+1-202-802-9399 (US)

Thycotic’s Cybersecurity Publication

FEATURED STORY:
Cyber Security Responsibilities: Who owns your organization’s PAM Policy Template? 

Who is responsible for creating, implementing and overseeing your organization’s Privileged Account Management Policy template? And what is at risk if no individuals or departments are named to ensure that your users and systems are in compliance with your PAM Policy?

Filter by Tags: 

Privileged users and data breaches: A match made in heaven?

December 2nd, 2014

With data breaches on the rise, more evidence is constantly being discovered to support the link between privileged accounts in organizations and network breaches. Thycotic and IANS recently conducted a survey of 100 experienced security and IT operations professionals regarding their recent data breaches and privileged account misuse, and the results show there is indeed…


What’s New in Password Reset Server 4.0?

November 18th, 2014

Password Reset Server 4.0 is out, and it has new features to make your installation simple and easy to use. What will be your favorite new feature? HSTS HTTP Strict Transport Security, when turned on, means that Password Reset Server can only be accessed using HTTPS. It is important to access sites that send or…


Qualys Security Conference Reveals Tension Between Security and IT Operations

November 11th, 2014

In my previous post, ‘Vulnerability Scanning: Is Unauthenticated Scanning Enough?’ I discussed the differences between authenticated and unauthenticated scans, and how Qualys and Thycotic work together to find vulnerabilities for better security. When performing authenticated scans, Qualys uses credentials to find sensitive issues such as malware, patches, incorrect configuration, and other vulnerabilities. It then scans…


Access Control: Models and Methods

November 4th, 2014

There are times when employees need access to information, such as documents, slides, etc., on a network drive but don’t have the appropriate level of access to read and/or modify the item. This can happen at the most inconvenient time and they quickly need to get a hold of a system administrator to grant them…


Haunting Tale: Beware of the Insider

October 28th, 2014

We all love October for the fall nights, changing leaves, hot cider and Halloween festivities. October is also National Cyber Security Awareness Month supported by the National Cyber Security Alliance. Although we preach cyber security best practices all year, it’s an important reminder to stay safe online. In support of National Cyber Security Awareness Month…


Predicting Potential Threat: Behavior Analytics and Threat Modeling

October 21st, 2014

Wouldn’t it be nice to be able to identify a potential threat before it happens? Learn how Secret Server uses threat modeling and behavioral analytics to discover and take immediate action on a threat, stopping an attacker in their tracks. Threat Modeling The term “threat modeling” has become quite popular lately as an upcoming major…


POODLE: Not your typical walk in the park

October 15th, 2014

Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to 1996 and debuted with Netscape…


Vulnerability Scanning: Is Unauthenticated Scanning Enough?

October 14th, 2014

Thousands of IT organizations across the world use vulnerability scanners to perform unauthenticated scans and find threats within their network. These scans find basic weaknesses and detect issues within operating systems, open network ports, services listening on open ports, and data leaked by services. This gives companies the ability to see their network from the…


What You Need to Know About Bash Bug

October 7th, 2014

We’ve all heard the headlines of the most recent security bug, including, ‘Shellshock bug could threaten millions compared to Heartbleed,’ or even more terrifying, ‘Shellshock: A deadly new vulnerability that could lay waste to the internet.’ While these headlines are a bit dramatic, there lies some truth in the statements. The National Institute for Standards…


Why we surveyed a bunch of hackers

September 30th, 2014

At this year’s Black Hat USA, we conducted a survey of 127 self-identified “black hat” hackers. Why’d we do it? Because it’s not every day that you can get an insider perspective on the thought process and motivation behind today’s black hat hacker. Black Hat vs White Hat vs Awesome Programmers We have to caveat…