BeyondTrust - Experts & Thought Leaders
Latest BeyondTrust news & announcements
Beyond Identity, the provider of passwordless, phishing-resistant MFA, announces the formal release of ‘Zero Trust Authentication’ (ZTA) as a subcategory of zero trust technology, together with the launch of the Worldwide Zero Trust Leadership series of events that will run throughout 2023. Bringing together security technologies and integrators, Beyond Identity, Palo Alto Networks, CrowdStrike, Optiv, World Wide Technology, Guidepoint Security, BeyondTrust, Ping Identity and Climb Channel Solutions will enable organisations to move towards secure authentication designed to advance the zero trust strategies of global 5000 companies. Continuous authentication capabilities Zero Trust Authentication has been developed in response to the failure of traditional authentication methods – a problem exacerbated by the increasing number of cyberattacks. Adopting Zero Trust Authentication will allow organisations to overcome the limitations of passwords Adopting Zero Trust Authentication will allow organisations to overcome the limitations of passwords and legacy multi-factor authentication (MFA) and implement more robust security strategies. To achieve this, the Zero Trust Authentication approach includes components such as Beyond Identity's risk scoring and continuous authentication capabilities, which significantly enhances the level of protection offered. Access management vulnerabilities "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices,” said Tom Jermoluk, Chief Executive Officer and Co-Founder of Beyond Identity. He adds, “We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an ‘always on’ zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities.” Weak authentication factors Identity and authentication vulnerabilities remain the single largest source of ransomware" "Year after year, Identity and authentication vulnerabilities remain the single largest source of ransomware and security breaches, so something has to fundamentally change to close this vulnerability and enable organisations to meet the security mandates issued by the White House, NIST and CISA,” said Dr. Chase Cunningham, better known as a co-creator of the Zero Trust Extended framework and as Dr. Zero Trust. He adds, “The Zero Trust Authentication approach eliminates weak authentication factors and optimises user and device access decisions with risk signals from a variety of installed cyber security tooling because Zero Trust is a team sport, and this enables organisations to effectively shut the door on the single largest initial attack vectors adversaries routinely rely on." Gaining practical insights The Zero Trust Leadership Series kicks off with the ‘The Bridge to Zero Trust’ virtual event on March 15th, 2023, which will bring together zero trust industry leaders, including CISOs from organisations, technology providers, advisors and solution providers. The Zero Trust Leadership Series kicks off with the ‘The Bridge to Zero Trust’ virtual event on March 15th, 2023 Attendees will learn how to combine identity, authentication, network architecture, endpoint detection and response technologies to strengthen their cybersecurity efforts and gain practical insights and best practices that will enable Identity and Security teams to stay ahead of attackers and out of the headlines and advance their zero trust security efforts. Security infrastructure investments Among the organisations supporting Zero Trust Authentication are identity pioneers Ping Identity and Beyond Trust, cybersecurity pioneer Palo Alto Networks and CrowdStrike, security integrators World Wide Technology and Optiv, technology distributor Climb Channel Solutions, and industry associations including the Cloud Security Alliance and the FIDO (Fast Identity Online) Alliance. “Delivering continuous verification of identity — user and devices — is essential to meeting the promise of zero trust,” said Jay Bretzmann, Research Vice President, Security Products at IDC. “Beyond Identity has taken the approach to utilise signals from security infrastructure in near real-time to raise the security standard and capitalise on existing security infrastructure investments in EDR and SASE tools.” Accelerating effective and leading cybersecurity programs requires a zero trust approach" “Accelerating effective and leading cybersecurity programs requires a zero trust approach,” said Marcos Christodonte II, Global CISO of CDW. “The notion of Zero Trust Authentication represents a significant advancement in authentication security—coupling identity-centric and network-centric capabilities to provide a comprehensive, policy-driven approach that continuously safeguards data and systems amidst a tenacious cyber threat landscape.” Current identity practices Beyond Identity, together with zero trust leaders, has defined a set of practical requirements that any organisation can use to measure their current identity practices and adopt to insulate their workforces and customers from everyday attacks. These include: Passwordless – No use of passwords or other shared secrets, as these can easily be obtained from users, captured on networks, or hacked from databases. Phishing resistant – No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks. Capable of validating user devices – Able to ensure that requesting devices are bound to a user and authorised to access information assets and applications. Capable of assessing device security posture – Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running. Capable of analysing many types of risk signals – Able to ingest and analyse data from endpoints and security and IT management tools. Continuous risk assessment – Able to evaluate risk throughout a session rather than relying on one-time authentication. Integrated with the security infrastructure – Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviours, and improve audit and compliance reporting. Zero trust authentication Beyond Identity is the only solution addressing all key zero trust authentication requirements. Together with its partners, it is bringing this practical advice directly to customers and channel partners, starting with the virtual event, to major events like RSA and Black Hat, and key cities across North America and Europe over the balance of 2023. For the industry at large, it's delivering a category-defining book, titled Zero Trust Authentication, which details the specific capabilities, requirements, policies and best practices to materially advance zero trust.
