Could basic password security practices have helped prevent the latest Equifax lawsuit?

Fallout from the 2017 Equifax data breach is back in the news as a new class-action suit consolidated 373 previous lawsuits into one. Unlike previous lawsuits filed by Equifax customers, the latest action comes from shareholders that allege the company didn’t adequately follow or disclose security practices, including poor password management. If you google, “what is the most common password?” … [Read more...]

Privileged Access Management Best Practices

For the past two years, Gartner has named privileged access management (PAM) the top IT security priority. Privileged account credentials for domain admins, service, application, and root accounts are valuable targets. When attackers gain these credentials, they can exploit your most sensitive information and critical systems. Privileged access gives them power to alter data, change configurations … [Read more...]

Before the Breach: Leveraging PAM and VPAM solutions to protect privileged credentials

CISOs and their security teams have an impossible task; they must predict the most urgent threats posed to their organizations, then prioritize investments in technology solutions to defend against those threats. While it’s impossible for any organization to defend against every conceivable type of cyberattack, understanding basic threat vectors and vulnerabilities is critical, and the time to … [Read more...]

Service Account Governance: Reduce your attack surface with Account Lifecycle Manager

Service accounts abound in every organization. Failure to manage them leads to significant risk. This has been a critical issue for organizations that use Active Directory and have grown to a level that accounts can no longer be managed by hand. Almost all medium to large organizations suffer from extreme service account sprawl, perpetuating the unmanaged, uncontrolled expansion of their … [Read more...]

Building a PAM business case: cost-justifying privileged access management projects

Most IT or security projects require a formal approval process, and that often includes a written business case. An IT business case document can vary from a simple one-page write-up to a full-blown justification paper with detailed cost and return-on-investment calculations. Many organizations have standard business case templates, but here’s what type of information a business case generally … [Read more...]

How to Find Your Best Match Among Privileged Access Management Vendors

So, you want to bring on a Privileged Access Management (PAM) solution and you’re either selecting a vendor for the first time, or you may be “upgrading” from a typical password manager software product.  In any case, you’re probably looking for several PAM capabilities, as well as how best to deploy your proposed PAM solution: on premise or PAM in the cloud. Even small businesses are recognizing … [Read more...]

You break it, you buy it: Fear of unknown dependencies hinders service account governance

Thousands of services run on a typical corporate network. They include multiple services which are core to network security, network services, and IT automation, such as Windows services, scheduled tasks, batch jobs, application pools within IIS, and more. To connect automatically across a network to databases, file systems, and network services, these services rely on privileged service … [Read more...]

Protect Your Privileged Credentials with WebAuthn

85% of organizations fail to achieve basic PAM capabilities according to Thycotic’s 2019 State of Privileged Access Management (PAM) Maturity Report.  This is due in large part to poor security hygiene. It’s essential that organizations deploy proper security precautions to ensure privileged user accounts are not vulnerable or even already compromised. Organizations still struggle with … [Read more...]

World Password Day 2019: The 6 Worst Password Fails

We’ve covered a lot of password security tips and ways to secure your credentials on The Lockdown. This year, on World Password Day, we thought we’d do things a bit differently and share some of the worst password fails this past year.  While these organizations and individuals may not appreciate the extra attention, these password fails all drive awareness and serve as a reminder to improve your … [Read more...]

How to Remove Admin Rights Without Reducing Productivity

This is a guide to the risks associated with admin rights and over-privileged users, and how to remove admin rights in order to reduce those risks.  There are many options for removing administrator rights, however you must always consider business operation—removing admin rights should never jeopardize productivity.  Why do organizations use admin rights in the first place, and why remove … [Read more...]