Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Netwrix

Top 5 Things People Hate About PAM

Privileged access management (PAM) solutions have been around in various forms for decades now. Whether you want a password vault, session management, reduced privilege or a combination of privileged management workflows, there’s been no shortage of vendors to choose from. So why does the thought of PAM still make admins shudder? Surely, it should be enjoyable to have a PAM solution humming along, reducing your organization’s risk while you, the admin, focus on your other duties.

User Entitlement Review Explained

The entitlement review definition is simple: a review of user access permissions and other rights. The goal of a user entitlement review is to ensure that each user in the IT environment has access to the data they need to do their job and nothing more — the principle of least privilege. A structured and regular entitlement review process helps mitigate security risks and protect sensitive data.

CISSP Exam Pattern Changes, May 2021

On May 1, 2021, ISC² implemented a refreshed set of objectives for the CISSP certification exam for security professionals in order to keep it relevant to the latest technologies and cybersecurity standards, requirements and processes. New information security concepts, terms and acronyms have been added and others are better covered.

What is Zero Trust?

Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft. Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter.

What is the California Privacy Rights Act (CPRA) 2020 and how does it compare to the CCPA?

The California Privacy Rights Act (CPRA) is an extension of the 2018 California Consumer Privacy Act (CCPA). The goal of both laws is to enhance the privacy rights of California residents with regards to the personal information that companies collect about them, giving them the right to see, delete and limit the sale of that data. The CPRA will be fully implemented in mid-2023. In this article, we will take a close look at the provisions of CPRA and how it amends the CCPA.

Just-in-Time Administration for Secure Access Management

Although external cybersecurity attacks and malware make for sensational headlines, the biggest security threat most organizations face comes from trusted insiders with privileged access to sensitive data. Cybersecurity Insider’s 2020 Insider Threat Report reveals that 68% of organizations report that insider attacks are becoming more frequent and that they feel vulnerable to them.

How to Label Sites in Microsoft 365

I can’t tell you how many times I’ve been asked by customers if we can help them apply sensitivity labels at scale to data at rest in SharePoint Online. Unfortunately, I’ve had to tell them that there’s really only one option, and it’s not pretty. To date, there is no API that allow an end user to apply a sensitivity label directly to a file in a SharePoint Online site, so the only real option is to download the file locally, apply the label and then upload the file.

Active Directory Certificate Services: Risky Settings and How to Remediate Them

Active Directory Certificate Services has been around for a long time, but resources for learning it are not great. As a result, it often has misconfigurations that are an increasing vector for attacks. In fact, SpecterOps released a whitepaper detailing a number of misconfigurations and potential attacks and providing hardening advice.