The Shortfall in Privileged Account Security – and what organizations can do about it
According to the 2016 Verizon Data Breach Report, 63% of confirmed data breaches involved leveraging weak, default or stolen passwords.
Thycotic a provider of privileged account management solutions for 7,500+ organizations worldwide, in conjunction with Cybersecurity Ventures, a research, and market intelligence firm, launched a ground-breaking online Privileged Password Vulnerability Benchmark survey taken by 600+ organization from around the globe to learn why 63% of the data breaches involved privileged accounts.
We found that 52% of the companies who participated in the benchmark survey received a failing grade on the enforcement of privileged credential controls.
Join Thycotic in a 45-minute educational training session that reveals the specific shortcomings in the current state of privileged account security and provides recommendations for how to address the most common failures.
Endpoint Application Discovery – Your first step to building a solid endpoint security strategy
Join Thycotic Product Manager Joseph Carson as he explains how you can use our new Free Endpoint Application Discovery & Risk Assessment Tool to find all your applications installed on your endpoints and then protect them with Privilege Manager for Windows.
Learn how you can use Privilege Manager for Windows to blacklist, whitelist and greylist to build an endpoint protection strategy that helps ensure the application control you need to defend against ransomware and other advanced threat attacks.
Every registrant will be able to download the Free Endpoint Application Discovery & Risk Assessment Tool to get started.
How BankUnited Successfully Protects Its Privileged Account Passwords
The increasing sophistication and frequency of advanced cyber-attacks challenge traditional cybersecurity methods and create a need for a comprehensive approach to securing privileged accounts. Join Anne Gorman, VP of Access and Identity Management at BankUnited, to learn how her team implemented a comprehensive privileged account management solution – so your team can achieve similar success. This session will help improve your ability to defend against cyber-attacks before they strike vital systems and compromise sensitive data.
The wait is over- Introducing Secret Server Cloud
Introducing Thycotic Secret Server Cloud, a secure cloud-based password manager to protect privileged credentials that can be activated in seconds. Join product manager Ben Yoder as he introduces Thycotic’s new Secret Server Cloud offering and highlights new capabilities and architecture built for fast and simple deployments.
You will learn how Secret Server Cloud gives you an easy afford PAM solution with several key benefits including:
1. A scalable and resilient architecture for an enterprise password management solution
2. Cloud based active capabilities for password changing, Discovery, Active Directory Integration, and more
3. Built in security and high availability
How to minimize Help Desk calls with Password Reset Server
Minimizing Help Desk calls can save significant amounts of time and money. Learn how Thycotic self-service password reset tool for end-users can simplify your password management. By allowing employees to reset their forgotten Active Directory passwords directly from the web or Windows login screen, Password Reset Server can drastically cut Help Desk calls and reduce costs.
Thycotic technical engineer Chris Widstrom will demonstrate how Password Reset Server can work for you including:
· How to implement an end-user password reset solution and receive buy in
· Review Password Reset Server security controls and auditing capabilities
· Key ways to improve your organization’s efficiency and bottom line
Meeting the special security needs of MSP’s with Thycotic PAM solutions
As a Managed Service Provider you are responsible for managing your client’s sensitive privileged credentials. If compromised, the integrity of your organization is compromised. With Thycotic’s Privileged Account Management solution, MSP’s can increase not only their security, but they can increase productivity by properly managing and securing privileged accounts.
Join Thycotic’s Engineer Dan Ritch as he highlights MSP scenarios that illustrate how you can increase security and productivity with an automated password management solution enabling you to
· Easily deploy and organize different client sites
· Integrate Secret Server with other leading MSP software solutions
· Manage day-to-day operations for secure access to client data even when offline
Protecting federal agencies with Thycotic Privileged Account Management security solutions
Federal government agencies are among the least prepared with cyber security measures. Yet. they are often a top target among state-sponsored hacking and malware attacks that are only becoming more frequent and sophisticated. Recent breaches, including the hack on the Office of Personnel Management, compromised the personal information of over 21.5 million federal employees and job applicants. It is critical for Federal government agencies to take steps now to protect their critical infrastructure, including privileged accounts.
