The Data Driver

CyberArk released a new security brief to protect organisations against cyber attacks through third-party remote access points. The brief, “Securing Remote Vendor Access with Privileged Account Security,” and accompanying Infographic can be downloaded for free: www.cyberark.com/remote-vendor.

Sixty eight per cent of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most impactful in terms of changing security strategies to protect against the latest threats. The findings are part of CyberArk’s 8th Annual Global Advanced Threat Landscape survey - developed through interviews with 373 C-level and IT security executives across North America, Europe and the Asia-Pacific. The full survey can be downloaded for free here. 
The majority of organisations surveyed believe that attacks reaching the privileged account takeover stage are the most difficult to detect, respond to and remediate. While the NSA breach is widely regarded as the prototypical insider-based attack, and the retail/PoS breaches are regarded similarly for outside attacks, the critical link between both attacks was the compromise and exploitation of privileged credentials.

CyberArk unveiled the latest version of Discovery & Audit (DNA), the first tool on the market to identify and map exposed privileged password hashes and all related vulnerable machines on a network. CyberArk DNA™ is a patent-pending, light-weight, stand alone tool that exposes the magnitude of privileged account security risks by enabling organisations to easily identify and analyse all privileged accounts across their network. CyberArk DNA v4 free trial licenses are currently available to all businesses for a limited time.

Pass-the-Hash attacks represent a significant risk to organisations because they are frequently used as an attack vector in advanced threats. Pass-the-hash attacks capture account logon credentials on one computer and then use those credentials to gain access to other computers on the same network.  Attackers use this technique to gain a foothold and harvest hashes to steal access to privileged systems and machines, travelling across the network until reaching …

CyberArk outlined its security predictions for 2014. 2013 has seen many high-profile security breaches, including the NSA-Edward Snowden case, involving the exploitation of privileged or administrator accounts. The theft, misuse and exploitation of privileged accounts has become an increasingly key tactic in each phase of an advance persistent threat (APT) attack cycle, and this will largely continue into 2014.

Volkswagen Commercial Vehicles has implemented CyberArk’s privileged account security solution to optimise its password management.  As part of a security infrastructure project, Volkswagen Commercial Vehicles in Hanover, Germany, has introduced CyberArk’s Privileged Identity & Privileged Session Management suites to manage non-personalised privileged user accounts automatically, ensure compliance with uniform password policies, and maintain a central, auditable password repository.

CyberArk announced the availability of Privileged Threat Analytics which it claims is industry’s first analytics solution to detect malicious privileged account behaviour and disrupt in-progress attacks before damage is done to a business.

Privileged accounts have been identified as the primary target in internal and advanced external attacks. According to security consultancy firm Mandiant, “APT intruders prefer to leverage privileged accounts where possible, such as domain administrators, service accounts with domain privileges, local administrator accounts, and privileged user accounts.”* CyberArk Privileged Threat Analytics provides targeted and immediately actionable threat analytics on these critical attack vectors by identifying previously undetectable malicious privileged user behaviour, which enables the incident response team to respond and disrupt in-progress attacks. CyberArk Privileged Threat Analytics is the industry’s only targeted privileged threat analytics solution.…

CyberArk announced the appointment of Netpoleon Solutions as its prime value-added distributor for Singapore. The partnership will allow both companies to address the growing demand for privileged account security in Southeast Asia, and enable CyberArk to continue to expand its foothold in Singapore and deepen market penetration in the enterprise landscape, through leveraging Netpoleon Solutions’ extended capabilities and extensive reseller network.