Blog

Blog

A Day in the Life of a Pen Tester

When someone says “pen test,” you’re not alone if you pictured someone clicking a ball point pen top, drawing scribbles to see if any ink comes out. But if you keep listening, it actually seems like pen testers are paid to hack into computers all day long. So what do they actually do? We went behind the scenes, taking a closer look at the day in the life of a pen tester.
Blog

What is Privileged Account Management?

Day after day, we see the evidence of an increased number of breaches. As a Privileged Account Management (PAM) provider, we are also seeing a similar increase in requests for proposals on our Core Privileged Access Manager (BoKS) solution. What is most interesting is that a large number of security professionals who contact us indicate that they are not not even sure what privileged accounts are...
Blog

With Public Cloud OS Instances Growing, Security Challenges Grow, Too

“Some cloud vendors tout that systems deployed within their framework require little or no administration: You create an image with the software and applications that you want it to provide services for, spin it up in a management console, and Voila! you have an entirely new system online; with minimal cost, no hassle, little work. However, even with newer models for virtualization appearing on...
Blog

Getting Inside the Mind of an Attacker Part 4: Additional Internal Attack Techniques

Authored by: Julio Sanchez In part 3 of this series, we examined a penetration testing engagement that the Core Security Services team performed, simulating an insider attacker with low-level credentials escalating their privileges with Kerberos tickets and pass-the-hash attacks. In this final scenario, we’ll explore another insider attack engagement, demonstrating how different techniques can be...
Blog

‘You Can’t Boil the Ocean’: How a Phased Approach Can Help Your IGA Program Succeed

Implementing an Identity Governance and Administration (IGA) solution can be a daunting task. Organizations of all sizes recognize the complexity of mitigating identity-related access risks across countless devices, applications, and systems, but need a way to see through the competing priorities and to understand that IGA is not an all or nothing proposition. Rather than a destination, Identity...
Blog

Open Source vs. Enterprise: Why Not All Exploits are Created Equal

A common tactic of attackers trying to breach an environment is to use an exploit against a known vulnerability in an application or device present in a targeted infrastructure. Exploiting a vulnerability can provide an attacker with privileges or capabilities they would not normally be granted. In order to provide insight into what threat actors might be able to do, pen testers also use exploits....
Blog

Getting Inside the Mind of an Attacker Part 3: Internal Attacks on Active Directory

Authored by: Julio Sanchez In part 2 of this series, we examined a penetration testing engagement that the Core Security Services team performed, simulating an external attacker with no internal access finding entry using a password spray attack, eventually gaining control of Active Directory. Continuing our exploration of Active Directory attacks, we’ll share another scenario in order to further...
Blog

What You Don’t Know About Access Management Is Hurting You

The impact of COVID-19 has been far-reaching across nearly every sector. Millions of employees now work remotely, making companies particularly vulnerable when it comes to external access risks. Many organizations lack a centralized process to manage user access to accounts and resources. They often have limited visibility into access levels users possess to data and systems within their network....
Blog

Five Major Drivers of IGA and PAM for Financial Services Organizations Today

Financial services information security continues to be a top priority across the entire financial sector—and for good reason. The Verizon Data Breach Investigations Report found that financial profit or gain was the primary motivation in 71 percent of all information security incidents, making financial services organizations a prime target for attack. According to the Bitglass’ Financial Breach...
Blog

Three Ways Enterprise-Grade Identity Governance Now Works for Small and Mid-Sized Organizations

For small and mid-sized organizations, mitigating identity-related access risks may seem like a never-ending struggle they face on their own. Tasked with supporting countless systems, networks, and applications with access to key data, they frequently have limited staff and rely on manual user provisioning and deprovisioning. They may depend on decentralized processes for managing accounts...
Blog

Getting Inside the Mind of an Attacker Part 2: External Attacks on Active Directory

Authored by: Julio Sanchez In part 1 of this series, we explored what makes Active Directory so appealing to threat actors, and how attacks can severely harm an organization. For the remainder of the series, we’ll walk through several examples taken from penetration testing engagements the Core Security Services team has performed to explore ways attackers may target Active Directory, and discuss...
Blog

The Intersection of RPA and IGA: Why Automation and Identity Governance Go Hand-in-Hand

The rise of robotic process automation (RPA) during the last several years has enabled organizations to adopt new technologies that drive efficiencies across their business. RPA solutions leverage software robots that communicate with business systems and applications to streamline processes and reduce the burden on employees for completing mundane, repetitive tasks. Embracing new technologies...
Blog

3 Reasons Every Organization Should Leverage Third-Party Pen Testers

Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more. As cybersecurity breaches continue to plague organizations, compliance mandates are expanding, more organizations are attempting to deploy...
Blog

Perspectives on the Changing Linux Ecosystem

In the early 1990s the Open Software Foundation formed a committee to select and standardize a new Management Platform Toolset for and from the UNIX ecosystem. After much soul searching over a few months the OSF Management Platform never arrived. One of the committee, from the team that invented The Newcastle Connection (1980s *NIX history, go Google it) made a compelling presentation explaining...
Blog

6 Ways to Defend Yourself Against Password Attacks

Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in...
Blog

5 Things You Need to Know about Ransomware

Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike. Here are 6 things to know about ransomware: 1. Ransomware will be harder for you to detect Bad actors know that targeting businesses is harder due to the safeguards most...