The Security Risks of NTLM: Proceed with Caution

Posted by Yaron Zinar on Oct 18, 2018 10:50:00 AM

NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows machines and servers. Even though it has not been the default for Windows deployments for more than 17 years, it is still very much in use, and I have not yet seen a network where it has been completely abandoned. In fact, it also supported by the latest version of Active Directory.

Read More

Topics: NTLM, Active Directory, Risk, kerberos

Preempt Inspector Discovers Stealthy Admins to Help Organizations Reduce Risk

Posted by Avi Kama on Nov 10, 2017 9:18:41 AM

This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.

Read More

Topics: Passwords, Risk, Stealthy Admin, Active Directory

The Privileged Accounts you are NOT Monitoring

Posted by Boris Danilovich on Sep 15, 2017 11:28:02 AM

“We are delighted to announce that starting January 1st, all frontal services provided by our company will be given by male representatives.” Wait, what?

Read More

Topics: Privileged Accounts, Privileged Users, Active Directory

Protecting Service Accounts from Attackers and Insiders (video)

Posted by Heather Howland on Aug 25, 2017 1:30:20 PM

Service Accounts can represent tremendous security risk for enterprises. And many of our customers struggle with how to best identify, control and protect these accounts. Let’s take a closer look at what service accounts are and what organizations can do to protect service accounts from attackers and insiders. 

Read More

Topics: Active Directory, Privileged Accounts, ueba, User and Entity Behavior Analytics

QakBot, Stop Playing with my Active Directory!

Posted by Eran Cohen on Jun 23, 2017 9:39:32 AM

Really, it’s not just me saying that Active Directory is the crown jewel. It's actually them, the hackers, that de facto target the active directory in almost every advanced attack. They look for domain credentials and administrative accounts, they practice domain reconnaissance, privilege elevation, targeted attacks against the domain controller and more. Their motivation is similar to terror. For example: produce widespread fear, obtain recognition and attention of media, steal money, damage facilities and functionalities. This is why it was not surprising to learn about the QakBot Trojan causing a mess. 

Read More

Topics: Active Directory, Credential Compromise, Hacking, Passwords

How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

Posted by Vikas Arya on Jan 12, 2017 3:28:18 PM

In recent years, we have seen hospitals, insurance companies (Aetna), giant corporations (Sony) retailers (Home Depot and Target), and tech companies (Yahoo, LinkedIn, Dropbox) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that Insider threats are a growing concern for organizations.

Read More

Topics: Credential Compromise, Insider Threats, Active Directory

Do Smart Cards Protect You From Credential Theft?

Posted by Yaron Zinar on Aug 11, 2016 7:07:18 AM

In recent years, the use of smart card widely increased as a secure form of authentication for a wide range of applications, ranging from mobile networks requiring a SIM card in mobile devices to credit card vendors making smart cards, the de facto standard for credit cards.

Read More

Topics: Smart Card, Active Directory