Conditional Access Establishes Trust In the Network

Posted by Heather Howland on Mar 15, 2019 9:46:16 AM

Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United States National Cybersecurity and Communications Integration Center (NCCIC) released late last year. The alert, titled “Using Rigorous Credential Control to Mitigate Trusted Network Exploitation,” outlines recommendations on how to overcome these challenges. In this blog, I’ll discuss how Conditional Access and detection of malicious use of tools and protocols can address the NCCIC’s recommendations.  

The alert provides information on how Advanced Persistent Threat (APT) actors are using multiple mechanisms to acquire legitimate user credentials. Once acquired, attackers can use the credentials to exploit trusted network relationships, in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Some of the suggested NCCIC best practices for administrators to mitigate these threats include rigorous credential controls and privileged-access management, as well as remote-access control and audits of legitimate remote-access logs.

Read More

Topics: User Behavior, Risk, Multi-factor Authentication, Privileged Accounts, APT, User and Entity Behavior Analytics, Credential Compromise, Compliance

Making PCI Requirement 8.3 Bulletproof and Simple

Posted by Wade Williamson on Nov 15, 2018 9:22:07 AM

Multi-factor authentication (MFA) has become an essential building block of security policy and practice, and likewise has taken on an increasingly important role in regulatory standards such as the PCI-DSS. Specifically, PCI Requirement 8.3 calls out how MFA should be used to secure both the cardholder data environment (CDE) as well as any networks connected to the CDE. And while protecting your most valuable assets with MFA makes good intuitive sense, the details can get a little tricky if you don’t have a flexible way of enforcing policy in your networks. Fortunately, Preempt’s security platform makes it easy to extend MFA to any asset based on almost context you choose. So let’s take a quick look at what PCI requires, and how you can turn a deceptively tricky requirement into a simple, automated process that you never have to think about.

Read More

Topics: Compliance, PCI

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: User Behavior, Adaptive Response, Identity Verification, Passwords, Compliance, PCI

Fixing Account Lockouts With Adaptive Policies

Posted by Wade Williamson on Jan 4, 2018 7:21:22 AM

Dealing with account lockouts is one of the unhappy facts of life for many IT teams. And while  resolving lockouts isn’t particularly difficult, it is the sheer volume of incidents that often weighs down IT teams. In fact a recent survey found that ⅓ of IT and Support tickets are tied to password resets and account lockouts.

Read More

Topics: Adaptive Response, Passwords, Compliance

Becoming NYDFS Compliant With Preempt

Posted by Wade Williamson on Oct 6, 2017 12:17:29 PM

The New York State Department of Financial Services (NYDFS) has recently enacted new cybersecurity regulation aimed at protecting financial services organizations and their data. The new regulation known as 23 NYCRR 500 actually went into effect earlier in the year, but the 180-day transition period ended on August 28th, meaning organizations now need to be officially in compliance. Of course financial services CISOs are no strangers to regulation, having to already comply with a dizzying array of control frameworks including NIST, COBIT, SSAE and specific regulations such as PCI-DSS and SEC OCIE just to name a few.

Read More

Topics: Risk, Compliance, continous monitoring

Password Policy Gets a Reset

Posted by Wade Williamson on Sep 22, 2017 2:26:27 PM

In a recent blog, we discussed how attackers typically follow the path of least resistance. In enterprises, this almost always involves seeking out weak passwords. Data from Verizon’s Data Breach investigation Report certainly bears this out, where they found that nearly 2/3s of breaches involved the use of weak, default, or stolen credentials. As much as the industry likes to focus on nation-state attackers and obscure 0-days, the fact remains that most battles are lost due to a lack of basic password hygiene in the network.

Read More

Topics: Passwords, Compliance, NIST

Insider Threat Awareness: A Vital Component of Security Awareness

Posted by Preempt Guest Blogger on Jun 29, 2017 9:59:15 AM

While a 2017 Harvey Nash/KPMG survey of nearly 4,500 CIOs and tech leaders globally found that cyber security vulnerability is at an all-time high, the biggest jump in threats came from insider attacks which increased from 40 percent to 47 percent over the last year. And that’s a modest estimate; reports from an IBM Security survey suggested that 60 percent of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.

Read More

Topics: ueba, Passwords, Compliance, Insider Threat