Latest news with #BeyondTrust
Yahoo
a day ago
- Business
- Yahoo
Supporting FIPS and CJIS For Secure IT Support: BeyondTrust Remote Support Remains Compliance-Ready as Standards Evolve
IT teams and support desks replacing non-compliant remote access tools are turning to BeyondTrust to help them meet modern security and compliance standards BeyondTrust Remote Support is compliance-ready, with built-in capabilities to help IT teams align with FIPS, CJIS, FedRamp, and other key security and compliance mandates without added complexity or operational overhead ATLANTA, July 28, 2025 (GLOBE NEWSWIRE) -- BeyondTrust, the global leader in identity security protecting Paths to Privilege™ and a leader in secure remote access, today announced its support for IT teams requiring security and compliance with Federal Information Processing Standards (FIPS) and Criminal Justice Information Services (CJIS) policies in cloud and on-prem environments. As compliance expectations rise and agencies reevaluate their existing tools, many are replacing non-compliant remote support software with BeyondTrust Remote Support to stay secure and compliance-ready. BeyondTrust Remote Support is currently the only remote support product on the market with FIPS 140-2, Level 1 Validation, and is one of only a few options available to become CJIS-compliant. Remote Support is purpose-built to deliver secure, encrypted remote access without VPNs, enabling IT teams, service desks, and technicians to support systems and repair devices while maintaining complete visibility, session control, and detailed auditing. This makes it an ideal fit for organizations to which FedRAMP, FISMA, DoDIN APL, Common Criteria, HIPAA and HITECH healthcare regulations apply, as well as any other private or public sector organizations required to adhere to strict data protection, encryption, and standard requirements for auditing and reporting. BeyondTrust's Remote Support has also achieved Federal Risk and Authorization Management Program (FedRAMP®) authorization to operate (ATO) at the moderate impact level, highlighting BeyondTrust's commitment to the security and protection of sensitive data. This achievement helps organizations in the public sector comply with key mandates, like NIST Zero Trust (SP 800-207), and empowers agencies, state and local governments, universities, and non-public sector customers to securely provide IT Support to their customers, remotely. 'FIPS and CJIS compliance aren't just checkbox items, they're essential security and compliance requirements to protect mission capabilities and business functions amid growing cyber risk and scrutiny,' said Sam Elliott, Senior Vice President of Products at BeyondTrust. 'Many of our customers were using tools that failed to help them meet these requirements. With BeyondTrust Remote Support, they've found a secure, compliant-ready alternative that's built on day one to meet their mission and business needs.' Unlike other solutions that have recently offloaded complex security and compliance responsibilities onto their customers, a move that exposes customers to potential cyber threats, added risk, cost, and operational overhead, BeyondTrust remains committed to its customer-first mission. By offering a secure, compliance-ready solution that is purpose-built for the needs of regulated organizations, BeyondTrust is able to remove these challenges for its customers. BeyondTrust Remote Support sets itself apart by offering: Simplified deployment with no certificate management required Flexible deployment options, including regional cloud hosting to meet data residency needs Full, custom-branding support Industry-leading security, with granular role- and time-based access controls to enforce least privilege and full session auditing FIPS-validated cryptography that ensures data is encrypted in accordance with federal standards Compliance-optimized architecture designed to meet strict regulatory and security requirements Advanced service desk features and workflows Secure attended and unattended session support Cross-platform compatibility (Windows, macOS, Linux, iOS, Android) "BeyondTrust makes it easy to make the case for prioritizing security, especially for government organizations concerned with compliance and audit requirements,' says Davis Hart, IT Division Manager - Customer Service, City of Dothan. 'All these years after implementation, [using] BeyondTrust is still one of only a few CJIS-compliant options available." For more information about how BeyondTrust Remote Support supports FIPS, CJIS, and other federal compliance standards, visit: Additional compliance resources: BeyondTrust FedRAMP® Authorizations BeyondTrust Remote Support FIPS 140-2 Validation BeyondTrust Support for CJIS Compliance Efforts About BeyondTrust BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders. BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners. Learn more at Follow BeyondTrust:X: Blog: LinkedIn: Facebook: For BeyondTrust: Mike BradshawConnect Marketing for BeyondTrustP: (801) 373-7888E: mikeb@ in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Hamilton Spectator
