<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1033252670099820&amp;ev=PageView&amp;noscript=1">
New Call-to-action

Inside IT Security & Privileged Users Management

Privileged Account Security Handled with PAM

Privileged access management (PAM) is the solution your organization needs to manage all accounts and ensure privileged account security . 

 

A Cybersecurity Ecosystem Is the Key to Great IT Security

IT security has long experienced a tension between point solutions and integrated solutions. As threats grow more serious, complex and frequent, however, we see many of the most forward-thinking organizations adopt a more unified approach.

 

Health IT Security: Supervise Users with Privileged Access Management

 Privileged access management helps your health IT security team manage and audit the activities of all privileged users. 

 

 

The Bastion secures your applications with AAPM

The WALLIX Bastion offers AAPM (application-to-application password management) with a fingerprinting proprietary technology to authenticate third party applications.

 

The Role of Privileged Access Management in Industry 4.0

Industry 4.0 puts capabilities like interoperability, data transparency, and autonomous cyber systems into the service of industrial operations. The trend relates to cyber-physical systems, cloud computing and, the most pervasive of them all – the Internet of Things. Its openness, self-directed and interconnected nature creates new security challenges. Privileged Access Management (PAM) solutions can play a key role in reducing the risk.

 

 

PAM as a State of the Art Security Tool

Security teams already equipped with SIEM and IDS can go further with Privileged Access Management (PAM), a state of the art security tool that enables auditable logs of administrative sessions.

 

SOX and Privileged Access Management

Sarbanes Oxley… aka “SOX.” Wow, is that still a thing? Oh, yes, you can bet your 10K on it.  The law requires publicly traded corporations to document, implement, audit, and certify internal controls over financial reporting. This includes a great deal of attention to IT controls and policies.  Access controls are critical for SOX. As a result, SOX and Privileged Access Management (PAM) are closely linked, or should be.

 

Privileged Access Management and Vulnerability Systems: Qualys and WALLIX

Complexity is the enemy of cybersecurity. Yet, it can’t be avoided. Even a relatively small organization will have multiple people operating and administering multiple IT assets while fending off multiple threats. Any problem is basically a problem cubed. How do you keep things secure in that environment?

 

GDPR and Privileged Access Management (PAM): What International Businesses Need to Know

The European Union is on the verge of enacting its new privacy regulations, known as the General Data Protection Regulation (GDPR). Replacing the existing EU data privacy rules, GDPR is simply the latest in a long line of privacy regulations dating back to 1980. While GDPR clarifies and simplifies a number of data protection requirements, it adds new rules that will almost certainly present challenges to international businesses working in the EU.

 

PAM and Database Security

Structured data is at the heart of virtually every company’s most valuable IT assets. Database security is therefore critical. In this article, we look at how a privileged access management (PAM) solution can improve your existing database security.

 

 

Industrial Control Systems Security: An Interview with WALLIX

Industrial Control Systems (ICS) are used to remotely control and monitor a variety of industrial enterprises like manufacturing, electricity, water, oil, and gas. The systems operate mostly on remote commands that are pushed to physical stations and devices. These systems are crucial in controlling and monitoring operations to ensure ongoing operations and safety for the surrounding community.

 

Preventing Cyber Espionage: Cyber Espionage and Corporate Security

The threat of cyber espionage used to primarily be the domain of defense officials and writers of pulp fiction. No more.

 

IT Security Productivity

Few people want to talk about the nitty-gritty of IT Security productivity, but the reality is that companies are spending ever-increasing amounts on IT security so productivity is a topic that isn’t going away.

 

 

ICS | Industrial Control Systems Security: Regulations

Industrial Control Systems (ICS) are critical systems used in industrial enterprises like electricity, water, oil, gas, and data. ICS operate based on centralized supervisory commands that are pushed to remote stations and devices. These field devices control operations, collect data, and monitor the environment.

 

Using RSA Authentication Manager for PAM

WALLIX’s Privileged Access Management (PAM) solution integrates with the RSA Authentication Manager and has just received the label RSA Ready

 

PAM and the Cybersecurity Plan

In part one of this two-part series on cybersecurity planning, we covered the basics of what you need in your IT security plan. In this second part, we explore the role of Privileged Access Management (PAM) in security planning. A PAM solution controls and monitors the privileged accounts that can potentially expose your data, systems, and employees to risk. 

