How Identity, Behavior & Risk Enable Security in the New Digital Age

Posted by Ajit Sancheti on Dec 7, 2017 6:07:51 AM

Enterprises are deploying more cloud services, embracing DevOps, leveraging on-premises applications and exploring other productivity and cost optimization solutions. As a result, it is becoming harder for them to know who within the organization has access to what and how that access is being used or, as we found out in our latest survey, being misused.

Read More

Topics: User Behavior, Adaptive Response, Risk, CARTA, Identity

Preempt Inspector Discovers Stealthy Admins to Help Organizations Reduce Risk

Posted by Avi Kama on Nov 10, 2017 9:18:41 AM

This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.

Read More

Topics: Risk, Active Directory, Passwords, Stealthy Admin

Becoming NYDFS Compliant With Preempt

Posted by Wade Williamson on Oct 6, 2017 12:17:29 PM

The New York State Department of Financial Services (NYDFS) has recently enacted new cybersecurity regulation aimed at protecting financial services organizations and their data. The new regulation known as 23 NYCRR 500 actually went into effect earlier in the year, but the 180-day transition period ended on August 28th, meaning organizations now need to be officially in compliance. Of course financial services CISOs are no strangers to regulation, having to already comply with a dizzying array of control frameworks including NIST, COBIT, SSAE and specific regulations such as PCI-DSS and SEC OCIE just to name a few.

Read More

Topics: Risk, Compliance, continous monitoring

Reduce Harm by Refocusing on the Basics

Posted by Eran Cohen on Aug 11, 2017 10:22:02 AM

Full disclosure: I wasn’t physically at BlackHat 2017. But my colleagues who attended told me about the keynote by Alex Stamos, CSO at Facebook.

Read More

Topics: CISO, Risk, Passwords, Identity, Informaton Security

CARTA - The Evolution of IT Security Beyond Black and White

Posted by Ajit Sancheti on Jun 16, 2017 10:04:54 AM

Gartner’s 2017 Security Summit began this week with a keynote from Neil MacDonald, Eric Ahlm and Ramon Krikken introducing a new charter that will transform all areas of information security moving forward. They introduced a new strategic approach called CARTA* – Continuous Adaptive Risk and Trust Assessment.

Read More

Topics: CISO, Adaptive Response, Risk, CARTA

Top IT Security Trends for Law Firms at LS-ISAO

Posted by Ajit Sancheti on May 3, 2017 8:05:28 AM

Last week, I had the opportunity to spend a day at a Legal Services Information Sharing & Analysis Organization(LS-ISAO) workshop in New York City, hosted by a leading law firm. Close to 100 security professionals from law firms around the country participated. While most law firms have small dedicated security teams, what was apparent from the beginning was that the challenges ahead of them were not small.

Read More

Topics: CISO, Risk, Law Firms, Insider Threat

The Dangers of Bending the Security Rules to Get Things Done

Posted by Heather Howland on Jan 20, 2017 1:58:56 PM

The other day I was speaking to a good friend of mine. He’s an executive consultant working for a large Fortune 1000 organization. As we are talking I realize that he has access to a lot of highly sensitive information that if exposed could be rather damaging to the company. He was lamenting to me how he needed to get access to some data on one of the servers but IT blocked him from accessing it until he completed a mandatory online “IT Security Awareness” training.

Read More

Topics: User Behavior, Risk, User Risk, Credential Compromise, ueba

7 Best Practices for Fighting Corporate IT Security Risks

Posted by Ajit Sancheti on Nov 28, 2016 1:37:14 PM

Even though Cyber Security Awareness month has passed, it is important to remain diligent and and stay aware to defend yourself from threats. I recently worked with CSO Magazine to put together a series of best practices that organizations and their users should follow (both in and out of the corporate network) to minimize threats and reduce risk.

While IT security education may be part of an organization’s onboarding process, many people still don’t realize that they shouldn’t open an email from an unidentified source, or even those from a friend or coworker that have uncharacteristic links or text. And inevitably they still do.

Read More

Topics: CISO, Risk, Multi-factor Authentication, Identity Verification

Top 4 Security Themes from Financial CISOs - Insider Threat a Universal Priority

Posted by Ajit Sancheti on Oct 28, 2016 8:35:50 AM

This week, Preempt had the opportunity to participate in the annual FS-ISAC Fall Summit 2016 in Nashville, TN.  FS-ISAC ( which stands for Financial Services Information Sharing and Analysis Center) is the financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. The Fall Summit brought together over 700 C-level and Sr-level financial services professionals as well as Security executives across the globe to discuss the latest information on threats, sharing of best practices and trends across the sector.

Read More

Topics: CISO, Risk, Insider Threats