What DevOps Can Teach Us About Cybersecurity

Posted by Ajit Sancheti on Mar 22, 2019 10:53:10 AM

DevOps and cybersecurity are both top priorities for many enterprises, as well as areas that have experienced considerable innovation recently. And even though these are two very different sides of IT, there are lessons to be learned between the two. Both areas are in the midst of major transitions. For application development the shift is from slow, monolithic releases to fast and responsive development cycles. For cybersecurity the shift is from the old perimeter block/allow enforcement model to more adaptive security that continuously looks for threats across the enterprise.

Read More

Topics: Security Skills, Adaptive Threat Prevention

Catching Bloodhound Before it Bites

Posted by Nir Yosha on Jan 3, 2019 9:29:32 AM

BloodHound is a public and freely available tool that uses graph theory to automate much of the confusion behind understanding relationships in an Active Directory (AD) environment. It allows hackers and pentesters to know precisely three things: which computers give admin rights to any user, which users effectively have admin rights to any computer, and effective group membership information (see Image 1). Because Bloodhound can be used maliciously, organizations need to better understand how it is being used, how to protect privileged users, and how to prevent attacks.   

Read More

Topics: Threat Detection, Adaptive Threat Prevention, Attack Tools

A CISO’s perspective: Solving a 20-year cyber security problem

Posted by Patrick Heim on Jun 27, 2018 6:33:48 AM

My partner Jay Leek and I have decades of experience as CISOs.  We’ve both literally spoken with hundreds of security companies and it’s easy to become jaded.  It's rare that we get truly excited about a new security technology. Preempt sparked that sense of excitement in both of us.  If we really prioritize based on risk we’ll find that many security priorities aren't about chasing "advanced APT ninjas." It is about focusing on the more mundane functions of vulnerability and access management.  

Read More

Topics: Adaptive Threat Prevention

We’ve raised $27.5 million: How Preempt’s funding validates Identity and Access Threat Prevention

Posted by Ajit Sancheti on Jun 27, 2018 6:19:47 AM

Preempt began with a basic premise: Effective security within an enterprise should combine threat detection and real time response within a single solution. As enterprises transition to the cloud and the perimeter disappears, identity is the new perimeter. If identity is the new perimeter, access management from a security standpoint can lead to effective threat prevention. That simple but powerful idea was the genesis of Preempt and has given us the opportunity to solve challenging security problems for our customers.

Read More

Topics: Risk, Threat Detection, Adaptive Threat Prevention

How to Strengthen Your Cyber Security DNA

Posted by Heather Howland on Jun 21, 2018 12:32:39 PM

Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information.  With so many diverse systems its difficult to utilize them in a coordinated and timely way.

Read More

Topics: Risk, Insider Threat, Identity, Adaptive Threat Prevention, Integration

Corporate Culture Shift: Using Adaptive Security to Influence Employee Security Behavior

Posted by Heather Howland on Jan 12, 2018 7:19:33 AM

I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.

Read More

Topics: User Behavior, CISO, Risk, Identity Verification, Identity, Adaptive Threat Prevention