 


Elements of an Effective Cybersecurity Plan

A review of the key elements of an effective cybersecurity plan to help security managers prevent or mitigate the impact of a breach.

 

Expert view: 3 steps to implement Privileged Access Management

In the world of cybersecurity, privileged access management (PAM) solutions are increasingly attractive for companies and organizations because they protect their most sensitive data and systems from cyber threats. How do you properly implement these solutions? Our expert replies in this exclusive interview. 

 

Cloud IT Security: PAM in an Agile World

We are now firmly in the era of agile software methodology and cloud hosting. New incarnations of the agile methodology continue to emerge regularly, promising greater flexibility and economy for the IT department as well as greater strategic agility for the business. But these processes also introduce new risks...

 

How can we combat threats linked to privileged users?

While cyber threats are increasing in today’s digital world, they are more and more often linked to privileged users. Why is that? What can be done about it? We asked these questions to Julien Patriarca, cybersecurity expert and Support and Services Manager at WALLIX.

 

ICS cybersecurity: PAM and securing Industrial Control Systems

Industrial entities typically run two parallel sets of information technology systems: Corporate IT and Industrial Control Systems (ICS). Due to the proprietary nature of most ICSs and their unique usage requirements, ICSs tend to have quite different security capabilities from their corporate IT brethren.

 

PAM and Third Party App Maintenance

Organizations are increasingly outsourcing the maintenance of applications to third parties. Providers of this type of service range from global giants like IBM and HPE to smaller, specialized firms as well as cloud service providers. There is much to like about the idea of having someone else maintain your applications. It is often less expensive than having in-house staff handle the workload. Plus, you don’t have to be concerned with retaining (or losing) application skillsets in your IT department.

 

Changes in NYDFS Cybersecurity Regulations 23 NYCRR 500

The New York State Department of Financial Services (NYDFS) has just issued an updated version of its proposed Cybersecurity Requirements For Financial Services Companies, known as 23 NYCRR 500. Though these rules may yet still be modified before they become official at the end of January, the consensus is that this most recent draft is essentially final.

 

Cloud Bastion: WALLIX now on AWS and Azure

In cloud computing, you need a bastion (aka a jumpbox) to provide secure access to your users and outside applications. The bastion is a specialized server that has been hardened against outside attacks and that serves as a gateway for your users.

 

 

Calling IT Security Channel Partners!

WALLIX has recently seen a big increase in interest in our channel and reseller programs. This dramatic increase is being driven by several trends:

 

 

Enterprise Password Vaults are NOT ENOUGH. You need Session Management

Password vaults are an important part of locking down your privileged accounts. However, they are not sufficient for ensuring either the security or the auditability of those privileged accounts. While password vaults prevent direct root access to your devices, applications, and systems… password vaults by themselves do not provide either visibility or control over privileged user actions. This requires robust session management.

 

GDPR: A major asset for European companies

When discussing the General Data Protection Regulation (GDPR), two main issues are often raised: the benefits it brings to individuals, or the financial and organisational consequences it has on companies. However, its representing a real key asset for European firms is often omitted.

Service Provider Security: Protect from Disaster, Create Added Value

Embedding the WALLIX Privileged Access Management Solution with Service Providers offerings helps them to create added value and protect them from disaster!

 

Enterprise Password Vault

What does an enterprise password vault do?

Why You Want Splunk-PAM integration

Let’s explore the generic advantages of integrating SIEM with PAM, and look at the specific integration of Splunk with the Wallix AdminBastion (WAB) Suite.

 

Privileged Session Management


23 NYCRR 500: Cybersecurity Requirements For Financial Services Companies

23 NYCRR 500 is coming soon. As in, January 1, 2017. So, get ready.

 

What is Privileged Account Management (PAM)?

Privileged account management can be defined as managing and auditing account and data access by privileged users.

3 Trends from Gartner’s Latest PAM Report

Gartner, the famous information technology research and advisory company, recently published its 2016 Market Guide that delivers a neutral perspective of the Privileged Access Market. Like everyone, we always look forward to reading what the analysts have to say about the PAM market.

