Thycotic will be closed Thursday and Friday, Nov. 26th and 27th for the Thanksgiving holiday. More info »

  • 11 NOV 14

Qualys Security Conference 2014: Tension Between Security and IT Operations

In my previous post, ‘Vulnerability Scanning: Is Unauthenticated Scanning Enough?’ I discussed the differences between authenticated and unauthenticated scans, and how Qualys and Thycotic work together to find vulnerabilities for better security. When performing authenticated scans, Qualys uses credentials to find sensitive issues such as malware, patches, incorrect configuration, and other vulnerabilities. It then scans

  • 21 OCT 14

Predicting Potential Threat: Behavior Analytics & Threat Modeling

Wouldn’t it be nice to be able to identify a potential threat before it happens? Learn how Secret Server uses threat modeling and behavioral analytics to discover and take immediate action on a threat, stopping an attacker in their tracks. Threat Modeling The term “threat modeling” has become quite popular lately as an upcoming major

  • 15 OCT 14

POODLE: Not your typical walk in the park

Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to 1996 and debuted with Netscape

  • 14 OCT 14

Vulnerability Scanning: Is Unauthenticated Scanning Enough?

Thousands of IT organizations across the world use vulnerability scanners to perform unauthenticated scans and find threats within their network. These scans find basic weaknesses and detect issues within operating systems, open network ports, services listening on open ports, and data leaked by services. This gives companies the ability to see their network from the

  • 07 OCT 14

[VIDEO] What You Need to Know About Bash Bug

We’ve all heard the headlines of the most recent security bug, including, ‘Shellshock bug could threaten millions compared to Heartbleed,’ or even more terrifying, ‘Shellshock: A deadly new vulnerability that could lay waste to the internet.’ While these headlines are a bit dramatic, there lies some truth in the statements. The National Institute for Standards

  • 23 SEP 14

(Video) Are You Following Password Best Practices?

As an IT professional you juggle over 100 tasks a day, making sure everyone’s computers are up and running, no disasters are occurring, all while maintaining your entire network’s security. All of your daily responsibilities revolve around passwords and as an administrator you and your team are the keepers of ‘the keys to the kingdom.’

  • 16 SEP 14

What is a smart grid and why should I care about it?

In the United States, we depend on the electrical grid to power our homes, our businesses, and several leisurely pastimes (late-night soccer, anyone?). Today, that grid is “smart,” which is a catchy way of saying it uses modern technology for operation and automation, a technology trendseen in everything from consumer gadgets to datacenters. Just as

  • 09 SEP 14

Infamous Heartbleed Bug Responsible for Over 4.5 Million Patient Records Leaked

Heartbleed continues to haunt the organizations as patch efforts remain ignored. In April we notified our customers that our solutions remained unaffected, but unfortunately for millions that was not the case. Over six months later a data breach at Community Health Systems is the result of the infamous Heartbleed vulnerability that several versions of OpenSSL

  • 19 AUG 14

VMworld Sneak Peek: ESX Discovery

With VMworld 2014 just a week away, we wanted to showcase a special VMware announcement this week. Introducing, advanced capabilities in VMware hypervisor environments coming with the Secret Server 8.7 release. This week’s post is a deep dive into the new ESX/ESXi discovery capabilities. Learn how your team can automatically discover and begin to manage

  • 12 AUG 14

Secret Server: The Getting Started Guide for End-Users

In our recent blog post, Don’t let your company’s social media get hacked: Deploy Secret Server to end-users, you learned about our new Basic User Dashboard and how to administer Secret Server to your end users. We wanted to make getting started with Secret Server simple and straightforward for your end users. Share this blog