Blog Posts

  • CyberArk Recognized as a Leader in 2024 Gartner® Magic Quadrant™ for PAM

    CyberArk Recognized as a Leader in 2024 Gartner® Magic Quadrant™ for PAM

    Today, we’re exceptionally proud to announce our recognition as a Leader in the “2024 Gartner® Magic Quadrant™ for Privileged Access Management (PAM)”1 for the sixth time in a row. CyberArk was...

    Read Blog
  • How Overreliance on EDR is Failing Healthcare Providers

    How Overreliance on EDR is Failing Healthcare Providers

    Ransomware attacks have a profound impact on healthcare organizations, extending well beyond financial losses and the disrupted sleep of staff and shareholders. A University of Minnesota School of...

    Read Blog
  • Taming Vault Sprawl with Modern Secrets Management

    Taming Vault Sprawl with Modern Secrets Management

    In this cloud, DevOps and AI era, security teams grapple with the growing challenge of shadow secrets and vault sprawl. As organizations grow, secrets management increasingly fragments.

    Read Blog
  • Applying a ‘Three-Box Solution’ to Identity Security Strategies

    Applying a ‘Three-Box Solution’ to Identity Security Strategies

    Physical and network barriers that once separated corporate environments from the outside world no longer exist. In this new technological age defined by hybrid, multi-cloud and SaaS, identities...

    Read Blog
  • The Rise of the Machines and the Growing AI Identity Attack Surface

    The Rise of the Machines and the Growing AI Identity Attack Surface

    In 1968, a killer supercomputer named HAL 9000 gripped imaginations in the sci-fi thriller “2001: A Space Odyssey.” The dark side of artificial intelligence (AI) was intriguing, entertaining and...

    Read Blog
  • The Human Factor in a Tech-Driven World: Insights from the CrowdStrike Outage

    The Human Factor in a Tech-Driven World: Insights from the CrowdStrike Outage

    AI and Deep Fake Technology v. The Human Element The idea that people are the weakest link has been a constant topic of discussion in cybersecurity conversations for years, and this may have been...

    Read Blog
  • Zero Standing Privileges: The Essentials

    Zero Standing Privileges: The Essentials

    In December, I’ll have been with CyberArk for seven years, and at a similar point, I’ll have spent two years leading product marketing for cloud security at the company. In my short tenure with...

    Read Blog
  • CIO POV: CrowdStrike Incident Offers 3 Digital Resilience Lessons

    CIO POV: CrowdStrike Incident Offers 3 Digital Resilience Lessons

    On July 19, 2024, organizations around the world began to experience the “blue screen of death” in what would soon be considered one of the largest IT outages in history. Early rumors of a mass...

    Read Blog
  • AI Treason: The Enemy Within

    AI Treason: The Enemy Within

    tl;dr: Large language models (LLMs) are highly susceptible to manipulation, and, as such, they must be treated as potential attackers in the system. LLMs have become extremely popular and serve...

    Read Blog
  • Navigating Cloud Security: A Shared Responsibility

    Navigating Cloud Security: A Shared Responsibility

    Each July, my family and I take a road trip from Kentucky back to my hometown in northwestern Pennsylvania to spend time on Lake Erie. As tradition dictates, we stop along I-71 for coffee at...

    Read Blog
  • 5 Strategies for Setting the Right Cybersecurity KPIs

    5 Strategies for Setting the Right Cybersecurity KPIs

    Cybersecurity key performance indicators (KPIs) measure the efficacy of an organization’s cybersecurity program. In a rapidly changing threat landscape characterized by new identities,...

    Read Blog
  • A Brief History of Game Cheating

    A Brief History of Game Cheating

    Over the short span of video game cheating, both cheaters and game developers have evolved in many ways; this includes everything from modification of important game variables (like health) by...

    Read Blog
  • Double Dipping Cheat Developer Gets Caught Red-Handed

    Double Dipping Cheat Developer Gets Caught Red-Handed

    Following our post “A Brief History of Game Cheating,” it’s safe to say that cheats, no matter how lucrative or premium they might look, always carry a degree of danger. Today’s story revolves...

    Read Blog
  • Mission Possible: Securing Developer Access, CI/CD and Code (With Love)

    Mission Possible: Securing Developer Access, CI/CD and Code (With Love)

    Okay, so you’re a security leader at your enterprise – congratulations! It’s a big, challenging role, as you know too well. You or a colleague are likely responsible for securing the cloud and...

    Read Blog
  • CIO POV: Rethinking Data Security Post-Snowflake Customer Attacks

    CIO POV: Rethinking Data Security Post-Snowflake Customer Attacks

    Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the...

    Read Blog
  • Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability

    Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability

    During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic...

    Read Blog
  • How to Bypass Golang SSL Verification

    How to Bypass Golang SSL Verification

    Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...

    Read Blog
  • What ‘Passwordless’ Really Means for Privileged Access Management

    What ‘Passwordless’ Really Means for Privileged Access Management

    Privileged access management (PAM) programs aim to secure the highest-risk access in an organization, including using privileged credentials like passwords, SSH keys and application secrets. So,...

    Read Blog
  • Why Implementing Identity Security Doesn’t Have to Be Complicated

    Why Implementing Identity Security Doesn’t Have to Be Complicated

    Every organization is different, with its own unique needs, challenges and goals. That means that IT solutions, and especially IT security, must be complex tools that are highly configurable and...

    Read Blog
  • The Current State of Browser Cookies

    The Current State of Browser Cookies

    What Are Cookies When you hear “cookies,” you may initially think of the delicious chocolate chip ones. However, web cookies function quite differently than their crumbly-baked counterparts....

    Read Blog
  • loading
    Loading More...