As a cloud service provider (CSP), working with federal agencies may be one of your goals. But to do so, you need to meet rigorous security standards from the Federal Risk and Authorization Management Program (FedRAMP).
The post What Is FedRAMP ATO? Designations, Terms, and Updates appeared first on Security Boulevard.
With advanced AI cybersecurity tools, you bring powerful capabilities to your security strategy. AI enhances threat detection, automates key security tasks, and strengthens your overall security posture, completing tasks with speed and accuracy that humans can’t match.
The post 7 Best AI Cybersecurity Tools for Your Company appeared first on Security Boulevard.
Authors/Presenters: Moritz Abrell
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Unlocking The Gates: Hacking A Secure Industrial Remote Access Solution appeared first on Security Boulevard.
Managing digital certificates might sound simple, but for most organizations, it’s anything but. For cryptography and IT teams handling hundreds of certificates, staying ahead of expirations, maintaining security, and meeting compliance demands are constant challenges. Here’s an in-depth look at why having robust certificate lifecycle management processes is essential, the obstacles organizations face, and how […]
The post Navigating Certificate Lifecycle Management first appeared on Accutive Security.
The post Navigating Certificate Lifecycle Management appeared first on Security Boulevard.
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s Turnoff.US: ‘My Adorable Useless Code’ appeared first on Security Boulevard.
D-Licious: Stubborn network device maker digs in heels and tells you to buy new gear.
The post Here’s Yet Another D-Link RCE That Won’t be Fixed appeared first on Security Boulevard.
For many experts, the verdict is that RBAC remains a big deal because it delivers on two crucial fronts: It keeps organizations secure while enabling them to remain agile and innovative. In an era of increasingly sophisticated cyberattacks, that’s a combination that’s hard to beat.
The post Why RBAC is Still a Big Deal in 2024 appeared first on Security Boulevard.
A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Microsoft’s Active Directory (AD) is at the heart of identity and access management (IAM) for organizations worldwide, making it an attractive target for cyberattackers. Concerns over the risks of AD compromise prompted cybersecurity agencies from Australia, Canada, New Zealand, U.K. and U.S. to issue a landmark report, Detecting and Mitigating Active Directory Compromises. The report, released in September, details 17 attack techniques, from Kerberoasting to Golden Ticket attacks, which, left unchecked, can enable attackers to take total control over systems.
In the first of our two-part series, we look beyond the report’s guidance for detecting and mitigating AD compromises to explore how organizations can institute a dynamic, proactive AD cybersecurity strategy. We discuss how continuous monitoring, adaptive defenses and risk-based prioritization can help security leaders protect their AD infrastructure. We provide five action items you can use to operationalize your identity security strategy.
In part two, we go beyond the basics to provide insight and guidance about additional areas of AD exposure worth addressing.
Attackers see AD as a gatewayAs the backbone of authentication and authorization in most organizations, AD controls access to sensitive data and critical systems. Identity has become the modern control plane for enterprises, and attackers know that compromising AD can be their gateway to a treasure trove of information and control. High-profile attacks, such as those by Storm-0501 and Conti ransomware, demonstrate the devastating financial and operational impact that can result when AD security is breached.
It’s important to note that the report issued by the cyberagencies — known collectively as the Five Eyes Alliance — is much more than a compliance checklist. Too often, we see organizations approach such cybersecurity guidance by taking a series of one-off actions, assuming that ticking a few boxes ensures lasting security.
In reality, attackers exploit vulnerabilities as soon as they arise. Point-in-time compliance efforts can't keep up with the adaptive nature of today's cyberthreats. To stay ahead, organizations must go beyond compliance, adopting a continuous, adaptive approach that anticipates and mitigates risks in real-time, ensuring that AD remains secure against evolving threats.
From insight to action: Operationalizing the report's recommendationsThe guidance from the cybersecurity agencies makes it clear: Active Directory isn't a "set-it-and-forget-it" system.
As AD environments continuously evolve — whether through new users, permission updates or expanded cloud integrations — cybersecurity strategies must evolve in tandem. Misconfigurations and identity-based vulnerabilities open new doorways to risk because they don't stay put. This is precisely why organizations must adopt a structured, real-time approach to managing AD, including continuous monitoring, risk-based prioritization and adaptive security practices responsive to the shifting threat landscape.
Operationalizing the report’s guidance requires more than static point-in-time tech fixes. It calls for a series of game-changing steps to keep your AD secure.
Below, we break down five key areas to focus on as you turn the report's guidance into actionable steps.
1. Continuously monitor with real-time visibilityOrganizations often behave as though AD is a static system, a thing to be configured once and then assumed to be secure. However, as the Five Eyes report illustrates, AD is in constant flux, with each change potentially opening new vulnerabilities. From new hires and permission updates to expanding cloud connections, any shift in AD can create an unseen entry point for attackers. Real-time visibility and continuous monitoring are behavioral steps to stay ahead of evolving risks.
