Going on the Offense: How to Eliminate Internal Threats

Posted by Heather Howland on Jul 27, 2018 11:57:00 AM

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes. It could be an attacker who has already gotten in and waiting for the right moment to make a move. It could also be an insider threat. It could be a malicious insider looking to do harm to the organization. Or it could be employees who don’t mean any harm but may doing things (knowingly or unknowingly) that could put an organization at risk.

With the perimeter all but dissolved, and as enterprises transition to the cloud, it’s becoming clear that identity, and where there are points of access, is the new perimeter. The challenge for many organizations is how to understand their posture around identity. This requires understanding who is doing what, when, and where, and understanding it across all applications and platforms on prem, in the cloud and in hybrid environments. Having a holistic view of identity--all users, privileges, access patterns and accounts--is becoming more critical in order to be more proactive and to have proper controls over accounts (privileged, user, service, and more) and to being able to protect accounts from compromise.

Read More

Topics: Insider Threats, ueba, CISO, User Behavior, User and Entity Behavior Analytics

We’re #1! And #2, #5, and #6 in Gartner Top 10 Security Projects

Posted by Heather Howland on Jun 19, 2018 1:13:47 PM

At the recent Gartner Security & Risk Management Summit, analysts presented their findings on the top technologies for information security and their implications for security organizations in 2018. At the event Neil MacDonald highlighted Top 10 Security Projects for Security and Risk Management Organizations. He continues by emphasizing that these are projects with real supporting technologies that CISOs should be exploring.

Read More

Topics: CARTA, Threat Detection, ueba, Credential Compromise, Risk

Protecting Service Accounts from Attackers and Insiders (video)

Posted by Heather Howland on Aug 25, 2017 1:30:20 PM

Service Accounts can represent tremendous security risk for enterprises. And many of our customers struggle with how to best identify, control and protect these accounts. Let’s take a closer look at what service accounts are and what organizations can do to protect service accounts from attackers and insiders. 

Read More

Topics: Active Directory, Privileged Accounts, ueba, User and Entity Behavior Analytics

How to Stop NotPetya and Similar Ransomware from Spreading in the Network

Posted by Yaron Zinar on Jul 5, 2017 2:06:01 PM

NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.

Read More

Topics: Ransomware, Credential Compromise, ueba, Adaptive Response

Insider Threat Awareness: A Vital Component of Security Awareness

Posted by Preempt Guest Blogger on Jun 29, 2017 9:59:15 AM

While a 2017 Harvey Nash/KPMG survey of nearly 4,500 CIOs and tech leaders globally found that cyber security vulnerability is at an all-time high, the biggest jump in threats came from insider attacks which increased from 40 percent to 47 percent over the last year. And that’s a modest estimate; reports from an IBM Security survey suggested that 60 percent of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.

Read More

Topics: Insider Threat, Compliance, Passwords, ueba

The Cybersecurity Penalty Box. Yes or No?

Posted by Heather Howland on Jun 9, 2017 10:01:03 AM

Earlier this week, I published an article with ITSP Magazine that discusses a newly brewing concept within Enterprises around penalizing employees for bad security behavior. Can you imagine if your company penalized you for clicking on a phishing link? Or because you bent the security rules in order to get something done more easily?  

Read More

Topics: CISO, Insider Threat, User Behavior, ueba

How Security Operations Can Safely Stop Investigating Benign True Positives

Posted by Eran Cohen on Apr 20, 2017 8:45:19 AM

True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples. 

Read More

Topics: Security Skills, Incident Response, User and Entity Behavior Analytics, ueba

Analyzing User Behavior is the Beginning. How It's Applied is What Really Matters.

Posted by Eran Cohen on Mar 3, 2017 2:59:40 PM

Think about this statement: “Half of the people you know are below average.” In simple terms, it means that statistically most of the people you know are considered to have average intelligence, or just below or above the line. Does this mean they are dangerous? Does it mean you should reconsider your friendship? Let’s not jump to conclusions just yet.

Read More

Topics: ueba, Behavioral Firewall, User and Entity Behavior Analytics, CISO, Use Case

Reducing Incident Management Noise With Your Own Employees

Posted by Eran Cohen on Feb 17, 2017 11:21:58 AM

Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.

Read More

Topics: Incident Response, ueba, Security Skills

Preempt Announces #SecurityGivesBack at RSA Conference 2017

Posted by Heather Howland on Feb 9, 2017 12:05:34 PM

With the RSA Conference 2017 kicking off next week, the entire Preempt team has been excitedly preparing for it. We are looking forward to participating with the who’s who of security vendors and meeting with top security professionals onsite.

Read More

Topics: SecurityGivesBack, Behavioral Firewall, ueba