CyberArk Expands Industry-Leading Executive Team

CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today announced new additions to its executive management team with the appointments of Rich Wenning as vice president of North American sales and Clarence Hinton as senior vice president of corporate development.

“Rich and Clarence are tremendous additions to our executive team, each bringing deep industry experience with world-class organizations and strategic industry relationships. Rich will be instrumental in executing our regional sales initiatives, with Clarence leading future investment strategies,” said Udi Mokady, chairman and CEO, CyberArk. “On the heels of a recording-breaking year, we are expanding our leadership team to execute on corporate goals and capitalize on growth opportunities.”

Most recently with Palo Alto Networks serving as vice president, Americas Enterprise Accounts, Wenning brings 25 years of industry experience to this new role at CyberArk. At CyberArk, Wenning will lead the North American sales team and is responsible for expanding direct and channel opportunities. While at Palo Alto, Wenning led a team of direct, indirect and technical sellers supporting the Fortune 1000. Previously with Cisco, he served in a variety of leadership and market development roles, most recently as Area vice president of sales. Wenning also held senior leadership and client facing positions at IBM and Hewlett-Packard Company.

Hinton joins with more than 20 years of leadership experience in strategy, corporate and business development. He most recently served as senior vice president, head of strategy and corporate development at Nuance Communications. In his role at CyberArk, Hinton is responsible for formulating, assessing and executing strategic growth initiatives. Previously, he worked in several strategy and corporate development roles at BMC Software. Hinton held consulting, business development and management positions at Dell. He also worked at Bain & Company and Capital One Financial.

The Case for Comprehensive Access Management

The insider threat doesn't always cease when an worker leaves the business. There are many recent articles in news reports with cautionary tales of ex-employees compromising company systems.

• An old worker in a private security patrol company was purchased by court to pay for greater than $300,000 to repair personal computers he broken after he was fired.
• An old worker of the engineering company stole $425,000 price of proprietary information for any competitor.
• An advanced IT worker of the sportswear company was charged with establishing a phony account to produce a mystery towards the company’s systems before departing for an additional job, and taking advantage of it to steal information.

Organizations normally have procedures and policies in position to alter credentials and terminate use of systems and technology when an worker departs the organization. The procedure ought to be the same if the worker is incorporated in the IT department or otherwise. How access is ended is determined by the business also it infrastructure.

When all use of various systems is managed in one directory, for example Active Directory, the answer could be straightforward. Things get complicated once the infrastructure is much more complex with a multitude of systems, multiple directories, cloud-based applications, etc. When there isn’t a passionate technique of how to proceed in situation from it member termination, then there's an opportunity that some access might be left open.

Outdated accounts are usually left open until someone discovers (usually someone in the IT/Security team) and just then may be the access ended. Ideally, all fortunate accounts are managed and monitored using a fortunate account security solution, and all sorts of identities are verified using multi-factor authentication before access is granted.

Those things of malicious IT staff makes headlines, but bear in mind they aren't the only ones with privilege. All access is really a privilege and really should be managed through the employment lifecycle, from onboarding from the worker through termination. Even employees outdoors from it with routine access rights pose a danger (malicious or accidental) if individuals rights aren't managed carefully. Consider it - HR can access worker information, sales can access customer data, marketing can access public facing communication channels etc.

Access creep

Worker roles and responsibilities are frequently fluid, and workers have a tendency to accumulate rights with time. Jobs change and situations arise that need one-time use of sources. Passwords shared for just one-time access frequently aren't invalidated or altered after they are utilised.

Although managing credentials and securing use of data or systems is frequently regarded as an IT function, often the permissions and rights are granted by supervisors or account managers who don't ensure that it stays or even the human sources department informed. In addition, employees may get access to systems it isn’t conscious of, like a file-discussing program, marketing database etc.

HR usually handles the executive tasks of the termination and depends on IT to deprovision fortunate access. But oftentimes, neither comes with an authoritative listing of all accounts, rights and credentials accrued during the period of employment. Consequently, it's possible for workers to retain use of systems and sources after departing a company, developing a new flavor of the insider threat.

Guidelines

Just like many facets of security, comprehensive access management is determined by both policy and technology.

Since It departments frequently don't authorize and assign all system access, an entire access management program needs to extend beyond IT to any or all departments within the organization. Including all managers and supervisors who grant use of systems or information for their direct reports, and knowledge proprietors who have the effect of use of data, that is frequently the best target of the invasion. Policies should define when and how access is granted, establish programs to trace all access, and positively manage that access to ensure that rights are revoked when they’re no more needed.

7 Essential Resources To Start Your Cloud Transformation

Getting began having a cloud transformation project is really a tall task.  The sheer quantity of technical and cultural decisions that should be made might make anyone’s mind spin.  While there should never be a silver bullet solution that will help you with the process, it's very important to crowd source other’s encounters before embark to overcome your ultimate goal.