 

Wallix AdminBastion Suite: a key element in Industrial Control Systems security

For Industrial Control Systems, often described as Supervisory Control and Data Acquisition (SCADA), availability and safety are the two top priorities. However, security has now become a major issue and therefore must not be ignored.

 



We Are PAM, We Are WALLIX

Privileged Access Management (PAM) refers to a set of technologies designed to mitigate the inherent risks associated with the privileged user accounts of administrators and super-users. By providing full control and visibility of the sensitive, daily tasks of such personnel, an effective PAM solution can greatly reduce the risk of attack, while helping to ensure compliance with the relevant regulatory standards.

Privileged Accounts - Prime Targets At Privileged Brands

 

It seems the bigger the brand, the bigger the challenge for external threats to win brownie points amongst their peers. External threats are taking up the challenge to break through the perimeter and target highly prized privileged accounts that often exist on networks in unprotected Word or Excel documents. With access to these accounts a compromise becomes that much easier.

Risky business: it’s time to talk about third parties

 

 

The number of security breaches attributed to third parties continues to rise – the IRS was hit by a wave of attacks last year and let’s not forget the infamous Target breach of 2013 that saw 40 million debit and credit card details leaked - yet a PwC Global State of Information Security Survey found that 74% of companies do not even have a complete inventory of all third parties that handle personal data of their employees and customers, are completely unaware that they’re over-sharing data and often don’t even know who officially “owns” the third party relationship.

 

Identity Theft Resource Center reports 657 breaches

 

The Identity Theft Resource Center (ITRC) Data Breach report has recently been published. The ITRC have been tracking security breaches in the United States since 2005, looking for patterns, new trends and any information that help the wider community to educate consumers and businesses on the need for understanding the value of protecting personal identifying information.


Vote for WALLIX and win a Harmon/Kardon Onyx Speaker



Wallix are again finalists in the Computing Security Awards nominated in the category of Identity and Access Management Solution of the Year and also our AdminBastion Suite has been nominated for Editor’s choice.

UK sees 14 percent increase in local government data breaches

Despite global IT security spending peaking in 2016 at $81billion which represents a 7.9 percent increase on 2015, local government organisations in the UK have seen a 14 percent increase in the number of reported data breaches. Local government was second only to the UK health sector when measured by the total number of reported data breaches.

SWIFT Network Breach: Was it an inside job?

 

Back in February 2016, thieves stole US$81m from the Bangladesh Bank with the possible involvement of an insider. No one broke in, no one wore masks or walked into a bricks and mortar building carrying weapons.

The shady truth about Shadow IT

 


Shadow IT has CIO’s caught between a rock and a hard place, pushed to deliver the required infrastructure for the business to function whilst remaining nimble and innovative to stay ahead of competitors.

The first step toward change is awareness. The second step is acceptance.

 

With an ever evolving regulatory landscape and with increasingly smart technology at our fingertips, it’s probably time we paused to examine the way we’re doing business. Just because it’s been done a certain way for years, it doesn't mean that’s still the right way. Businesses need to start seeing the bigger picture rather than forever playing catch-up, as so many are guilty of thus far. Breaking the cycle means analysing the threats that businesses can anticipate both now and in the coming months and years, and determining the smartest solution for them.

It’s time for change, and real progress. This article examines how and why it’s coming, whether you like it or not, and how to make it work for your business.

When Trusted Insiders Go Bad

A recent survey conducted by Gartner of 186 participants released in May 2016 exposed that the main motivation of trusted employees and contractors (insiders) leaking privileged information is financial. 

Sage data breach highlights insider threat

This week has seen yet another high profile business based in the UK breached, possibly by an insider threat. This time, it’s a trusted business-to-business software provider Sage Group PLC, which provides business management software for accounting and payroll services to companies in 23 countries.

Building A Robust Cybersecurity Culture

There’s no doubt that awareness of information security in corporations has dramatically improved in recent years. Stories of breaches, both internal and external, have filled the media. Where the CEO has been forced to face the music on the evening news, where most people now understand the value of data and the risk of it falling into the wrong hands.

Monsters Are Real, Insider Ghosts Are Too

Insider threats are very real. Hackers are perceived as being faceless guys that wear hoods. The insider is your colleague, your friend a member of your team. Working with third party companies and contractors is a fact of life.

