You read that right. In a shameless reference to the Office, I want to be the JIM to your PAM. Jim and Pam’s relationship was undeniable from the start: both of them had a mutual understanding and fit. While they constantly denied their relationship, it was evident that being together made them stronger and better.
It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector [a free security tool available to download here] to help you focus on the most important security issues you might be facing.
Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credentials are at the heart of most all modern attacks and breaches. Attackers can easily obtain credentials via phishing attacks, brute force, keyloggers, pass-the-hash techniques, or using a database of previously stolen credentials. And once an account is compromised, the attacker can see and do anything that is allowed for that user or account.
“We are delighted to announce that starting January 1st, all frontal services provided by our company will be given by male representatives.” Wait, what?
The management of privileged users and accounts is one of the most important tasks for any security organization. Unfortunately, for many organizations, understanding who their privileged users actually are and what they have access to is a black hole. With the risks posed by cyberattacks and breaches, the need for monitoring and actively managing this important group is critical in order to keep the bad guys from breaking in and preventing abuse. The Anthem security breach taught us just how serious privileged access breaches can be.
On every Windows machine, you will find there is a local administrator user, usually descriptively named “Administrator.” This user exists by default. It is there because the machine requires at least one administrator when it is first installed. For the most part, machines in an organization are managed by the domain administrator (once the machine is added to the domain, the domain administrator is also an administrator for that machine), and the local administrator is used in times of “crisis” - when there’s no network access, but physical access is available.
The macro trend for IT security professionals is shifting. The security risk of insider threats is real and has become of equal importance to organizations. Insider threats take many forms - from employees bending the rules to get their jobs done more efficiently, to unhappy employees with malicious intent, to workers who unintentionally install malware, and even 3rd party vendors or partners that don’t follow security policies.