Monthly Newsletter 2014

Interested in signing up for our monthly newsletter, Privileged Identity Management Newsline? 

Get Newsletter Button

November, 2014 
There is no season where criminals and nation states will respect your IT freeze, so continuous improvement and continuous compliance need to occur 365 days a year. If your existing security solutions are taking years to implement, perhaps they need to be discarded rather than stopping and starting a security project based on the time of year."


October, 2014
Cyber-defense today is not about stopping intrusions, it is about creating architectures and processes that minimize the losses and limit how far intruders can go with zero day and other exploits.  This means having fully automated technology that can operate at scale and depth without the need for continuous human interaction."


September, 2014
"The headlines are proof that neither IT nor senior management can ignore the fact that a lack of internal security makes them sitting targets for exploitation. Even the excuses that they did what the analysts recommended or as they were requested by their auditors hold no weight, nor do they provide a safe harbor for the company. Ask Target how well the solutions recommended by their analysts and auditors worked; then ask Home Depot, Goodwill and all the rest."


August, 2014
"More than anything, we believe that the perimeter is porous, the best technology for perimeter protection is useless against nation states, and that the real defense question is about how well a company protects its interior and limits the damage."


July, 2014
"Given that intruders can easily get past the perimeter protections, what are the best practices to protect your corporate network? Let’s start with the assumption that your perimeter defenses will fail some of the time. Next, you have to do a pragmatic analysis of how far an intruder could go after taking control of any one machine in your environment. Here is what you should expect: the compromised machine has a key logger installed that records every user name and password entered on the machine. "


June, 2014
"Over the last year we have been investing in technology to bring scalable privilege management/privileged access management (PAM) to both IT and regular users alike. The goal of the project has been to leverage our secure storage of credentials, SSH keys, certificates and pass phrases with a better performing, industry standard application launch/application virtualization technology to deliver a new chapter in privileged access management."


May, 2014
"Have you ever wanted to automate the logon of all your critical corporate-wide applications in a way that did not disclose the credentials (things that don’t support single-sign-on)? Would you like a recording of transactions on sensitive systems?"


April, 2014
"As we live with the sea of compromised flotsam and jetsam of the Internet caused by the Heartbleed bug, at least I can live in some comfort that Microsoft will patch Internet Explorer and most people will get the patch automatically. On the other hand, there is the issue of all those billions of XP machines running older versions that will never get another patch from Microsoft; automatic or otherwise."


 March, 2014
"As a company we are pushing privileged identity management from a point solution that is used to remediate existing poor practices and implement a hard control into the realm of a privileged identity security platform. In essence our product is becoming a platform for cloud providers, MSPs, and government projects that are seeking to secure identities as part of their offering stack."

February, 2014

"The recently announced NIST framework is a lot of useless and redundant verbiage that collects existing standards that have existed for at least a decade. There is nothing fundamentally new, revolutionary or even effective in the framework. One should ask the question: was Target compliant with all of these standards? The answer is most probably yes..."

January, 2014

"We have been preaching the use of fully automated password randomization of all end points for years and have developed technology to accomplish this at massive scale with little need for human labor. Had Target deployed our solutions, they would not have had this massive breach. Further, they could have deployed our solution to all stores in less than one day."


Live chat by SightMax