The Marriott breach this year involved the theft of employee credentials. Specifically, attackers obtained the login credentials for two franchise property employees which gave them access to a third party guest application used to deliver guest services. From there, attackers were able to harvest guest information needed to execute spear-phishing campaigns: …

Just-in-time administration (JIT) is a now prevalent capability in PAM solutions. Once an emerging, niche feature set, this has now propelled into a table-stakes capability for PAM vendors offered as a bolt-on with their Enterprise Vault and PEDM offerings promising to (1) reduce the surface of unnecessary persistent access given …

If we agree that standing privilege is defined as that accounts have persistent privilege access for all time on some set of systems. Zero standing privilege is the exact opposite. It is the purest form of just-in-time administrator access, ensuring that the principle of least privilege is enforced by granting, …

Usability ensures more deployment of a security tool, adoption by those the security tool is trying to protect and usage by the security teams administering the tool. This, in turn, ensures more of the estate is protected. Usability, therefore, has three key components - (1) ease of deployment, (2) low …

The credential has become a commodity that will be breached. 74% of breached organizations admitted the breach involved access to a privileged account. In addition, The Verizon Data Breach Investigations Report (DBIR) found that out of all attacks, 29% of total breaches involved the use of stolen credentials, second only to phishing …

Recent public health concerns aside, teams are becoming more and more distributed as a way to access a broader talent pool, drive down fixed costs and improve employee retention. Gartner predicted that by 2021, the increase in remote workers will allow organizations to support 40% more employees in the same …

With rapid innovation comes the rapid scaling and adoption of infrastructure. To fuel this innovation, the number of privileged users (on-call developers, admins, SREs) is growing and evolving constantly. With this growth in new technologies and privileged users to support them, comes new threats. It is, therefore, no surprise that …