Industry Trends

Team, Please suggest if there’s a way in Active passive setup to pull the report of last RDP login date for the privilege users on specific managed system? 

I understand I can see the last modified date on a secret in Secret Safe. If I modified anything on the secret notes, url, etc, it will show the last modified date for the secret. However, I need to see the date when the password was changed.Has anyone been able to figure this out?

Hello, I would like to know if anyone is using Azure VDI through BeyondTrust PRA.Since RDP is not available for AVD, we need to access it through Web Jump, and the performance is a nightmare.If anyone has similar experience or ideas, it would be great to share them. 

We are facing a common challenge in password vaulting systems where the password age isn't directly tracked, and the password hash changes even when unrelated attributes are modified. This makes it difficult to determine when the password was last changed.Problem SummaryNo dedicated timestamp for password change. Password hash changes even when non-password attributes are modified. You need to detect passwords older than 2 years to raise a security finding. How to solve this in secret safe?

Cybersecurity is a rapidly evolving field and staying updated is essential.Books remain (at least for me) one of the best ways to build a sold foundation and stay ahead of threats.What are some of the best cybersecurity books you’ve read?

HI All,Can any one please help me on the below query’s.1.How do we update Jump Clients remotely, 2.if there is another version of jump client, Customer will have to re-install it manually?3.can you please clarify if we have limit of Jump clients to be assigned to our tenant. I think for non-PRA cloud there is a limit of concurrent sessions. Can you please clarify if we will hit any limits here. Thanks

The 2024 Comcast Business Cybersecurity Threat Report is out:  https://business.comcast.com/enterprise/products-services/cybersecurity-servicesSome key trends highlighted include:Phishing remaining a critical initial access vector with large amount tied to credential access. Increase in credential dumping though Active Directory replication and OS credential dumping techniques. “Attackers are increasingly focused on stealing and manipulating authentication credentials to gain unauthorized access and escalate privileges within networks.” Increased exploitation of public facing apps More sophisticated lateral movement techniques including the exploitation of remote services like Lightweight Directory Access Protocol (LDAP), Remote Desktop Protocol (RDP)How does this line up with what you are seeing in the threat landscape?

Just In Time (JIT) and Just Enough Access (JEA) are hot topics right now. Gartner points out, by 2025, 75% of cyber insurance companies will require the use of the JIT principle when implementing Privileged Access Management (PAM).As organizations look to drive forward their PAM and Identity Security maturity many are focusing on JIT in 2025 to improve their security posture especially in cloud and SaaS areas.Is this an area you are actively working on? How are you thinking about reducing standing privileges and enabling JIT access?Resources:https://www.beyondtrust.com/blog/entry/just-in-time-access-what-it-is-why-you-need-ithttps://www.beyondtrust.com/resources/whitepapers/guide-to-just-in-time-privileged-access-management

MITRE and NVIDIA launch a new $20 million AI supercomputer to help U.S. government agencies tap into custom AI solutions to secure infrastructure. At the same time Gartner are seeing AI passing the “Peak of Inflated Expectations” and heading towards the “Trough of Disillusionment”.https://www.mitre.org/news-insights/fact-sheet/mitres-federal-ai-sandboxhttps://www.gartner.com/en/documents/5505695What are your thoughts around AI industry trends? Where is AI adding value for you today?How much are you planning with AI in mind?