Start Your Cloud TransformationFor this publish we requested ourselves, when we were beginning an enormous cloud transformation project, where would starting?  This list is a superb entry-to-intermediate level, non-exhaustive review of a few of the sources hopefully you discover most useful when you are inside a similar situation:

SD Architect

Sanjeev Sharma is really a Tech Sales specialist at IBM and author of DevOps for Dummies.  The good thing of Sanjeev’s blog is his in-depth coverage from the basics, for example Understand DevOps and Adopting DevOps.  Through a mixture of information, video, and slide presentations, Sanjeev’s content will satisfy all kinds of learners with the lens of beginner’s eyes.

The Agile Admin

This unique blog is presented by several experienced Web systems managers and developers who met while working at National Instruments.  Based on their website, their shared vision would be to help turn systems work right into a recognized and efficient discipline.  They cover a number of topics for example cloud-computing, DevOps, agile operations, infrastructure automation, and Web security.

IT Revolution Press

Gene Kim established fact for his book, The Phoenix Project: A Singular about this, DevOps, and Helping your company win.  Gene’s blog, IT Revolution Press, centered on the economical and human costs of cloud transformation.  Because the site explains, “We try to positively influence the lives of just one million IT quickly the following five years.  To achieve this, we’re uniting thought leaders inside a ll the appropriate domains having a good sense of purpose and fervour to assist us achieve our goal and improve IT for our children and grandchildren.”

Arrested DevOps [Podcast]

If you want to digest your articles by means of audio, this podcast is essential listen.  Arrested DevOps is located by Matt Stratton, Trevor Hess, and Bridget Kromhout.  They describe their podcast as you that can help listeners achieve understanding, develop good practices, and operate their teams and companies for optimum DevOps masterdom.  With a large number of podcasts varying in subject from, ‘What is DevOps, to ‘ITIL Eye for that DevOps Folks’, there are plenty of effective training to understand from all of these front-line experts.

DevOps Guys

The DevOps Guys, also known as Steve Thair and James Cruz, give a forum according to their over 15  experience that aims to facilitate, share, and explore DevOps guidelines.  They hope their blog inspires others to talk about their encounters so generation x of leaders could possibly get a jump at transforming their IT environments.

DevOps.com

Launched in 2014, DevOps.com has rapidly established itself being an indispensable source of DevOps education and community building. They create it their pursuit to cover every aspect of DevOps-philosophy, tools, business impact, guidelines and much more.  Their content includes in-depth features, bylined articles, blogs and breaking news concerning the topics that resonate by using it readers thinking about DevOps.

Have you got every other websites, blogs, subreddits, or podcasts which have helped your business start to shift the way your IT and Applications are deployed and managed?  If that's the case please share below within the comments.

CyberArk Named Top Security Solution for Government Agencies

CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today announced it was named a Government Security News (GSN) Homeland Security Award winner for the third consecutive year. CyberArk is the platinum winner for “Best Identity Management Platform.”

“Federal agencies are prime targets for attackers looking to exploit credentials and knock out weapons systems, shut down critical infrastructure or infiltrate data stores with sensitive information,” said Kevin Corbett, director of U.S. federal business at CyberArk. “With its commitment to product innovation, CyberArk offers the most advanced technology available to restrict intruders’ ability to move laterally and escalate privileges. CyberArk has strong partnerships with every branch of the federal government to help them meet complex security and compliance challenges.”

CyberArk is recognized as the premier cybersecurity solution for government agencies and organizations to protect against the exploitation of privileged accounts, credentials and secrets across every environment – including on the endpoint and across on-premises, hybrid cloud and DevOps environments. The CyberArk Privileged Access Security Solution helps eliminate the most advanced cyber threats by identifying existing accounts across networks, locking them down, and leveraging advanced analytics and continuous monitoring to detect and isolate anomalous behavior to stop attacks.The CyberArk Privileged Access Security Solution is on the U.S. Department of Defense Information Network Approved Products List (DoDIN APL), has been validated and awarded an Evaluation Assurance Level (EAL) 2+ under the Common Criteria Recognition Agreement (CCRA), and has received the U.S. Army Certificate of Networthiness (CoN). It helps federal agencies meet compliance requirements, including FISMA/NIST SP 800-53, Phase 2 of the Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) program, NERC-CIP, HSPD-12 and more.

CyberArk and CNA Introduce First-of-its-Kind Cybersecurity Insurance

CyberArk (NASDAQ: CYBR) and CNA, among the largest U.S. commercial property and casualty insurance providers, today introduced the very first cybersecurity insurance offering that prioritizes fortunate access security to lessen business risk.

