James Creamer

Recent Posts

Part Four: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 24, 2016 9:51:43 AM

James Series 4.pngAs part of an ongoing series on using privileged account management solutions to meet DFARS requirements, CyberSheath’s security consultants have explored technical controls in great detail, providing readers with real world applications that make a meaningful impact. This week CyberSheath continues to explore NIST control 800-171, “separate the duties of individuals to reduce the risk of malevolent activity without collusion”.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part Three: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 12, 2016 1:16:32 PM

James_Series_3.jpg

CyberSheath’s security consultants and implementation engineers have previously written about utilizing privileged account management solutions to meet DFARS requirements, and this week James Creamer continues to explore DFARS control requirements in detail.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part Two: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Sep 26, 2016 10:23:49 AM

James_Series_-_2.jpg

Last week CyberSheath began a new series, “In-Depth Look at PAM Controls for DFARS Requirements”, dedicated to providing a detailed analysis on how privileged account management solutions play an important role for organizations in meeting DFARS requirements.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part One: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Sep 12, 2016 11:51:14 AM

James_Series_Part_1.jpg

In previous blogs, CyberSheath security analysts have identified new cyber security requirements from the recent changes to DFARS and have provided solution overviews for meeting those requirements and regulations. The series “In-Depth Look at PAM Controls for DFARS Requirements” will expand on previously mentioned regulations and provide a more granular look at how privileged account management solutions can play an important role in meeting DFARS requirements.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Kaspersky Report: Malicious Insiders Uncommon, But Devastating

Posted by James Creamer on Aug 25, 2016 11:01:47 AM

Ransomware_Blog_Post.jpg

Security researchers at Kaspersky Labs released their Threat Intelligence Report for the Telecommunications Industry Monday, revealing the top attack vectors against Internet Service Providers (ISPs) and Cellular Service Providers (CSPs). The report found that attackers commonly target employees with blackmail. Surprisingly enough, the report found that there are a number of employees that help voluntarily too. Threat actors have been identifying employees from a combination of publically available and data breach information, while dark web forums are full of employees offering their services in exchange for payment and often aide in the blackmailing process. Hacker-recruiters leverage the employee’s access to exfiltrate sensitive information.

Read More

Topics: PAM

Sandboxing: In the Ring with Ransomware

Posted by James Creamer on Aug 18, 2016 3:02:20 PM

iStock_12386748_LARGE.jpg

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S, and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

Read More

Topics: ransomware

SSH Keys: How to Protect the Neglected with Privileged Identity Management

Posted by James Creamer on Jul 18, 2016 9:39:12 AM

Trending_News_Blog_Post.jpg

Organizations continue to expand their application infrastructure at an alarming rate, whether it be in the cloud or on-site. Studies vary, but an estimated 48% to 65% of servers worldwide are run on some flavor of UNIX. The latest report from the Linux Foundation found that Linux is winning the battle in the cloud with an estimated 79% of cloud deployments running the operating system. Many of these UNIX devices are using SSH keys for authentication instead of passwords for the sake of convenience.

Read More

Topics: CyberArk, PAM

2016 Verizon Data Breach Report: Privileged Passwords are High-Valued Targets

Posted by James Creamer on Jul 8, 2016 10:22:33 AM

Ross_Blog_Post.jpg

A few short months ago in April, Verizon released their annual publication of the Data Breach Investigations Report, and after reviewing the report, we would recommend that you pack up the rod and reel, and throw your waders on, because the theme of this year’s report is ‘gone phishing for credentials.’

Read More

Topics: Phishing, PAM

FedRAMP Releases Long Awaited High-Security Baseline, Privileged Identity Management Expected to Spike for Cloud

Posted by James Creamer on Jun 24, 2016 2:07:52 PM

Trending_News_Blog_Post.jpg

Earlier this week, the Federal Risk and Authorization Management Program (FedRAMP), released the high security baseline for cloud services. The release date for the baseline has slipped multiple times over the last few months, due to what sources have said is the result of the Department of Homeland Security’s review process as they made final changes to control features.

Read More

SEC Chair Issues Wake-up Call to Finance Industry, Cybersecurity is the Biggest Risk

Posted by James Creamer on Jun 3, 2016 3:01:06 PM

 Marks_Budget_Blog_Post.jpg

Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters.  Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.”  White further stated "we can't do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.

 

Read More

Topics: PAM