Join Thycotic’s Ali Falahi as he demonstrates how Thycotic privileged account management solutions can secure your privileged credentials and mitigate malware attacks against federal agencies.
How Real-Time Threat Analysis with ACS can Protect You from Zero Day Attacks
See how Thycotic’s Application Control Solution (ACS) provides real-time threat analysis with automated alert notifications to significantly reduce your risk from zero-day attacks. This webinar will give you a demonstration of attack scenarios where Application Control Solution can examine a known or unknown application’s reputation in real-time regardless of whether it is white- or black-listed. It can then either allow or block that application from running, and automatically alert security personnel if a threat has been detected.
Join Thycotic Product Manager Ed Breay as he demos several scenarios that show how Thycotic’s Application Control Solution:
•Prevents an unsuspecting user from running an infected application
•Examines a “bad” application’s by reputation and generates an alert on the Splunk console showing the file details
•Blocks a suspect application and notifies the user that the application is disallowed
See how you compare: Privileged Account Vulnerability Benchmark Survey Results
Join Thycotic Product Manager Joseph Carson as he reviews the results of a recent groundbreaking benchmark survey on the global state of privileged account security risks. Joseph will discuss the survey results and their implications for how organizations should be protecting their “keys to the kingdom.”
Some of the startling results and major risks to be reviewed and discussed include:
•60% of companies still manually manage their privilege accounts.
•1 out of 5 of companies have not bothered to change their default privileged account passwords.
•30% of companies have no formal password controls and frequently allow accounts and passwords to be shared.
•70% require no formal approval for creating a privileged account.
Gain new insights into the global state of privileged account security and controls, and get the evidence you need to make a case for improving your own privileged account management and security practices.
How to implement least privilege access for Unix admin users
A recent US Cert Alert recommends restricting users’ permissions to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. But many Unix/Linux admin users needing a root or sudo to perform a privileged task often end up with full system access—a significant security risk that every organization needs to minimize or eliminate.
Thycotic’s Secret Server Product Manager Ben Yoder shows you how you can enforce greater control over what you admin users can do with root by leveraging Secret Server’s new Privilege Manager for Unix module. You’ll see how you can delegate privileged tasks to let users run specific jobs as root, without the security risk of giving them full control.
Self Service Password Resets: See how Thycotic makes it so much easier and more secure
Employee workstations are a primary target for attackers these days. And unsuspecting employees may disclose their Active Directory passwords or choose weak passwords that can be easily hacked with brute force. But all too often, enforcing strong AD passwords and password rotation requires added help desk assistance. Employees get frustrated trying to get work done, while the help desk struggles to keep up with password reset requests.
Reduce your Ransomware risks with Least Privilege and Application Control
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems, and attempting to extort money from victims by displaying an on-screen alert. The latest variations of Ransomware have evolved into highly targeted threats to both individuals and businesses, prompting a recommendation from the Department of Homeland Security that says in part: “Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services.”
Thycotic’s Product Marketing Manager Joseph Carson explains how specific application control solutions along with other endpoint lock down security can help you apply a “least privilege” strategy to protect your systems from ransomware and other targeted attacks.
New Mac Launcher for Secret Server “Deep Dive” shows how to secure business users
If you’ve got executives or other business users running Mac OSX from their own devices, you can now run our new Secret Server session launcher on Macs to protect and manage them.
Included in the latest edition of Secret Server at no extra charge, we provide a Mac Launcher with the same feature set as our Windows Session Launcher. You get session recording, proxying, and launching of custom Mac applications, all without requiring Java to be installed on end user machines, reducing your desktop security risks.
Learn how you can use Secret Server ensure proper security by controlling and managing Macs (just like you do Windows and Unix), as well as meet industry standard compliance regulations and policies.
2016 RSA Cyberterrorism Survey Results
RSA Conference 2016 will bring thousands of Information Security industry professionals to San Francisco for a week of sessions, learning labs, and connecting with peers and solutions to discuss current trends and progress. This year we’re asking attendees about cybersecurity trends and their thoughts on breaking industry news. Join our Executive Director of Security, Nathan Wenzler, to hear the top trends and leading industry news from RSA as well as our survey results.
