Who governs the governance? Why the least privilege model is key to securing IGA
IGA tools allow organizations to manage who has access to what. IGA’s primary focus is on business outcomes and operational efficiency—priorities that may not always align with security needs. In the pursuit of maximizing efficiency, it’s easy to miss potential attack vectors. Employees often switch roles and keep access to resources they no longer need […]
Navigating the Five Eyes Alliance’s Guide to Detecting and Mitigating Active Directory Compromises
The Five Eyes Alliance, led by the Australian Signals Directorate (ASD), recently released a key document titled Detecting and Mitigating Active Directory Compromises, highlighting the rise in ransomware attacks on Active Directory environments, especially in the APAC region. In this blog, we’ll examine some of the most common compromises described in the guidance, and highlight […]
The Treasury Department cyberattack: Key insights on BeyondTrust remote support software hack
TL;DR *** In December 2024, the U.S. Department of the Treasury fell victim to a sophisticated cyberattack orchestrated by a Chinese state-sponsored APT group. These groups are known for targeting government entities, critical infrastructure and private sector organizations to steal intellectual property and conduct espionage. Entry point: Vulnerable remote support software The attackers exploited two […]
ITDR and ISPM: The Best of Both Worlds
At first glance, Identity Threat Detection and Response (ITDR) and Identity Security Posture Management (ISPM) sound like two names for the same thing (because one thing we really need in cybersecurity is more acronyms). While they do share some similarities – like a keen eye for trouble – they each play a very specific role […]
Keeping Up with the Credentials: The Evolving Landscape of Ransomware in 2024
The first half of 2024 has seen some of the largest breaches in recent years. Their common denominator? Compromised credentials and lack of MFA. The most prominent breach to date is the Snowflake breach, which has continuously affected some major organizations since May. In this article, we’ll focus on some of the hardest hit organizations, […]
The End of an Era: Understanding the Security Risks of NTLM
In October 2023, Microsoft made a pivotal announcement that signaled the beginning of the end for NTLM, including all its versions. This decision, reiterated in June 2024, underscores Microsoft’s commitment to transitioning developers to more secure protocols, such as Kerberos via the Negotiate mechanism. With the deprecation process set to commence in early 2025 and […]
Shining the Spotlight on the Rising Risks of Non-Human Identities
Active Directory Service Accounts: A closer look at one of the most common NHIs and their role in lateral movement The security of Non-Human Identities (NHIs) is now top of mind for security stakeholders. But what exactly is a non-human identity, and how do they impact an organization’s cybersecurity posture? NHI is a broad term used […]
NTLM Deprecation is Giving Us XP EOL Flashbacks: Are You Protected?
Microsoft recently announced the deprecation of NTLM protocol for Windows client. This falls in line with Microsoft’s encouragement to move away from NTLM due to the security risks it introduces – and acts as a wakeup call that maintaining NTLM usage puts environments at high risk. We cannot overlook the striking resemblance between today’s NTLM deprecation […]
Identity Security Is the Key to Managing Manufacturers’ Supply Chain Cyber Risk
What’s the weakest link in a manufacturer’s security architecture? One of the common answers is ‘the one you can’t control’, with third-party access being the most prominent example. Supply chain attacks are one of the hardest challenges security teams struggle with, particularly for manufacturing companies that rely heavily on an ecosystem of external contractors. Their […]