Why it mattersAttackers thrive on hidden weaknesses, like subtle misconfigurations and creeping permission drift, exploiting tactics like DCSync and Kerberoasting to infiltrate your systems silently. Without real-time oversight, these tactics can remain undetected. That's why it’s essential to identify and prioritize identity weaknesses as soon as they surface — catching risks early stops attackers in their tracks.
What to doNot every weakness in Active Directory carries the same level of risk Treating each issue with equal priority can drain resources while leaving critical exposures unattended. A risk-based model automatically prioritizes AD weaknesses and allows security teams to focus on the exposures that matter most, rather than getting bogged down in low-risk issues.
Why it mattersAmong the 17 attack tactics highlighted in the Five Eyes report, some — like DCSync — might be more critical in traditional infrastructures, while others, such as password spraying, may pose a higher risk in cloud-heavy environments. Automated risk scoring tailors prioritization to your organization's unique setup, ensuring that high-impact threats are addressed promptly.
What to doA resilient Active Directory environment relies on enforcing least-privilege access, granting users only the permissions they need to perform their roles. However, over time, privileges can expand unintentionally — through changes in group memberships, role adjustments or emergency access that is not promptly revoked. This "privilege creep" broadens the attack surface attackers can exploit, as excessive permissions make lateral movement and privilege escalation easier.
Why it mattersExcessive permissions in Active Directory enable various attack techniques, including Silver Ticket compromises where adversaries forge Kerberos tickets for unauthorized access. Without least-privilege enforcement, attackers can exploit over-permissioned accounts to move laterally and access sensitive resources undetected. Proper privilege management is essential to prevent these and other AD-based cyberattacks.
What to doYour security mindset sets the stage for securing AD. We all know that responding to incidents after they occur is painful, especially when there is a chance to preemptively identify and address potential threats. The nature of the Five Eyes guidance is proactive. Understanding Indicators of Exposure (IoE) and looking for those early warning signs can help teams address vulnerabilities before they become an attacker's foothold in the network.
Why it mattersA reactive approach leaves security teams in constant catch-up mode, dealing with incidents as they happen instead of eliminating root causes. Focusing on IoE systematically closes off pathways that adversaries exploit to infiltrate environments. It also allows security teams to expand their protective reach without adding to their alert fatigue. This equates to a broader security strategy prioritizing long-term resilience over short-term fixes.
What to doEnterprise expansion pits cybersecurity teams against a sprawling landscape of domains, assets and identities — each adding layers of complexity. When security forms a phalanx, with a unified approach of shared insights and tools, efficiency emerges and gaps close. Scaling security demands a cohesive strategy that seamlessly integrates identity management, asset visibility and threat detection into a single, unified framework, ensuring consistent security practices.
Why it mattersLack of unification is a recipe for disaster. Without a platform that normalizes data and promotes shared understanding, teams work in silos, widening gaps in coverage and leaving critical assets vulnerable. In complex, multi-domain environments, it’s essential to take a unified approach — fostered by integrated, scalable platforms — for fast, coordinated responses to cyberthreats. By closing these gaps, organizations can maintain comprehensive oversight, enabling teams to keep pace with growth while ensuring consistent security across the enterprise.
What to doThe above five steps offer a solid foundation for operationalizing the Five Eyes guidance. But stopping there misses important considerations for enhancing and adapting security strategies. In part two of this series, we go beyond the basics, offering guidance on achieving full coverage, addressing modern attack techniques and securing Active Directory and Entra ID as part of a holistic identity security approach.
Learn moreThe post Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps appeared first on Security Boulevard.
A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
The landmark report Detecting and Mitigating Active Directory Compromises — released in September by cybersecurity agencies in Australia, Canada, New Zealand, U.K. and U.S. — shines a bright light on the risks organizations face if their identity and access management (IAM) system is targeted by cyberattackers.
In the first of our two-part series, we discussed five steps organizations can take to operationalize the report findings and develop a cybersecurity strategy for protecting their Microsoft Active Directory (AD) infrastructure. While these steps are important, stopping there misses crucial considerations that can further enhance security strategies.
Here, in part two, we look beyond the basics to provide three key areas cybersecurity leaders can consider in order to achieve full coverage, address modern attack techniques and secure Active Directory and its cloud-based counterpart Entra ID (formerly Azure AD) as part of a holistic identity security approach.
1. Implement full coverage for Active Directory in hybrid environmentsWhile basic AD assessment tools provide valuable insights, they fall short in today's hybrid environments, where on-premises AD and cloud identities intersect. Point-in-time scans risk missing active threats like Kerberoasting, DCSync and password spraying — techniques that cyberattackers can execute repeatedly to evade periodic checks.
Why full coverage mattersWhile the report from the five cybersecurity agencies — known collectively as the Five Eyes Alliance — highlights 17 AD compromise methods, these cover only the most common tactics. If attackers were only so simple! Their approaches are also exploiting AD's connections with Entra ID, software as a service (SaaS) applications and hybrid clouds. To stay secure, organizations must look beyond static techniques and adapt to today's dynamic threat landscape.