6 days ago
- Business
- Hamilton Spectator
BeyondTrust Launches Local Hosting of Identity Security Insights™ in the UK and Canada
ATLANTA, July 23, 2025 (GLOBE NEWSWIRE) — BeyondTrust , the global leader in identity security protecting Paths to Privilege™, today announced the local hosting availability of its Identity Security Insights solution in the United Kingdom and Canada. This strategic expansion meets growing global demand for advanced identity security and enables organizations in these regions to align with local data residency preferences while gaining enhanced protection from identity-based threats. This expansion ensures that UK and Canadian organizations can now benefit from Identity Security Insights' unique ability to provide a unified, cloud-native view of their entire identity landscape. The solution utilizes AI/ML to correlate accounts (human and service) into unified identities and helps uncover hidden paths to privilege and misconfigurations in customers' environments across identity providers and cloud platforms (IaaS, PaaS, SaaS). It also offers contextually rich, threat-aware, and prescriptive recommendations and detections, along with out-of-the-box reporting and visualizations, empowering organizations to proactively identify and address critical identity vulnerabilities. 'Expanding local hosting of Identity Security Insights to the UK and Canada marks a critical step in our mission to help organizations worldwide strengthen their identity security posture,' said Sam Elliott, SVP of Products at BeyondTrust. 'The increasing complexity of cyber threats necessitates robust and adaptable identity security measures. By making Identity Security Insights hosting available in these key regions, we empower more organizations to proactively defend against sophisticated attacks, uncover hidden vulnerabilities, streamline compliance efforts, and ultimately protect their most critical assets with greater precision and confidence.' 'Our customers in Canada increasingly require cybersecurity solutions that respect local data residency laws without sacrificing advanced functionality,' said Chris Kelly, Partner – Chief Operating Officer at Arancia, a BeyondTrust partner. 'With Identity Security Insights now locally available, we can deliver enhanced protection and actionable intelligence that aligns with our clients' compliance needs. This is a win for both security operations teams and end users who rely on seamless, secure access.' BeyondTrust Identity Security Insights has garnered industry recognition, including recognition as a Tech Innovator by CRN® and contributing to a leadership position in the KuppingerCole Leadership Compass for Identity Threat Detection and Response. Its expanding customer base underscores the increasing global market need for comprehensive identity security. Organizations can learn more about BeyondTrust Identity Security Insights and access a complimentary assessment here . About BeyondTrust BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders. BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners. Learn more at . Follow BeyondTrust: X: Blog: https:// LinkedIn: Facebook: For BeyondTrust: Mike Bradshaw Connect Marketing for BeyondTrust P: (801) 373-7888 E: mikeb@
The National
21-07-2025
- The National
US warns about Microsoft Sharepoint cyber vulnerability
A cyber security vulnerability in Microsoft 's SharePoint collaboration software has been added to the US Cybersecurity and Infrastructure Security Agency (Cisa) exploitation list as customers deal with the potential fallout. Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US. The individual or groups behind the software exploitation is not yet known. 'The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,' said Morey Haber, a chief security adviser at cyber security company BeyondTrust. Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but added that for some, it might be too little, too late. 'Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,' he explained. The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution. Microsoft pointed out that it released a security update for SharePoint 2019, and that other fixes would be on the way. 'We are actively working on updates for SharePoint 2016,' the Redmond, Washington software company posted on X. Santiago Pontiroli, lead researcher at cyber protection company Acronis, shared more some perspective as to the scale and affect of the cyber attack. 'This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach,' he said. 'Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.' Microsoft does, however, invest heavily in trying to prevent such breaches from occurring. Federal law enforcement agencies regularly work with the company and have a presence at the company's cyber crime centre in Redmond. That said, Mr Pontiroli pointed out that cyber security is a continuing game of whack-a-mole, and that companies and entities using Sharepoint should take it seriously. 'Organisations still running on-premises SharePoint need to act now,' he said. 'Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.'
