What are Group Managed Service Accounts (gMSA)?

What are Group Managed Service Accounts (gMSA)?

High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012 and above. gMSAs offer a more secure way to run automated tasks, services, and applications. How are gMSAs more secure you ask? Well, their passwords are completely handled by Windows. gMSA passwords are randomly generated, automatically rotated, and not required to be known by any user. The service accounts themselves are…

Read More Read More

PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT

PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT

ALERT: If you are NOT a StealthINTERCEPT Enterprise Password Enforcer or StealthAUDIT customer, view this blog for greater relevance and a more appropriate read. With 34% of people saying they share passwords with coworkers1 and 62% reusing the same password for work and personal accounts2, the importance of checking passwords is paramount. Last Friday (June 19, 2020) we saw our first update to the “Have I Been Pwned” (HIPD) database in almost 12 months.  The database jumped from 555,278,657 to…

Read More Read More

The Importance of Updating Your Breach Password Dictionary

The Importance of Updating Your Breach Password Dictionary

With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works? Stealthbits leverages the “Have I Been Pwned” breach password dictionary within StealthAUDIT and StealthINTERCEPT Enterprise Password Enforcer…

Read More Read More

What is Sensitive Data?

What is Sensitive Data?

Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years. Seemingly, the definition is simple: sensitive data is any information that needs to be protected. What that really means though is often dependent on the nature of the business conducted by an organization and even more so, the responsible governing body. What is considered Sensitive Data? The categories…

Read More Read More

Windows Remote WMI Security Primer for the Faint-Hearted

Windows Remote WMI Security Primer for the Faint-Hearted

StealthAUDIT, a best in its class Data Access Governance (DAG) tool utilizes Windows Management Instrumentation (WMI) extensively to gather various pieces of information from the targeted Windows servers.  While local WMI querying is straightforward to implement and troubleshoot, remote WMI querying is another story.  Setting up remote WMI query security is a pretty daunting task if you are not willing to use an account that is either part of the Domain Administrators group or Local Administrators group.  After I ran…

Read More Read More

Auditing Administrator Access Rights

Auditing Administrator Access Rights

Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in the hands of the wrong user or an attacker can lead to a variety of undesirable outcomes, including data breaches, infrastructure outages, and compliance failures. Although Privileged Access Management (PAM) is recognized by CISOs and security professionals as one of the most important areas of focus among their…

Read More Read More

Improving the Accuracy of Detecting Deleted Resources

Improving the Accuracy of Detecting Deleted Resources

In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of the most important aspects of a file system resource (file, folder, or share) is “does that resource still exist”? While this might on the surface seem like one of the easiest things to collect, there was a range of mitigating factors that limited the accuracy in which we could report on…

Read More Read More

Stealthbits Named Innovation Leader in New KuppingerCole Leadership Compass for PAM

Stealthbits Named Innovation Leader in New KuppingerCole Leadership Compass for PAM

The privileged access management (PAM) market is heating up! According to the 2020 KuppingerCole Leadership Compass for PAM there are roughly 40 vendors in the space with combined annual revenue of $2.2 billion, which is predicted to grow to $5.4 billion a year by 2025. This represents a compound annual growth rate (CAGR) of 20%. The takeaway: More and more organizations are looking to invest in the next generation of PAM solutions, which offer advantages over more traditional and now…

Read More Read More

Migrating Azure Information Protection (AIP) Classic Labels to Unified Labels

Migrating Azure Information Protection (AIP) Classic Labels to Unified Labels

Azure Information Protection (AIP) is Microsoft’s cloud-based solution for classifying and, optionally, protecting sensitive documents and emails in both cloud and on-prem environments. AIP is a powerful tool (that we’ve discussed before) that can automatically apply labels and encrypt files based on admin-defined rules, and even protect documents after they’ve left an organization’s network. Changes to AIP Administration AIP was released in 2016, however, the product received a major update in 2018 to have two versions: Azure Information Protection client…

Read More Read More

Reduce PAM Switching Costs With Bring-Your-Own-Vault – Leverage Your Existing Password Vault

Reduce PAM Switching Costs With Bring-Your-Own-Vault – Leverage Your Existing Password Vault

Why Do Many PAM Deployments Fail or Fall Short of Expectations? Complexity and optimism of scalability. Fail may be too strong of a word, maybe “don’t reach their full potential” is a better way to describe most Privileged Access Management (PAM) projects. They start off complex between vaults, modules, configurations, redefining roles, collapsing access, and more often lasting 6-9 months if lucky, longer if not. Once PAM solutions get implemented, use cases start to grow and pop-up over time. From…

Read More Read More

Start a Free Stealthbits Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other