Why Insider Threat Denial is Everyone’s Problem

Posted by Eran Cohen on Sep 11, 2019 4:54:19 AM

People don’t like to admit when they’re wrong. And really, who can blame them? Being wrong is uncomfortable, anxiety-inducing, and embarrassing. These are all feelings that people try their best to avoid.

One of the most common methods for avoiding them is denial, or the unwillingness to accept something as truth. This isn’t a blog explicitly about human psychology, but it is about a dangerous cybersecurity problem rooted in it: insider threat denial syndrome.

Read More

Topics: Insider Threats, Credential Compromise, Insider Threat

Red Flag Alert: Service Accounts Performing Interactive Logins

Posted by Monnia Deng on Aug 29, 2019 1:32:26 PM

In the world of account security, we often focus on end user accounts as the weak vector vulnerable to attackers. 

On the contrary, we at Preempt see something that happens just as frequently: failing to limit exposed and vulnerable service accounts. Service accounts often differ from end user accounts in that they usually have higher privileges that are used to control or call applications and services. As a result, looking for key indicators of compromise of your service accounts should be at the forefront of your network security strategy.

Read More

Topics: Privileged Accounts, Active Directory, Credential Compromise, Passwords, Insider Threat, Black Hat, Lateral Movement, Stealthy Admin

Reducing Investigation Time: How to Quickly Parse True Positives

Posted by Eran Cohen on Aug 20, 2019 10:45:00 AM

In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the security ops team.

Non-malicious True Positives pose the most headaches for SOC teams because they waste valuable time that could have been better spent investigating a malicious True Positive or even worse: a False Negative. However, it’s a highly manual process to parse non-malicious True Positives from the malicious. The process demands a significant amount of time, resources, and expertise from an already busy, overworked Security Ops team whose time is better used for consequential, high-impact tasks and projects.

Read More

Topics: Threat Mitigation, User Behavior, Adaptive Response, Identity Verification, Incident Response, Insider Threat, Adaptive Threat Prevention, Conditional Access

Security Weekly Interview: Securing Identity With Conditional Access

Posted by Monnia Deng on Jul 23, 2019 11:31:17 AM

Organizations often have incomplete views of who is accessing what, when, where and how across multiple applications and systems. Understanding a user and their behavior is critical to understanding corporate security risk. In an interview in Security Weekly's Business Security Weekly July 22 podcast, Preempt CEO Ajit Sancheti explains why organizations need to secure identity with conditional access, which allows security teams to take the appropriate remediation steps based on the level of risk.

Read More

Topics: Identity Verification, Incident Response, Insider Threat, Identity, Conditional Access

Empowering Employees to Reduce Security Incidents

Posted by Eran Cohen on Jul 2, 2019 11:15:00 AM

In the hustle and bustle of our modern world, we can all get easily lost in the noise. One kind of noise is most frustrating for security teams: the noise of security incidents. With more and more data feeds into your security analytics products, it seems like we are creating more problems for ourselves with the all of the alerts and not enough manpower. 

Read More

Topics: Adaptive Response, Multi-factor Authentication, Identity Verification, Credential Compromise, ueba, Incident Response, Threat Detection, Insider Threat, Conditional Access

Taming Network Chaos By Understanding User Behavior

Posted by Eran Cohen on May 20, 2019 3:31:17 PM

Enterprises are badly burned by security tools that don’t work. When they finally see a solution that does what it purports to do, the shock is palpable.

Read More

Topics: User and Entity Behavior Analytics, ueba, Incident Response, Threat Detection, Insider Threat, Identity, Adaptive Threat Prevention, Security Efficiency

Podcast: Addressing Credential Compromise and Insider Threats Requires a New Security Approach

Posted by Matt Culbertson on Mar 6, 2019 10:59:25 AM

How can you secure an organization by using identity, behavior and risk? Preempt CEO Ajit Sancheti recently conducted an interview with Blog Talk Radio on how the enterprise perimeter is eroding - and what to do about it. Identity and Access Threat Prevention is a critical component of an effective enterprise cybersecurity, and as Ajit explains, a strategy that combines holistic visibility and real-time enforcement addresses the complex nature of today’s enterprise IT environments.

Read More

Topics: Insider Threat

You Failed Your Pen Test: How Can You Reduce Your Attack Surface?

Posted by Heather Howland on Nov 9, 2018 4:04:03 PM

Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When pen testers are able to carve through your defenses at will, it can be discouraging and hard to know where to start.

Read More

Topics: Threat Mitigation, Hacking, Insider Threat

How to Strengthen Your Cyber Security DNA

Posted by Heather Howland on Jun 21, 2018 12:32:39 PM

Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information.  With so many diverse systems its difficult to utilize them in a coordinated and timely way.

Read More

Topics: Risk, Insider Threat, Identity, Adaptive Threat Prevention, Integration

Study Finds Employee Security Habits Reveal Risky Imbalance

Posted by Heather Howland on Nov 16, 2017 5:12:33 AM

Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?

Read More

Topics: CISO, Credential Compromise, Passwords, Insider Threat, CARTA, NIST