Cyber Security Awareness and Vulnerabilities Blog
Image

Image

Getting Inside the Mind of an Attacker Part 4: Additional Internal Attack Techniques
Nov 20, 2020
Authored by: Julio Sanchez
Image

‘You Can’t Boil the Ocean’: How a Phased Approach Can Help Your IGA Program Succeed
Nov 18, 2020
Implementing an Identity Governance and Administration (IGA) solution can be a daunting task. Organizations of all sizes recognize the complexity of mitigating identity-related access risks across countless devices, applications, and systems, but need a way to see through the competing priorities and to understand that IGA is not an all or nothing proposition. Rather than a destination, Identity Governance and Administration should be viewed as a journey.
Image

Open Source vs. Enterprise: Why Not All Exploits are Created Equal
Nov 11, 2020
A common tactic of attackers trying to breach an environment is to use an exploit against a known vulnerability in an application or device present in a targeted infrastructure. Exploiting a vulnerability can provide an attacker with privileges or capabilities they would not normally be granted.
Image

Getting Inside the Mind of an Attacker Part 3: Internal Attacks on Active Directory
Oct 22, 2020
Authored by: Julio Sanchez
Image

What You Don’t Know About Access Management Is Hurting You
Oct 20, 2020
The impact of COVID-19 has been far-reaching across nearly every sector. Millions of employees now work remotely, making companies particularly vulnerable when it comes to external access risks. Many organizations lack a centralized process to manage user access to accounts and resources. They often have limited visibility into access levels users possess to data and systems within their network. And they may be quickly adding or changing access levels to meet the needs of their remote workforce.
Image

Five Major Drivers of IGA and PAM for Financial Services Organizations Today
Sep 25, 2020
Financial services information security continues to be a top priority across the entire financial sector—and for good reason. The Verizon Data Breach Investigations Report found that financial profit or gain was the primary motivation in 71 percent of all information security incidents, making financial services organizations a prime target for attack.
Image

Three Ways Enterprise-Grade Identity Governance Now Works for Small and Mid-Sized Organizations
Sep 23, 2020
For small and mid-sized organizations, mitigating identity-related access risks may seem like a never-ending struggle they face on their own. Tasked with supporting countless systems, networks, and applications with access to key data, they frequently have limited staff and rely on manual user provisioning and deprovisioning. They may depend on decentralized processes for managing accounts—limiting their visibility into access levels and magnifying access risks across the business.
Image

Getting Inside the Mind of an Attacker Part 2: External Attacks on Active Directory
Sep 22, 2020
Authored by: Julio Sanchez
Image

The Intersection of RPA and IGA: Why Automation and Identity Governance Go Hand-in-Hand
Sep 16, 2020
The rise of robotic process automation (RPA) during the last several years has enabled organizations to adopt new technologies that drive efficiencies across their business. RPA solutions leverage software robots that communicate with business systems and applications to streamline processes and reduce the burden on employees for completing mundane, repetitive tasks. Embracing new technologies like RPA has helped organizations transform the way work gets done.
Image

3 Reasons Every Organization Should Leverage Third-Party Pen Testers
Sep 11, 2020
Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more.
Image

6 Ways to Defend Yourself Against Password Attacks
Sep 9, 2020
Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in multiple places simply because they’re easier to remember.
Image

How Mature is Your Vulnerability Management Program?
Sep 2, 2020
Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the database first came into existence.
Image

IGA and the Cloud: What You Need to Know
Aug 28, 2020
With the rise of cloud computing, organizations have expanded their reliance upon cloud platforms. Many have expanded their capabilities and capacity through cloud servers, while others have adopted a hybrid approach that includes both cloud and on-premise environments.
Image

5 Most Notable New Features in Core Impact 20.1
Aug 12, 2020
We are so excited about our latest release of Core Impact. Version 20.1 was fueled largely by the valuable and genuine feedback our customers have shared with us. This release was jam packed with new features, including several new additions that offer added convenience and increased usability.
To recap, we thought it would be helpful to highlight the top 5:
Image

Getting Inside the Mind of an Attacker: Why Active Directories Are Popular Targets
Aug 10, 2020
Authored by: Julio Sanchez
Image

How to Select the Right Third-Party Pen Testing Service
Jul 28, 2020
As both cybersecurity breaches and compliance mandates increase, third-party pen testing services are no longer seen as optional. These teams specialize in ethical hacking that gives organizations insight into possible security weaknesses and attack vectors in their IT environment. Being in such high demand, more and more testing services are emerging, presenting businesses with a new challenge of selecting which service to use. How do you know which one is right for you?
Image

What’s the Difference Between IAM, IGA, and PAM?
Jul 24, 2020
The identity security landscape has transformed considerably within the last two decades. And for good reason. Mitigating identity-related access risks has become essential as companies face threats every day, from virtually everywhere.
Image

Healthcare Identity Governance in the Era of COVID-19: Five Critical Issues Your Organization Can’t Afford to Overlook
Jul 15, 2020
The impact of COVID-19 has been far-reaching across nearly every sector. But none has been so greatly disrupted as the healthcare industry. Managing through this crisis has required healthcare systems to expand some aspects of their workforce and redeploy others virtually overnight in order to transform the way they offer services to patients.
Image

The Truth About Pen Testing Automation
Jul 13, 2020
With cybersecurity attacks perpetually on the rise, security teams are under more pressure than ever. While pen testing can help these teams by finding vulnerabilities before adversaries can, even pen testing comes with its challenges. A skills shortage, new and expanding regulations requiring testing, and other critical daily security duties increasingly leave cybersecurity professionals stretched thin.
Image

Three Things You Need in a Penetration Testing Tool
Jun 29, 2020
There are no blogs that meet your search criteria.
Image

The Importance of Penetration Testing for a Remote Workforce
Jun 22, 2020
As we continue to adapt in these unprecedented times, many workplaces have remained fully remote. In fact, some organizations have seen enough benefits from remote work that they are planning a permanent shift away from a traditional office environment, instead having their workforce either partially or fully remote. Whether temporary or permanent, remote work has been a large adjustment for everyone, though perhaps even more so for each organization’s security teams.
Image

Penetration Testing for Regulatory Compliance
Jun 10, 2020
While the shift from paper copies to digital storage has enabled organizations to increase efficiency in countless ways, bad actors have also launched countless attacks to steal private information. In order to protect this valuable data, many industries now have cybersecurity regulations. HIPAA has been expanded for healthcare and NERC applies to the utilities and energy sector, and higher education institutions must adhere to HEOA, to name a few.
Image

How to Leverage a Comprehensive Privileged Access Management Security Approach
Jun 2, 2020
Effectively managing privileged access has become a top priority for many organizations seeking to protect their data and systems from unauthorized users. That’s because inappropriate access can expose valuable organizational data, compromise sensitive information, and adversely affect system reliability. The latest Verizon Data Breach Investigations Report found that the majority of data breaches leverage privileged accounts directly.
Image

3 Reasons Why Your Remote Workforce Is Vulnerable
Jun 1, 2020
In the wake of COVID-19, threat actors are taking full advantage of the industry scramble to work-from-home, and the security weaknesses that presents.