Tag: PAM

Why Ongoing Management and Analytics Should Be Part of Your PAM Strategy

Privileged access management (PAM) has become an essential part of effective cybersecurity. In its first Magic Quadrant for Privileged Access Management, published on Dec. 3, 2018, Gartner made the necessity for PAM clear: “Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.” PAM solutions such as CyberArk’s Core Privileged Access Security...

Four Best Practices for Effective Privileged Access Management

Compromised credentials play a role in the vast majority of security breaches. Attackers can’t easily get around modern security mechanisms, so they take the easy way out and steal credentials to get into the network. Ideally, an attacker wants to get privileged credentials, either directly or by moving laterally through the network after gaining low-level access. Privileged credentials allow...

Phishing Attacks Are on the Rise. Another Good Reason to Restrict Local Admin Rights.

Phishing attacks continue to be a preferred method of hackers, according to the fifth annual State of the Phish Report. Of the nearly 15,000 cybersecurity professionals surveyed for the report, 83 percent said their organizations experienced phishing attacks in 2018, up from 76 percent in 2017. Traditionally, hackers have used phishing attacks to distribute ransomware and other malware. In...

How to Choose the Right Privileged Access Management Solution

Researchers who study large-scale data breaches have concluded that nearly all successful attacks involve privileged account compromise. In the 2017 Yahoo! breach, attackers began by stealing a user’s credentials, then harvested privileged credentials from the local PC in order to gain access to higher-level assets. The 2015 attacks on the U.S. Office of Personnel Management (OPM) followed a similar...

Five Tips for Protecting Privileged Access in DevOps and Cloud Environments

Rapid software development processes, IT automation, and the cloud enable organizations to respond more quickly to changing business demands. Increased agility brings greater risk, however. There are more opportunities for attackers to obtain privileged credentials that give them access to sensitive systems and data. Continuous integration and continuous delivery (CI/CD) processes require that DevOps teams have privileged access to...

Shifting Network Priorities Call for Zero Trust Security

“Trust no one.” That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security Faced with relentless cyber threats and expanding attack vectors, network security pros have begun to embrace a “zero trust” model as an...

CyberArk Privileged Session Manager: The Modern “Jump Server”

In our last post, we discussed how multifactor authentication (MFA) can help secure privileged accounts. Adding a second factor of authentication, such as a physical ID card or fingerprint, can prevent hackers from using a stolen username and password to gain access to a privileged account. That’s why security experts recommend MFA and many government and industry regulations require...

New Study Highlights Security Risks of Digital Transformation

Organizations are rethinking their operational models, finding new solutions to problems, and enhancing the customer experience by integrating technology into everything they do. That’s the essence of digital transformation (DX). Rather than simply building on what you have with new technology, DX is intended to drive innovation and reinvent internal processes and the external markets you serve. The problem...

PIM vs. PAM: What’s the Difference and Does It Matter?

Any organization seeking to improve the security of its privileged accounts will soon run into a pair of acronyms: PIM (privileged identity management) and PAM (privileged access management). The two terms are closely related and often used interchangeably, but there are distinct differences. Let’s start by defining what “privileged” means. A privileged account allows a user to take administrator-level...

Research Digs into Privileged Access Management Capabilities and Challenges

Traditionally, workers relied on IT teams to provide privileged access to the resources needed to perform tasks. Today, workers demand unprecedented rights to perform tasks on servers, applications, data, and other IT resources. While privileged access can increase user freedom and productivity and reduce administrative efforts and costs, security requirements are rarely a consideration. The key is to determine...