Techday NZ
25-06-2025
- Business
- Techday NZ
BeyondTrust & AWS partner to boost cloud identity security
BeyondTrust has entered into a multi-year strategic collaboration agreement with Amazon Web Services to align efforts on secure cloud adoption and identity security. The agreement sees BeyondTrust and AWS focusing on joint innovation, market expansion and long-term growth by coordinating go-to-market strategies and joint investments. The partnership is intended to help organisations accelerate secure adoption of the cloud, with a particular emphasis on identity security across hybrid environments. Shared objectives The collaboration allows BeyondTrust and AWS to provide customers with more integrated solutions, coordinated field engagement, and a wider global reach. Both companies aim to address the growing need for robust security measures as more businesses transition to cloud-based infrastructure. David Manks, Vice President of Strategic Alliances at BeyondTrust, said: "At BeyondTrust our mission is to deliver exceptional identity-first security within reach of any organisation. As sophisticated attacks increase, our collaboration with AWS delivers the end-to-end visibility and control customers need to stay ahead of these threats. Together, we're empowering organisations to secure both human and non-human identities with the scale and confidence only AWS and BeyondTrust can deliver." BeyondTrust's Pathfinder Platform will enable customers to deploy a set of six core identity security controls tailored for cloud environments. These controls comprise Just-in-Time Access and Least Privilege Enforcement, Secure Remote Access without legacy VPNs, Password Management for privileged accounts, Secrets Management for DevOps credentials in the cloud, Cloud Infrastructure Entitlement Management to address over-permissioned identities, and Identity Threat Detection & Response for real-time threat monitoring and containment. The controls are designed to enhance security posture while supporting operational efficiency. Customer perspectives David Lokke, Senior Systems Administrator at Premier Bankcard, commented on the impact of the integrated solutions, stating: "As part of our move to AWS, we needed a more seamless, secure way to manage access across our cloud environment. BeyondTrust Password Safe integrated easily with our existing BeyondTrust solutions, connecting through Privileged Remote Access directly on AWS. It simplified access management and improved the experience for our vendor partners." This integration is expected to be particularly beneficial for organisations that have distributed workforces or rely on external partners, as it provides a unified approach to identity security across various environments, thus reducing complexity and risk. Security alignment Carol Potts, General Manager, North America ISV Sales at AWS, addressed the shared commitment to security standards, saying: "Security is 'job zero' at AWS, and BeyondTrust is equally committed to upholding rigorous security, compliance, and scalability standards. We are excited to deepen our relationship with BeyondTrust as we continue to innovate for our joint customers and provide them with unparalleled threat protection today—and in the future." The collaboration highlights how both AWS and BeyondTrust intend to support customers as security becomes an ever more significant focus due to increasing cyber threats targeting identity infrastructure. The two companies aim to bring flexibility to organisations across industries, enabling a more secure transition and operation in cloud environments. BeyondTrust and AWS plan to continue coordinating their technological and business efforts to help customers manage identities more effectively, responding to the evolving landscape of cloud security risks. The agreement sets the stage for ongoing product development and customer-focused initiatives grounded in security best practice and operational efficiency. Follow us on: Share on:
Yahoo
20-06-2025
- Business
- Yahoo
OPINION: Why 'least privilege' is Canada's best defence
Microsoft just hit a record high of 1,360 reported vulnerabilities in its software last year. While that number might sound scary, it's part of a trend we've seen for years. The real problem lies in what's behind the numbers and what they mean for Canadian businesses trying to stay secure in a fast-moving world. As BeyondTrust's latest Microsoft Vulnerabilities Report reveals, one type of security risk is especially alarming: elevation of privilege (EoP). This category made up 40 per cent of Microsoft's total reported vulnerabilities in 2024. That's not just a statistic; it's a wake-up call. What's elevation of privilege and why should Canadians care? Imagine someone finds a way to break into your office using a stolen key card. That's what an elevation of privilege attack is like in the digital world. Once inside, hackers can quietly move through your systems, taking control of sensitive data or expanding their access without being noticed. These attacks often begin with compromised credentials, sometimes even from non-human identities like service accounts. The problem snowballs from there. We've seen it over and over in major data breaches: attackers find one weak point, then jump from system to system. And Microsoft isn't the only target. If 40 per cent of their vulnerabilities are EoP-related, imagine how many other software platforms that