HackDig : Dig high-quality web security articles for hackers

Privileged Passwords: Is Anyone Watching the Watchers?

Posted November 18, 2015   Nick CavalanciaSo you give someone privileged password access to all of Active Directory, or an Exchange server, or a SQL Server. Do you have any idea what they do when they log onto a server? Are they doing the job they’re supposed to, or are they focusing on something more malicious?A recent survey by the Informati
Publish At:2015-11-19 04:50 | Read:4130 | Comments:0 | Tags:Privileged Account Management enterprise password management

PowerBroker for Windows v7.0: Windows 10 Support, Better Policy Management, and Quarantine

Posted November 16, 2015   Jason SilvaWe are pleased to announce the availability of PowerBroker for Windows version 7.0, released today and building on patented least privilege management capabilities. This release is packed with enhancements meant to further simplify least privilege management and deployments. Read on to learn what’s new. Wi
Publish At:2015-11-16 22:40 | Read:4534 | Comments:0 | Tags:New Features Privileged Account Management PowerBroker for W

PowerBroker Password Safe 5.7: Improved Compliance & Usability

Posted November 12, 2015   Martin CannardBeyondTrust has released version 5.7 of PowerBroker Password Safe, our solution for automating privileged password and privileged session management. This new release features some exciting enhancements – especially around session management and password management, giving users unmatched levels of secu
Publish At:2015-11-13 04:35 | Read:3732 | Comments:0 | Tags:New Features Privileged Account Management PowerBroker Passw

Too Many Users with Access, Too Few Limits

Posted November 11, 2015   Nick CavalanciaHow many people in your IT organization have access to, say, the Administrator account’s password in Active Directory?  How about to service account passwords? Unix servers? Other kinds of privileged accounts?Now think about the individuals who have access to those various passwords. Even though they a
Publish At:2015-11-11 16:35 | Read:5675 | Comments:0 | Tags:Privileged Account Management enterprise password management

Controlling the Risks of Third-Party Access – Part 2

Posted November 9, 2015   Dave ShacklefordLast week, BeyondTrust Product Manager, Martin Cannard posted about third-party access. I’d like to expand on that topic a bit.In the last several years, we have seen several high-profile breaches that have included 3rd-party involvement. In late 2013, the retailer Target experienced a significant brea
Publish At:2015-11-10 04:35 | Read:5393 | Comments:0 | Tags:Privileged Account Management enterprise password management

Confusing Convenience with Security: SSH Keys

Posted November 4, 2015   Nick CavalanciaSecure Shell (SSH) keys are a common part of accessing Unix systems. If you’re at all concerned about your privileged passwords and are unaware of what’s going on in your Unix systems, you need to put some focus specifically on your organization’s use of SSH keys.SSH keys provide access Unix servers by
Publish At:2015-11-04 22:35 | Read:4483 | Comments:0 | Tags:Privileged Account Management enterprise password management

Controlling the Risks of Third-Party Access

Posted November 3, 2015   Martin CannardDo you know who is currently connected to your corporate network? I mean, everyone? If you are like most organizations, you can account for most, if not all, internal traffic and have VPN access locked down and secured with multi-factor authentication. And although you might feel reasonably comfortable y
Publish At:2015-11-04 04:35 | Read:3953 | Comments:0 | Tags:Privileged Account Management enterprise password management

Why Privileged Applications and Scripts Are a Ticking Time Bomb

Posted October 28, 2015   Nick CavalanciaIn my last blog, I discussed the need to discover every privileged password on your network. The process involves looking at all of the obvious places where elevated privileges may be needed – services, directories, daemons, firewalls, etc. Much, if not all, of that discovery is performed on commodity s
Publish At:2015-10-29 22:25 | Read:3770 | Comments:0 | Tags:Privileged Account Management enterprise password management

Apple Mac Computer Growth Isn’t Stopping, and Neither Are We

Posted October 27, 2015   Jason SilvaAs mentioned in a previous post, A Least Privilege Apple a Day…, the adoption of the Mac OS is steadily increasing at the enterprise level; by some reports, doubling in recent years. Fostered by an association between iOS and Mac OS, and greater acceptance of BYOD, this trend is here to stay. As IT departme
Publish At:2015-10-27 16:25 | Read:4869 | Comments:0 | Tags:Privileged Account Management mac least privilege management

Cloud Admins Are Still Admins

Posted October 26, 2015   Dave ShacklefordIn June of 2014, we saw one of the first hacks that actually put an organization out of business entirely. The company, Code Spaces, was a small software code hosting service that was housed entirely in Amazon Web Services. A malicious attacker compromised their account’s control panel, and numerous ex
Publish At:2015-10-26 22:25 | Read:4805 | Comments:0 | Tags:Privileged Account Management cloud privilege management clo

Talk Talk Data Breach by Third Party Access

Posted October 26, 2015   Brian ChappellTalk Talk (a UK telecoms company) has announced that it has been the victim of a sustained cyber-attack which has resulted in the potential exposure of 4 million customer records (and possibly many more with past customer data as well). Responsibility for this attack has been claimed by a Russian Jihadi
Publish At:2015-10-26 04:25 | Read:5906 | Comments:0 | Tags:Privileged Account Management Vulnerability Management cyber

You Can’t Manage Privileged Passwords Until You Know What You Have

Posted October 22, 2015   Nick CavalanciaI got the opportunity to watch Matt Damon’s movie The Martian the day before it opened (great true-to-form science fiction movie, by the way). After realizing he was stranded (don’t worry, there are no spoilers in this blog!), he realized he needed to manage his food supply to maximize his chance of sur
Publish At:2015-10-23 04:25 | Read:4574 | Comments:0 | Tags:Privileged Account Management enterprise password management

Reducing Cloud Risk through Secure Credential Storage and Management

Posted October 20, 2015   Martin CannardI often get asked about privilege account management for cloud-based environments, and for the most part, the questions generally center around host-based controls. For example:“How can we manage host accounts with administrative privilege?”or“What can we do to delegate access such that
Publish At:2015-10-20 22:25 | Read:3833 | Comments:0 | Tags:Privileged Account Management enterprise password management

CyberSecurity Then and Now

Posted October 19, 2015   Morey HaberSince October is National Cybersecurity Awareness Month I decided to share my thoughts on the evolution of our digital life and the aliases that the digital world have created for us, past and present. For some of you, you may be aware of a fictitious alias that haunts me (I will refer to it as Alias X.) Wh
Publish At:2015-10-20 04:25 | Read:4499 | Comments:0 | Tags:Privileged Account Management Vulnerability Management cyber

Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015   Morey HaberLate afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.Now unlike any oth
Publish At:2015-10-05 15:15 | Read:4041 | Comments:0 | Tags:Privileged Account Management scottrade data breach

Tools

Tag Cloud