As the RSA 2020 conference showcased "The Human Element," Palo Alto Networks' M.K. Palmore turned his attention to the passive insider threat - the one that intends no malicious harm, but whose actions can lead to costly breaches.
As companies continue to grapple with the challenges of insider threats, machine learning coupled with behavioral analytics can assist in predicting and detecting potential threats from employees and contractors, according to a panel of security experts at RSA 2020.
Increased compute power, artificial intelligence, and tools on the Dark Web are equipping cyberattackers with the resources to launch more sophisticated and destructive attacks. Reactive defenses are no longer enough to stop attackers from infiltrating even the best security architectures. Environmental dynamics are...
As cyberattacks increase in sophistication and penetrate networks with higher frequency and effectiveness, security professionals are expressing growing concerns about being able to quickly detect and stop in-network threats from both internal and external threat actors.
The growing number of these cyberattacks have...
By design, Active Directory (AD) will readily exchange information with any member system
it manages. Attackers can also leverage this access to extract information on the entire domain quickly. Security teams may not realize that attacks on AD are occurring because the activities will appear as if AD is providing...
Active Directory Mismanagement exposes 90% of businesses to breaches.
Download this infographic to learn more about:
The percentage of active directories that pentesters are able to breach
How open source tools are simplifying AD exploitation
Other areas of opportunity for exploitation
Insider threats are one of the most difficult challenges an organization can face. Where a range of conventional defenses exist to thwart exterior threats, malicious actors within an organization are much more difficult to identify and contain. This paper will delve into the challenges presented by insider threats and...
Whether security testing is driven by compliance or as part of standard security resiliency testing, it is a vital component of an organization's defenses, especially in today's era of high-profile breaches.
Download this whitepaper to learn more about:
The role of deception in security testing
Examples of Red Team...
The use of deception technology to combat cyber attackers has steadily gained ground over
the last several years, especially among a subset of IT security practitioners who have grown
weary of the noise detection technologies generate. Those technologies yield an exponentially
larger number of false positives than...
A federal judge ruled this week that the U.S. government is entitled to proceeds from Edward Snowden's memoir and his paid speeches because the former NSA contractor did not submit his materials to his former federal employers for review before publishing.
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.
Too many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious actors or model employees who make mistakes that unintentionally lead to a data breach, says Veriato's Chris Gilkes.
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.