CyberArk Expands Industry-Leading Executive Team

CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today announced new additions to its executive management team with the appointments of Rich Wenning as vice president of North American sales and Clarence Hinton as senior vice president of corporate development.

“Rich and Clarence are tremendous additions to our executive team, each bringing deep industry experience with world-class organizations and strategic industry relationships. Rich will be instrumental in executing our regional sales initiatives, with Clarence leading future investment strategies,” said Udi Mokady, chairman and CEO, CyberArk. “On the heels of a recording-breaking year, we are expanding our leadership team to execute on corporate goals and capitalize on growth opportunities.”

Most recently with Palo Alto Networks serving as vice president, Americas Enterprise Accounts, Wenning brings 25 years of industry experience to this new role at CyberArk. At CyberArk, Wenning will lead the North American sales team and is responsible for expanding direct and channel opportunities. While at Palo Alto, Wenning led a team of direct, indirect and technical sellers supporting the Fortune 1000. Previously with Cisco, he served in a variety of leadership and market development roles, most recently as Area vice president of sales. Wenning also held senior leadership and client facing positions at IBM and Hewlett-Packard Company.

Hinton joins with more than 20 years of leadership experience in strategy, corporate and business development. He most recently served as senior vice president, head of strategy and corporate development at Nuance Communications. In his role at CyberArk, Hinton is responsible for formulating, assessing and executing strategic growth initiatives. Previously, he worked in several strategy and corporate development roles at BMC Software. Hinton held consulting, business development and management positions at Dell. He also worked at Bain & Company and Capital One Financial.

The Case for Comprehensive Access Management

The insider threat doesn't always cease when an worker leaves the business. There are many recent articles in news reports with cautionary tales of ex-employees compromising company systems.

• An old worker in a private security patrol company was purchased by court to pay for greater than $300,000 to repair personal computers he broken after he was fired.
• An old worker of the engineering company stole $425,000 price of proprietary information for any competitor.
• An advanced IT worker of the sportswear company was charged with establishing a phony account to produce a mystery towards the company’s systems before departing for an additional job, and taking advantage of it to steal information.

Organizations normally have procedures and policies in position to alter credentials and terminate use of systems and technology when an worker departs the organization. The procedure ought to be the same if the worker is incorporated in the IT department or otherwise. How access is ended is determined by the business also it infrastructure.

When all use of various systems is managed in one directory, for example Active Directory, the answer could be straightforward. Things get complicated once the infrastructure is much more complex with a multitude of systems, multiple directories, cloud-based applications, etc. When there isn’t a passionate technique of how to proceed in situation from it member termination, then there's an opportunity that some access might be left open.

Outdated accounts are usually left open until someone discovers (usually someone in the IT/Security team) and just then may be the access ended. Ideally, all fortunate accounts are managed and monitored using a fortunate account security solution, and all sorts of identities are verified using multi-factor authentication before access is granted.

Those things of malicious IT staff makes headlines, but bear in mind they aren't the only ones with privilege. All access is really a privilege and really should be managed through the employment lifecycle, from onboarding from the worker through termination. Even employees outdoors from it with routine access rights pose a danger (malicious or accidental) if individuals rights aren't managed carefully. Consider it - HR can access worker information, sales can access customer data, marketing can access public facing communication channels etc.

Access creep

Worker roles and responsibilities are frequently fluid, and workers have a tendency to accumulate rights with time. Jobs change and situations arise that need one-time use of sources. Passwords shared for just one-time access frequently aren't invalidated or altered after they are utilised.

Although managing credentials and securing use of data or systems is frequently regarded as an IT function, often the permissions and rights are granted by supervisors or account managers who don't ensure that it stays or even the human sources department informed. In addition, employees may get access to systems it isn’t conscious of, like a file-discussing program, marketing database etc.

HR usually handles the executive tasks of the termination and depends on IT to deprovision fortunate access. But oftentimes, neither comes with an authoritative listing of all accounts, rights and credentials accrued during the period of employment. Consequently, it's possible for workers to retain use of systems and sources after departing a company, developing a new flavor of the insider threat.

Guidelines

Just like many facets of security, comprehensive access management is determined by both policy and technology.

