We’re #1! And #2, #5, and #6 in Gartner Top 10 Security Projects

Posted by Heather Howland on Jun 19, 2018 1:13:47 PM

At the recent Gartner Security & Risk Management Summit, analysts presented their findings on the top technologies for information security and their implications for security organizations in 2018. At the event Neil MacDonald highlighted Top 10 Security Projects for Security and Risk Management Organizations. He continues by emphasizing that these are projects with real supporting technologies that CISOs should be exploring.

Read More

Topics: Risk, Credential Compromise, ueba, Threat Detection, CARTA

Advisory: Flaw in Azure AD Connect Software Can Allow Stealthy Admins to Gain Full Domain Control

Posted by Roman Blachman on Dec 12, 2017 9:42:26 AM

Authors: Roman Blachman, Yaron Zinar.
We recently reviewed a customer’s network and found that 85%(!) of all users in the network had some unnecessary administrative privilege. The excessive privilege stemmed from an indirect inclusion in a
protected admin group. Most Active Directory audit systems easily alert on excessive privileges, but will often miss users who have elevated domain privileges directly through domain discretionary access control list (DACL) configuration. We refer to these users as stealthy admins.

Read More

Topics: Credential Compromise, Stealthy Admin, Azure AD Connect, Security Advisory, Microsoft

Evolving Employee Security Measures from “Weak Link” to “Front Line Defense”

Posted by Ajit Sancheti on Dec 1, 2017 8:09:38 AM

It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.

The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.

Read More

Topics: User Behavior, Adaptive Response, Insider Threats, Credential Compromise, Informaton Security

Study Finds Employee Security Habits Reveal Risky Imbalance

Posted by Heather Howland on Nov 16, 2017 5:12:33 AM

Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?

Read More

Topics: CISO, Credential Compromise, Passwords, Insider Threat, CARTA, NIST

How this Retailer Could have Kept my Business with Better IT Security Process

Posted by Heather Howland on Nov 3, 2017 8:24:28 AM

Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.

Read More

Topics: Security Skills, Multi-factor Authentication, Identity Verification, Credential Compromise

Defending Against Credential Compromise (VIDEO)

Posted by Heather Howland on Sep 29, 2017 4:08:12 PM

Credential Compromise has been a leading attack vector for the last five years. There are a variety of ways that attackers can do this. It could be by guessing passwords, phishing emails, spyware,  or even pulling credentials out of memory. To detect and more proactively defend against credential compromise, organizations need to have visibility into identity, behavior and risk as well as the ability to automatically respond or take action when signs of compromise have been detected.

Read More

Topics: Adaptive Response, password brute force, Credential Compromise, Passwords

How to Stop NotPetya and Similar Ransomware from Spreading in the Network

Posted by Yaron Zinar on Jul 5, 2017 2:06:01 PM

NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.

Read More

Topics: Adaptive Response, Credential Compromise, ueba, Ransomware

QakBot, Stop Playing with my Active Directory!

Posted by Eran Cohen on Jun 23, 2017 9:39:32 AM

Really, it’s not just me saying that Active Directory is the crown jewel. It's actually them, the hackers, that de facto target the active directory in almost every advanced attack. They look for domain credentials and administrative accounts, they practice domain reconnaissance, privilege elevation, targeted attacks against the domain controller and more. Their motivation is similar to terror. For example: produce widespread fear, obtain recognition and attention of media, steal money, damage facilities and functionalities. This is why it was not surprising to learn about the QakBot Trojan causing a mess. 

Read More

Topics: Active Directory, Credential Compromise, Passwords, Hacking

35% of Users Have Weak Passwords; the Other 65% can be Cracked

Posted by Eran Cohen on Mar 13, 2017 5:00:00 AM

Password leaks from public breaches help us learn how people think, allow us  to identify patterns and build dictionaries of passwords. As password cracking methods evolve, Upper characters, Lower characters, Special characters and Digits (ULSD) recommendations and password complexity mean less.

Read More

Topics: CISO, Credential Compromise, Passwords

Hardening and Protecting Network Infrastructure with UEBA and Behavioral Firewalls

Posted by Heather Howland on Jan 27, 2017 7:37:33 PM

The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing.  At a recent IT security forum,  I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.  

Read More

Topics: User Behavior, Risk, Multi-factor Authentication, Privileged Accounts, Credential Compromise, ueba, Compliance