BeyondTrust, the pioneer in privilege-centric security, announced that the company has been named as McAfee’s Security Innovation Alliance (SIA) Partner of the Year winner. This news comes on the heels of last year’s award as Runner Up for McAfee’s SIA Most Innovative Partner of the Year. The award was announced at the McAfee MPOWER Cybersecurity Summit in Las Vegas on October 16. “We’re honoured to be recognised for our continued work with the Security Innovation Alliance for the benefit of our joint customers,” said Morey Haber, Chief Technology Officer at BeyondTrust. “This award is a testament to the success our joint customers are experiencing as we reduce complexity and make it easier for organisations to control privileged accounts and mitigate potential endpoint threats.” Resolving threats faster The McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats fasterThe McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats faster with fewer resources. Partners are screened for innovation, strategic value, and market leadership in their respective market segments that complement the McAfee solution portfolio. “BeyondTrust was selected as our Most Valuable Partner of the Year based on the review of more than 150 SIA partners and their multiple integrations and engagement with McAfee,” said D.J Long, vice president, strategic business development at McAfee. “BeyondTrust took top honours because of their ability to seamlessly integrate and provide management solutions that allow users to better understand and take actions against privilege-based risks.” Enabling customers to protect endpoints The certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpointsThe certified integration between PowerBroker Password Safe and McAfee ePolicy Orchestrator (ePO) provides a flexible and convenient way to manage privileged passwords and privileged sessions through the McAfee ePO console. In addition, the certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpoints and implement least privilege policy across any organisation – all through the centralised ePO platform. In addition, BeyondTrust also integrates with McAfee Enterprise Security Manager (ESM) and McAfee DXL to provide a real-time view of potential security threats and speed customers’ ability to proactively respond to these threats.
BeyondTrust, the cyber security company dedicated to preventing privilege misuse, vulnerability management, and stopping unauthorised access, announced the availability of a new book, Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organisations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, is focused on how to build an effective vulnerability management strategy to protect an organisation’s assets, applications, and data. As published in BeyondTrust’s recent survey, next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are improving operational efficiencies and cost savings, however, 78 percent of users cite security concerns and acknowledge the vulnerabilities these technologies introduce to their networks. In fact, one in five respondents experienced five or more breaches related to next-generation technologies. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre Understanding and mitigating vulnerabilities This book details how today’s network environments are dynamic, requiring multiple defences to mitigate vulnerabilities and exploits and stop data breaches. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre. “Today’s attack surfaces are rapidly expanding to include, not only traditional servers and desktops, but also routers, printers, cameras, and other IoT devices,” said Morey J. Haber, Chief Technology Officer at BeyondTrust. “It doesn’t matter whether an organisation uses LAN, WAN, cloud, wireless, or even a modern PAN ― savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact.” SLAs for vulnerability and patch management The book is structured to provide guidance to help organisations build a vulnerability management program fit to meet the challenges of the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. Also outlined are practical service level agreements (SLAs) for vulnerability management and patch management. The book contains guidance for readers to: Create comprehensive assessment and risk identification policies and procedures Implement a complete vulnerability management workflow in nine easy steps Understand the implications of active, dormant, and carrier vulnerability states Develop, deploy, and maintain custom and commercial vulnerability management programs Discover the best strategies for vulnerability remediation, mitigation, and removal Automate credentialed scans that leverage least-privilege access principles Our hope is the book helps readers get ahead of threats and protect their organisations with an effective asset protection strategy"Asset protection strategy Readers will also gain insights from real-world case studies that share successful vulnerability management strategies and reveal potential pitfalls. “Vulnerability management needs to be more than a compliance check box—it should be a foundation of an organisation’s cybersecurity strategy,” said Brad Hibbert, Chief Operating Officer at BeyondTrust. “Our hope is the book helps readers get ahead of threats and protect their organizations with an effective asset protection strategy.” Late last year, authors Morey J. Haber and Brad Hibbert released another book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organisations. The book details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organisations must adopt to protect against a breach, prevent lateral movement, and improve the ability to detect hacker activity and insider threats in order to mitigate cyber risk.
Maximising security and performance
DownloadGuide for HAAS: New choice of SMB security system
DownloadSecurity practices for hotels
DownloadAccess control system planning phase 2
DownloadThe key to unlocking K12 school safety grants
Download