Since It departments frequently don't authorize and assign all system access, an entire access management program needs to extend beyond IT to any or all departments within the organization. Including all managers and supervisors who grant use of systems or information for their direct reports, and knowledge proprietors who have the effect of use of data, that is frequently the best target of the invasion. Policies should define when and how access is granted, establish programs to trace all access, and positively manage that access to ensure that rights are revoked when they’re no more needed.

7 Essential Resources To Start Your Cloud Transformation

Getting began having a cloud transformation project is really a tall task.  The sheer quantity of technical and cultural decisions that should be made might make anyone’s mind spin.  While there should never be a silver bullet solution that will help you with the process, it's very important to crowd source other’s encounters before embark to overcome your ultimate goal.

Start Your Cloud TransformationFor this publish we requested ourselves, when we were beginning an enormous cloud transformation project, where would starting?  This list is a superb entry-to-intermediate level, non-exhaustive review of a few of the sources hopefully you discover most useful when you are inside a similar situation:

SD Architect

Sanjeev Sharma is really a Tech Sales specialist at IBM and author of DevOps for Dummies.  The good thing of Sanjeev’s blog is his in-depth coverage from the basics, for example Understand DevOps and Adopting DevOps.  Through a mixture of information, video, and slide presentations, Sanjeev’s content will satisfy all kinds of learners with the lens of beginner’s eyes.

The Agile Admin

This unique blog is presented by several experienced Web systems managers and developers who met while working at National Instruments.  Based on their website, their shared vision would be to help turn systems work right into a recognized and efficient discipline.  They cover a number of topics for example cloud-computing, DevOps, agile operations, infrastructure automation, and Web security.

IT Revolution Press

Gene Kim established fact for his book, The Phoenix Project: A Singular about this, DevOps, and Helping your company win.  Gene’s blog, IT Revolution Press, centered on the economical and human costs of cloud transformation.  Because the site explains, “We try to positively influence the lives of just one million IT quickly the following five years.  To achieve this, we’re uniting thought leaders inside a ll the appropriate domains having a good sense of purpose and fervour to assist us achieve our goal and improve IT for our children and grandchildren.”

Arrested DevOps [Podcast]

If you want to digest your articles by means of audio, this podcast is essential listen.  Arrested DevOps is located by Matt Stratton, Trevor Hess, and Bridget Kromhout.  They describe their podcast as you that can help listeners achieve understanding, develop good practices, and operate their teams and companies for optimum DevOps masterdom.  With a large number of podcasts varying in subject from, ‘What is DevOps, to ‘ITIL Eye for that DevOps Folks’, there are plenty of effective training to understand from all of these front-line experts.

DevOps Guys

The DevOps Guys, also known as Steve Thair and James Cruz, give a forum according to their over 15  experience that aims to facilitate, share, and explore DevOps guidelines.  They hope their blog inspires others to talk about their encounters so generation x of leaders could possibly get a jump at transforming their IT environments.

DevOps.com

Launched in 2014, DevOps.com has rapidly established itself being an indispensable source of DevOps education and community building. They create it their pursuit to cover every aspect of DevOps-philosophy, tools, business impact, guidelines and much more.  Their content includes in-depth features, bylined articles, blogs and breaking news concerning the topics that resonate by using it readers thinking about DevOps.

Have you got every other websites, blogs, subreddits, or podcasts which have helped your business start to shift the way your IT and Applications are deployed and managed?  If that's the case please share below within the comments.

CyberArk Named Top Security Solution for Government Agencies

CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today announced it was named a Government Security News (GSN) Homeland Security Award winner for the third consecutive year. CyberArk is the platinum winner for “Best Identity Management Platform.”

“Federal agencies are prime targets for attackers looking to exploit credentials and knock out weapons systems, shut down critical infrastructure or infiltrate data stores with sensitive information,” said Kevin Corbett, director of U.S. federal business at CyberArk. “With its commitment to product innovation, CyberArk offers the most advanced technology available to restrict intruders’ ability to move laterally and escalate privileges. CyberArk has strong partnerships with every branch of the federal government to help them meet complex security and compliance challenges.”

