Morey Haber

BeyondTrust, the pioneer in privilege-centric security, announced that the company has been named as McAfee’s Security Innovation Alliance (SIA) Partner of the Year winner. This news comes on the heels of last year’s award as Runner Up for McAfee’s SIA Most Innovative Partner of the Year. The award was announced at the McAfee MPOWER Cybersecurity Summit in Las Vegas on October 16. “We’re honored to be recognized for our continued work with the Security Innovation Alliance for the benefit of our joint customers,” said Morey Haber, Chief Technology Officer at BeyondTrust. “This award is a testament to the success our joint customers are experiencing as we reduce complexity and make it easier for organizations to control privileged accounts and mitigate potential endpoint threats.” Resolving Threats Faster The McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats fasterThe McAfee SIA program provides customers with integrated security solutions that enable them to resolve more threats faster with fewer resources. Partners are screened for innovation, strategic value, and market leadership in their respective market segments that complement the McAfee solution portfolio. “BeyondTrust was selected as our Most Valuable Partner of the Year based on the review of more than 150 SIA partners and their multiple integrations and engagement with McAfee,” said D.J Long, vice president, strategic business development at McAfee. “BeyondTrust took top honors because of their ability to seamlessly integrate and provide management solutions that allow users to better understand and take actions against privilege-based risks.” Enabling Customers To Protect Endpoints The certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpointsThe certified integration between PowerBroker Password Safe and McAfee ePolicy Orchestrator (ePO) provides a flexible and convenient way to manage privileged passwords and privileged sessions through the McAfee ePO console. In addition, the certified integration between BeyondTrust’s Avecto DefendPoint solution and McAfee ePO enables customers to protect endpoints and implement least privilege policy across any organization – all through the centralized ePO platform. In addition, BeyondTrust also integrates with McAfee Enterprise Security Manager (ESM) and McAfee DXL to provide a real-time view of potential security threats and speed customers’ ability to proactively respond to these threats.

BeyondTrust, the cyber security company dedicated to preventing privilege misuse, vulnerability management, and stopping unauthorized access, announced the availability of a new book, Asset Attack Vectors:  Building Effective Vulnerability Management Strategies to Protect Organizations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, is focused on how to build an effective vulnerability management strategy to protect an organization’s assets, applications, and data. As published in BeyondTrust’s recent survey, next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are improving operational efficiencies and cost savings, however, 78 percent of users cite security concerns and acknowledge the vulnerabilities these technologies introduce to their networks. In fact, one in five respondents experienced five or more breaches related to next-generation technologies. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data center Understanding And Mitigating Vulnerabilities This book details how today’s network environments are dynamic, requiring multiple defenses to mitigate vulnerabilities and exploits and stop data breaches. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data center. “Today’s attack surfaces are rapidly expanding to include, not only traditional servers and desktops, but also routers, printers, cameras, and other IoT devices,” said Morey J. Haber, Chief Technology Officer at BeyondTrust. “It doesn’t matter whether an organization uses LAN, WAN, cloud, wireless, or even a modern PAN ― savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact.” SLAs For Vulnerability And Patch Management The book is structured to provide guidance to help organizations build a vulnerability management program fit to meet the challenges of the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. Also outlined are practical service level agreements (SLAs) for vulnerability management and patch management. The book contains guidance for readers to: Create comprehensive assessment and risk identification policies and procedures Implement a complete vulnerability management workflow in nine easy steps Understand the implications of active, dormant, and carrier vulnerability states Develop, deploy, and maintain custom and commercial vulnerability management programs Discover the best strategies for vulnerability remediation, mitigation, and removal Automate credentialed scans that leverage least-privilege access principles Asset Protection Strategy Readers will also gain insights from real-world case studies that share successful vulnerability management strategies and reveal potential pitfalls. “Vulnerability management needs to be more than a compliance check box—it should be a foundation of an organization’s cybersecurity strategy,” said Brad Hibbert, Chief Operating Officer at BeyondTrust. “Our hope is the book helps readers get ahead of threats and protect their organizations with an effective asset protection strategy.” Late last year, authors Morey J. Haber and Brad Hibbert released another book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. The book details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organizations must adopt to protect against a breach, prevent lateral movement, and improve the ability to detect hacker activity and insider threats in order to mitigate cyber risk. 

