Brute Force Attacks: Denying the Attacker, Not the User

Brute Force Attacks: Denying the Attacker, Not the User

According to haveIbeenpwned.com, close to 8 billion accounts have been compromised. The site provides a tool to see if any of your passwords have been compromised and are available on the dark-net. Once passwords are compromised, they are easily exposed to bad actors who can use them for brute force ... Read More
How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

In the past year, we have seen numerous publicly traded corporations (Marriott and T-Mobile), airlines (Cathay Pacific and Delta), and tech companies (Facebook and Google+) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that insider threats and preventing credential compromise are growing ... Read More
Conditional Access Establishes Trust In the Network

Conditional Access Establishes Trust In the Network

Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United ... Read More
You Failed Your Pen Test: How Can You Reduce Your Attack Surface?

You Failed Your Pen Test: How Can You Reduce Your Attack Surface?

|
Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When ... Read More
Cybersecurity is Increasingly Important for M&A Dealmakers

Cybersecurity is Increasingly Important for M&A Dealmakers

|
Corporate boards widely recognize due diligence as a critically important component of the M&A process, particularly when it comes to vetting financial numbers and legal obligations. The stakes are enormous: The value of worldwide mergers and acquisitions totaled $3.6 trillion in 2017, according to Thomson Reuters. Globally, M&A activity is ... Read More
Is a Fragmented View of Users Increasing Your Risk of Breach?

Is a Fragmented View of Users Increasing Your Risk of Breach?

|
Last week, I was on the road speaking with CISOs across the country. One theme emerged loud and clear: Virtually all of the organizations have invested a lot in security tools and solutions, but despite their investment, they struggle with getting a complete view of user access across platforms. So, ... Read More
Three Security Lessons to Keep in Mind Leading Up To the R-CISC Summit

Three Security Lessons to Keep in Mind Leading Up To the R-CISC Summit

|
It’s never been more important for retailers to harden their cybersecurity posture— especially given the documented trend of intensified attacks on retailers during the rapidly-approaching holiday season. We’re excited to attend the 2018 Retail Cyber Intelligence Summit in Denver and look forward to learning from and sharing perspective with the ... Read More
Three Lessons You Can Learn from A Recent Security Breach

Three Lessons You Can Learn from A Recent Security Breach

|
After an organization has been breached, one of the most critical steps to take is to determine the root cause and to take active steps to more proactively protect the business. Recently, Preempt was brought in to help a Fortune 500 company with a critical internal threat situation. A malicious ... Read More
3 Ways to Improve Incident Response Time with IATP

3 Ways to Improve Incident Response Time with IATP

|
Companies today are exposed to many threats and incident response (IR) teams have to respond to both real or suspected breaches. Incidents can include credential compromise, phishing, malware in the network, Denial of Service (DoS) attacks, zero day threats, and unauthorized changes to the network, hardware or software to name ... Read More
Going on the Offense: How to Eliminate Internal Threats

Going on the Offense: How to Eliminate Internal Threats

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes ... Read More