Blog Posts
-
CyberArk Recognized as a Leader in 2024 Gartner® Magic Quadrant™ for PAM
Today, we’re exceptionally proud to announce our recognition as a Leader in the “2024 Gartner® Magic Quadrant™ for Privileged Access Management (PAM)”1 for the sixth time in a row. CyberArk was...
-
How Overreliance on EDR is Failing Healthcare Providers
Ransomware attacks have a profound impact on healthcare organizations, extending well beyond financial losses and the disrupted sleep of staff and shareholders. A University of Minnesota School of...
-
Taming Vault Sprawl with Modern Secrets Management
In this cloud, DevOps and AI era, security teams grapple with the growing challenge of shadow secrets and vault sprawl. As organizations grow, secrets management increasingly fragments.
-
Applying a ‘Three-Box Solution’ to Identity Security Strategies
Physical and network barriers that once separated corporate environments from the outside world no longer exist. In this new technological age defined by hybrid, multi-cloud and SaaS, identities...
-
The Rise of the Machines and the Growing AI Identity Attack Surface
In 1968, a killer supercomputer named HAL 9000 gripped imaginations in the sci-fi thriller “2001: A Space Odyssey.” The dark side of artificial intelligence (AI) was intriguing, entertaining and...
-
The Human Factor in a Tech-Driven World: Insights from the CrowdStrike Outage
AI and Deep Fake Technology v. The Human Element The idea that people are the weakest link has been a constant topic of discussion in cybersecurity conversations for years, and this may have been...
-
Zero Standing Privileges: The Essentials
In December, I’ll have been with CyberArk for seven years, and at a similar point, I’ll have spent two years leading product marketing for cloud security at the company. In my short tenure with...
-
CIO POV: CrowdStrike Incident Offers 3 Digital Resilience Lessons
On July 19, 2024, organizations around the world began to experience the “blue screen of death” in what would soon be considered one of the largest IT outages in history. Early rumors of a mass...
-
AI Treason: The Enemy Within
tl;dr: Large language models (LLMs) are highly susceptible to manipulation, and, as such, they must be treated as potential attackers in the system. LLMs have become extremely popular and serve...
-
Navigating Cloud Security: A Shared Responsibility
Each July, my family and I take a road trip from Kentucky back to my hometown in northwestern Pennsylvania to spend time on Lake Erie. As tradition dictates, we stop along I-71 for coffee at...
-
5 Strategies for Setting the Right Cybersecurity KPIs
Cybersecurity key performance indicators (KPIs) measure the efficacy of an organization’s cybersecurity program. In a rapidly changing threat landscape characterized by new identities,...
-
A Brief History of Game Cheating
Over the short span of video game cheating, both cheaters and game developers have evolved in many ways; this includes everything from modification of important game variables (like health) by...
-
Double Dipping Cheat Developer Gets Caught Red-Handed
Following our post “A Brief History of Game Cheating,” it’s safe to say that cheats, no matter how lucrative or premium they might look, always carry a degree of danger. Today’s story revolves...
-
Mission Possible: Securing Developer Access, CI/CD and Code (With Love)
Okay, so you’re a security leader at your enterprise – congratulations! It’s a big, challenging role, as you know too well. You or a colleague are likely responsible for securing the cloud and...
-
CIO POV: Rethinking Data Security Post-Snowflake Customer Attacks
Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the...
-
Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability
During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic...
-
How to Bypass Golang SSL Verification
Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...
-
What ‘Passwordless’ Really Means for Privileged Access Management
Privileged access management (PAM) programs aim to secure the highest-risk access in an organization, including using privileged credentials like passwords, SSH keys and application secrets. So,...
-
Why Implementing Identity Security Doesn’t Have to Be Complicated
Every organization is different, with its own unique needs, challenges and goals. That means that IT solutions, and especially IT security, must be complex tools that are highly configurable and...
-
The Current State of Browser Cookies
What Are Cookies When you hear “cookies,” you may initially think of the delicious chocolate chip ones. However, web cookies function quite differently than their crumbly-baked counterparts....
- Loading More...