|
By Darryl Baker
AI desktop assistants and coding tools need credentials to reach external services, and many of them store those credentials as plaintext JSON at predictable paths in the user's home directory. This research covers how credential storage works across 14 popular AI tools, where OS keychain integration is present or missing, and eight attack scenarios that turn that exposure into real risk, from malware-based theft to remote session hijacking to supply-chain compromise via MCP servers.
|
By Sascha Martens
Built-in browser password managers are convenient. For enterprise secrets, convenience is not a security strategy. There are two kinds of password storage in the world: the kind that helps you log in to your favorite lunch-ordering site faster, and the kind that protects the credentials that can unlock your business. Sadly, many organizations treat both the same way.
|
By Dan Piazza
Here's a number worth sitting with: the CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0 is 1,364 pages long and covers more than 500 individual configuration settings. That's one operating system. Add your Linux servers, network devices, databases, and cloud workloads, and you're looking at a configuration surface area no team can stay on top of manually. A CIS benchmark tool solves that problem at scale.
|
By Hannah King
A French channel partner recently won two top awards at the Cas d'Or 2026 for a public-sector identity governance project. The recognition covered Cyber Governance & Risk Management and the Public Sector category. Here's a look at what the win signals about identity governance in public organizations and how modern IGA platforms help tackle budget pressure, compliance demands, and complex user populations. Identity governance in the public sector rarely makes headlines.
|
By Netwrix Team
Identity threat detection and response (ITDR) tools close the visibility gap that EDR and MFA leave open. They surface credential misuse, lateral movement, and Active Directory activity that appears legitimate to endpoint and perimeter defenses. The right fit depends on your identity infrastructure, detection depth, and whether you need real-time blocking or post-event response.
|
By Grady Summers
For twenty years, cybersecurity defense rested on a simple idea: make attacking so expensive that adversaries give up and move on. Cheap, capable AI breaks those economics. Recon, exploit development, phishing, and command-and-control infrastructure now run at model speed and cent-per-million-tokens cost. The detect-and-respond doctrine struggles when an attacker’s OODA loop compresses from weeks to seconds. The prevention bar has to rise from blocking known-bad to predicting intent from behavior.
|
By Tyler Reese
User and entity behavior analytics (UEBA) is a cybersecurity technology that uses machine learning and risk scoring to detect threats by analyzing user and entity behavior patterns. UEBA establishes behavioral baselines for users, devices, and applications, then identifies anomalies that may indicate insider threats, compromised accounts, or advanced attacks that traditional security tools miss.
|
By Dirk Schrader
Non-human identities (NHIs) such as service accounts, API keys, tokens, and workload identities now outnumber human users by 10x or more in most organizations. Unlike human identities that follow HR-driven lifecycles, NHIs are often created ad hoc, granted excessive permissions, and rarely decommissioned. Effective NHI lifecycle management spans five stages: discovery and inventory, secure provisioning, ongoing monitoring, credential risk management (including rotation), and decommissioning.
|
By Netwrix Team
Controlled unclassified information (CUI) protection requires consistent identification, marking, safeguarding, and access governance across every system that touches federal data. With CMMC Phase 1 underway and the FAR CUI rule in effect, compliance is now a contract prerequisite. Controlled unclassified information (CUI) is sensitive but unclassified information that requires safeguarding or dissemination controls under federal law, regulation, or government-wide policy.
|
By Istvan Molnar
PCI DSS compliance levels categorize merchants and service providers based on annual card transaction volume, determining their validation requirements. Merchants fall into four levels, with Level 1 requiring the most rigorous assessment through a Qualified Security Assessor, while Levels 2 through 4 typically complete self-assessment questionnaires. Service providers follow a separate two-tier system.
|
By Netwrix
As access changes constantly and sensitive data moves faster than security teams can track, visibility matters more than ever. Helen R., Director of Engineering at Netwrix, explains why identity and data security can’t operate in silos anymore, especially in the age of AI. Have questions about identity governance, AI, or protecting sensitive data? Experts at Netwrix, including Helen, are helping organizations navigate these challenges every day.
|
By Netwrix
What if one small configuration change exposed your entire environment and no one noticed? Most security incidents don’t start with malware. They start with misconfigurations.
