dcsimg

Privileged Identity Management (PIM) and Identity-Centric Security Controls

The number of identities in the enterprise is exploding. Gaining control of identities related to people as well as machines is a challenge for many organizations. You need to know who your users are and what they do. If you experience a security incident, you must be able to reverse engineer who did what in order to meet compliance requirements and make sure it doesn’t happen again. Therefore, … [Read more...]

Securing and Hardening Linux and Unix Endpoints Against Cyber Attack: Part IV

This post is part of a series on securing your endpoints against cyber attacks. Read: Part I | Part II | Part III | Part IV How Secure are your Linux Endpoints? An Ethical Hacker’s Guide to Securing and Hardening Linux and Unix Endpoints Welcome to the next post in our series on hardening and protecting endpoints. In Part I, Hardening Endpoints Against Cyber Attack, we covered these … [Read more...]

Securing and Hardening Linux and Unix Endpoints Against Cyber Attack: Part III

This post is part of a series on securing your endpoints against cyber attacks. Read: Part I | Part II | Part III | Part IV Coming Soon How Secure are your Linux Endpoints? An Ethical Hacker’s Guide to Securing and Hardening Linux and Unix Endpoints Welcome to the next post in our series on hardening and protecting endpoints. In Part I, Hardening Endpoints Against Cyber Attack, we covered … [Read more...]

Active Directory Security and Hardening: An Ethical Hacker’s Guide to Reducing AD Risks

Approx. reading time: 8-10mins  This blog is intended for: IT and System Admins IT Security IT Auditors Pen Testers Tech Geeks Anyone moving into a career in Cybersecurity Skip to most common Active Directory misconfigurations In this post, we’re going to focus on common cyber-attacks that target Active Directory (AD). Active Directory is deployed across many … [Read more...]

Defense-in-depth with Overlapping Rings of Endpoint Security

Defense-in-depth with overlapping rings of endpoint security When a cyber criminal wants to break into your network, the number one way they succeed is by attacking endpoints. Cyber criminals break into one endpoint and then use the passwords found there, and the privileges they provide, to move laterally from the endpoint onto your network. Endpoint Privilege Management (EPM) can keep exploits … [Read more...]

Enterprise Endpoint Management is a must when all users are privileged users

A newly released eBook, The Definitive Guide to Endpoint Privilege Management (EPM), makes a strong case for why vulnerable endpoints must be secured from the perspective that all users are privileged users. In the guide’s Foreword, I emphasize that user identity has become the new “perimeter” of cyber security. That’s because a single compromised credential on a home desktop, laptop, or mobile … [Read more...]

An ethical hack reveals endpoint security vulnerabilities

“Know thy enemy and know yourself; in a hundred battles, you will never be defeated.” ~ Sun Tzu, The Art of War Sun Tzu’s advice is as applicable in cyber security as it is in battle. He warns, “When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every … [Read more...]

Hardening Windows Endpoints Against Cyber Attack: Part II

In Part I of the blog series, Hardening Windows Endpoints Against Cyber Attack, I covered the first three steps of an ethical hack. Step 0: Pre-Engagement Step 1: Passive Recon Step 2: Active Recon Now the run really begins. In this blog post, you’ll learn how to put all the knowledge you gained during the planning and reconnaissance steps into action. Let’s walk through the next steps: Step 3: … [Read more...]

A look behind the scenes of a Wi-Fi Hack: What are the secrets?

You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The low hum of people chatting is welcome, after months of isolation. The logon page appears as you search for the Wi-Fi in your settings. Despite the security risks of free Wi-Fi, 81% of people readily connect What you don’t know is the backpack … [Read more...]

Least Privilege Examples, as told by the Three Ghosts of “A Christmas Carol”

With the holiday season upon us, it’s a good time to settle down with a beloved story. I re-watched the Charles Dickens classic, A Christmas Carol, the other day (well, actually it was Scrooged with Bill Murray, of course) and found myself thinking about the parallels with cyber security. Really, I did. In the story, Ebenezer Scrooge is first visited by the Ghost of Christmas Past. They watch … [Read more...]