Posts by Torsten George

Centrify Perspective

Minimizing Exposure to Ransomware Attacks with Centrify Zero Trust Privilege

By , June 19, 2019

Ransomware attacks like the ones that wreaked havoc in Baltimore, Maryland, Albany, New York, and Genesee County, Michigan are dominating the headlines in 2019. Holding someone or something for ransom is a simple yet effective strategy that has been used by criminals for many years. Today, cyber criminals are applying these ancient techniques to modern technologies. This raises issues such as what organizations need to know regarding ransomware attacks and what they can do to minimize the risk of being victimized. Ransomware, which encrypts a victim’s data and demands a ransom to unlock it, can have a major impact on…

Centrify Perspective

NASCIO CIO Top Priorities in a Zero Trust World

By , May 1, 2019

Many state CIOs are struggling to manage the onslaught of priorities that are captured in the NASCIO Top 10 Policy and Technology Priorities for 2019, ranging from enabling cloud services to the digital government to IT governance. While their mission mandates tackling these priorities, they cannot solely focus on their implementation, but must also bolster cyber security and abide by stringent compliance mandates (e.g., FISMA, HIPAA, NIST SP 800-Series). This is a tall order to deal with. To add to this challenge, the attack surface of state governments has changed dramatically. Today state agencies must not only control access to…

Centrify Perspective

The State of Cyber Security in Healthcare

By , January 8, 2019

The privacy and security concerns associated with digital patient records make the healthcare industry one of the most regulated industries in the United States. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act create a much higher standard of scrutiny than other verticals with regards to privacy and disclosure requirements. However, being compliant doesn’t mean you’re secure. Traditionally, healthcare providers’ mission is to save lives. As a result, IT security departments are typically not a top priority when it comes to budget dollars and are often…

Centrify Perspective

The Base of Cyber-Attacks: Credential Harvesting

By , November 8, 2018

Cyber attackers long ago figured out that the easiest way to gain access to sensitive data is by compromising an end user’s identity and credentials. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default, or weak credentials. Often these credentials belong to privileged users, providing cyber adversaries the “keys to the kingdom” and providing them a perfect camouflage for their data exfiltration efforts. Betting on the human factor and attacking the weakest link in the cyber defense chain, credential harvesting has become the base of most cyber-attacks. Recent reports of a newly-detected Smoke…

Hot Topics

Zero Trust Security and DevOps Take the Crown at AWS Public Sector Summit 2018

By , June 25, 2018

Last week, Amazon Web Services hosted its AWS Public Sector Summit in Washington, DC. In its 9th year, the event attracted thousands of global leaders and IT security practitioners from government, education, and non-profit organizations to learn how to start their path to the cloud or how to maintain momentum once they’ve begun the transformation. BULLISH OUTLOOK FOR CLOUD ADOPTION IN GOVERNMENT The meeting rooms and exhibit hall were humming and regularly required the organizer to cordon off access to the different floors due to reaching the facility’s capacity. The dramatic increase in attendees compared to prior years illustrates the…

Centrify Perspective

Centrify and SailPoint Join Forces to Apply Zero Trust Security Best Practices to Identity Governance

By , May 14, 2018

Today, Centrify is proud to announce the integration of the Centrify Privileged Access Service with SailPoint® Technologies IdentityIQ™ solution. This integration provides joint customers with a single pane of glass for a privileged user’s entitlements and enables issuing access requests for accounts, systems, and existing roles that are controlled by the Centrify Privileged Access Service. This allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture. Figure: Centrify Privileged Access Service integration with SailPoint IdentityIQ BRINGING ZERO TRUST SECURITY TO IDENTITY GOVERNANCE One of the essential…

Centrify Perspective

How to Operationalize the Zero Trust Security Pillar ‘Limit Access & Privilege’ with ServiceNow

By , May 8, 2018

An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” As a result, it’s not surprising that, according to Forrester, 80 percent of breaches involve privileged credential misuse. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. Zero Trust Best Practice: Limit Access & Privilege To limit their exposure…

Centrify Perspective

Why the Path Towards Zero Trust Starts with Next-Gen Access

By , April 5, 2018

Zero Trust Security has gained a lot of popularity over the last six months. Almost daily you can read articles about this security strategy (e.g., TechRepublic, CSO, Security Current). Both analysts (e.g., Forrester) and security professionals acknowledge the benefits it offers in the context of establishing effective ways to minimize the risk of falling victim to a cyber-attack. The reason why so many embrace Zero Trust Security is most likely anchored around its simplicity ― with today’s porous network perimeter, untrusted actors already exist both inside and outside the network. However, when it comes to developing the necessary blueprint on…

Hot Topics

Making Headlines: SAML

By , March 19, 2018

On February 27, 2018 the CERT Division of Carnegie Mellon University’s Software Engineering Institute issued advisory #475445, outlining a design flaw in Security Assertion Markup Language (SAML) implementations, which affects various Single Sign-On (SSO) software and several open source libraries meant to support SAML-based SSO operations. Centrify customers are not susceptible to this vulnerability nor any Service Provider Applications that leverage the Centrify SDK (for more details, click here). The disclosed vulnerability drew a lot of media attention, generating coverage by tech publishers like ZDNet, eWeek, and TechTarget. Some of you might ask why there has been so much hype…