Preempt began with a basic premise: Effective security within an enterprise should combine threat detection and real time response within a single solution. As enterprises transition to the cloud and the perimeter disappears, identity is the new perimeter. If identity is the new perimeter, access management from a security standpoint can lead to effective threat prevention. That simple but powerful idea was the genesis of Preempt and has given us the opportunity to solve challenging security problems for our customers.
Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information. With so many diverse systems its difficult to utilize them in a coordinated and timely way.
At the recent Gartner Security & Risk Management Summit, analysts presented their findings on the top technologies for information security and their implications for security organizations in 2018. At the event Neil MacDonald highlighted Top 10 Security Projects for Security and Risk Management Organizations. He continues by emphasizing that these are projects with real supporting technologies that CISOs should be exploring.
I’ve heard it many times from customers: “IT Security needs to be transparent to users in order to be successful.” Unfortunately, we are now in a digital age where things have dramatically changed and research has shown over and over that credential compromise is the top way that hackers breach an organization.
Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.
This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.
The New York State Department of Financial Services (NYDFS) has recently enacted new cybersecurity regulation aimed at protecting financial services organizations and their data. The new regulation known as 23 NYCRR 500 actually went into effect earlier in the year, but the 180-day transition period ended on August 28th, meaning organizations now need to be officially in compliance. Of course financial services CISOs are no strangers to regulation, having to already comply with a dizzying array of control frameworks including NIST, COBIT, SSAE and specific regulations such as PCI-DSS and SEC OCIE just to name a few.
Full disclosure: I wasn’t physically at BlackHat 2017. But my colleagues who attended told me about the keynote by Alex Stamos, CSO at Facebook.
Gartner’s 2017 Security Summit began this week with a keynote from Neil MacDonald, Eric Ahlm and Ramon Krikken introducing a new charter that will transform all areas of information security moving forward. They introduced a new strategic approach called CARTA* – Continuous Adaptive Risk and Trust Assessment.