Of the hundreds (if not thousands) of blog posts and news articles published about cybersecurity every week, occasionally you come across a gem like this post by Kevin Jackson on Sys-Con.com called “For Top Cyber Threats, Look in the Mirror”. I highly suggest you give it a read -> http://www.sys-con.com/?q=node/3943325
To break it down simply, Jackson’s article focused on a recent report released by cybersecurity assessment and advisory services provider, Praetorian, called “How to Dramatically Improve Corporate IT Security without Spending Millions”. Praetorian had analyzed the results of “100 separate internal penetration test engagements” and “identified the five most prevalent threats to corporate data”.
It probably comes as no surprise to you that “the top four are all based on utilizing stolen credentials and the last one helps an attacker be more effective in using those credentials.” At least it doesn’t for me as our whole mantra here at STEALTHbits is that every attacker is after the same two things; credentials and data.
While Jackson’s article and the study itself were what originally caught my attention, it was actually the article’s timing and applicability to a new set of Security Best Practices reports we released just days earlier that really got me excited. You can read up on that here if you’re interested -> https://www.stealthbits.com/press/item/306-first-stealthaudit-feature-pack-ships-today-providing-best-practice-reporting-active-directory-desktop-server-infrastructure
In the recently released report set I mentioned, we built a series of reports and analyses to provide our users with deep insight into these very same concepts, including Weak Password Checks, Password Status, Local Admin Rights, Potential Plaintext Passwords, critical configurations like LSA Protection and WDigest Settings, and more. If you believe Praetorian’s research – which I certainly do – why not run these reports in your environment to see how well protected you are?
At the end of the day, Praetorian’s study speaks to the need for (and the present lack of) focus on foundation-level concepts in cybersecurity. Microsoft has built tons of capabilities into Windows to protect against attacks and remediate vulnerabilities, but they’re worthless if you don’t use them or they aren’t configured properly.
I know it is cliché, but security starts with the basics and the smartest, most secure organizations start from the ground up.
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more