Password Self Service

Password Self-Service: One Size Doesn’t Fit All

With users having so many passwords – both personally and professionally – and with the ability to have operating systems and browsers remember password on the user’s behalf, it’s understandable that they may find themselves forgetting their password at one time or another. They can use the age-old insecure process of calling the helpdesk, or…

Imanami Lock

Extending Organizational Security and Productivity through SSO with SAML

No one really likes to remember passwords.  You’re probably in one of two camps – either you use the same password everywhere just to avoid needing to remember a variety of complex phrases, or you, like me, use a password database to store them (in which case, I only need to remember the password to…

Group Access Card

Groups: Active Directory’s Access Card

RFID access cards are commonplace in many companies. These cards provide access to different sections of the office, often limiting access to the appropriate people, so that not everyone has access to all locations within the building. For example, not everyone has access to the server room. And sometimes, because of this, many of us…

Password Resets via Helpdesk

Password Resets, Self-Service, and Security

I called the bank the other day, and even though I was only asking a simple question, I had to provide the last 4 digits of my social security number, my birthdate, and my verbal password. These security measures are in place in order for the banks to protect the assets they deem critical (which…

Privilege Misuse

The State of Insider and Privilege Misuse, 2016

In several previous articles, this blog has focused on the importance of the relationship between privileges and Active Directory group management. The two go hand-in-hand: if groups aren’t properly managed, permissions tend to get out of control. Given the importance of this relationship, let’s examine the current state of what users are able to do…

Group Vault

The Role of Group Management in PAM Strategy

Privileged Account Management (PAM) is a key part of any security strategy. For those of you who may not be familiar with it, PAM focuses on improving the security of privileged accounts and providing more controlled access to those accounts — from an account with Enterprise Admin rights all the way down to an account…

IAM Security Needs a Solid Foundation

Implementing IAM: Don’t Get Ahead of Yourself

As your organization has grown, so has your IT infrastructure. You now have so many systems requiring some level of authentication, and so many protected data sets that need to be protected, that your organization has come to the realization that it’s time: You need to implement IAM. At first, this can be an exciting…

The Need for Protecting Your Active Directory Groups

Group Management and Your Endpoint Security Strategy

Everyone’s worried about endpoints. And you should. As evidenced by the rise in organizations experiencing attacks via malware-laden websites, phishing and spear phishing, and OS/application vulnerabilities, the endpoint is a clear target for external attackers. Compromising an endpoint is frequently the first step needed to gain a foothold within your organization’s network, giving these attackers…

Disaster Waiting to Happen

Group Mismanagement: A Disaster Waiting to Happen

If you’re like most IT professionals, you don’t bother to update an Active Directory group’s membership. What’s the big deal? You may have read our articles about the realities of IT not focusing on groups or about the importance of putting some basic management in place — or better yet, a full group management lifecycle…

Empowering External Attacks: The Risk and Threat in Active Directory Groups

According to the 2015 Verizon Data Breach Investigations Report, approximately 85% of data breaches are performed by an external threat actor, with approximately 45% of those breaches focusing on credentials. This makes sense. Without proper credentials, the threat actor won’t be able to access the target data they want. Most threat actors gain entry by…