Managing VMware Environments with Thycotic Secret Server
In today’s world, virtualization is everywhere and it’s important to properly manage the privileged accounts. With Thycotic Secret Server you are able to find these privileged accounts in virtual environments and help your team manage, control and rotate those passwords. From ESXi to vCenter, learn how to get it all accessed and controlled from a single application while providing security and full auditing capabilities. Join the webinar and learn how Thycotic Secret Server can help control your VM environment.
Top 5 Benefits of our Free Privileged Account Discovery for Windows Tool
Do you know just how many privileged accounts and service accounts you have across your network? Privileged accounts are a key target of hackers and malicious insiders, but do you know where they all are? Our new free Windows Privileged Discovery Tool provides a single collection point for all your Windows privileged accounts across your entire network automatically. Join our webinar to learn the top 5 benefits of Privileged Account Discovery for Windows and how to use our new free tool to find at risk privileged Windows accounts.
HIPAA’s Technical Safeguards: Managing Access to electronic-Protected Health Information (e-PHI) with Thycotic’s Secret Server
With digital medical records, patient online portals and other electronic methods of healthcare management, maintaining a secure network is critical to meet the Health Insurance Portability and Accountability Act (HIPAA) Technical Safegaurd requirements. IT accounts, such as IT admin accounts, application and service accounts, each grant a specific level of access to your companies electronic Protected Health Information (e-PHI). Typically IT teams share these credentials amongst themselves to gain access to equipment storing patient’s information, as needed. This makes it very difficult to know who exactly is accessing your patient’s data and to restrict access amongst IT staff. In this Webinar you’ll learn how Thycotic’s Secret Server Password Management Software manages the availability, rotation, and integrity of the privilege accounts that allow access to electronic Protected Health Information (e-PHI).
Authenticated Vulnerability Scanning with QualysGuard and Secret Server
Whether you’re performing authenticated scanning or non-authenticated scanning with QualysGuard, you’re likely doing it wrong. This webinar will help you find the most secure and efficient way to perform authenticated scanning using QualysGuard with Thycotic Secret Server.
Can a Security Tool Make IT More Productive?
It’s time to start seeing security as a business enabler. Executive teams often see security as something that stifles progress and a last resort when a company needs protection. With the endless stream of breaches, security is finally being taken seriously, but that doesn’t mean it needs to slow companies down. Join us to learn how to add a critical layer of security to your network that protects you from hackers, AND increases productivity and IT efficiency.
How to Use Distributed Engine in your Environment for Rapid Deployment & Security
Distributed Engine is the next generation of Secret Server Agent, designed for scalability. Released in version 8.9.000000, Distributed Engine supports Heartbeat, Password Changing, and Discovery. Learn the different use cases for Distributed Engine and best practices for using it in your environment.
Securing SharePoint: Managing Service Accounts with Thycotic Secret Server
Managing SharePoint’s many service accounts and application pools, including embedded account passwords can be extremely difficult and leave other applications using the service accounts at high-risk. Complexities around manually changing SharePoint accounts can be time consuming and prone to error, leaving your network vulnerable. In this webinar you’ll learn how Thycotic Secret Server automates the password rotation on the domain account and its corresponding dependencies all at once to meet compliance and auditing requirements. Don’t let an unmanaged SharePoint account lead to your next breach.
Developing an Effective PAM Strategy
Hear directly from CISOs why monitoring and controlling privileged credentials is so important. According to industry experts, privileged account credentials are the primary target for attackers because of the level of access they provide during an attack. In this session, you will identify the biggest areas of exposure within your organization and learn how to eliminate that exposure through effective privileged account management controls.
Privileged Account Security – your No.1 Priority | IANS Webinar
More than 62% of breaches surveyed by IANS resulted from privileged account abuse. But what are privileged accounts?
