With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?

Posted by Matt Culbertson on Jan 18, 2019 1:38:10 PM

What password would you use for a bank account soon to be worth $120 million?

Read More

Topics: Credential Compromise, Passwords

Enterprises continue to suffer from poor password hygiene and a lack of visibility & control over privileged users

Posted by Yaron Zinar on Dec 19, 2018 6:08:06 AM

It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector [a free security tool available to download here] to help you focus on the most important security issues you might be facing.

Read More

Topics: Privileged Users, Insider Threats, Passwords, Stealthy Admin

Is Your Organization at Risk Because a Local Administrator Has a Weak Password?

Posted by Marina Simakov on Dec 18, 2018 7:32:55 AM

In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a special inquiry had taken place, revealing that SingHealth had several security gaps and vulnerabilities which could have easily been exploited by attackers, including a local administrator account with a very weak password (P@ssw0rd). In fact, one of the ways which enabled the attackers to move laterally in the network was by using compromised Citrix local accounts.

Read More

Topics: Passwords, Stealthy Admin

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: User Behavior, Adaptive Response, Identity Verification, Passwords, Compliance, PCI

Fixing Account Lockouts With Adaptive Policies

Posted by Wade Williamson on Jan 4, 2018 7:21:22 AM

Dealing with account lockouts is one of the unhappy facts of life for many IT teams. And while  resolving lockouts isn’t particularly difficult, it is the sheer volume of incidents that often weighs down IT teams. In fact a recent survey found that ⅓ of IT and Support tickets are tied to password resets and account lockouts.

Read More

Topics: Adaptive Response, Passwords, Compliance

Study Finds Employee Security Habits Reveal Risky Imbalance

Posted by Heather Howland on Nov 16, 2017 5:12:33 AM

Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?

Read More

Topics: CISO, Credential Compromise, Passwords, Insider Threat, CARTA, NIST

Preempt Inspector Discovers Stealthy Admins to Help Organizations Reduce Risk

Posted by Avi Kama on Nov 10, 2017 9:18:41 AM

This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.

Read More

Topics: Risk, Active Directory, Passwords, Stealthy Admin

Defending Against Credential Compromise (VIDEO)

Posted by Heather Howland on Sep 29, 2017 4:08:12 PM

Credential Compromise has been a leading attack vector for the last five years. There are a variety of ways that attackers can do this. It could be by guessing passwords, phishing emails, spyware,  or even pulling credentials out of memory. To detect and more proactively defend against credential compromise, organizations need to have visibility into identity, behavior and risk as well as the ability to automatically respond or take action when signs of compromise have been detected.

Read More

Topics: Adaptive Response, password brute force, Credential Compromise, Passwords

Password Policy Gets a Reset

Posted by Wade Williamson on Sep 22, 2017 2:26:27 PM

In a recent blog, we discussed how attackers typically follow the path of least resistance. In enterprises, this almost always involves seeking out weak passwords. Data from Verizon’s Data Breach investigation Report certainly bears this out, where they found that nearly 2/3s of breaches involved the use of weak, default, or stolen credentials. As much as the industry likes to focus on nation-state attackers and obscure 0-days, the fact remains that most battles are lost due to a lack of basic password hygiene in the network.

Read More

Topics: Passwords, Compliance, NIST

Reduce Harm by Refocusing on the Basics

Posted by Eran Cohen on Aug 11, 2017 10:22:02 AM

Full disclosure: I wasn’t physically at BlackHat 2017. But my colleagues who attended told me about the keynote by Alex Stamos, CSO at Facebook.

Read More

Topics: CISO, Risk, Passwords, Identity, Informaton Security