Category: News

Why Ongoing Management and Analytics Should Be Part of Your PAM Strategy

Privileged access management (PAM) has become an essential part of effective cybersecurity. In its first Magic Quadrant for Privileged Access Management, published on Dec. 3, 2018, Gartner made the necessity for PAM clear: “Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.” PAM solutions such as CyberArk’s Core Privileged Access Security...

Four Best Practices for Effective Privileged Access Management

Compromised credentials play a role in the vast majority of security breaches. Attackers can’t easily get around modern security mechanisms, so they take the easy way out and steal credentials to get into the network. Ideally, an attacker wants to get privileged credentials, either directly or by moving laterally through the network after gaining low-level access. Privileged credentials allow...

Phishing Attacks Are on the Rise. Another Good Reason to Restrict Local Admin Rights.

Phishing attacks continue to be a preferred method of hackers, according to the fifth annual State of the Phish Report. Of the nearly 15,000 cybersecurity professionals surveyed for the report, 83 percent said their organizations experienced phishing attacks in 2018, up from 76 percent in 2017. Traditionally, hackers have used phishing attacks to distribute ransomware and other malware. In...

How to Choose the Right Privileged Access Management Solution

Researchers who study large-scale data breaches have concluded that nearly all successful attacks involve privileged account compromise. In the 2017 Yahoo! breach, attackers began by stealing a user’s credentials, then harvested privileged credentials from the local PC in order to gain access to higher-level assets. The 2015 attacks on the U.S. Office of Personnel Management (OPM) followed a similar...

Seven Types of Privileged Accounts That Require Strong Security

In our last post, we explained the difference between privileged identity management (PIM) and privileged access management (PAM). PIM involves the identification of administrative accounts, which already exist on systems, and the association of individual users with those accounts. PAM secures privileged credentials and ensures they are used in accordance with established policy. We also defined the term “privileged,”...

Five Tips for Protecting Privileged Access in DevOps and Cloud Environments

Rapid software development processes, IT automation, and the cloud enable organizations to respond more quickly to changing business demands. Increased agility brings greater risk, however. There are more opportunities for attackers to obtain privileged credentials that give them access to sensitive systems and data. Continuous integration and continuous delivery (CI/CD) processes require that DevOps teams have privileged access to...

Shifting Network Priorities Call for Zero Trust Security

“Trust no one.” That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security Faced with relentless cyber threats and expanding attack vectors, network security pros have begun to embrace a “zero trust” model as an...

Overcoming “Segregation of Duties” Challenges in 2019 and Beyond

As growing numbers of users need access to more on-premises and cloud resources, identity and access management (IAM) has become increasingly challenging. It’s virtually impossible to keep up with access requests using manual processes, so errors are bound to creep in. This can lead to orphaned accounts that remain active after the user changes roles or leaves the organization,...

The Essential Role of Automation in Cybersecurity

IT teams are overstretched. Business units need new applications and services spun up faster than ever before. At the same time, IT must maintain an ever-larger and increasingly complex environment and ensure robust security. New threats and vulnerabilities emerge every day, and security alerts never seem to let up. That’s why automation has become an essential part of any...

Many Federal Agencies Are Struggling to Meet ICAM Requirements

In 2009, the federal government began development of the Identity, Credential, and Access Management (ICAM) architecture to address security weaknesses across agencies in the areas of user identification and authentication. Established by the Office of Management and Budget (OMB), the federal ICAM program provides guidance on IT policies, systems, and standards that help agencies monitor, manage, and secure access...