Why modernizing mattersFocusing only on known techniques can leave a lot on the table for today’s attackers, who leverage AD's complex integrations, developing methods that fall outside standard tactics yet pose serious risks. A comprehensive, adaptive security approach prepares teams to counter both established and evolving threats.
What to doWhile the Five Eyes report highlights compromises in on-premises Active Directory, protecting cloud-based directory services, like Entra ID, is equally important as organizations expand into the cloud. Attackers are increasingly pivoting between on-premises AD and cloud-based directories to maximize impact, as demonstrated by recent breaches. In hybrid environments, attackers exploit the gaps between AD and Entra ID, often bypassing defenses that cover only one system. Think of your directory infrastructure as a house with two front doors: securing only one leaves the other exposed. For modern enterprises, unified security monitoring across AD and Entra ID is essential to prevent attackers from exploiting inconsistencies between on-premises and cloud defenses. Your identity security strategy is only as strong as its most vulnerable directory.
Why securing both AD and Entra ID mattersActive Directory compromises remain a focal point for attackers. The Five Eyes report underscores its continued relevance and clarifies why identity is the modern control plane in exposure management. As you review the guidance, refrain from letting this become another checklist. Rethink how your organization is approaching its AD security. Do you have continuous monitoring, risk-based prioritization, least-privilege access and unified operations? Are you employing an identity-first security approach that naturally achieves compliance? Are you unifying protection across on-premises AD and Entra ID to close gaps attackers exploit?
Learn moreThe post Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics appeared first on Security Boulevard.
Authors/Presenters: # Vikas Khanna
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Unlocking the Gates: Understanding Authentication Bypass Vulnerabilities appeared first on Security Boulevard.
In a recent podcast interview with Cybercrime Magazine's host, Charlie Osborne, Heather Engel, Managing Partner at Strategic Cyber Partners, discusses reports from OpenAI that hackers are trying to use its tools for malicious purposes. The podcast can be listened to in its entirety below.
The post AI in Cybercrime: Hackers Exploiting OpenAI appeared first on Security Boulevard.
Operational Technology (OT) and Industrial Control Systems (ICS) are critical components of many industries, especially those within the 16 critical […]
The post Building and Enhancing OT/ICS Security Programs Through Governance, Risk, and Compliance (GRC) appeared first on Security Boulevard.
Introduction One of the most powerful things to do with data is to visualize it. Being able to see the data in various contexts can help executives and security professionals alike understand their cyber environment better and identify their strengths and weaknesses. Dashboards in Splunk are fairly easy to make but sometimes you may [...]
The post Let’s Build A Dashboard! appeared first on Hurricane Labs.
The post Let’s Build A Dashboard! appeared first on Security Boulevard.
The hard truth is that security breaches often happen because of human mistakes from simple, everyday actions. It's not just employees unknowingly using unsecured Wi-Fi – it's phishing, weak passwords and a lack of awareness that open the door to attackers.
The post The Crucial Influence of Human Factors in Security Breaches appeared first on Security Boulevard.
Ransomware attacks are increasingly targeting critical infrastructure — essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors. The recent American Water..
The post Protecting Critical Infrastructure with Zero-Trust and Microsegmentation appeared first on Security Boulevard.
If you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and […]
The post 10 Best Drata Alternatives to Consider for Compliance Management in 2024 appeared first on Centraleyes.
The post 10 Best Drata Alternatives to Consider for Compliance Management in 2024 appeared first on Security Boulevard.
Discover how servant leadership and a human-centric approach to IAM drive trust, resilience, and impactful results in today’s complex business landscape.
The post Sentient IAM: Unlocking Success Through Human-Centric Leadership first appeared on Identient.
The post Sentient IAM: Unlocking Success Through Human-Centric Leadership appeared first on Security Boulevard.
Smart SOAR’s automated grouping reduces the noise by filtering out irrelevant alerts, enabling a faster and more efficient response.
The post Respond to Fewer Alerts with Automated Grouping appeared first on D3 Security.
The post Respond to Fewer Alerts with Automated Grouping appeared first on Security Boulevard.
Are you a service organization seeking an audit to gain customers’ trust? Or maybe you are looking to attract prospective clients by proving how serious you are with customers’ data. If that is the case, you have come to the right place. Introducing the SOC 2 audit – think of it as a thorough check-up […]
The post SOC 2 Compliance Audit: Safeguarding Your Business’s Data appeared first on Security Boulevard.
How Robust Are Your Machine Identity Solutions? As cybersecurity threats and data breaches continue to soar, the question becomes inevitable: how robust are your machine identity solutions? For many organizations, the answer remains shrouded in ambiguity, leaving them vulnerable to data breaches and non-compliance penalties. However, a new frontier of Non-Human Identity (NHI) and Secrets […]
The post Build Confidence with Robust Machine Identity Solutions appeared first on Entro.
The post Build Confidence with Robust Machine Identity Solutions appeared first on Security Boulevard.