Privileged Access Management and BREXIT

Certain events are so overwhelming that only a touch of humor can keep us from going mad. BREXIT, Britain’s exit from the European Union, is one of them. This decision is likely to have a serious impact on IT security, especially Privileged Access Management (PAM).

Privileged Access Management (PAM) and Moving Operations into the Cloud

"In preparing for battle I have always found that plans are useless, but planning is indispensable.”
Dwight D. Eisenhower

 

Cloud Security: Making it Work with PAM

As enterprises embrace a mix of cloud and on-premises deployments of key IT assets, they are using PAM for hybrid cloud security.

Are UK Health Service Breaches Being Taken Seriously?

Are the ICO and health service taking data breaches seriously?

Well, frankly, no. And here's why. 

Privileged Access Management for Dummies III - PAM & IAM

This third installment of our “PAM for Dummies” series addresses one of the most important security issues you’ve never heard of: the connection between privileged access management (PAM) and identity access management (IAM).

May The Force Be With You - But More Careful With Your Data

We all take it for granted that when we need them, the Police will help "protect and serve" its citizens. But sometimes, only sometimes, they protect and serve themselves with unauthorised insider information about the citizens they are paid to help.

 

The Hidden Costs of Using SSL for Privileged Access Management

The Book of Ecclesiastes reads, “Using a dull ax requires great strength, so sharpen the blade. That's the value of wisdom; it helps you succeed.”  (10:10) And it may as well work for information security as InfoSec seems to have many areas of practice where we’re busy cutting down trees with dull axes.

GDPR : The CFO Challenge


Here's why you should be paying attention to GDPR. And this will also certainly interest  your investors and shareholders...

Another Award for the Trophy Cabinet - We Won!!!

This latest award refinforces customer feedback and is the second major industry award given to WALLIX AdminBastion Suite in 2016. 

Privileged Account Management and BYOD: PAM for Dummies Part II

Is that an iPhone in your pocket or are you just happy to be reading about the security consequences of Bring Your Own Device (BYOD) policies? 

Welcome to the second installment of our “PAM for Dummies” blog series.

 

Acer Computer Maker Gets Aced By Hackers

It’s all too familiar, another day another breach. And this time, it's computer manufacturer Acer which will pay the costs...

 

InfoSecurity 2016 - Now The Dust Has Settled

Now that the dust has settled and we have a chance to breathe again after what was a tremendously busy event for WALLIX, we can take a step back and review some of the really exciting engagements we had with companies from across Europe with a primary interest in Privileged Access Management.

 

Privileged Access Definition: PAM for Dummies

This article offers a business-oriented definition of Privileged Access Management (PAM), an important technology for security and compliance.

 

The Psychology of the Insider Attack - Part II

It’s an uncomfortable topic, but the truth is that employees present one of the most serious information security threats for every organization. 

 

 

Compliance: Time for Companies to Raise Their Games

Governance, risk and compliance’. Three words that are the stuff of nightmares for senior managers. Not because they have done anything wrong, but because the breadth and scope of this area continues to grow exponentially.

 

 

Left A Job? Handed Back All of Your Employers Data?

In our daily lives, we all commit our souls signing a contract of employment. Whether an employee or a contractor, similar rules apply when it comes to respecting company data and the associated data policies.

 

 

If A Data Leak Can Happen To Google - What Chance For The Rest Of Us?

A few weeks ago, Google’s employee details were leaked by a third party company. Although this was an innocent error, it’s worth considering how much worse it could so easily have been?

 

 

The Psychology Of The Cyber Criminal - Part I

We live in an age in which many if not most crimes involve a computer at some point, but we still know very little about cyber criminals and what makes them tick.

 

 

The Best Privileged Access Management is the one with 100% Utilization

Privileged Access Management (PAM) can only work when it is consistently and ubiquitously in use.  If system administrators either can’t or won’t use a PAM solution, security risks multiply.  So do costs. When it comes to PAM, the best privileged access management is the one that gets consistently used.

 

HM Government Breaches Survey  2016 - A WALLIX Opinion

Cybersecurity in the headlines. Again… 

 

The Wallix Approach to Advanced Persistent Threat (APT)

Many organisations are upgrading their firewalls to stop APTs but this only offers protection from external attacks and internal traffic routed through the trusted zones.

 

 

How IT Security Teams can benefit from Privileged Access Management

As an IT Security Manager, the breath of this central role is broad and continually changing.

