Cybersecurity Awareness Month: Protecting Critical Infrastructure from Cyber Threats

It is interesting and at times bewildering, that in the many years following the failures of 9/11, we still have not found a way to share threat intelligence information without exposing classified information which may compromise the source. Look at these five primary pieces of infrastructure, which exist in every modern society, consider the interdependencies, and how a persist threat or disruption to one dependency can cascade throughout these infrastructure dominos. Primary Role: Electrical Power Generation/Distribution Dependencies on: Above and below ground electrical distribution wires. Network Access to connect power generation and distribution systems. Backup generation systems for internal systems….

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

Ushering in a Cybersecurity Renaissance with the World’s Top Experts

As CEO Tom Kemp mentioned in his recent blog post, Centrify has reengineered its annual user group event to more comprehensively tackle the many security issues facing organizations today. As the thought leader partner for CyberConnect 2017, ICIT has spent the last several months building a powerful curriculum which will empower business and technical leaders tasked with defending their organizations from digital threats. The result is a program that will inspire, educate, and ultimately help bring order to organizations developing strategies to survive in today’s cyber kinetic meta war. At ICIT, we believe we’ve entered a new paradigm where old…

How to Hack Passwords: How Long Would It Take Your Grandmother To Do It?

(Hint: You Won’t Believe the Answer) My last article “Do You Know How Easy It Is to Guess Your Password? (Hint: You Don’t Want to Read This!)”, was about how hackers can obtain massive databases of human generated passwords and run them through off-the-shelf tools on commodity hardware by using Graphics Card GPUs to gain speed and computing cost advantage. This article will delve into how easy it will be for your grandma to rig up a password cracking machine. First step for Grandma is to visit Amazon and pickup some hardware. Perhaps a nice BitCoin mining rig that can compute…

Centrify Wins PC Magazine’s 2017 Identity Management Solutions Editor’s Choice Award

PC Magazine recently published a review of the top 2017 Identity Management Solutions and we are pleased to announce that Centrify was one of only three vendors that received the Editors’ Choice Award! The Editors’ Choice is awarded annually to products/services that rise above similar products in their categories and the products under consideration have been reviewed by expert analysts in PCMag Labs. Specific features that were commended by PC Magazine were capabilities such as robust reporting, easy to use on-premises app, quick integration with user identities from social networks, and our risk-based authentication that leverages machine learning. Our user…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…

Verizon 2017 DBIR: Key Takeaways

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories that were first identified in the 2014 report. These attacks are further categorized into key…

Top 3 Takeaways from the 2017 RSA Conference

Last week was the 2017 RSA Conference in San Francisco. Having attended, I can report that the number of vendors at the conference was nothing short of mind-boggling. While there are many challenges facing the security industry, there are also a lot of innovative ideas about how to respond to them. Here are my top takeaways from the conference: #1 Organizations Should Consolidate Security Vendors While it was great to see so many vendors at RSA, it was also indicative of just how many point security tools are on the market today — many of which provide very specific solutions…