Today Cyber Security plays a paramount role in global security. On this blog, the CEO of Paramount Defenses shares rare insights on issues related to Cyber Security, including Privileged Access, Organizational Cyber Security, Foundational Security, Windows Security, Active Directory Security, Insider Threats and other topics.


December 6, 2019

Its Time to Help Defend Organizations Worldwide

Folks,

I trust this finds you all doing well. It has been a few months since I last blogged - pardon the absence. I had to focus my energies on helping the world get some perspective, getting 007G ready for launch, and dealing with a certain nuisance.

Having successfully accomplished all three objectives, it is TIME to help defend organizations worldwide from the SPECTRE of potentially colossal compromise, which is a real cyber security risk that looms over 85% of organizations worldwide.


When you know as much as I do, care as much as I do, and possess as much capability as I do, you not only shoulder a great responsibility, you almost have an obligation to educate the whole world about cyber security risks that threaten their security.

So, even though I barely have any time to do this, in the interest of foundational cyber security worldwide, I'm going to start sharing a few valuable perspectives again, and do so, on this blog, that blog and the official PD blog (;see below.)


Speaking of which, earlier this week, I had the PRIVILEGE to launch the official PD blog -  https://blog.paramountdefenses.com


Stay tuned for some valuable cyber security insights right here from January 06, 2020
and let me take your leave with a befitting (and one of my favorite) song(s) -



Best wishes,
Sanjay.


PS: Just a month ago, the $ Billion Czech cyber security company Avast was substantially compromised, and guess what the perpetrators used to compromise them? They used the EXACT means I had clearly warned about TWO years ago, right here.


March 7, 2019

A Simple Trillion$ Cyber Security Question for the Entire RSA Conference

Folks,

This week, the famous RSA Conference 2019 is underway, where supposedly "The World Talks Security" -



If that's the case, let's talk -  I'd like to respectfully ask the entire RSA Conference just 1 simple cyber security question -

Question: What lies at the very foundation of cyber security and privileged access of not just the RSAs, EMCs, Dells, CyberArks, Gartners, Googles, Amazons, Facebooks and Microsofts of the world, but also at the foundation of virtually all cyber security and cloud companies and at the foundation of over 85% of organizations worldwide?

For those who may not know the answer to this ONE simple cyber security question, the answer's in line 1 here.



For those who may know the answer, and I sincerely hope that most of the world's CIOs, CISOs, Domain Admins, Cyber Security Analysts, Penetration Testers and Ethical Hackers know the answer, here are 4 simple follow-up questions -


  • Q 1.  Should your organization's foundational Active Directory be compromised, what could be its impact?
  • Q 2.  Would you agree that the (unintentional, intentional or coerced) compromise of a single Active Directory privileged user could result in the compromise of your organization's entire foundational Active Directory?
  • Q 3.  If so, then do you know that there is only one correct way to accurately identify/audit privileged users in your organization's foundational Active Directory, and do you possess the capability to correctly be able to do so?
  • Q 4.  If you don't, then how could you possibly know exactly how many privileged users there are in your organization's foundational Active Directory deployment today, and if you don't know so, ...OMG... ?!

You see, if even the world's top cyber security and cloud computing companies themselves don't know the answers to such simple, fundamental Kindergarten-level cyber security questions, how can we expect 85% of the world's organizations to know the answer, AND MORE IMPORTANTLY, what's the point of all this fancy peripheral cyber security talk at such conferences when organizations don't even know how many (hundreds if not thousands of) people have the Keys to their Kingdom(s) ?!


Today Active Directory is at the very heart of Cyber Security and Privileged Access at over 85% of organizations worldwide, and if you can find me even ONE company at the prestigious RSA Conference 2019 that can help organizations accurately identify privileged users/access in 1000s of foundational Active Directory deployments worldwide, you'll have impressed me.


Those who truly understand Windows Security know that organizations can neither adequately secure their foundational Active Directory deployments nor accomplish any of these recent buzzword initiatives like Privileged Access Management, Privileged Account Discovery, Zero-Trust etc. without first being able to accurately identify privileged users in Active Directory.

Best wishes,
Sanjay


PS: Pardon the delay. I've been busy and haven't much time to blog since my last post on Cyber Security 101 for the C-Suite.

PS2: Microsoft, when were you planning to start educating the world about what's actually paramount to their cyber security?