Part Four: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 24, 2016 9:51:43 AM

James Series 4.pngAs part of an ongoing series on using privileged account management solutions to meet DFARS requirements, CyberSheath’s security consultants have explored technical controls in great detail, providing readers with real world applications that make a meaningful impact. This week CyberSheath continues to explore NIST control 800-171, “separate the duties of individuals to reduce the risk of malevolent activity without collusion”.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part Three: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Oct 12, 2016 1:16:32 PM

James_Series_3.jpg

CyberSheath’s security consultants and implementation engineers have previously written about utilizing privileged account management solutions to meet DFARS requirements, and this week James Creamer continues to explore DFARS control requirements in detail.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part Two: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Sep 26, 2016 10:23:49 AM

James_Series_-_2.jpg

Last week CyberSheath began a new series, “In-Depth Look at PAM Controls for DFARS Requirements”, dedicated to providing a detailed analysis on how privileged account management solutions play an important role for organizations in meeting DFARS requirements.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Part One: In-Depth Look at PAM Controls for DFARS Requirements

Posted by James Creamer on Sep 12, 2016 11:51:14 AM

James_Series_Part_1.jpg

In previous blogs, CyberSheath security analysts have identified new cyber security requirements from the recent changes to DFARS and have provided solution overviews for meeting those requirements and regulations. The series “In-Depth Look at PAM Controls for DFARS Requirements” will expand on previously mentioned regulations and provide a more granular look at how privileged account management solutions can play an important role in meeting DFARS requirements.

Read More

Topics: CyberArk, Security Assessment, DFARS, PAM

Kaspersky Report: Malicious Insiders Uncommon, But Devastating

Posted by James Creamer on Aug 25, 2016 11:01:47 AM

Ransomware_Blog_Post.jpg

Security researchers at Kaspersky Labs released their Threat Intelligence Report for the Telecommunications Industry Monday, revealing the top attack vectors against Internet Service Providers (ISPs) and Cellular Service Providers (CSPs). The report found that attackers commonly target employees with blackmail. Surprisingly enough, the report found that there are a number of employees that help voluntarily too. Threat actors have been identifying employees from a combination of publically available and data breach information, while dark web forums are full of employees offering their services in exchange for payment and often aide in the blackmailing process. Hacker-recruiters leverage the employee’s access to exfiltrate sensitive information.

Read More

Topics: PAM

SSH Keys: How to Protect the Neglected with Privileged Identity Management

Posted by James Creamer on Jul 18, 2016 9:39:12 AM

Trending_News_Blog_Post.jpg

Organizations continue to expand their application infrastructure at an alarming rate, whether it be in the cloud or on-site. Studies vary, but an estimated 48% to 65% of servers worldwide are run on some flavor of UNIX. The latest report from the Linux Foundation found that Linux is winning the battle in the cloud with an estimated 79% of cloud deployments running the operating system. Many of these UNIX devices are using SSH keys for authentication instead of passwords for the sake of convenience.

Read More

Topics: CyberArk, PAM

2016 Verizon Data Breach Report: Privileged Passwords are High-Valued Targets

Posted by James Creamer on Jul 8, 2016 10:22:33 AM

Ross_Blog_Post.jpg

A few short months ago in April, Verizon released their annual publication of the Data Breach Investigations Report, and after reviewing the report, we would recommend that you pack up the rod and reel, and throw your waders on, because the theme of this year’s report is ‘gone phishing for credentials.’

Read More

Topics: Phishing, PAM

Global Impact of the EU’s General Data Protection Regulation

Posted by Dmitry Kishinevsky on Jun 28, 2016 10:01:31 AM

Policies_Improve_Security_Blog_Post.jpg

On April 27th, the European Commission signed into law the General Data Protection Regulation (GDPR – Regulation 2016/679 and 2016/680) that will serve to unify 28 (now 27 with the Brexit, perhaps) different privacy laws into one unified regulation applicable to all. The regulations, which are set to go into effect in May of 2018, will require widespread standardization and unification of data privacy requirements across EU member states.

Read More

Topics: PAM

PAM Solution and PCI Data Security Standard (DSS) 3.2

Posted by Yanni Shainsky on Jun 17, 2016 11:40:59 AM

PAMDFARSReq_Blog_Post.jpg

If you’re reading this blog, chances are, it’s your responsibility to understand and enforce your organization’s compliance with the latest PCI Data Security Standards. With the release of PCI DSS version 3.2, the PCI Security Standards Council General Manager Stephen Orfei explained that “PCI DSS 3.2 advocates that organizations focus on people, process and policy, with technology playing an important role in reducing the overall cardholder data footprint.” Privileged accounts and their management is the central point of where people, process, policy, technology and security converge. It is no surprise then that the PCI DSS 3.2 standards spend much of their time stressing the importance of protecting privileged accounts.

Read More

Topics: CyberArk, PAM

SEC Chair Issues Wake-up Call to Finance Industry, Cybersecurity is the Biggest Risk

Posted by James Creamer on Jun 3, 2016 3:01:06 PM

 Marks_Budget_Blog_Post.jpg

Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters.  Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.”  White further stated "we can't do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.

 

Read More

Topics: PAM