Blog Posts

  • How to Map Identity Security Maturity and Elevate Your Strategy

    How to Map Identity Security Maturity and Elevate Your Strategy

    The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...

    Read Article
  • LTT Attack Targets Session Cookies to Push Crypto Scam

    LTT Attack Targets Session Cookies to Push Crypto Scam

    Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...

    Read Article
  • Protect Passwords, Don’t Just Manage Them: A Game Plan for CIOs and CISOs

    Protect Passwords, Don’t Just Manage Them: A Game Plan for CIOs and CISOs

    When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’...

    Read Article
  • What Is Zero Trust and Why Is it So Important?

    What Is Zero Trust and Why Is it So Important?

    There are nuances to how Zero Trust security is defined — but at its core, it's a strategic cybersecurity model enabled to protect modern digital business environments.

    Read Article
  • How to Streamline Security Operations With Identity Security Intelligence

    How to Streamline Security Operations With Identity Security Intelligence

    “Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart...

    Read Article
  • Persistence Techniques That Persist

    Persistence Techniques That Persist

    Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

    Read Article
  • Secrets Management: Meeting Developers Where They Are

    Secrets Management: Meeting Developers Where They Are

    There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud...

    Read Article
  • Why the Phishing Blame Game Misses the Point

    Why the Phishing Blame Game Misses the Point

    Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction – emails on company computers, text and voice...

    Read Article
  • How Automated Identity Management Can Help Solve the Compliance Puzzle

    How Automated Identity Management Can Help Solve the Compliance Puzzle

    Have you ever received a puzzle as a gift from a well-intentioned friend? They likely thought something along the lines of, “Hey, this person’s into solving problems — I bet they’d love putting...

    Read Article
  • Phishing as a Service

    Phishing as a Service

    Introduction Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can...

    Read Article
  • Deconstructing Identity Security

    Deconstructing Identity Security

    Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation and cloud migration...

    Read Article
  • Udi Mokady to Step into Executive Chair Role and Matt Cohen to Become CEO

    Udi Mokady to Step into Executive Chair Role and Matt Cohen to Become CEO

    Today, CyberArk announced that our founder and CEO Udi Mokady will step into the role of Executive Chairman and our Chief Operating Officer, Matt Cohen, will become CyberArk’s CEO, effective April...

    Read Article
  • Post-CircleCI Breach, Focus on Identity Security Strategy

    Post-CircleCI Breach, Focus on Identity Security Strategy

    When news of the recent CircleCI breach broke, developers everywhere scrambled to rotate tokens and remove hardcoded secrets stored in the popular CI/CD platform to minimize their exposure. Now...

    Read Article
  • The Linux Kernel and the Cursed Driver

    The Linux Kernel and the Cursed Driver

    Introduction NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS...

    Read Article
  • How to Secure Secrets in Multi-cloud Environments

    How to Secure Secrets in Multi-cloud Environments

    It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency and remaining...

    Read Article
  • Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1

    Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1

    Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...

    Read Article
  • Three Ways to Reinforce Least Privilege with Identity Management

    Three Ways to Reinforce Least Privilege with Identity Management

    The definition of privilege is changing, and this changes everything. Identities of all types — not just IT team members, but any employees — are gaining access to sensitive data, infrastructure...

    Read Article
  • Identity Security: Bridging the Executive Confidence/Reality Gap

    Identity Security: Bridging the Executive Confidence/Reality Gap

    In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a...

    Read Article
  • Why No User Should Have Local Admin Rights

    Why No User Should Have Local Admin Rights

    The idea of removing local administrator rights from Every. Single. User. across your organization is likely to spark strong reactions. Search popular online forums for the phrase “remove local...

    Read Article
  • Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers

    Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers

    TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...

    Read Article
  • loading
    Loading More...