 

Compliance - A route to better your business

Really, though…

Today in business, digital storage, communication and transporting data across borders are the norm and we’re seeing an increase in regulation and compliance in various forms.

 

The High Risk Access Management Solution to help IT Operations

Being head of IT Operations in a mid-sized or big enterprise is becoming a more and more demanding challenge

 

 

Is Your Business Prepared For a Ransomware Stick-up?

Countless Victims

Ransom notes aren’t written with cut out newspaper letters anymore, but in computer code.

General Data Protection Regulation: May Day, May Day

Well, the 5th to be precise, but here’s why you should be panicking…

 

SOX Compliance. It’s Not Just Another US Thing

 

It feels like every week there are fresh headlines about hackers bringing organisations to their knees, and such stories always seem to be front-page news. In 2002, following a wave of high profile financial scandals driven by fraudulent accounting practices involving major US corporations including Enron, the heat was such that the government introduced the Sarbanes Oxley Act, or the SOX Act, in an attempt to restore investor confidence. Cyber-attacks have forced us to change the way we do business, and organisations must now take greater responsibility for cyber security and report cyber breaches. This is both an important and positive step because it enables government agencies to strengthen security and allows individuals to mitigate harm, but it’s only a good thing for your business if you’re prepared…

 

What is Privileged Access Management (PAM)?

 

The key is to get the importance of the word “Privileged.”

A privileged user is someone who has administrative access to critical systems. For instance, the individual who can set up and delete email accounts on Microsoft Exchange Server is a privileged user. The word is not accidental. Like any privilege, it should only be extended to trusted people. Only those seen as responsible can be trusted with “root” privileges like the ability to change system configurations, install software, change user accounts or access secure data. Of course, from a security perspective, it never makes sense to unconditionally trust anyone. That’s why even trusted access needs to be controlled and monitored. And, of course, privileges can be revoked at any time.

Why take extra steps to protect your biggest asset, your data

Getting smarter about information security

Cyber attacks are fast becoming one of the greatest risks of doing business and your chances of being exposed to one are ever growing.

Cyber Attacks: When disaster strikes


Are you prepared for a cyber attack?

…you’ll need to be prepared. And the alarming fact is that when it comes to cyber attacks, most companies aren’t.

Software vs. Consultants in Privileged Account Management

It can be daunting to manage security for privileged accounts. You demand system security while administrators go about their work of changing configurations, installing software, changing user accounts and so forth.

Passwords & Insider Threats: The Threshold For Compromise is Shrinking

Here at Wallix, sometimes we like to look back at what were hot topics and see what has changed or even improved. Just over a year ago, we looked at how insider’s passwords were available for as little as $150.

Would You Want to Hold the Record for the Most Data Ever Leaked?

When Intelligence Contractor employed as a computer analyst, Edward Snowden turned whistle-blower the question was which business or public sector organisation is next. Of those that we have heard about, all seem to be eclipsed by Panama based legal firm Mossack Fonseca.

Is Security Information and Event Management (SIEM) Enough?

Compliance dictates we need to log everything within scope, we must then review the reports of the logs. Can we really be trusted to look at all of these reports, and if so can we really get anything constructive out of them?

 

Cyber Insurance: Is Your Information Worth The Premiums?

 

The scale, frequency and magnitude of cyber-crime is truly alarming and getting worse. Recent highly publicised attacks have served to push the issue much further up the management agenda to the extent that only the foolhardy would now argue that cyber-security is not a board level issue.

Financial implications of Privileged Access Management (PAM)

Privileged users can change system configurations, install software, create or modify other user accounts and access secure data.

After CeBIT 2016: a new era of IT security

 

CeBIT devoted a great deal to IT security and internal threat management

The CeBIT 2016 rebranded itself as “innovation fair”, but it is no surprise that IT security and human behaviour in the digital world have been major concerns at the former computer trade show. IT security interests have escalated in the past few years and numerous astonishing security breach examples have surfaced.

IT security and private data information traceability: your responsibility

Protecting private and sensitive data information

Today, are there established ways to protect private and sensitive data information within operating systems or IT hosting services? 

Privileged Account Management: Deployment Options

If you don’t lock your door, you can’t get too upset if someone wanders in and steals your stuff. Information security holds by a similar rule.

