M&A cyber diligence, talent shortages, and the challenges facing CISOs [Podcast]

Posted by Monnia Deng on Mar 26, 2019 12:35:54 PM

Enterprises are often forced to implement multiple moving parts as the traditional network perimeter is no longer sufficient to protect against modern threats. These disjointed security solutions rarely talk to each other, causing security silos and an overwhelming number of distracting security alerts, Preempt CEO Ajit Sancheti explains in a podcast this week.

Read More

Topics: CISO, Risk

Conditional Access Establishes Trust In the Network

Posted by Heather Howland on Mar 15, 2019 9:46:16 AM

Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United States National Cybersecurity and Communications Integration Center (NCCIC) released late last year. The alert, titled “Using Rigorous Credential Control to Mitigate Trusted Network Exploitation,” outlines recommendations on how to overcome these challenges. In this blog, I’ll discuss how Conditional Access and detection of malicious use of tools and protocols can address the NCCIC’s recommendations.  

The alert provides information on how Advanced Persistent Threat (APT) actors are using multiple mechanisms to acquire legitimate user credentials. Once acquired, attackers can use the credentials to exploit trusted network relationships, in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Some of the suggested NCCIC best practices for administrators to mitigate these threats include rigorous credential controls and privileged-access management, as well as remote-access control and audits of legitimate remote-access logs.

Read More

Topics: User Behavior, Risk, Multi-factor Authentication, Privileged Accounts, APT, User and Entity Behavior Analytics, Credential Compromise, Compliance

Three Ways to Limit the Cybersecurity Impact of the Government Shutdown

Posted by Monnia Deng on Jan 25, 2019 10:25:25 AM

UPDATE (Jan. 25): Recent news reports state a deal has been reached to re-open the federal government through Feb 15. The issues outlined in this blog continue to apply to public and private sector organizations.

As many of you may have read in the news recently, the government shutdown has had a negative impact on both federal and enterprise security. Krebs on Security has reported possible consequences of the government shutdown on the talent pool, such as federal employees actively being recruited by the private sector, as well as delays on security clearances. Duo Security’s news arm, Decipher, has also done a great job laying out potential government shutdown impacts on enterprise security, including delays on NIST guidelines and standards, and closure of FIPS validation sites.

Read More

Topics: Risk, Credential Compromise, Hacking

It’s Time to Get Proactive on Energy Sector Security

Posted by Wade Williamson on Dec 10, 2018 12:58:25 PM

The 2010 discovery of the Stuxnet worm was one of the truly seminal moments in the world of cybersecurity. The world saw firsthand how malicious code could cause crippling damage to physical assets. Virtually every industry had to stop and take notice, and none more so than the energy sector.

Read More

Topics: Risk, Hacking

The Security Risks of NTLM: Proceed with Caution

Posted by Yaron Zinar on Oct 18, 2018 10:50:00 AM

NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows machines and servers. Even though it has not been the default for Windows deployments for more than 17 years, it is still very much in use, and I have not yet seen a network where it has been completely abandoned. In fact, it also supported by the latest version of Active Directory.

Read More

Topics: Risk, Active Directory, NTLM, kerberos

Three Lessons You Can Learn from A Recent Security Breach

Posted by Heather Howland on Sep 12, 2018 4:23:43 PM

After an organization has been breached, one of the most critical steps to take is to determine the root cause and to take active steps to more proactively protect the business. Recently, Preempt was brought in to help a Fortune 500 company with a critical internal threat situation. A malicious actor was able to move laterally within the company’s environment, threatening its international brand, financials and customer relationships. Capitalizing on lessons learned during and after incident response provides immediate and long-term benefits to prevent future breaches. These takeaways can also provide valuable advice for other companies who are looking to improve their security posture and prevent business critical attacks. Here, we’ll share the story and outline the top three lessons.

Read More

Topics: Risk, User Risk

We’ve raised $27.5 million: How Preempt’s funding validates Identity and Access Threat Prevention

Posted by Ajit Sancheti on Jun 27, 2018 6:19:47 AM

Preempt began with a basic premise: Effective security within an enterprise should combine threat detection and real time response within a single solution. As enterprises transition to the cloud and the perimeter disappears, identity is the new perimeter. If identity is the new perimeter, access management from a security standpoint can lead to effective threat prevention. That simple but powerful idea was the genesis of Preempt and has given us the opportunity to solve challenging security problems for our customers.

Read More

Topics: Risk, Threat Detection, Adaptive Threat Prevention

How to Strengthen Your Cyber Security DNA

Posted by Heather Howland on Jun 21, 2018 12:32:39 PM

Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information.  With so many diverse systems its difficult to utilize them in a coordinated and timely way.

Read More

Topics: Risk, Insider Threat, Identity, Adaptive Threat Prevention, Integration

We’re #1! And #2, #5, and #6 in Gartner Top 10 Security Projects

Posted by Heather Howland on Jun 19, 2018 1:13:47 PM

At the recent Gartner Security & Risk Management Summit, analysts presented their findings on the top technologies for information security and their implications for security organizations in 2018. At the event Neil MacDonald highlighted Top 10 Security Projects for Security and Risk Management Organizations. He continues by emphasizing that these are projects with real supporting technologies that CISOs should be exploring.

Read More

Topics: Risk, Credential Compromise, ueba, Threat Detection, CARTA

How do you sell risk?

Posted by Matt Culbertson on Jun 14, 2018 9:17:01 AM

It’s a Silicon Valley* refrain: Risk is better than regret. But does that motto sell?

Read More

Topics: Risk, Identity, Informaton Security