Microsoft recently announced the deprecation of NTLM protocol for Windows client. This falls in line with Microsoft’s encouragement to move away from NTLM due to the security risks it introduces – and acts as a wakeup call that maintaining NTLM usage puts environments at high risk.   We cannot overlook the striking ... Read More

What’s the weakest link in a manufacturer’s security architecture? One of the common answers is ‘the one you can’t control’, with third-party access being the most prominent example. Supply chain attacks are one of the hardest challenges security teams struggle with, particularly for manufacturing companies that rely heavily on an ... Read More

Identity is now a top priority for security decision makers. The need to overcome malicious TTPs, such as credential access, privilege escalation and lateral movement, has never been more urgent. When over 80% of breaches involve the use of compromised credentials and ransomware attacks take down even the largest organizations, ... Read More

We’re so excited to share that CRN®, a brand of The Channel Company, named Silverfort’s Leslie Bois, Vice President of Global Channel Sales, and Amy Kowalchyk, Director of the American Channel, to the Women of the Channel list for 2024. Since bringing Bois on board in early 2023 to lead ... Read More

Next week is a big week for Silverfort. Many people on our team are heading to California to attend the annual RSA conference. If you’re visiting, come find us in Moscone South at Booth #3333. This year is extra special for our team, though. We’re excited that one of our ... Read More

We’re proud to unveil the first report based on Silverfort’s proprietary data: The Identity Underground Report. This data, gathered and analyzed from hundreds of production environments, discloses the key security gaps – or Identity Threat Exposures (ITEs) – that adversaries exploit to launch identity threats such as credential access, privilege ... Read More

The recent cyberattacks launched as part the Russia-Ukraine warfare have reawakened concerns about the security of air gapped networks, particularly regarding identity protection. Air gapping is implemented to reduce the attack surface of a highly sensitive network, such as the ones found in nations’ critical infrastructure, military and governmental environments, ... Read More

On March 1, 2017, the Department of Financial Services enacted a regulation establishing cybersecurity requirements for financial services companies, 23 NYCRR Part 500 (referred to below as “Part 500” or “the Cybersecurity Regulation”). As a result of investigating hundreds of cybersecurity incidents, Part 500 was amended, increasing the amount and ... Read More

Scattered Spider adversary group has been extremely active in the past month, increasing its outreach to financial and insurance entities. This group features an extensive and in-depth use of identity compromise in both the initial access and lateral movement stages. A sound defensive strategy against Scattered Spider should include a ... Read More

In article 21, the NIS2 Directive defines the minimum set of security measures regulated entities must implement to comply with its requirements. Section 2(j) relates directly to Multi-Factor Authentication (MFA), stating that the security measures should include: ‘The use of multi-factor authentication or continuous authentication solutions, secured voice, video and ... Read More