Heather Howland

Vice President, Marketing
Find me on:

Recent Posts

Detection Only Solutions Aren't Enough For Today's Security Teams

Posted by Heather Howland on Apr 27, 2018 4:28:00 AM

Last week I had the opportunity to speak with several CISOs about what they are doing to deal with cyberattacks, breaches and internal threats. A consistent theme I heard is that detection only solutions aren't enough. They need more practical approaches to rapidly respond to anomalous behavior and they need to reduce burden on analysts. Working smarter not harder. This is one of the great benefits of real-time threat prevention based on identity, behavior and risk. It can removes work from analyst via adaptive response and automated resolution of false positives. One customer recently told me that within just a couple months, automated response has helped them improve their efficiency by 30-40%. That’s a lot of time that can focused on more critical security tasks.

Read More

Topics: Adaptive Response, User and Entity Behavior Analytics, Incident Response, Threat Detection

6 Tips for Securing Privileged Accounts in the Enterprise

Posted by Heather Howland on Mar 2, 2018 6:00:00 AM

Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credentials are at the heart of most all modern attacks and breaches. Attackers can easily obtain credentials via phishing attacks, brute force, keyloggers, pass-the-hash techniques, or using a database of previously stolen credentials. And once an account is compromised, the attacker can see and do anything that is allowed for that user or account.

Read More

Topics: CISO, Privileged Users, Privileged Accounts

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: User Behavior, Adaptive Response, Identity Verification, Passwords, Compliance, PCI

Corporate Culture Shift: Using Adaptive Security to Influence Employee Security Behavior

Posted by Heather Howland on Jan 12, 2018 7:19:33 AM

I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.

Read More

Topics: User Behavior, CISO, Risk, Identity Verification, Identity, Adaptive Threat Prevention

Study Finds Employee Security Habits Reveal Risky Imbalance

Posted by Heather Howland on Nov 16, 2017 5:12:33 AM

Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?

Read More

Topics: CISO, Credential Compromise, Passwords, Insider Threat, CARTA, NIST

How this Retailer Could have Kept my Business with Better IT Security Process

Posted by Heather Howland on Nov 3, 2017 8:24:28 AM

Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.

Read More

Topics: Security Skills, Multi-factor Authentication, Identity Verification, Credential Compromise

Defending Against Credential Compromise (VIDEO)

Posted by Heather Howland on Sep 29, 2017 4:08:12 PM

Credential Compromise has been a leading attack vector for the last five years. There are a variety of ways that attackers can do this. It could be by guessing passwords, phishing emails, spyware,  or even pulling credentials out of memory. To detect and more proactively defend against credential compromise, organizations need to have visibility into identity, behavior and risk as well as the ability to automatically respond or take action when signs of compromise have been detected.

Read More

Topics: Adaptive Response, password brute force, Credential Compromise, Passwords

Gaining Visibility and Control of Privileged Users (video)

Posted by Heather Howland on Sep 8, 2017 9:01:59 AM

The management of privileged users and accounts is one of the most important tasks for any security organization. Unfortunately, for many organizations, understanding who their privileged users actually are and what they have access to is a black hole.  With the risks posed by cyberattacks and breaches, the need for monitoring and actively managing this important group is critical in order to keep the bad guys from breaking in and preventing abuse.  The Anthem security breach taught us just how serious privileged access breaches can be.

Read More

Topics: Privileged Users, Privileged Accounts

Protecting Service Accounts from Attackers and Insiders (video)

Posted by Heather Howland on Aug 25, 2017 1:30:20 PM

Service Accounts can represent tremendous security risk for enterprises. And many of our customers struggle with how to best identify, control and protect these accounts. Let’s take a closer look at what service accounts are and what organizations can do to protect service accounts from attackers and insiders. 

Read More

Topics: Privileged Accounts, User and Entity Behavior Analytics, Active Directory, ueba

The Cybersecurity Penalty Box. Yes or No?

Posted by Heather Howland on Jun 9, 2017 10:01:03 AM

Earlier this week, I published an article with ITSP Magazine that discusses a newly brewing concept within Enterprises around penalizing employees for bad security behavior. Can you imagine if your company penalized you for clicking on a phishing link? Or because you bent the security rules in order to get something done more easily?  

Read More

Topics: User Behavior, CISO, ueba, Insider Threat