Heather Howland

Vice President, Marketing
Find me on:

Recent Posts

You Failed Your Pen Test: How Can You Reduce Your Attack Surface?

Posted by Heather Howland on Nov 9, 2018 4:04:03 PM

Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When pen testers are able to carve through your defenses at will, it can be discouraging and hard to know where to start.

Read More

Cybersecurity is Increasingly Important for M&A Dealmakers

Posted by Heather Howland on Nov 2, 2018 1:45:48 PM

Corporate boards widely recognize due diligence as a critically important component of the M&A process, particularly when it comes to vetting financial numbers and legal obligations. The stakes are enormous: The value of worldwide mergers and acquisitions totaled $3.6 trillion in 2017, according to Thomson Reuters. Globally, M&A activity is increasing and could reach record highs in 2018.

Read More

Is a Fragmented View of Users Increasing Your Risk of Breach?

Posted by Heather Howland on Oct 12, 2018 1:08:56 PM

Last week, I was on the road speaking with CISOs across the country. One theme emerged loud and clear: Virtually all of the organizations have invested a lot in security tools and solutions, but despite their investment, they struggle with getting a complete view of user access across platforms. So, with that, I’d like to share how our customers have been able to overcome this common challenge to gain a more holistic view of users and identity within their organizations.

Read More

Three Security Lessons to Keep in Mind Leading Up To the R-CISC Summit

Posted by Heather Howland on Sep 27, 2018 7:27:59 AM

It’s never been more important for retailers to harden their cybersecurity posture— especially given the documented trend of intensified attacks on retailers during the rapidly-approaching holiday season. We’re excited to attend the 2018 Retail Cyber Intelligence Summit in Denver and look forward to learning from and sharing perspective with the R-CISC community, including some of the top retail companies in the world.

Read More

Three Lessons You Can Learn from A Recent Security Breach

Posted by Heather Howland on Sep 12, 2018 4:23:43 PM

After an organization has been breached, one of the most critical steps to take is to determine the root cause and to take active steps to more proactively protect the business. Recently, Preempt was brought in to help a Fortune 500 company with a critical internal threat situation. A malicious actor was able to move laterally within the company’s environment, threatening its international brand, financials and customer relationships. Capitalizing on lessons learned during and after incident response provides immediate and long-term benefits to prevent future breaches. These takeaways can also provide valuable advice for other companies who are looking to improve their security posture and prevent business critical attacks. Here, we’ll share the story and outline the top three lessons.

Read More

3 Ways to Improve Security Incident Response Time with IATP

Posted by Heather Howland on Sep 6, 2018 7:17:51 AM

Companies today are exposed to many threats and incident response (IR) teams have to respond to both real or suspected breaches. Incidents can include credential compromise, phishing, malware in the network, Denial of Service (DoS) attacks, zero day threats, and unauthorized changes to the network, hardware or software to name a few. Many organizations will also hire a red team, which is specifically hired to try to create actual attack scenarios to expose attack surfaces and test for network vulnerabilities. This all keeps an IR team pretty busy.

Read More

Going on the Offense: How to Eliminate Internal Threats

Posted by Heather Howland on Jul 27, 2018 11:57:00 AM

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes. It could be an attacker who has already gotten in and waiting for the right moment to make a move. It could also be an insider threat. It could be a malicious insider looking to do harm to the organization. Or it could be employees who don’t mean any harm but may doing things (knowingly or unknowingly) that could put an organization at risk.

With the perimeter all but dissolved, and as enterprises transition to the cloud, it’s becoming clear that identity, and where there are points of access, is the new perimeter. The challenge for many organizations is how to understand their posture around identity. This requires understanding who is doing what, when, and where, and understanding it across all applications and platforms on prem, in the cloud and in hybrid environments. Having a holistic view of identity--all users, privileges, access patterns and accounts--is becoming more critical in order to be more proactive and to have proper controls over accounts (privileged, user, service, and more) and to being able to protect accounts from compromise.

Read More

Topics: Insider Threats, ueba, CISO, User Behavior, User and Entity Behavior Analytics

No More Paralysis by Analysis: How Security is Evolving to Real-Time Outcomes

Posted by Heather Howland on Jul 13, 2018 1:42:33 PM

A well-known CISO customer was recently telling me about his experience with implementing new security solutions. His consistent feeling? Dread – the security alerts and things that can suddenly break in the beginning can be overwhelming. “Everything goes red,” he said, referring to the immediate influx of red alerts and false positives that seem to accompany each new security deployment.

Read More

It’s 2018. How does Silicon Valley think about a Series B these days?

Posted by Heather Howland on Jul 5, 2018 4:08:54 PM

With Silicon Valley continuing to lead the nation in VC funding (source: Bloomberg), expectations are clear: invest that funding and deliver, deliver, and deliver some more for your customers (and investors, employees, partners and stakeholders).

Read More

How to Strengthen Your Cyber Security DNA

Posted by Heather Howland on Jun 21, 2018 12:32:39 PM

Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information.  With so many diverse systems its difficult to utilize them in a coordinated and timely way.

Read More

Topics: Adaptive Threat Prevention, Identity, Insider Threat, Risk, Integration