News, discussion and expertise on IT Security and the biggest security risks in today’s organizations. Focused on Microsoft Windows and Active Directory Infrastructures we look to address the prevention of security breaches, ensuring regulatory compliance and responding to IT Emergencies.

IT Security

Comments Off on What lessons can companies learn from getting breached?

What lessons can companies learn from getting breached?

What lessons can companies learn from getting breached?

  In a sense, getting stung can be the key to taking notice — and maybe that’s a blessing in disguise. IT security is a topic often seen as solely the IT department’s concern. For management, the means taken to protect the company from cyber-crime can often be viewed as an extra cost to the … Continued

Comments Off on Cybersecurity advice for Higher Education

Cybersecurity advice for Higher Education

Cybersecurity advice for Higher Education

Information security continues to challenge both large and small institutions alike. According to EDUCAUSE, a nonprofit association of IT leaders in higher education, information security remains the #1 issue in 2018 for the third year in a row. Perhaps this is not a surprise when you learn the education sector has the highest rate of ransomware … Continued

Comments Off on How are Data Breaches Detected

How are Data Breaches Detected

How are Data Breaches Detected

Sometimes the challenge with data breaches is to know they ever happened at all. Take these examples from the 2017 headlines: Company Breach Discovered Breach Occurred Verifone January 2017 mid-2016 Brooks Brothers May 2017 April 2016 – March 2017 California Association of Realtors July 2017 March – May 2017 Forever 21 November 2017 March – … Continued

Comments Off on Why is the Education Sector a Target for Cyberattack?

Why is the Education Sector a Target for Cyberattack?

Why is the Education Sector a Target for Cyberattack?

Year over year, the same industry verticals seem to remain at the top of just about every analyst briefing, industry report, and infographic that are about security, threats, and attacks. Commonly, you repeatedly see Retail, Finance, Healthcare, and Education. But why? Retail and Finance make sense – those are businesses involved with moving people’s money (or … Continued

Comments Off on Active Directory User Login History – Audit all Successful and Failed Logon Attempts

Active Directory User Login History – Audit all Successful and Failed Logon Attempts

Active Directory User Login History – Audit all Successful and Failed Logon Attempts

The ability to collect, manage and analyze logs of login events has always been a good source of troubleshooting and diagnostic information. Logons are the one common activity across nearly all attack patterns. They provide one of the clearest indicators of compromise to help protect company data and thwart attacks. The need to provide a … Continued

Comments Off on UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

UK politician password-sharing — maybe the security industry has been giving out the wrong advice?

A few days ago, a news story broke saying that many of the UK’s political leaders have been publicly (and almost proudly) proclaiming their own particularly poor passwords habits on Twitter. MP Nadine Dorries admits she regularly shouts the question “What is my password?” across the office, and after her being criticised on Twitter, MP … Continued

Comments Off on Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

Permissions, Accounts or Logons. Where do you draw the line in Least Privilege?

  Captain Picard (from Star Trek: The Next Generation) has been known to produce some pretty memorable quotes. One such quote comes from an episode where the Federation is fighting the Borg, with Captain Picard saying (in reference to where they must fight the Borg), “The line must be drawn here! This far, no further!” … Continued

Comments Off on What’s Least Privilege Really All About?

What’s Least Privilege Really All About?

What’s Least Privilege Really All About?

As we finish the upcoming whitepaper ‘Least Privilege and the Value of User Logon Management‘, we began thinking about how organizations may see the point of least privilege as being different things. We all know, at a minimum, the implementation of the principle includes setting up users with the least amount of privileges possible (after … Continued

Comments Off on External Attacks – It’s All About the Logon

External Attacks – It’s All About the Logon

External Attacks – It’s All About the Logon

It’s tough to come up with an effective counter-measure to external attacks when you can’t see your enemy. While there are plenty of stories in the news of how a certain company fell prey to a very specific attack, it’s hard to translate that into an actionable response. So, you walk through the “usual suspects” … Continued

Comments Off on Are You Just Waiting for a Compromise?

Are You Just Waiting for a Compromise?

Are You Just Waiting for a Compromise?

The modern IT organization is well aware that compromises (in the form of both external attacks and insider threats) are more an issue of when than if. You’ve put up some defensive security solutions – AV, endpoint protection, email scanning, etc. – all in an effort to minimize the threat potential. But, beyond that, what … Continued

Secured By miniOrange