dcsimg

5 Most Popular Password Cracking Tools: Protect Your Enterprise

Passwords. How on earth did we get here?  They’ve been around for so many years and yet there’s still so much to be said about them. In most organizations passwords are what make the difference between keeping cyber criminals out—and falling victim to a cyber-attack. And for the multitude of applications, systems and infrastructure of so many organizations, the only security control … [Read more...]

Privileged Access Management: The Great Cloud Migration

Migrating your PAM instance to the cloud can look from the outset like a pretty daunting task. How, exactly, do you go about transporting what may be years of data and highly sensitive information to a new home? It’s often said that migrating to the cloud is like moving houses, and that’s one of the most stressful life events you can go through. You prepare for a move as best you can, pile your … [Read more...]

8 Signs you’re outgrowing your PAM System and what to do next

Growth is a great problem to have. Suddenly you’re onboarding lots of people, launching products and signing off on new projects. It can also be stressful. Your company is looking to you to keep IT systems running smoothly and securely.  As your company grows, the security tools you’ve been using need to keep up with constant change.  With more work for everyone, automation becomes more … [Read more...]

PAM and AWS: Keeping pace with AWS privileged accounts

Amazon Web Services (AWS) gives IT and development teams tools to move fast and change direction on a dime. Privileged accounts for AWS resources are created quickly and may be abandoned just as quickly. With such a fluid process, it’s difficult for security teams to stay on top of how many privileged accounts have access to AWS, make sure they’re set up properly, and remove them when they’re no … [Read more...]

How to protect service accounts without losing your mind: Automated tools!

Here at Thycotic, we are always banging the drum on the importance of securing privileged access. Early in 2019, we got a glimpse of what can happen if you don’t when more than 100 million credit applications at Capital One were stolen by an individual in a security breach that involved a web service and compromised privileged account. The attacker apparently got into the network through a … [Read more...]

The robots are here. Actually, they’ve been here for a while

Every team across your organization is looking for ways to free up more time. In the past year, Robotic Process Automation (RPA) has exploded as a new way to remove tedious, repetitive tasks from the shoulders of humans and give them to—you guessed it—robots. RPA essentially creates a non-person account—a “bot”—that mimics the activities of a user. The bot accesses the user’s computer and … [Read more...]

Service Account 201: Service Accounts in the Cloud

I wrote about the basics of service account management in Back to Basics: Service Account Management 101.  Before I dive into service accounts in the cloud, here’s a quick recap of that post. A quick recap on Service Accounts 101 What exactly are service accounts and why are they needed?  Most organizations have two types of accounts that are used for authentication and authorization. The … [Read more...]

SSH proxies vs. jump hosts—how to save time and spend less

Security practices are constantly evolving. What might have been considered a state-of-the-art approach ten or even five years ago is no longer defined as a best practice.     In the case of securing Remote Desktop Protocol (RDP), PAM practices have followed this pattern of evolution. What was once a common way of securing RDP—jump hosts—is still a valid approach some companies prefer. However, … [Read more...]

Trick or Treat? Stay safe during National Cybersecurity Awareness Month in October, and beyond

Ah, October! Summer has officially come to an end and we’ve quickly moved on to jumpers, football, and pumpkin everything. October is also National Cybersecurity Awareness Month. The theme for 2019 is “Own IT. Protect IT. Secure IT.”  But it needn’t be scary, and the tricks or treats you get at the end of the month should be the fun and entertaining variety—not something that poses a risk to … [Read more...]

Can PAM and Zero Trust Coexist?

What is Zero Trust and why was it introduced? The concept of Zero Trust isn’t new; the term was coined by Forrester back in 2010 and was initially synonymous with a network security approach known as micro-segmentation. Micro-segmentation is a way to create secure zones in data centers and cloud deployments that allow you to isolate workloads and protect them individually. This approach is … [Read more...]