|
By Netwrix
Sensitive data sprawl, accumulated access, and unclear ownership continue to increase risk across modern environments. Farrah Gamboa, Senior Director of Product Management at Netwrix, explains why continuous visibility into sensitive data and access is critical to reducing exposure and strengthening security.
|
By Netwrix
Sensitive data no longer lives in one place. It moves across file servers, SaaS apps, cloud platforms, and collaboration tools. That’s why discovering sensitive data once is not enough. In this video, Farrah Gamboa, Senior Director of Product Management at Netwrix, explains why data visibility must be continuous to keep data security manageable.
|
By Netwrix
When technology gets in the way, people work around it. What does your identity experience enable? Michael Wetzel, CIO at Netwrix, explains why identity design matters more than ever.
|
By Netwrix
PAWs reduce risk. Identity is the real control plane. If privileges live too long, architecture won’t save you. Data security starts with identity.
|
By Netwrix
Security leaders are rethinking how visibility and control shape trust and compliance. Hear the conversation in the latest episode of Voices of Cyber Asia. Join Netwrix at the Gartner Security & Risk Management Summit in Sydney. Visit our booth to see how identity-first visibility connects data and identity security to strengthen data security, reduce risk, and simplify compliance. Link in bio to listen to the full episode and join the conversation.
|
By Netwrix
Identity is the foundation of effective visibility and control. In Voices of Cyber Asia, we explore how identity-driven insights improve access management and support compliance. Join Netwrix at the Gartner Security & Risk Management Summit in Sydney. Visit our booth to see how identity-first visibility connects data and identity security to strengthen data security, reduce risk, and simplify compliance.
|
By Netwrix
As AI adoption grows, identity risk grows with it. Dirk Schrader, VP of Security Research at Netwrix, explains why governing human and machine identities is foundational to securing AI systems. How are you governing identity in your AI workflows today?
|
By Netwrix
Most security failures start with access. When the wrong person gets the wrong permissions, risk follows. Netwrix Identity Management helps control access, enforce least privilege, and identify and remove excess permissions before they become a problem.
|
By Netwrix
If you are just getting started with Office 365 or you want to master its administration, this guide is for you. The beginning features very easy tasks, including provisioning and de-provisioning of Office 365 user accounts. Then it offers guidelines on managing licenses and explains how to administer different applications using both the Office 365 admin console and PowerShell. Last, this Office 365 tutorial (.pdf) provides more advanced guidance, helping you set up a hybrid environment, secure your cloud-based email application with encryption and spam filtering, and more. After reading this guide, you'll also know how to troubleshoot Office 365 issues, ensuring a seamless experience for your business users.
|
By Netwrix
Cybersecurity practitioners worldwide use the NIST Cybersecurity Framework to strengthen their security program and improve their risk management and compliance processes. The framework is voluntary, but it offers proven best practices that are applicable to nearly any organisation. However, it can seem daunting at first because it includes so many components.
|
By Netwrix
The simplest definition of Active Directory is that it is a directory service for Windows operating systems. But what does this actually mean? What is Active Directory used for? How can you manage it? Whether you are a new system administrator who wants to learn Active Directory basics, such as its structure, services, components and essential terminology, or a seasoned administrator looking to find new best practices and improve your skills even further, this eBook has something for you.
|
By Netwrix
Safeguarding business-critical and regulated data like customer records, financial information and intellectual property is critical to the success of the entire organization. However, your goal should not be to build a fortress. Rather accept that your network will inevitably be breached from the outside and attacked from within, so you should build a layered defense strategy that helps you both minimize your attack surface and spot suspicious behavior in time to respond effectively.
|
By Netwrix
If you are just getting started with Office 365 or you want to master its administration, this guide is for you. The beginning features very easy tasks, including provisioning and de-provisioning of Office 365 user accounts. Then it offers guidelines on managing licenses and explains how to administer different applications using both the Office 365 admin console and PowerShell. Last, this Office 365 tutorial (.pdf) provides more advanced guidance, helping you set up a hybrid environment, secure your cloud-based email application with encryption and spam filtering, and more. After reading this guide, you'll also know how to troubleshoot Office 365 issues, ensuring a seamless experience for your business users.
|
By Netwrix
In today's digital world, the problem of data theft by departing employees goes far beyond stealing the names of a few customers or a product design sketch; it can mean the loss of gigabytes of critical corporate intelligence and legally protected information like customer cardholder data. Plus, ex-employees have even more avenues for using the data they steal - they can use it against their former employers, leak it to competitors, sell it to the highest bidder or simply publish it on the internet.
