterprise lacks the organization-wide visibility and control necessary for implementation. Here, I’ll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential for an over-engineered network overhaul, wasted IT budget, and potentially costly organizational disruption.

Read More

Hostile by definition: Thoughts on Zero Trust Security – and its pitfalls. Part 1

Posted by Eran Cohen on Oct 4, 2018 12:03:15 PM

(Note: see part two of our Zero Trust blog posts here)

It’s a common question after a major breach: did you do everything you could have to protect your network? Most of the time the answer is...probably not. Often, we live in a false sense of security. We know it, and most of us are OK with it. But let's talk about what’s practical and what steps can be taken to help you get to a better sense of security.

Read More

Transitioning applications to the cloud doesn’t have to mean sacrificing security, visibility or control

Posted by Eran Cohen on Aug 30, 2018 9:42:30 AM

A CISO recently told us that despite having an impressive array of cybersecurity solutions during their transition to the cloud, nothing was tying it all together from a threat standpoint. From her perspective, all the security tools at their disposal were great individually, but lacked visibility across all accounts and all platforms. Further, they didn’t have the ability to identify and respond to threats, as well as user access requests, in a consistent manner. It actually made the job harder and less effective. This vulnerable patchwork approach of disparate vendor solutions is all too common.

Read More

Shopping for a Cyber Security Product? 7 Tips to Help You Get What You Need.

Posted by Eran Cohen on Aug 13, 2018 12:56:59 PM

It’s increasingly difficult and more complex to be an effective buyer of security products today. Messaging and content overlaps are everywhere, cloud platforms claim to do what endpoint solutions do, and all the while products are constantly pivoting in the middle of operation - often changing their identity and main purpose. At the same time, enterprise and personal priorities change, vendor awards are presented to whoever pays more, analysts are not always aligned, and the list goes on.

Read More

How to Use Identity, Behavior and Risk to Prevent Compromised Credentials

Posted by Eran Cohen on Jan 25, 2018 10:00:00 AM

Identity, Behavior and Risk. Identity, Behavior and Risk. Almost like a mantra. Think about it for few seconds. Identity, Behavior and Risk are the 3 main pieces of evidence that security personnel would like to deeply understand so they can protect their organization and users from credential compromise

Read More