Detection Only Solutions Aren't Enough For Today's Security Teams

Posted by Heather Howland on Apr 27, 2018 4:28:00 AM

Last week I had the opportunity to speak with several CISOs about what they are doing to deal with cyberattacks, breaches and internal threats. A consistent theme I heard is that detection only solutions aren't enough. They need more practical approaches to rapidly respond to anomalous behavior and they need to reduce burden on analysts. Working smarter not harder. This is one of the great benefits of real-time threat prevention based on identity, behavior and risk. It can removes work from analyst via adaptive response and automated resolution of false positives. One customer recently told me that within just a couple months, automated response has helped them improve their efficiency by 30-40%. That’s a lot of time that can focused on more critical security tasks.

Read More

Topics: Adaptive Response, User and Entity Behavior Analytics, Incident Response, Threat Detection

How to Stay Out of the Security Shelfware Trap

Posted by Wade Williamson on Apr 11, 2018 11:45:03 AM

The RSA Conference is just around the corner, and with it, one of the true spectacles of the security industry. If you visit the show floor of exhibitors you will find a seemingly endless sea of security vendors and products stretching in all directions, each one promising to be the critical missing piece to save you from the next attack. It can be exciting, quasi-educational, and more than a little mind numbing all at once.

Read More

Topics: Adaptive Response, Incident Response, Threat Detection, Informaton Security

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: User Behavior, Adaptive Response, Identity Verification, Passwords, Compliance, PCI

Fixing Account Lockouts With Adaptive Policies

Posted by Wade Williamson on Jan 4, 2018 7:21:22 AM

Dealing with account lockouts is one of the unhappy facts of life for many IT teams. And while  resolving lockouts isn’t particularly difficult, it is the sheer volume of incidents that often weighs down IT teams. In fact a recent survey found that ⅓ of IT and Support tickets are tied to password resets and account lockouts.

Read More

Topics: Adaptive Response, Passwords, Compliance

How Identity, Behavior & Risk Enable Security in the New Digital Age

Posted by Ajit Sancheti on Dec 7, 2017 6:07:51 AM

Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.

Read More

Topics: User Behavior, Adaptive Response, Risk, CARTA, Identity

Evolving Employee Security Measures from “Weak Link” to “Front Line Defense”

Posted by Ajit Sancheti on Dec 1, 2017 8:09:38 AM

It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.

The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.

Read More

Topics: User Behavior, Adaptive Response, Insider Threats, Credential Compromise, Informaton Security

Stopping Breaches Requires Asking the Right Questions

Posted by Wade Williamson on Oct 26, 2017 4:07:21 PM

In a very short period of time, machine learning (ML) has had a major impact on the field of cybersecurity. Machine learning has proven to be adept at finding threats in ways that traditional signatures never could, whether detecting malware, finding vulnerabilities, or recognizing when a trusted employee has been compromised by an attacker.

Read More

Topics: Adaptive Response, Multi-factor Authentication

Defending Against Credential Compromise (VIDEO)

Posted by Heather Howland on Sep 29, 2017 4:08:12 PM

Credential Compromise has been a leading attack vector for the last five years. There are a variety of ways that attackers can do this. It could be by guessing passwords, phishing emails, spyware,  or even pulling credentials out of memory. To detect and more proactively defend against credential compromise, organizations need to have visibility into identity, behavior and risk as well as the ability to automatically respond or take action when signs of compromise have been detected.

Read More

Topics: Adaptive Response, password brute force, Credential Compromise, Passwords

Getting to the Root of Security Alert Fatigue

Posted by Wade Williamson on Jul 27, 2017 1:06:27 PM

Something is very wrong in the security industry and “security alert fatigue” is one of the most obvious symptoms. Most enterprises generate far more security alerts than their security staff can analyze. Typically it’s not even close. The problem extends to all industries, but a recent survey of banking security leaders brought the issue into sharp focus.  The study found that 61% of the organizations generate at least 100,000 events per day. 37% of organizations generated more than 200,000 events per day. That is simply too many events to process even for the largest of security teams. This shouldn’t be the norm, but virtually anyone who works in security can attest that it is. So let’s take a looks at why this is happening and what we can do to fix it. 

Read More

Topics: Adaptive Response, Incident Response

How to Stop NotPetya and Similar Ransomware from Spreading in the Network

Posted by Yaron Zinar on Jul 5, 2017 2:06:01 PM

NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.

Read More

Topics: Adaptive Response, Credential Compromise, ueba, Ransomware