BeyondTrust, global cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, announced two new features in PowerBroker for Windows that help IT administrators manage privileged access by automating their security policies.  Verizon 2018 Data Breach Investigations Report With an increase in stolen credentials as the cause of many of today’s data breaches and hacking attacks, according to the Verizon 2018 Data Breach Investigations Report, organizations must remain vigilant in their execution of security policies across the enterprise. Considering the sheer volume of potential endpoints that an organization must manage when implementing least privilege rules and the complexities associated with developing rules based on users’ needs and privileged elevation requirements, an automated solution speeds the time to value and reduces the risk of inconsistent or incomplete policies. PowerBroker Policy Accelerator, a new and revolutionary capability of the PowerBroker for Windows solution, intelligently identifies new applications PowerBroker Policy Accelerator, a new and revolutionary capability of the PowerBroker for Windows solution, intelligently identifies new applications and privilege elevation requirements based on real activities in the network and user event logs and subsequently automates the process of defining and generating the necessary policy rules. PowerBroker For Windows Version 7.5 Additionally, PowerBroker for Windows version 7.5 includes enhanced protections against rogue scripts by allowing only those with an approved signature and other specified criteria to run. This capability is essential for scripts that manage configurations or provide privileged access to resources. Combined with Application-to-Application scripts like those used with PowerBroker Password Safe, companies can validate whether a script has been tampered with before it is granted authorization for password or application use. This enhancement not only helps administrators and users, it helps next-generation initiatives for DevOps automate Windows environments embarking on digital transformation journeys. PowerBroker for Windows version 7.5 also now supports Microsoft Windows 10 April Update 2018, allowing IT admins to remain up to date on the latest Windows OS PowerBroker for Windows version 7.5 also now supports Microsoft Windows 10 April Update 2018, allowing IT admins to remain up to date on the latest Windows OS. This compatibility update demonstrates BeyondTrust’s commitment to staying in lockstep with the Microsoft community. With the latest version of PowerBroker for Windows, IT administrators can achieve the following: Reduced Attack Surfaces – Decrease attack surfaces by removing admin rights from end users and employing fine-grained policy controls for all privileged access. Continuous Monitoring – Monitor and audit sessions for unauthorized access and/or changes to files, directories, and lateral movement. Analyze Behavior – Detect suspicious users, accounts and asset activities through behavior analysis and Vulnerability-Based Application Management (VBAM). PowerBroker Policy Accelerator Discovering, creating, and testing least privilege policies can be a challenge for many of today’s enterprises" “Discovering, creating, and testing least privilege policies can be a challenge for many of today’s enterprises,” said Morey Haber, CTO, BeyondTrust. “IT teams are often tasked with evaluating multiple systems and understanding a wide array of users’ needs in order to determine the privileged elevation requirements and the necessary system parameters.” “What’s more, much of this work is done in test environments and doesn’t take into account all of the real-world scenarios that can happen. With the new PowerBroker Policy Accelerator feature, organizations can quickly find the elevation requirements, and then test and save required rules on the fly, while maintaining consistency without sacrificing compliance.” PowerBroker for Windows version 7.5, including the free Policy Accelerator capability, is available now along with support for the latest versions of Windows 10.

BeyondTrust, the cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, has announced the availability of a new book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organizations must adopt to protect against a breach, protect against lateral movement, and improve the ability to detect hacker activity or insider threats in order to mitigate the impact.When unmanaged, privileged credentials pose a significant threat from external hackers and insider threats Privileged Access Management In BeyondTrust’s recent survey - Five Deadly Sins of Privileged Access Management, 86 percent of the nearly 500 IT professionals surveyed reported that the misuse of personally identifiable information was an issue that kept them up at night. Not surprisingly, Forrester research found that 80 percent of data breaches are the result of the abuse or misuse of privileged credentials. “We have privileged credentials and over-privileged users virtually everywhere and they all need to be managed for a business to stay secure,” said Morey Haber, Chief Technology Officer at BeyondTrust. “When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats that can present a game over event for a business or its team members." "We’re excited to deal with this complex topic head-on in a comprehensive manner in the book which will be a valuable resource to individuals and enterprises alike,” Morey added.Attackers target the perimeter network, but, in recent years, have refocused on users and their privileges Safeguarding Identities The book identifies how identities, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack and breach an environment. It presents an overview of 12 logical steps in the following areas: Implement a secure privileged attack defensive Comply with privileged regulatory audit requirements Mitigate privileged threats through least privilege, access control, and session management Incorporate credential and password best practices to secure privileged access in any environment Integrate privileged access management into your existing systems and workflow “As cyber-attacks continue to increase in volume and sophistication, it is not a matter of if, but when your organization will be breached,” said Brad Hibbert, Chief Operation Officer at BeyondTrust. “Attackers target the perimeter network, but, in recent years, have refocused their efforts on the path of least resistance: users and their privileges. Our hope is our new book will help users understand the risks and build a solid defense to protect their most prized credentials.”