dcsimg

An ethical hack reveals endpoint security vulnerabilities

“Know thy enemy and know yourself; in a hundred battles, you will never be defeated.” ~ Sun Tzu, The Art of War Sun Tzu’s advice is as applicable in cyber security as it is in battle. He warns, “When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every … [Read more...]

Hardening Windows Endpoints Against Cyber Attack: Part II

In Part I of the blog series, Hardening Windows Endpoints Against Cyber Attack, I covered the first three steps of an ethical hack. Step 0: Pre-Engagement Step 1: Passive Recon Step 2: Active Recon Now the run really begins. In this blog post, you’ll learn how to put all the knowledge you gained during the planning and reconnaissance steps into action. Let’s walk through the next steps: Step 3: … [Read more...]

Hardening Windows Endpoints Against Cyber Attack: Part I

To secure Windows endpoints against cyber attacks, it helps to think like a cyber criminal. Cyber criminals look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access to sensitive information. As part of the ethical hacking community, my ultimate goal is to help you secure your organization. … [Read more...]

The paradigm of effective database security is drastically changing

The transition to cloud computing revolutionizes information technology and the delivery, management, and securing of data. Organizations are rapidly adopting cloud computing, but the evolution is ongoing, with many organizations keeping their mission-critical applications on site. There is one common concern in all organizations: security While migration to the cloud may be a cost-effective … [Read more...]

9 Cloud Security Best Practices Your Organization Should Follow

Transitioning to the cloud is one of the most significant technology shifts your company will face. Last year, over 80% of organizations operating in the cloud experienced at least one compromised account each month, stemming from external actors, malicious insiders, or unintentional mistakes. The specifics of cloud security activities may vary depending on your cloud platforms and use cases, … [Read more...]

How Recent Analyst Research can Help You Find the Right PAM Vendor

According to recent technology buying decision research sponsored by Thycotic, a significant number of executives, IT security and operations teams look primarily to the advice of independent analysts when evaluating a PAM or PIM solution that would work best for their organizations. That means independent analysis becomes very important in identifying vendors that belong on your short list for … [Read more...]

How to Expedite Discovery of Service Accounts for Onboarding into Service Account Governance

Service accounts, by their nature, can take on a life of their own. They’re rarely tied to a human owner if managed at all, so service account sprawl takes over and organizations’ privileged account attack surfaces can expand almost beyond measure. And with almost all medium to large organizations unable to pull service accounts into a standardized governance cycle, there’s a ton of risk, too. The … [Read more...]

Ensuring Database Security in the DevOps Pipeline with Dynamic Secrets

The traditional “vault-and-forward” method for secrets management means a user or application authenticates to the vault and then gets access to the secrets they need. The fundamental problem is once those secrets are out of the vault, it is extremely difficult to ensure their safety. In the case of an application, the ways Secrets can be leaked is almost infinite. There is the code your team … [Read more...]

What does world-class Identity Governance look like?

Identity governance is a critical foundational practice required to secure and manage privilege and access across the enterprise. Organizations are required to demonstrate an enterprise identity governance program that complies with nearly every significant compliance audit for almost every industry. Identity governance programs are typically deployed as part of the security stack that includes … [Read more...]

Rising to the Modern PAM Challenge

What drives change in the security space? Either a significant shift in the business environment disrupts how people work, or technology advancements impact the attack surface. Today, security teams are facing both challenges. Remote work is here to stay. No company that I’ve talked with has plans to bring the full workforce back to the office any time soon, if ever. Meanwhile, users are … [Read more...]