In this webinar Nathan Wenzler of Thycotic discusses privileged accounts and why organizations need to be concerned about them. Almost every organization has some sort of regulation they must adhere to, whether it’s PCI DSS, HIPAA, SOX, NERC CIP, NIST, FIPS, to name a few, and each of these regulations has provisions to dictate how organizations are protecting the credentials that have the most access to their critical data and infrastructure
Streamline Access with Secret Workflow Automation
Controlling access to privileged accounts is a core security and compliance mandate. Move beyond permissions and learn about the different Secret workflow use cases and features. Join our product manager, Ben Yoder, as he discusses Secret Server’s workflow automation to validate access and ensure compliance. He will also highlight our latest release showcasing Secret Server’s integration with ticketing systems.
Unlocking the Full Potential of Secret Server
Learn how you can take advantage of features you didn’t know Secret Server had! This webinar will help you on your path to becoming a Secret Server expert. We will highlight discovery, the benefits of SSH/RDP Proxy, leveraging scripts to extend functionality, over all password management best practices and much more.
Taking Back Control of Domain Admin Accounts
Join Ben Yoder (Product Manager) and Nathan Wenzler (Senior Technology Evangelist) as they use Thycotic Secret Server to take back control of domain admin accounts. They showcase enforcing RDP jump hosting, mitigating pass the hash, and enabling automatic rotation of domain admin passwords. If your domain admins are remembering their domain admin passwords, then you are doing it wrong.
Secret Server: What’s Coming in 8.9 – Distributed Engine and RDP Proxy
Learn what is coming out in Secret Server version 8.9! We will be showcasing the upcoming features including Distributed Engine, RDP Proxy and more.
Pass the Hash: 15 Minute Crash Course
Join Jonathan Cogley, CEO at Thycotic, for a crash course in Pass the Hash attacks. Find out how they happen, ways newer versions of Windows help protect against them, and other steps you can take to protect your organization. Recorded live at Microsoft Ignite 2015.
Eliminate Passwords in web.config Files in 15 Minutes
Join Ben Yoder, Product Manager at Thycotic, and learn how to get passwords out of code with the Thycotic Secret Server API. Recorded live at Microsoft Ignite 2015.
Information Security at Work: Automating End-User Password Reset for Better Efficiency and Fewer Headaches
In this webinar, KuppingerCole Senior Analyst Amar Singh and Thycotic CEO Jonathan Cogley will talk about essentials for the digital transformation of your enterprise: Managing your end user identities and offering end users self-service password reset abilities to increase help desk efficiency without compromising security.
Group Management Server
Description: Group Management Server is self-service Active Directory Group management software that enables IT administrators to delegate AD Group membership to your department managers. The software simplifies administration, streamlines individual tasks, and brings AD Group management into a centralized, secure dashboard.
As an IT admin, how do I control my password kingdom?
You have your kingdom of servers, accounts, devices and also many responsibilities. You want to know that it all works, no accounts or devices are missed and you want to delegate occasionally so you can actually take a vacation. A few pretty reports during auditor time of the year would be nice too. Join Ben Yoder (Product Manager) and Nathan Wenzler (Senior Technology Evangelist) as they walk through configuring your view and controls in Thycotic Secret Server to make life a bit easier and give you some peace of mind.
PowerShell Password Changer – Deep Dive
As Microsoft continues to push PowerShell as the future of Active Directory management, Secret Server introduces a PowerShell Remote Password Changer. This webinar will explore in depth the configuration, implementation and use of the PowerShell Password changer. Topic will include, proper PowerShell configuration for Secret Server, creating custom PowerShell scripts for RPC and Heartbeat, debugging and troubleshooting scripts, Secret Template creation, Secret creation and usage. This is a must see webinar for anyone utilizing PowerShell in their management routines.
What’s New in 8.8 – Scripting Capabilities & SSH Key Support
Learn what is new in Secret Server version 8.8! We will be showcasing the latest features in the latest release, including support for using SSH keys with PuTTY session launchers, new scripting capabilities and more.
Secret Server – Get the most out of Professional Edition
Deep Dive into Secret Server’s Professional Edition! Hear from Thycotic’s Lead Engineer Jacob Stucky, as he discusses two factor, heartbeat, password changing, event subscriptions, scheduled reports, discovery of local accounts and Secret Server’s CRM integration.
Thycotic and IANS Research – Privileged Users and Data Breaches: A Match Made in Heaven?