New IT Security Challenges for the Financial world

 

Our Wallix AdminBastion Suite Already Wows IT Experts

 

It's not often that we use our own blog to blow our own trumpet, but when an internationally renowned magazine - which bills itself as ‘the leading source of specialist information and intelligence' for cyber security professionals worldwide – describes our Wallix AdminBastion (WAB) Suite as representing ‘a new design for an old problem of privileged account access’ and recommends it as a ‘best buy’. Well, we couldn’t resist it!

How to ensure Cloud computing security


The public cloud provider business scarcely existed a decade ago. Now, this type of company is at the forefront of a revolution in IT. It’s a varied industry and one that is still evolving dramatically.

Aligning Organizational Roles with Privileged Access Management

Privileged Access Management (PAM) is usually discussed in the contexts of IT or information security. This makes sense. Precise, auditable management of information systems access is an inherently technical matter.

Privileged Access Management’s Role in HIPAA Compliance

It’s telling that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been around for 20 years and a lot of smart people are still struggling with its compliance standards.  The law presents numerous challenges for IT managers.

How to prepare for EU Standard General Data Protection Regulation?

The GDPR shows that states in the EU are aware of the risk in the cyber world. Protection of private data and personal information are highly important European values and policy-wise organisations have to get ready for new standards.

Managing Risk of IT Service Providers in Digital Transformation

A side effect of digital integration is the growing use of external service providers. The process seems natural, because today’s IT tasks are so complex that organisations work more efficient by outsourcing certain tasks.

UK treasury committee chair calls on banks to improve IT controls

Andrew Tyrie, the MP who chairs the parliamentary treasury select committee is demanding action on the state of banks’ IT systems, firstly calling for regulators to improve both security and resilience following a string of system failures.

Over 70% of UK businesses now using IT contractors


There is no doubt that one of the main driving forces contributing to the positive outlook for companies in the UK is the way in which technology has been changing both consumer and commercial activity beyond recognition.

Only 1/3 of Fortune 1000 companies have an insider threat program


A survey of chief information officers at Fortune 1000 companies by security and information management firm Nuix has found that whilst insider threat programs inside organisations are becoming increasingly important in combatting today’s cyber threats, this issue may not yet have the attention it deserves.

TalkTalk data breach: CEO can’t actually talk about the hack!


On Tuesday TalkTalk CEO Dido Harding appeared before the Culture Media and Sport parliamentary select committee to answer questions on the recent hacking of customer data from the company.

Finance workers are those most likely to bypass IT security measures


According to new research from network security vendor Palo Alto, one in five working in the finance and insurance sector admitted to ignoring cybersecurity policies.

Bad privileged access management at the "root" of VTech woes?

Kid’s electronic toy company VTech is now at the centre of a storm over a breach of its user database, which worryingly included the details of 3 million child profiles.

Why user experience is at the core of effective privileged access management

We live in a world where the technology we use every single day is engineered to be usable. Our smartphones, set top boxes and social media websites have invested a great deal in user experience.

INFOGRAPHIC: IT teams not convinced on the need for cyber-insurance

We recently did some research into the attitudes of the IT departments to cyber-insurance.  Some of our key findings are in this infographic. You can download the full report from here

Gartner: "By 2020 95% of cloud security failures will be the customer's fault"

It’s almost the end of the year. It’s a time when everyone wants us to get out our crystal ball and accurately predict what’s going to happen in the next twelve months.

Would you hug a hacker? Why demonising cyber-criminals doesn't help

In the wake of the Talk Talk hack we heard all kinds of speculation about the motives of these attackers, the methods they might have used and their ultimate goals.

VIDEO: Who are privileged users?

Managing privileged access is seen as one of the best ways to begin to address the insider threat. But who are these privileged users? And how can you secure them. Chris Pace, Head of Product Marketing for Wallix explains.

Why outdated infrastructure makes securing privileged access a top priority

In July support for Windows Server 2003 came to an end. Softchoice, a company based in Toronto analyzed nearly 90,000 servers at more than 200 organizations discovering that outdated technology is widespread across data centers.

No one likes passwords anymore, but what are the alternatives?

The humble password gets a hard time these days. It seems to be responsible for every hack, data breach or act of cyber espionage that we see reported.

