We promise to send you awesome stuff you'll want to read more than once.
If you think about it, passwords need to be managed just like SSH keys, and that involves three key requirements: The enforcement of complex or long passwords. Some level of enforcement around the rotation of passwords (we can argue the rotation interval can be argued another time). Controls around who has access to the password. Let’s cover each requirement in more detail. Point 1: Complex or lon...
SSH Research: Bad PAM tools lead to bad security habits. Why simpler security is safer.
Background Managing access to critical infrastructure has always been a challenge, moving to elastic cloud environments makes it even harder and more time critical. How to make sure that the right people get access to the right resources at the right time? At the same time companies and organizations are struggling with manpower and resources. They do not have the time and money to start large IT-...
We are proud to be included in KuppingerCole’s "Leadership Compass 2020: Privileged Access Management" as one of the Overall Leaders. A direct quote from the report: “The PAM market is becoming more competitive and size alone will no longer keep vendors at the top. This is especially true in a period when vendors like SSH.COM can go from Challenger to Leader in one year due to a strong focus on te...
Two more security events occurred, once again caused by having inadequately-secured standing privileges, and unmanaged SSH keys freely roaming around your IT environment. This is exactly why we strongly advocate companies either removing permanent standing privileges (like passwords) or take management of their access credentials (like SSH keys) more seriously.
Cyberattacks attacks are on the rise once again. High-profile targets like the World Health Organization (WHO) and their top officials are a lucrative target for hackers. Also, hackers got hold of 500,000 Zoom user passwords. “This is unprecedented for everyone here. We’re doing what we can to mitigate it” is a direct quote from WHO’s chief information officer (CIO), Bernardo Mariano. He also sta...
IT and system administrators are faced with a dilemma: how to ensure people working from home can access specific internal systems securely. Allowing VPN access is not an ideal solution if access is needed only to a particular Windows application or internal website. Another example of specific access: a remote worker would need to transfer files to/from a Linux/Unix/Windows system that under norm...
For obvious reasons, a vast majority of your system administrators, DevOps teams and software engineers are forced to adopt remote work habits right now. They are called privileged users for a reason, since they access to business-critical databases and maintain IT infrastructures. But are security controls under threat now that this shift was so sudden? The same applies to non-privileged users as...
The partnership will help enterprises mitigate the risks of privileged credential abuse and streamline operations as they move to multi-cloud environments.
2019 has been an exciting year for privileged access management (PAM): we’ve seen the rise of the Zero Trust framework, recommendations from Gartner analysts towards Just-In-Time (JIT) and Zero Standing Privileges (ZSP) models and our very own lean PAM - PrivX, has steadily evolved to accelerate the industry’s transition to JIT access. Since introducing PrivX in 2018, our aim has been to develop a...
We help major enterprises solve the security challenges of digital transformation. We design best-of-breed commercial solutions for secure access that help our customers win in the global data economy.