In a recent IANS Research study by Dave Shackleford, 87% of information security professionals surveyed said their organizations were impacted by privileged account abuse and misuse ultimately resulting in a data breach. With so many attacks targeting privileged users and account credentials, privileged user monitoring and management is gaining fast attention by organizations looking to mitigate risk. In this webinar, David Shackleford, IANS faculty, and Jonathan Cogley, CEO of Thycotic, will analyze these recent findings, demystify privileged account abuse and discuss future trends in privileged account security.
Secret Server: Security Hardening
Ben Yoder and Kevin Jones discuss Secret Server security best practices. They dive into application configuration for Secret Server, the security hardening report, IIS configuration setting, demonstrate options for two factor authentication and much more.
Secret Server: What’s New in 8.7 – Linux Account Discovery
Learn what is new in Secret Server 8.7. We will be showcasing the latest features in version 8.7, including Linux Account Discovery and the other discovery features within Secret Server.
Secret Server: What’s New in 8.6
Learn how to quickly define and apply standardized security policies to your company’s privileged accounts to ensure compliance and lower management time of Secrets. Secret Policies ensure that sensitive Secrets always meet your company’s internal policies. We will also be showcasing the new UI refresh and the other 8.6 features!
Proactive Security beats Reactive Security with Microsoft MVP, Sami Laiho
Did you see the news about the latest zero-day attack using RTF-files? Yet again an example where no harm is done if you have your proactive security measures are in place. In fact all of the biggest zero-attacks in the last decade have been of such nature that even without an anti-malware solution you could have avoided the worst consequences if you just had your proactive security done right. If a user has admin rights he/she can turn of the protective measures so this is the most important thing to do right and get rid of the excessive user permission. You can control admins with policies can’t you? No, you cannot, and in this session you’ll see how admins can turn off all policies in a heartbeat. After you’re done getting rid of admin rights you need to implement stuff like firewalls, IPsec, Software Resctriction policies and disk encryption. And yes, you also need a reactive solution like an anti-malware on top of the more important proactive measures. Reactive security reacts to found threats as proactive prevents you from getting them in the first place. Join this session and see one of the leading OS and Security Experts, Sami Laiho, show you how to build a proactive security solution that’s always up to date. No longer rely on someone else finding fingerprints and keeping your security up to date!
Deep Dive: Session Monitoring
Want to see a live demo of Secret Server 8.5? The latest release includes SSH proxying, active session monitoring and new recording options. This is a big update for companies focused on compliance requirements.
The Three Most Trending Topics of RSA Conference 2014 with Edward Haletky
Missed this year’s RSA Conference? We have you covered. Join our product manager, Ben Yoder, and special guest host, Edward Haletky, author, analyst and moderator of the Virtualization Security Podcast. Edward will discuss his top three takeaways and the most trending topics from the largest information security conference in the country. If you didn’t attend RSA this year, be sure to join this webinar!
Integration Spotlight – Thycotic and HP ArcSight
Join Ben Yoder, product manager at Thycotic Software, and Eric Schou from HP ArcSight, as they dive into the features and benefits of integrating Secret Server with HP ArcSight. By seamlessly combining SIEM data with privileged account management, you’ll learn how to effectively safeguard your network, analyze essential IT security events and enforce privileged access control for your most sensitive accounts.
Thycotic Introduces Password Reset Server
Learn how Thycotic can help solve your end-user AD password resets. Password Reset Server is an AD self-service password reset tool that helps reduce your help desk calls.
Deep Dive: Service Account Discovery
Do you know where all of your service accounts are used? Gain control of service accounts and dependencies with Service Account Discovery. Join us for a step-by-step guide to service account management. Ben Yoder, product manager, will show you how to control these problematic accounts with the push of a button.
Deep Dive: Secret Server – Website Password Changing
Learn about Secret Server’s latest feature, website password changing. We will discuss how Secret Server now supports active management of Google, Amazon and Windows Live passwords. This webinar will also touch on the best practices with changing these types of passwords.
