The Pesky Password Problem: How Hackers and Defenders Battle for Your Network Control

Workforce mobility, rapidly changing business models and business partnerships contribute to a trend where businesses must be able to seamlessly enable access for everyone, to every digital service. These services might be public cloud, they might be web applications with or without support for federation standards, they might be solely backend services accessed via APIs, or even legacy applications exposed only via some sort of middleware. However, agility in the digital journey mandates that IT can provide seamless access to all these services while keeping in control and enforcing security. Identity as a Service offering, whether deployed from a public or hybrid cloud, can take a central role, by acting as the common fabric connecting all the users and all the services. Such services include support for adaptive authentication, auditing features, broad federation services, authorization capabilities, and various capabilities.

One of the hottest topics at RSA San Francisco 2019 was the Mitre ATT&CK framework. Along with the Lockheed-Martin Kill Chain, it has become a standard reference model for cybersecurity professionals. Specifically, it is used to describe each stage of an attack. Pen testers, security analysts and Security Operations Center (SOC) professionals must learn how to mature their operations, as well as hone the skills of red team and blue team workers.

With each new year’s planning, organizations must deal with both new and longstanding trends that have an impact on their cybersecurity profiles. This process is made even more difficult by an increasingly sophisticated threat landscape and a chronic cyber-skills shortage that impacts all organizations.

You don’t know what you don’t know. You suspect that your industrial environment is exposed and vulnerable but how can you be sure? How do you gain visibility and insights into your OT networks security risk posture? If the first step is understanding all of your assets and communications, how do you start? How many devices do you have on your industrial network? What talks to what? What talks to the outside world? Do you have vulnerabilities and weak spots? Is all of your firmware up to date? Sentryo is now working with our world-class partners to offer a unique Risk Assessment Service that provides the executives, managers, security analysts, automation engineers, compliance managers and all other IT, OT and management stakeholders in an organization clear analysis and insights about their cyber security posture highlighting the potential vulnerabilities and/or threats that require attention.