CNA selected CyberArk to supply its policyholders with use of a variety of world-class services which will improve education and awareness about fortunate access-related risk. Including tools to recognize in which the riskiest accounts and credentials exist inside an organization and guidance for prioritizing protection and control over fortunate use of improve security and compliance.

“The costs of information breaches brought on by malicious attackers, human error or simple technology glitches haven't been greater,” stated Andrew Lea, v . p ., mind of business E&O, Cyber & Media Liability, CNA. “We realize that fortunate access security considerably reduces risk, and you want to make certain CNA policyholders have the best services and technology the provides. CyberArk is definitely an leader in the industry in fortunate access security while offering a depth of expertise and experience that delivers great value to the policyholders.”

This program starts with a no cost CyberArk Fortunate Access Security Assessment, which identifies current fortunate access security risk posture and enables organizations to know the way they rival industry peers. Once an assessment is finished, CNA policyholders get access to a variety of additional fortunate access-related services including:

• Discovery and Audit (DNA Workshop): Overview of business needs and motorists to recognize objectives, success criteria, priorities and employ installments of a fortunate access security solution. With CyberArk, customers will do an in-depth overview of critical controls and timelines using suggested CyberArk frameworks and tools like the CyberArk Fortunate Access Security Cyber Hygiene Program and Discovery and Audit (DNA) tool.
• CyberArk Red Team Tools, Tactics and operations (TTP): An engagement using the CyberArk Red Team will educate organizations around the common techniques employed by attackers to compromise security controls and set companies at significant risk. Security teams will get both your hands-on experience they have to understand popular attack techniques and defense strategies.
• CyberArk Security Services Intensive: Gain the inspiration for developing or speeding up a highly effective fortunate access security program with implementation planning, architecture design and talking to.

“Global organizations realize that to be able to lessen the most business risk, they have to prioritize fortunate access security like a lengthy-term program,” stated Adam Bosnian, executive v . p ., global business development, CyberArk. “This first-of-its-kind program will provide superior training and education to enhance overall cybersecurity awareness, and provide CNA policyholders the various tools they have to prioritize fortunate access peace of mind in ways in which are quantifiable and compliance driven.”

The CyberArk Fortunate Access Security Assessment

Produced by CyberArk, the Fortunate Access Security Assessment systematically addresses organizations’ fortunate access security risk and directs them toward actions which will yield the finest improvement within their overall fortunate access security posture. Evaluations derive from seven critical areas for example avoiding irreversible network takeover and securing application credentials. A personalized risk score enables the business to benchmark their fortunate access security maturity against peers utilizing a reference group based on industry, worker count, annual revenue and region. This detailed, comparative analysis offers removal guidance according to CyberArk’s market-leading experience, allowing organizations to best optimize time and sources on processes that lessen the most fortunate access security risk. To find out more, visit https://world wide web.cyberark.com/cyberark-fortunate-access-security-assessment-tool/

About CyberArk

CyberArk (NASDAQ: CYBR) may be the world leader in fortunate access security, a vital layer from it security to safeguard data, infrastructure and assets over the enterprise, within the cloud and through the DevOps pipeline. CyberArk offers the industry’s most satisfactory means to fix reduce risk produced by fortunate credentials and secrets. The organization is reliable through the world’s leading organizations, including greater than 50 % from the Fortune 500, to safeguard against exterior attackers and malicious insiders. A worldwide company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters situated in Newton, Mass.

Keep Security in Mind for a Successful Windows 10 Upgrade: Five Steps

Last month, Microsoft announced that Windows 10 is now installed on more than 800 million active devices around the globe. Windows 10 deployments continue to gain momentum as enterprises aim to take advantage of Windows 10’s security features, enhanced usability and operating speed, while also preparing for the end of Windows 7 support in January 2020. Security should be  key consideration in any enterprise migration. If you’re one of the many organizations planning a Windows 10 upgrade this year or recently purchased new hardware that has Windows 10 pre-installed and want to make sure you have a secure migration,

 here are five important things to keep in mind for your planning and deployment process:

• Backup EVERYTHING. Unlike other incremental Windows updates, a full Windows 10 install means you’ll have a totally new and improved system. This also means that you must backup all content, applications and files on each machine before starting your roll-out. Otherwise, you’ll risk the chance of data loss from potential crashes and data wipes during the Windows 10 install process. You should also have a backup plan in place in case the upgrade fails. Windows 10 allows users to create a recovery drive or system repair disk that can be used to troubleshoot issues and restore data during the installation. Think you’ve backed everything up? Check again, then proceed with caution.
• Check your disk space. Every Windows 10 update requires adequate hard drive storage space. You can free up space by running the machine’s disk cleanup files, uninstalling unwanted or unused programs, removing duplicate and temporary files and emptying the recycle bin. From there, you can decide whether to simply upgrade (which requires less disk space) or perform a complete install (which requires substantial disk space) based on available storage capacity.
• Don’t lose your product key. A product key is the 25-character code used to activate Windows 10. It looks like this: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX. You’ll need this product key to activate Windows 10 and may need it again for re-installations and upgrades down the road. It’s important to know that Microsoft doesn’t keep a record of purchased product software keys, so once you have your product key, keep track of it!
• Make sure your applications are all compatible. While most off-the-shelf applications will work out-of-the-box on Windows 10, internally developed software and web applications may be incompatible with Windows 10 clients. Before moving to Windows 10, perform precise compatibility to testing to make sure you won’t lose the use of anything important.
• Remove admin rights from all workstations. To effectively reduce the attack surface and mitigate the risk of a serious data breach without impacting user productivity, it’s important to implement tools that enforce privileged access security on the endpoint to block and contain attacks. As a first step, you should remove admin rights and enforce the principle of least privilege on desktops, laptops and servers as part of the Windows 10 migration process. Additionally, application control should be instituted to block malicious apps from running and to contain and analyze unknown apps. Finally, deploy anti-theft protection measures to help detect and block suspected credential theft attempts and contain would-be cyber attackers at the endpoint to reduce potential damage to the business.

ArkCon 2019 Welcomes Top Researchers with a Cybersecurity Challenge

ArkCon 2019 is just around the corner. CyberArk Labs is hosting its event for top cybersecurity researchers in Tel Aviv, Israel on April 29. CyberArk Labs issued challenges to the cybersecurity community that only the best of the best could solve. Now, those who answered one or more cybersecurity challenge – and other top cybersecurity researchers – are meeting to attend sessions and collaborate with their peers. This year’s guest speaker goes by pancake (with a small “p”), creator of the popular, free and open source reverse engineering platform radare2.

I spoke with Doron Naim, CyberArk Lab’s Group Manager and the event’s organizer, about what he has planned for the upcoming conference and why it’s going to be bigger and better than ever.

What do you hope attendees will learn at ArkCon?

Naim: We’re hosting three speakers this year at ArkCon. “pancake” – our keynote speaker from Spain – is going to share the new feature in radare2 (an open source tool he wrote) – a free reverse engineering platform. The second speaker is Eyal Itkin, a security researcher from CheckPoint, who will share his insights into RDP protocol and how he discovered related vulnerabilities. Nimrod Stoler, a security researcher from CyberArk, will talk about research he’s conducted on container security.

In addition to the speakers, one of the most important benefits of attending this event is the level of knowledge sharing and collaboration – so there will be plenty of quality networking opportunities.

What are you most proud of about this year’s ArkCon?

Naim: This year’s ArkCon is going to be much more than a standard cyber event. First, the audience is highly professional, the very best people in the field. Second, ArkCon is going to have lots of exciting ways for attendees to participate and engage.   During the conference, attendees can compete for prizes by solving each cybersecurity challenge. There will be plenty of space for interactive games, food and networking. The goal is to encourage healthy competition and help people to get to know each other. That way, we boost the networking level and make the conference a fun, rewarding place to be.

What are you most excited to do at this year’s ArkCon? What are you most looking forward to?

Naim: Meeting the challenge solvers. Two weeks before the event, we opened up challenges for the interested individuals to take. Each cybsecurity challenge was written by different people with different skills. Every challenge comes from a different aspect of the cyber security field. The ones who solved most of them are experts in their field and will be presented with prizes on the stage at the end of the conference.

What are the biggest opportunities ArkCon presents?

Naim: Free of charge education and networking. ArkCon gathers a distinct audience of highly skilled people who can contribute a lot to the market. ArkCon provides them with the platform to meet face-to-face and share their experience and insights. ArkCon does all this and more.

How will this year’s ArkCon be different from last year’s?

Naim: ArkCon this year is going to be four times bigger than the previous one. Last year’s ArkCon we hosted at the Israeli CyberArk offices. There was a room for very limited number of guests, so we decided to initiate a cybersecurity challenge and only give tickets to the people who solved it. This year is different. Guests can register freely, so solving the challenges is now all about the prestige. The Hall of Fame for our top cybersecurity challenge-solvers can be found here.

A lot of people put a lot of time into solving (or failing to solve) your challenges. What went into creating your challenges?

Naim: We got really good feedback. Hundreds of people are trying to solve the challenges every day. Each cybersecurity challenge is very different from all the others – which makes them harder and more interesting than the traditional Capture the Flags [a type of information security competition.] More than 100 people have already solved one or more of the challenges. We’ve found our winners, but we’re keeping that a secret until the conference. We’ll announce the winners then.