One Organization's Dilemma: Adding Security for Cloud Apps With Less User Disruption

Posted by Phil Meneses on May 31, 2018 1:42:59 PM

Late last year, we began conversations with the Tuck School of Business at Dartmouth College about their current security concerns. Like many organizations, a portion of their workloads are moving from on-premises to the cloud. One of the big concerns about moving to the cloud is how to secure infrastructure as companies currently do from within the defined perimeter of their internal network. They also needed to provide added security without heavily impacting the end user (students, faculty, and staff) experience. Because these are common concerns for many other organizations, I’d like to share how we helped this customer overcome these security concerns.

Read More

Topics: Cloud, ADFS, Multi-factor Authentication, Microsoft

From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP

Posted by Eyal Karni on Mar 13, 2018 10:05:15 AM

 In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a critical vulnerability that was discovered by Preempt. This vulnerability can be classified as a logical remote code execution (RCE) vulnerability. It resembles a classic relay attack, but with a nice twist: It is related to RSA cryptography (and prime numbers) which makes it quite unique and interesting.

Read More

Topics: Microsoft, Security Advisory, Black Hat, Hacking, kerberos, RDP, Multi-factor Authentication

How this Retailer Could have Kept my Business with Better IT Security Process

Posted by Heather Howland on Nov 3, 2017 8:24:28 AM

Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.

Read More

Topics: Multi-factor Authentication, Credential Compromise, Identity Verification, Security Skills

Stopping Breaches Requires Asking the Right Questions

Posted by Wade Williamson on Oct 26, 2017 4:07:21 PM

In a very short period of time, machine learning (ML) has had a major impact on the field of cybersecurity. Machine learning has proven to be adept at finding threats in ways that traditional signatures never could, whether detecting malware, finding vulnerabilities, or recognizing when a trusted employee has been compromised by an attacker.

Read More

Topics: Adaptive Response, Multi-factor Authentication

Remove the Barriers: How to Easily Expand MFA to Enterprise Applications

Posted by Heather Howland on May 23, 2017 6:00:00 AM

Earlier this year, Teen Vogue wrote an article in its magazine about why their readers should adopt Two-factor (2FA) or Multi-factor Authentication (MFA) for any of their applications or accounts that offer it. Why is this relevant? Because according to the Verizon Data Breach Investigations report, 63% of data breaches start with cracked or stolen passwords.  The fact that we are promoting and providing education around cyber-security to our teens today says a lot.

Read More

Topics: Application Security, Multi-factor Authentication

Hardening and Protecting Network Infrastructure with UEBA and Behavioral Firewalls

Posted by Heather Howland on Jan 27, 2017 7:37:33 PM

The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing.  At a recent IT security forum,  I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.  

Read More

Topics: Risk, ueba, User Behavior, Privileged Accounts, Credential Compromise, Multi-factor Authentication, Compliance

7 Best Practices for Fighting Corporate IT Security Risks

Posted by Ajit Sancheti on Nov 28, 2016 1:37:14 PM

Even though Cyber Security Awareness month has passed, it is important to remain diligent and and stay aware to defend yourself from threats. I recently worked with CSO Magazine to put together a series of best practices that organizations and their users should follow (both in and out of the corporate network) to minimize threats and reduce risk.

While IT security education may be part of an organization’s onboarding process, many people still don’t realize that they shouldn’t open an email from an unidentified source, or even those from a friend or coworker that have uncharacteristic links or text. And inevitably they still do.

Read More

Topics: CISO, Risk, Multi-factor Authentication, Identity Verification

Finding Nirvana: Preventing Threats vs Disrupting Business

Posted by Boris Danilovich on Sep 15, 2016 11:41:29 AM

As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure.” As Enterprises continue to build out and reinforce their IT security strategy, a keen eye is being put toward “preventative” solutions. With the rise in insider threats and compromised credentials, this is no surprise.

Read More

Topics: Insider Threats, Multi-factor Authentication, Security Skills

Demise of SMS 2-Factor Authentication Opens Door for More Secure Authentication

Posted by Heather Howland on Jul 29, 2016 7:00:00 AM

There have been several articles in the last couple days that talk about NIST’s latest Digital Authentication Guidelines (DAG) draft which is indicating SMS for 2-Factor Authentication is nearing the end. Given its popularity it’s creating a lot of conversation.  And lots are asking what this could mean for the Enterprise. 

Read More

Topics: User Behavior, Multi-factor Authentication, SMS, Biometrics