• Fundamental Endpoint Security Best Practice: Securing Privilege on the Endpoint

    Information security professionals know there are two fundamental endpoint security practices that should be part of their security program in order to reduce the attack surface. Validated by various government information security organizations and industry analysts, the first practice is …

  • Passwords Don’t Have to Be the “Enemy of Security”

    The headline of an Ars Technica article on password rotation recently caught my attention, “Frequent Password Changes are the Enemy of Security.” The article, which highlights a BSides Las Vegas keynote by FTC Chief Technologist Lorrie Cranor, explains that contrary …

  • Privileged Account Security: a Strategic Program Not a ‘Project’

    Today, enterprise IT security teams increasingly recognize that compliance does not equal security. Taking a compliance or project approach is not enough to secure a business. Although important, compliance is table stakes in the world of advanced, persistent threats. The …

  • Don’t Overlook the Insider Threat, Protect Privileged Access

    A newly released Ponemon Institute study revealed that 72 percent of surveyed organizations are not confident in their ability to manage and control employee access to high-value information, such as trade secrets, new product designs, merger and acquisition activity, financial …

  • Lessons Learned from the Bangladesh Bank Heist

    Most have been following the story about the Bangladesh Bank Heist. If you haven’t, here is the scoop and timeline. On May 15, 2015, three bank accounts were opened at the Rizal Commercial Banking Corporation (RCBC). Each of these accounts …