What are CDM and CRED?

The Continuous Diagnostics and Mitigation (CDM) Task Order for CREDMGMT provides guidance and tools to federal civilian agencies to fulfill the Manage Credentials and Authentication (CRED) Function. This functional area is designed to prevent the binding of credentials the use of credentials by anyone other than the rightful owner (person or service). The approved tools provide careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The CRED capability ensures that account credentials are assigned to, and used by, authorized people or services. This solution relies on the results of the…

Undue Privilege Costs Cash and Undercuts Security

Few managers would throw their employee the keys to a big rig with two loaded trailers to pick up a pint of milk from a nearby convenience store. Apart from the problem of parking, the vehicle is massively over-specced for the job at hand, which creates unnecessary safety risks, both to the driver and to other road users. However, this is essentially what occurs each day in businesses around the world as employees are given access to privileged computer accounts that massively exceed the needs of their jobs. The result is often devastating in terms of corporate security with many…

Announcing Centrify’s New Analytics Service

After about two years of incredible hard work from the Centrify team, I am excited to announce the Centrify Analytics Service! Our goal for Centrify Analytics Service is to extend the Centrify Identity Services Platform to provide risk-based access management across apps and infrastructure. We all by now agree that IT and security teams in any enterprise are challenged with the risk of being breached in an enterprise that spans across cloud, mobile and data center. Traditional perimeter-based security is not good enough anymore, and the industry supports this claim: PwC in Information Security Breaches Survey 2016 titled, “A matter of when,…

How to Keep Active Directory Active in a Hybrid IT World

For enterprise IT, “hybrid” is the word of the year. You’re either operating a hybrid infrastructure model already or you’re teetering on the edge. It’s getting easier now that AWS, Microsoft, Google et al are improving their services in support of such a model. At the Amazon AWS re:invent show in November, every other sentence contained the word “hybrid.” This was in stark contrast to last year where Amazon still firmly believed a total migration was the only logical choice. Some of our customers are very aggressive with plans to dissolve all their data centers and migrate everything to IaaS. The…

The Great Gig in the Sky: Secure Hybrid Cloud

Every day I hear from companies concerned and frustrated over a specific challenge — how to stand up workloads in the cloud while maintaining privileged access security (PAS). Infrastructure-as-a-Service (IaaS) has become the great equalizer. It doesn’t matter whether you’re large or small, in finance, healthcare or government — we all share the same worries when it comes to securing access to, and in, the cloud. I was pondering this the other day while sipping a short, dry cappuccino and listening to Pink Floyd’s Dark Side of the Moon. I had an epiphany. Thanks to Roger Waters & Co, I walked away with…

How Much Does It Cost to Protect an Organization from Cybercrime?

$15 million per year is the mean annualized cost if you don’t protect yourself, based on 58 benchmarked organizations according to a study by Ponemon Institute in 2015. 2014’s mean cost per benchmarked organization was $12.7 million. Thus, we observe a $2.7 million (19 percent) increase in mean value. The net increase over six years in the cost of cyber crime is 82 percent. Figure one shows an average annualized cost per sector (1 Million omitted) The same study concluded that the cost breakdown for: Internal activities is 31% for detection, 24% for recovery, 15% for investigation, 13% for containment, 9%…

Changing the Game: Simplified Authentication to IaaS

I am pleased to introduce the Identity Broker capability of the Centrify Privilege Service. Identity Broker for Linux enables a new paradigm in user authentication to Linux systems, which seamlessly integrates your choice of directory service, including Active Directory, LDAP directories or cloud directories such as Google G Suite Directory. This is a significant advancement in Centrify’s identity consolidation capabilities and delivers freedom of choice when deciding where to store your identities. For 12+ years, Centrify has focused on delivering some of the best possible integration of Linux servers into Active Directory. Our customers are successfully securing identity, authentication and privilege across…

National Cybersecurity Awareness Month: Building Resilience in Critical Infrastructure

Your corporate network is like a pandora’s box with a lot of goodies on the inside… stuff that any self-respecting hacker (um, business person) would be happy to exploit and monetize. So the question is, what options do you have to stop or thwart progress as that attacker tries to gain access, sneak around and slowly but surely gain ground on your crown jewels? On the theme of “resilience” and focusing on privileged access security, what are some of the ways your infrastructure can be more flexible, adaptable and resistant to attacks? Redefining “Attack Surface” I like to think of this…

Multi-factor Authentication Solutions: Only as Strong as the Weakest Link

I’m going to stray slightly from the teaching aspect of my blogs to some recent revelations in the technology industry, specifically regarding multi-factor authentication (MFA). Unfortunately, this technology has become necessary for the everyday person, not just for businesses. I say “unfortunately” because it usually creates extra hurdles for end users that they would rather not deal with every time they want to check their email or Twitter account.   First, I’m going to give you a small sampling of what problems we face, how we address it and then share the scary part that even extremely experienced folks may not realize. The World…

Snowden: A “Trust but Verify” Story Gone Wrong

Snowden Movie Night Oliver Stone has brought “Snowden” to the big screen. Blimey. I’d finally stopped culling my social networks to the bone, put Mr. Robot hoodies in a box in the garage and stopped checking behind the shower curtain before getting in. Oh well. With hindsight and better insight, let’s reflect on some steps the government could take to mitigate this kind of situation happening again. In this blog, though, for a change, I’m going to start with the human angle instead of diving headlong into the technology. I want to highlight first the “people” in “people, process and…