One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 516128 |
| Date de publication | 2018-03-15 13:03:01 (vue: 2018-03-15 13:03:01) |
| Titre | Microsoft Publishes Bi-annual Security Intelligence Report (SIR) (Recyclage) |
| Texte | !function(){if("undefined"==typeof powerbiresize){powerbiresize=1;var e=function(){for(var e=document.querySelectorAll("[pbi-resize=powerbi]"),i=0;i |
| Envoyé | Oui |
| Condensat | $11 |
| Tags | |
| Stories | NotPetya Wannacry |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source | SecurityWeek |
|---|---|
| Identifiant | 513762 |
| Date de publication | 2018-03-14 17:58:03 (vue: 2018-03-14 17:58:03) |
| Titre | Organizations Failing Painfully at Protecting, Securing Privileged Accounts (Recyclage) |
| Texte | Legal Requirement for Cyber Insurance May be Necessary to Protect Privileged Credentials The need to manage privileged accounts is understood by practitioners and required by regulators, but poorly implemented in practice. Eighty percent of organizations consider privileged account management (PAM) to be a high priority; 60% are required by regulators to demonstrate privileged account management; but 70% would fail an access control audit. According to the 2017 Verizon Data Breach Investigations Report (DBIR), 81% of all hacking-related data breaches involved the use of stolen and/or weak passwords. The prize for hackers is gaining access to privileged account credentials. Once acquired, the adversary can move around the network with high capability and little visibility. Despite this, a new survey (PDF) by Thycotic demonstrates widespread poor implementation of PAM principles to protect key accounts. Thycotic queried nearly 500 global IT security professionals. In privileged account provisioning, it found 62% of organizations fail at processes for privileged access; 70% fail to fully discover privileged accounts (while 40% do nothing at all to discover these accounts); and 55% fail to revoke access after an employee is terminated. Even with strong controls, the report warns, "You cannot secure and manage what you do not know you have." However, most organizations have few and poor controls. Seventy-three percent of organizations do not require multi-factor authentication with privileged accounts; 63% do not track and alert on failed logon attempts for privileged accounts; and 70% fail to limit third-party access to privileged accounts. Related Webcast: Live on 3/21 - Reducing Privileges Reduces Risk Thycotic recommends a virtuous life cycle approach to privileged account management: define; discover; manage and protect; monitor; detect anomalous use; respond to incidents; and review and audit. Without automation, this will be impossible for anything but the smallest of companies. There are several companies -- including Thycotic -- that provide technology to assist. SecurityWeek spoke to the report's author, Joseph Carson, chief security scientist at Thycotic to understand why privileged account management is failing. "Organizations," he said, "are not measuring their security effectively. They continue to spend their budget blindly; and with limited budgets, they have difficulty in letting go of their l |
| Envoyé | Oui |
| Condensat | $11 about access accounts accountscyber active ads articles async attack been before best birth but columns com/js/plusone computer contributor createelement current different document dozens endpoints failing faster: financial firm found from function getelementsbytagname gone google had has high https://apis identity improves industrial industry information insertbefore issues kevin last links long magazines many microsoft millionusual more news optimum: organizations painfully parentnode performance practices prevention previous privileged protecting published publishes raises remains reportiic reportsoc script securing security; securityweek senior short since solebit sophisticated specialized sponsored src t46 tags: tech text/javascript thousands threats times townsend townsend:organizations true; tweet type var writing years |
| Tags | |
| Stories | |
| Notes | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.