It seems insurance companies may not understand cyber insurance either

Last week I blogged on the challenges facing IT pros whose companies are investing in cyber insurance, you can read it here.

Work in IT security? Are you ready for cyber insurance?

In a report released this week insurance giant Allianz said increasing awareness of exposures and regulatory change would lead to “rapid growth” in cyber insurance.

Could a threat to “business as usual” be a significant risk to your information security?

This week former Morgan Stanley financial advisor Galen Marsh admitted stealing data from the banking giant. He downloaded a total of 730,000 records to his personal computer from 2011 - 2014.

Vote for us in The Computing Security Awards 2015

CLICK HERE TO VOTE WALLIX  "IDENTITY AND ACCESS MANAGEMENT SOLUTION OF THE YEAR"

We’re delighted to be nominated in The Computing Security Awards 2015. The awards were set up to recognise the solutions and solution providers which are helping to keep organisations secure. The shortlist of finalists has been compiled following a process of online nominations.

Are you really reading all those log reports?

Compliance says that we need to log everything within scope, we must then review the reports of the logs. Can we really be trusted to look at all of these reports, and if so can we really get anything constructive out of them?

Aviva “revenge” hack highlights the risk from third party vendor


A man was jailed for 18 months at the end of August for hacking into 900 phones belonging to insurance company Aviva.

US Government prioritises Privileged Users in response to huge data breach

In June, the United States Office of Personal Management (OPM) announced that it was the target of a hack. It was originally estimated that 4 million individuals were affected, in July that estimate was revised upwards to 21.5 million.

Don’t know how your data breach happened? Your cyber insurance could be worthless

 
For the information security professional a data breach is the worst case scenario but must also be considered an occupational hazard.

What is cloud account hijacking?

What's the aim of every malicious outsider?

An IT security professional recently asked me this question. As I began to research opinions and marketing messages it became more clear to me that many in the IT security industry are keen for us to separate the risks posed by a malicious outsider from the exposure created by privileged accounts on the inside of an organization.

IT Security: 5 things we learnt at Infosecurity Europe


Well it was that time of year again, except it wasn’t, as Infosec moved from its traditional home at Earls Court to Olympia at the start of June instead of April. The exhibition floor itself had a different feel about it too with that big glass ceiling pouring in natural light.

CISOs: “Privileged access is the beast we still haven’t tamed”

This week I was fortunate enough to be able to attend the IT Security Guru’s annual Analyst and CISO Forum here in London. A gathering of the great and the good from the analyst community and some cutting edge vendors were part of what proved to be a fascinating roundtable with 10 of the UKs top CISOs.

Is the VENOM vulnerability really a cloud armageddon?

When it comes to media coverage of IT security issues there is occasionally a tendency to over-state the risk. Headline writers take there opportunity to exploit (pardon the pun!) our lack of technical expertise to paint scenarios of impending doom.

Are disruptive technologies breaking PCI compliance?

 

Today more than two thirds of all payment transactions will use a card, meaning around $20 trillion in purchases will be on plastic by the end of 2015. This makes security an increasing priority for any business that handles card payments and data.

Cyber insurance is here, but will it reward good security?

Last week the chief of Lloyds of London claimed that his business had seen a 50% increase in demand for cyber insurance products in the first quarter of 2015. The UK government working in partnership with insurance broker Marsh in Marsh has highlighted that around 98% of large UK companies have no form of insurance against a data breach or cyber-attack.

Security analysts say bad password and user management puts businesses at risk of an insider attack

What do you think poses the biggest insider risk in your business? There’s no doubt that the Snowden case has highlighted the danger posed, particularly by those users with elevated privileges and access to sensitive and valuable data.

Might your system administrator have a god complex?


Here in London the TimeOut magazine is a must read (they also have an awesome blog). One of my favourite weekly features is the hilarious and regularly cringe-worthy: “Overheard in London” #wordonthestreet.

4 signs your IT worker may have gone rogue


The technology being used in today’s businesses is more powerful than ever. These tools and systems are helping to increase productivity and drive digital transformation. But this increased visibility of IT and its key part in business now sees it under greater scrutiny, especially when it comes to trusting those with access to this now critical infrastructure.

