Based on our extensive experience we’ve identified the ways our most successful customers have started out. We distilled this into a set of best practices to help guide your Privileged Identity Management journey.
There are a few steps we can easily take to increase our overall IT security posture. I advocate for paying special attention to privilege management. Here are five reason why.
Making privileged access a moving target helps mitigate threats in the cloud.
If you can build your Identity and Access Management program around ensuring proper and efficient end user access, keeping privileged access in check, and treating IAM as the organization’s perimeter defense, then you will get all the other details right along the way.
Phishing will be with us as long as email. So the idea that bad guys can email posing as the CEO or another executive is not that shocking, even though it’s a relatively new angle.
The National Cybersecurity Center of Excellence’s (NCCoE) recent cyber security guide Identity and Access Management for Electric Utilities identified a serious security concern within the energy sector, and if people follow the advice in this guide they will be have a better overall IT security posture. There is one area that doesn’t get a full treatment and one glaring omission, though.
IdentityWeek recently had an opportunity to sit down with Mark Balasko, Product Manager at WALLIX – a privileged user management vendor and Lieberman Software partner – about his insights into new and emerging information security threats.
A recent whitepaper from the SANS Institute and RSA Security reports that the corporate Help Desk is now a prime target for hackers. As veterans in the Privileged Identity Management marketplace, we’ve long regarded the securing and auditing of Help Desk access as a significant priority.
With standalone password management tools it is not possible to restrict users based on their actual activity, only general access to the account can be controlled. So, to better manage the threat represented by “super-users” – and answer the question of “who did what?” – integrating enterprise password management with activity monitoring should be considered.