How to Protect Against Insider Threats: 3 Tips from HBO’s Game of Thrones’ “LittleFinger”

“I did warn you not to trust me.” (Spoiler Alert: for those of you still binge watching Game of Thrones seasons 1-6) For Game of Throne fans, Lord Baelish’s (otherwise known as Littlefinger) fate was only somewhat surprising, inevitable and a gratifying finale for the nefarious character. A master of manipulation, Littlefinger’s enterprising ways led him to acquire both wealth and key intelligence on his political rivals — a classic example of a malicious insider. As his relevance in the storyline grew over the seasons, his underhanded and power grabbing methods gained momentum. Photo credit: 7strongest (cc by 2.0) So,…

Gartner Privileged Access Management Market Overview 2017

Gartner just published their 2017 Market Overview guide for PAM, and it is a great read! The drivers for PAM are similar to last year’s, with a new emphasis on the need for “a comprehensive cybersecurity defense strategy, specifically for critical infrastructure.” Here’s Gartner’s list of drivers, and we believe they are spot on in terms of what we are hearing from our customers and how we’ve delivered capabilities to help solve these issues: The risk of breaches and insider threats The need to prevent, isolate and limit malware attacks that leverage privileged accounts An increase of operational efficiency for…

How Do You Choose the Right IAM Solution? Here Are 4 Questions You Should Ask

Cloud based services dominate today’s world and over the past few years, delivering cloud based IAM solutions is no exception. The right solution can reduce risk, cut down costs and save time, but choosing the right IDaaS vendor requires careful consideration. Putting together some basic questions to ask while covering several key elements is a first step. So…where do we begin? Is It a True Hybrid Solution? Ask your prospective vendor if they truly provide a hybrid solution with control and access across on-premises and SaaS-based applications. Federation for SaaS apps is a great first step, but larger companies will…

How to Hack Passwords: How Long Would It Take Your Grandmother To Do It?

(Hint: You Won’t Believe the Answer) My last article “Do You Know How Easy It Is to Guess Your Password? (Hint: You Don’t Want to Read This!)”, was about how hackers can obtain massive databases of human generated passwords and run them through off-the-shelf tools on commodity hardware by using Graphics Card GPUs to gain speed and computing cost advantage. This article will delve into how easy it will be for your grandma to rig up a password cracking machine. First step for Grandma is to visit Amazon and pickup some hardware. Perhaps a nice BitCoin mining rig that can compute…

Always a Part of the Centrify Family: Summer 2017 Internship

An intern by definition is a student or trainee who works at a trade or occupation in order to gain work experience. But I’ve learned that an intern means so much more. They’re a glimpse of the future, a peak into the young, innovative and brilliant minds that will one day make a difference, run our companies, and change the world. What Did You Learn while Interning at Centrify?   Colin Parsons: I learned how the workplace functions with a larger company, how to build neural networks for computer vision, how to use AWS, and how to communicate my work…

Equifax Data Breach: Stock Drops More Than Five Percent

Equifax announced today that it was hit by a cyber security incident, potentially impacting 143 million consumers in the U.S. According to the company’s press release, “criminals exploited a U.S. website application vulnerability to gain access to certain files.” The “information accessed primarily includes names, Social Security numbers, birth dates, addresses… [and] credit card numbers.” After news of the breach broke, Equifax’s stock price dropped five percent. This is directly in line with a recent Centrify-commissioned Ponemon study, which found this to be the historic average on Day One. Moreover, Equifax’s stock price dropped 13-14 percent the day after its breach…

Best Practices for Multi-factor Authentication (MFA)

These days, it’s pretty clear that to protect systems and data, organizations need to go beyond traditional perimeter defenses. Because most modern cyber-criminals exploit user credentials to get a foot in the door, user identities have become the new perimeter. And leading organizations are turning to MFA to secure their complex, heterogeneous environments. MFA mitigates password risk by requiring additional factors of authentication: something the user knows, has and is. It’s not difficult to implement, but some up-front planning can further enhance security and save a lot of time and effort. MFA is one of the best ways to prevent…

NIS Directive Compliance: It’s Just as Important as the GDPR

IT security managers have had plenty on their plate this year co-ordinating compliance efforts in advance of the forthcoming EU General Data Protection Regulation (GDPR). But while the sweeping new privacy law has dominated the headlines for the past year or more, there’s another important piece of regulation on its way from Brussels, that will apply specifically to “operators of essential services” (OES). It’s known as the EU directive on the security of Networks and Information Systems (NIS). With the same huge fines of up to £17m or 4% of global annual turnover levied for non-compliance, it’s vital that you…

IAM Best Practices to Reduce Your Attack Surface

When I read the 2017 Verizon data breach report, I couldn’t help but notice that it would be relatively easy to reduce an attack surface by implementing a few best practices. Granted, that might mean you will need to spend some money, but considering that a breach could cost you $15 Million or more, according to Ponemon, and considering that 81% of breaches involve a weak or stolen password, wouldn’t it make sense spending your money where it has the most impact? Organizations need to reduce their attack surface! Now before I share tips provided by Verizon and Centrify on how you…