CyberArk is recognized as the premier cybersecurity solution for government agencies and organizations to protect against the exploitation of privileged accounts, credentials and secrets across every environment – including on the endpoint and across on-premises, hybrid cloud and DevOps environments. The CyberArk Privileged Access Security Solution helps eliminate the most advanced cyber threats by identifying existing accounts across networks, locking them down, and leveraging advanced analytics and continuous monitoring to detect and isolate anomalous behavior to stop attacks.The CyberArk Privileged Access Security Solution is on the U.S. Department of Defense Information Network Approved Products List (DoDIN APL), has been validated and awarded an Evaluation Assurance Level (EAL) 2+ under the Common Criteria Recognition Agreement (CCRA), and has received the U.S. Army Certificate of Networthiness (CoN). It helps federal agencies meet compliance requirements, including FISMA/NIST SP 800-53, Phase 2 of the Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) program, NERC-CIP, HSPD-12 and more.

CyberArk and CNA Introduce First-of-its-Kind Cybersecurity Insurance

CyberArk (NASDAQ: CYBR) and CNA, among the largest U.S. commercial property and casualty insurance providers, today introduced the very first cybersecurity insurance offering that prioritizes fortunate access security to lessen business risk.

CNA selected CyberArk to supply its policyholders with use of a variety of world-class services which will improve education and awareness about fortunate access-related risk. Including tools to recognize in which the riskiest accounts and credentials exist inside an organization and guidance for prioritizing protection and control over fortunate use of improve security and compliance.

“The costs of information breaches brought on by malicious attackers, human error or simple technology glitches haven't been greater,” stated Andrew Lea, v . p ., mind of business E&O, Cyber & Media Liability, CNA. “We realize that fortunate access security considerably reduces risk, and you want to make certain CNA policyholders have the best services and technology the provides. CyberArk is definitely an leader in the industry in fortunate access security while offering a depth of expertise and experience that delivers great value to the policyholders.”

This program starts with a no cost CyberArk Fortunate Access Security Assessment, which identifies current fortunate access security risk posture and enables organizations to know the way they rival industry peers. Once an assessment is finished, CNA policyholders get access to a variety of additional fortunate access-related services including:

• Discovery and Audit (DNA Workshop): Overview of business needs and motorists to recognize objectives, success criteria, priorities and employ installments of a fortunate access security solution. With CyberArk, customers will do an in-depth overview of critical controls and timelines using suggested CyberArk frameworks and tools like the CyberArk Fortunate Access Security Cyber Hygiene Program and Discovery and Audit (DNA) tool.
• CyberArk Red Team Tools, Tactics and operations (TTP): An engagement using the CyberArk Red Team will educate organizations around the common techniques employed by attackers to compromise security controls and set companies at significant risk. Security teams will get both your hands-on experience they have to understand popular attack techniques and defense strategies.
• CyberArk Security Services Intensive: Gain the inspiration for developing or speeding up a highly effective fortunate access security program with implementation planning, architecture design and talking to.

“Global organizations realize that to be able to lessen the most business risk, they have to prioritize fortunate access security like a lengthy-term program,” stated Adam Bosnian, executive v . p ., global business development, CyberArk. “This first-of-its-kind program will provide superior training and education to enhance overall cybersecurity awareness, and provide CNA policyholders the various tools they have to prioritize fortunate access peace of mind in ways in which are quantifiable and compliance driven.”

The CyberArk Fortunate Access Security Assessment

Produced by CyberArk, the Fortunate Access Security Assessment systematically addresses organizations’ fortunate access security risk and directs them toward actions which will yield the finest improvement within their overall fortunate access security posture. Evaluations derive from seven critical areas for example avoiding irreversible network takeover and securing application credentials. A personalized risk score enables the business to benchmark their fortunate access security maturity against peers utilizing a reference group based on industry, worker count, annual revenue and region. This detailed, comparative analysis offers removal guidance according to CyberArk’s market-leading experience, allowing organizations to best optimize time and sources on processes that lessen the most fortunate access security risk. To find out more, visit https://world wide web.cyberark.com/cyberark-fortunate-access-security-assessment-tool/

About CyberArk

CyberArk (NASDAQ: CYBR) may be the world leader in fortunate access security, a vital layer from it security to safeguard data, infrastructure and assets over the enterprise, within the cloud and through the DevOps pipeline. CyberArk offers the industry’s most satisfactory means to fix reduce risk produced by fortunate credentials and secrets. The organization is reliable through the world’s leading organizations, including greater than 50 % from the Fortune 500, to safeguard against exterior attackers and malicious insiders. A worldwide company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters situated in Newton, Mass.