VIDEO: Approval workflows for painless privileged user management

How often do you need to allow one of your external service providers to access one of your critical resources or temporarily increase the privileges of someone in your IT team?

80% of financial institutions want “better auditing controls” from their cloud providers

Cloud computing offers huge advantages of flexibility, value and speed when adopted in businesses. But for highly regulated and security conscious financial institutions there are clearly potential issues.

Digital Darwinism: Don’t let access management stop your business evolving

Recent times are littered with examples of businesses who failed to recognise the changing demands of their consumers and paid a heavy price.

3 ways privileged user management can turbocharge your SIEM

Security information and event management (SIEM) solutions have become a key weapon in the arsenal to combat threats to your IT security. SIEM tools work by collecting and analysing data from specific systems and across your network.

Former CIO of the FBI: “Access management should be a top priority”

Chad Fulgham is a man who knows a bit about IT. The former Wall Street exec was CIO of the FBI and is now a strategist at IT management vendor Tanium.

1 in 7 employees would sell their password for $150

If you ever needed convincing that investing in educating your users about data security was worthwhile take a look at this research from Identity Access Management vendor SailPoint. In a survey of a 1000 people, 1 in 7 said they would reveal their password for as little as $150.

"Privileged Users" top list of insider threat fears

In this post-Snowden era, we all know that insider threats are becoming a major concern for businesses globally.

IT Contractors: the 3 Pros and Cons


The IT industry is constantly evolving. This evolution is vital to meet business objectives and drive productivity forward, but it also makes the potential for skills shortages much higher.

5 users who could be your next insider threat


Employees are probably the greatest risk facing a business in the modern era, sometimes out of malice, often due to carelessness but always because they have access to information that might be valuable outside your organisation.

The 4 building blocks of an IT security culture


There’s no doubt that awareness of information security in corporations has dramatically improved in recent years. Stories of breaches and hacks have filled the mainstream press in a new digital age where most people understand the value of data and the risk of it falling into the wrong hands. Here are some points to consider when developing your security awareness strategy. The end goal here is to create a culture of security that moves beyond regulations and policies to educate and inspire your people to care about protecting what matters to your business.

The biggest insider threat you face isn't a person


It’s all those privileged accounts being shared around.

It's elementary, my dear Network Admin!

A friend of ours over at @experts_911 found this old post. It tells the story of how a couple of IT admins had to turn detective and figure out who had altered a Windows Group Policy which was denying access to the internet for everyone in their business.

IT security: Could you have spotted Snowden?

The release of the documentary “Citizenfour”, captures the first interviews with NSA whistleblower Edward Snowden. The Guardian calls the film ”gripping” while the Telegraph says “everyone needs to see it”.

IT Security: The Insider and Ex-Employee threat


A recent survey by Homeland Security Today found that 88% of companies that were questioned recognise insider threats as a cause for alarm but have difficulty identifying specific threatening actions by insiders

Wallix AdminBastion Overview

Wallix engineers solutions to manage, trace and audit privileged users. This short YouTube video is an introduction to the features in Wallix AdminBastion.

The big data deluge in IT security: Why seeing is believing


The old adage is that knowledge is power, and this might be true. But data is not knowledge. There is no question that if you take the time to process data, absorb it and even visualise it then over time it really will become powerful. But is that what you need in your organisation today?

Do we worry about hackers and forget about IT hygiene?

Am I the only person who thinks the coolest part of most action films is when the guy with just a laptop plants a virus in the most secure network in the history of networks bringing the western world to its knees?!

IT Budgets stay healthy. But innovation isn't a priority


Businesses recognise that investment in IT infrastructure is vital, but aren't prepared to put money towards innovation. Research firm Deloitte are reporting that almost half of the CIOs they surveyed for a recent report are spending only around 10% of budgets on new technologies.

The Data Breach Guide: How to turn into a hero


In the immortal words of Jack Bauer, "events occur in real time". If the longest day of your life is the one immediately following a data breach in your organisation it’s unlikely that Jack will turn up to be the hero.

Another win for Wallix at the Computing Security Awards

The Computing Security Awards were held in London on 9th October 2014, Wallix was delighted to win New Product of the Year for WAB On Demand.

SIGN UP
to receive our best articles!

Get Access to our white paper : The Insider Threats Comic Book

Get Access to our White paper : Major misconceptions about IT security