BeyondTrust, the cyber security company dedicated to preventing privilege misuse, vulnerability management, and stopping unauthorised access, announced the availability of a new book, Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organisations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, is focused on how to build an effective vulnerability management strategy to protect an organisation’s assets, applications, and data. As published in BeyondTrust’s recent survey, next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are improving operational efficiencies and cost savings, however, 78 percent of users cite security concerns and acknowledge the vulnerabilities these technologies introduce to their networks. In fact, one in five respondents experienced five or more breaches related to next-generation technologies. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre Understanding and mitigating vulnerabilities This book details how today’s network environments are dynamic, requiring multiple defences to mitigate vulnerabilities and exploits and stop data breaches. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre. “Today’s attack surfaces are rapidly expanding to include, not only traditional servers and desktops, but also routers, printers, cameras, and other IoT devices,” said Morey J. Haber, Chief Technology Officer at BeyondTrust. “It doesn’t matter whether an organisation uses LAN, WAN, cloud, wireless, or even a modern PAN ― savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact.” SLAs for vulnerability and patch management The book is structured to provide guidance to help organisations build a vulnerability management program fit to meet the challenges of the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. Also outlined are practical service level agreements (SLAs) for vulnerability management and patch management. The book contains guidance for readers to: Create comprehensive assessment and risk identification policies and procedures Implement a complete vulnerability management workflow in nine easy steps Understand the implications of active, dormant, and carrier vulnerability states Develop, deploy, and maintain custom and commercial vulnerability management programs Discover the best strategies for vulnerability remediation, mitigation, and removal Automate credentialed scans that leverage least-privilege access principles Our hope is the book helps readers get ahead of threats and protect their organisations with an effective asset protection strategy"Asset protection strategy Readers will also gain insights from real-world case studies that share successful vulnerability management strategies and reveal potential pitfalls. “Vulnerability management needs to be more than a compliance check box—it should be a foundation of an organisation’s cybersecurity strategy,” said Brad Hibbert, Chief Operating Officer at BeyondTrust. “Our hope is the book helps readers get ahead of threats and protect their organizations with an effective asset protection strategy.” Late last year, authors Morey J. Haber and Brad Hibbert released another book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organisations. The book details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organisations must adopt to protect against a breach, prevent lateral movement, and improve the ability to detect hacker activity and insider threats in order to mitigate cyber risk.
BeyondTrust, the cyber security company dedicated to preventing privilege misuse and stopping unauthorised access, has announced the availability of a new book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organisations must adopt to protect against a breach, protect against lateral movement, and improve the ability to detect hacker activity or insider threats in order to mitigate the impact.When unmanaged, privileged credentials pose a significant threat from external hackers and insider threats Privileged access management In BeyondTrust’s recent survey - Five Deadly Sins of Privileged Access Management, 86 percent of the nearly 500 IT professionals surveyed reported that the misuse of personally identifiable information was an issue that kept them up at night. Not surprisingly, Forrester research found that 80 percent of data breaches are the result of the abuse or misuse of privileged credentials. “We have privileged credentials and over-privileged users virtually everywhere and they all need to be managed for a business to stay secure,” said Morey Haber, Chief Technology Officer at BeyondTrust. “When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats that can present a game over event for a business or its team members." "We’re excited to deal with this complex topic head-on in a comprehensive manner in the book which will be a valuable resource to individuals and enterprises alike,” Morey added.Attackers target the perimeter network, but, in recent years, have refocused on users and their privileges Safeguarding identities The book identifies how identities, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack and breach an environment. It presents an overview of 12 logical steps in the following areas: Implement a secure privileged attack defensive Comply with privileged regulatory audit requirements Mitigate privileged threats through least privilege, access control, and session management Incorporate credential and password best practices to secure privileged access in any environment Integrate privileged access management into your existing systems and workflow “As cyber-attacks continue to increase in volume and sophistication, it is not a matter of if, but when your organisation will be breached,” said Brad Hibbert, Chief Operation Officer at BeyondTrust. “Attackers target the perimeter network, but, in recent years, have refocused their efforts on the path of least resistance: users and their privileges. Our hope is our new book will help users understand the risks and build a solid defense to protect their most prized credentials.”
BeyondTrust, a cyber security company dedicated to preventing privilege misuse and stopping unauthorised access, announced several of its privileged access management and vulnerability management solutions completed the Common Criteria certification. Common Criteria is an internationally recognised computer security standard that includes stringent review and testing.Reducing data breach risksAchievement of this certification helps to assure that government agencies and global enterprises can confidently procure and use BeyondTrust’s best-of-breed solutions to reduce data breach risks and address compliance requirements without the added cost and complexity of additional product testing.Joining BeyondTrust’s PowerBroker for Unix & Linux are the following Common Criteria Certification recipients: BeyondInsight Retina PowerBroker for Windows PowerBroker Auditing & Security Suite UVM 50 appliance Common Criteria, which is also an ISO standard (ISO 15408), is the foundation for the widest-available mutual international recognition of secure IT products. Its goals include improving the availability of security-enhanced IT products and supporting more efficient procurement of solutions. The DXC Security Testing and Certification Laboratories conducted the testing of BeyondTrust’s IT Risk Management Framework Preventing unauthorised accessThe DXC Security Testing and Certification Laboratories conducted the testing of BeyondTrust’s IT Risk Management Framework and granted the Common Criteria certificate (# 383-4-412) that became effective on May 8, 2017. BeyondTrust solutions achieved certification using the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4.“Enterprises around the globe depend on the Common Criteria Certification to ensure the solutions they select perform securely and as promised,” said Brad Hibbert, Chief Technology Officer, BeyondTrust. “With Common Criteria certification, organisations can be even more confident that BeyondTrust solutions will help secure their environments against insider threats and prevent unauthorised access to critical information systems.” Vulnerability managementEnterprises and governments around the world can rely on BeyondTrust solutions to give IT organisations control over internal and external risks. The company provides a unique, unified platform combining privileged access management and vulnerability management solutions, enabling IT professionals and security experts to work together with greater control and enhanced efficiency.“Businesses around the globe are very focused on improving efficiency, cost savings and security in all information technology procurements,” added Hibbert. “Devoting time and resources to independent testing solutions adds unnecessary complexity and costs to the selection process. Utilising Common Criteria certified vendors help them more effectively secure and modernise their IT systems.”