Canadian companies rely on could also be vulnerable. The rise of security feature bypass attacks Another disturbing trend is the spike in security feature bypass vulnerabilities, up 60 per cent since 2020. These are loopholes hackers use to get around built-in protections in tools like Microsoft Office and Windows. Think of these bypasses as digital 'unlocked doors.' If an attacker finds one, it doesn't matter how strong your locks are, they're walking right in. Tools like EDR (endpoint detection and response) are meant to stop threats, but attackers are finding ways around them too. We've seen the rise of tools like EDR Killer that are designed specifically to sneak past these defences. Why Canadian companies can't rely on just one layer of security Some businesses still make the mistake of thinking one product or platform will keep them safe. But cybersecurity isn't about one silver bullet. It's about layered defences, also known as 'defence in depth.' For example, if a patch causes problems or breaks other tools, companies might delay applying it. But that delay gives attackers a window of opportunity. The better approach? Have multiple layers of protection in place, especially for front-line systems and high-risk assets. Microsoft Edge: The new problem child? One surprise in this year's report was the jump in Microsoft Edge vulnerabilities. Critical issues rose from 1 to 9 and total vulnerabilities increased from 249 to 292. Has Microsoft shifted its focus too much toward Azure and Dynamics 365? It's a question worth asking, especially when everyday tools like browsers are often the first entry point for cyberattacks. AI brings new benefits and new risks Artificial Intelligence (AI) is transforming how businesses operate, but it's also opening the door to new threats. Microsoft Copilot Studio and Azure Health Bot, for instance, were flagged for AI-related vulnerabilities in this year's report. AI is already being used by threat actors to automate attacks, identify weaknesses faster and even write malicious code. We haven't yet seen a large-scale attack where an AI or large language model (LLM) becomes the main infection point, but that day is coming. The biggest question on the horizon: can we trust the output from AI tools? What if the answers, code or insights we get from AI are secretly manipulated by a hacker? Canadian companies need to think about how to secure not just their AI tools, but also the data and systems that feed them. AI security can't be an afterthought; it must be built into every layer of your defence strategy. The power of 'least privilege' in a 'zero-trust' world One of the most effective ways to reduce risk is by applying the principle of 'least privilege.' It's not a new idea, but it's more important than ever. 'Least privilege' means giving every user—human or machine—only the access they absolutely need to do their job. Nothing more. If someone doesn't need admin rights, don't give it to them. If a service account only needs access to one system, don't let it roam freely. This approach limits the damage if (or when) something goes wrong. It's also a key part of a 'zero-trust strategy,' which assumes no one and nothing should be trusted automatically, even if they're already 'inside' your network. In fact, many organizations confuse 'zero trust' with 'least privilege.' The difference is that 'zero trust' is the overall strategy, and 'least privilege' is a tactical way to enforce it. A practical step Canadian companies can take right now? Audit your users and systems. Who has access to what and why? You might be shocked by how many people or services have more access than they actually need. Identities are the new perimeter Cybersecurity used to be about building firewalls around a company's data centre. But in today's world of cloud apps, hybrid work and global supply chains, identity is the new perimeter. Attackers are no longer just looking for software flaws. They're targeting people, especially those with access and privileges. That includes your employees, partners, contractors and even automated systems. That's why privilege access management (PAM) and identity-first security strategies are so critical for Canadian businesses. These approaches don't just monitor threats; they help stop them at the source by locking down who can do what, where and when. The bottom line going forward Cybersecurity isn't about being perfect; it's about being proactive. You can have 99.9 per cent of your environment locked down, but if there's a .01 per cent vulnerability, that's all an attacker needs. Canadian organizations need to shift their mindset from reactive to proactive. That means applying patches smartly, layering defences, adopting AI cautiously and putting 'least privilege' at the heart of your security program. Because when it comes to protecting your business, every identity and every privilege matters. Dan Deganutti is the senior vice president and country manager for Canada at BeyondTrust, where he leads the company's Canadian go to market (GTM) operations and fosters relationships with clients and business partners. This section is powered by Revenue Dynamix. Revenue Dynamix provides innovative marketing solutions designed to help IT professionals and businesses thrive in the Canadian market, offering insights and strategies that drive growth and success across the enterprise IT spectrum. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