|
By Netwrix
Although most IT pros are aware of the benefits that technology integrations promise, many of them are reluctant to take on integration projects. They know all too well that many vendor products simply aren't designed to be integrated with other systems; the lack of an application programming interface in particular is a huge red flag. Fortunately, there are vendors, such as ServiceNow and Netwrix, that enable organizations to reap the benefits of integration without having to invest lots of time and money.
|
By Netwrix
It's hard to imagine an organization today that does not rely on file servers, SharePoint or Office 365 for storing data, including valuable and sensitive information such as intellectual property and personal data. This makes these systems particularly attractive targets for all sort of attackers, from external hackers to disgruntled employees. To protect data from both external and internal threats, businesses must regularly conduct thorough data security assessments as part of their broader cyber security assessments.
|
By Netwrix
Compliance regulations are designed to provide a unified set of rules or guidelines to help IT organizations implement policies and measures that deliver the required levels of integrity, security, availability and accountability of data and operations. This white paper provides an overview of various types of IT compliance, explores their basic concepts and commonalities, and offers guidelines for implementation.
- May 2026 (4)
- April 2026 (17)
- March 2026 (14)
- February 2026 (10)
- January 2026 (5)
- December 2025 (1)
- November 2025 (4)
- October 2025 (15)
- September 2025 (14)
- August 2025 (9)
- July 2025 (7)
- June 2025 (13)
- May 2025 (6)
- April 2025 (13)
- March 2025 (19)
- February 2025 (8)
- January 2025 (11)
- December 2024 (11)
- November 2024 (7)
- October 2024 (13)
- September 2024 (13)
- August 2024 (11)
- July 2024 (13)
- June 2024 (11)
- May 2024 (1)
- April 2024 (7)
- March 2024 (4)
- February 2024 (12)
- January 2024 (16)
- December 2023 (11)
- November 2023 (2)
- October 2023 (1)
- September 2023 (1)
- August 2023 (5)
- July 2023 (6)
- June 2023 (6)
- May 2023 (16)
- April 2023 (12)
- March 2023 (11)
- February 2023 (11)
- January 2023 (7)
- December 2022 (14)
- November 2022 (13)
- October 2022 (20)
- September 2022 (8)
- August 2022 (7)
- July 2022 (1)
- June 2022 (5)
- May 2022 (9)
- April 2022 (5)
- March 2022 (6)
- February 2022 (3)
- January 2022 (5)
- December 2021 (9)
- November 2021 (7)
- October 2021 (7)
- September 2021 (6)
- August 2021 (5)
- July 2021 (6)
- June 2021 (7)
- April 2021 (9)
- March 2021 (6)
- February 2021 (5)
- January 2021 (4)
- December 2020 (6)
- November 2020 (4)
- October 2020 (4)
- September 2020 (10)
- August 2020 (9)
- July 2020 (10)
- June 2020 (8)
- May 2020 (2)
- March 2020 (1)
- February 2020 (5)
- January 2020 (1)
- November 2019 (3)
- October 2019 (1)
Orchestrate IT security with your data at its core. Netwrix solutions empower you to identify and classify sensitive information with utmost precision; reduce your exposure to risk and detect threats in time to avoid data breaches; and achieve and prove compliance.
Data Security Done Right:
- Consistency in the Approach. Confidence in the Results. Ensure your cybersecurity efforts are laser-focused on truly important data, instead of false positives that do not require protection. Our unified platform identifies and classifies your sensitive, regulated or mission-critical information consistently and accurately — including both structured and unstructured data, whether it’s on premises or in the cloud.
- Reduce Risk. Prevent Breaches. Do you know if the sensitive data you store is overexposed? Who can access it? What activity is going on around it? Netwrix solutions help you answer these key questions and ensure that risk-appropriate security controls are implemented around your most critical data. Plus, the platform enables you to detect abnormal activity early and respond before a threat turns into a breach.
- Achieve Compliance. Deliver Hard Evidence. Assess the effectiveness of the data security controls across your entire infrastructure so you can remediate any flaws before auditors come to call. Get the hard evidence you need to demonstrate to auditors that your controls adhere to their regulations and quickly answer any ad-hoc questions.
Data Centric. Laser Focused.