Integration Spotlight – Secret Server and Devolutions Remote Desktop Manager
Join Thycotic Software’s Product Manager Ben Yoder alongside Maurice Côté, Product Manager for Devolutions, as they dive deep into the features and benefits of integrating Secret Server with Remote Desktop Manager.
Using the Secret Server API
Does your company have embedded passwords in scripts, build files or custom applications? You can now get passwords out of code, reduce errors and secure account access by using Secret Server’s APIs. Secret Server has API options for every edition.
Custom Launchers for Secret Server
Need your users to run applications without seeing the password? In our webinar, learn how Secret Server’s Custom Launchers allow users authentication into a variety of platforms with tools they use daily, including how to pass in credentials and use batch files for custom scripting
Secret Server Password Maturity Test
Learn if your organization passes the Password Maturity Test. Do you change all your passwords on a regular basis? Does every account have a unique password? What do you do when someone quits? Are passwords ever known by more than one individual at a time? See how your organization stacks up!
Discuss Privileged Password Management Industry Trends with Forrester’s Andras Cser
Andras Cser is a leading expert on identity management, access management, privileged identity management and role design and management. Learn about trends within the enterprise space and what he sees companies doing about them.
Deep Dive: Secret Server – Best Practices for Unlimited Administrator Mode
It’s 3 a.m., there is an unscheduled outage, and you’re locked out of the problematic server! Dave left the company and he was the only one with access to that password in Secret Server. Learn how Unlimited Administrator Mode can help.
Deep Dive: Secret Server – Easily manage and secure all your Windows local administrator password
Use discovery to quickly find all your local Windows administrator accounts – import them into the Secret Server vault (even if you don’t know the current password). Then set a schedule (30, 90 days etc.) for regular password changing and never worry about those passwords again. Whenever a sysadmin needs a password, they just come to Secret Server to find it. Using Discovery Rules allows all of this to be automated.
Secret Server: Web Password Filler
Learn how to easily login to websites using passwords stored in Secret Server. The Web Password Filler uses a bookmarklet so it does not require any installed software or add-ons in the web browser.
Using Excel to store privileged account passwords? You’ve probably already been breached.
Many organizations and IT Administrators still use Excel spreadsheets to store passwords in privileged accounts and share them between key staff members so they can gain access to important and critical systems. Yet this entrenched practice of storing sensitive passwords and credentials in a spreadsheet is a major security risk and should be avoided at all costs. In fact, your systems may already have been breached with this practice and you don’t even know it.
Join Thycotic Product Manager, Joseph Carson, as he highlights why and how you should eliminate the unnecessary risks around using Excel to manage privileged passwords including:
• Why Excel was never intended to be a Password Management Solution
• The lack of built-in security with spreadsheets
• Excel risks for data loss, security updates and transportability
• How you can eliminate these risks with automated PAM solutions
Everyone registered will receive a free white paper describing the risks with using Excel and how to eliminate them.
The new EU General Data Protection Regulation: Here’s what you need to know now!
The EU’s new General Data Protection Regulation clock has started on May 4th 2016 and organisations have to transition to it by 2018. Failure to comply with the new regulation could result in companies being fined up to €20m or 4% of their annual turnover, whichever is greater, for failure to protect and provide adequate security to their customer data.* Every organization that collects or processes European citizen’s personal identifiable information will have to comply with the new regulation.
What is the best way to prepare your organization?
Join Thycotic Product Manager, Joseph Carson, as he highlights what you need to know about the GDPR and what you should be doing now to prepare.
Register now to learn:
• The key impacts and consequences for organization’s that collect or process European citizen’s data
• How to set expectations and plan for EU GDPR changes in your organization
Download the free EU General Data Protection Regulation white paper “Key steps to meet the EU General Data Protection Regulation” here.
How To Develop A Strong Privileged Account Management Plan
What is Privileged Account Management? Privileged accounts are the # 1 target for hackers and malicious insiders today. Once bad actors have “the keys to your kingdom” they have complete access to, and control of, the IT infrastructure, core systems and applications, as well as critical business and customer data.
Join this webinar to find out how Thycotic can help you solve this IT challenge. Who should attend? Anyone involved with IT Security, CISO’s, IT Director’s, IT Administrators, Partners.