<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

the bitglass blog

Reflections: Gartner Catalyst

By Jacob Serpa  |  August 28, 2017 at 6:00 AM  | 

Skyscrapers and the Children's Pond at sunset, in San Diego, California..jpegLast week, Bitglass participated in Gartner Catalyst, a conference designed to educate organizations’ technical staffs. Whether it was from conversations at Bitglass’ booth, or from Gartner and vendor speaking sessions, a number of trends consistently bubbled to the surface.

Read More

what's so special about a CASB: part three

By Kevin Gee  |  November 7, 2016 at 9:33 AM  | 

In-Line, Encryption, Identity Management. Oh My!

DeathtoStock_Creative Community5.jpgIn Part 1 of this series, we explored how cloud security has evolved to encompass cloud apps and unmanaged device access. In Part 2, we learned how Bitglass is the only Cloud Access Security Broker that can provide total data protection in-line and in real-time end-to-end (from the cloud application to any device). So what features does Bitglass provide? How do we actually protect data in the cloud?

Read More

anomaly detection: a critical security component

By Shalmali Rajadhyax  |  August 10, 2016 at 12:30 PM  | 

photo-1453799527828-cf1bd7b2f682.jpegAnomaly detection is an important component of any security solution. Based off of data at login and user activity in the application post login, a complete solution can provide real-time alerts and enable IT to enforce actions when an anomalous event is detected.

Read More

Credentials spread like wildfire in Project Cumulus data experiment

By Salim Hafid  |  February 17, 2016 at 9:00 AM  | 

cumulus_timeline.png

We hear about leaked passwords in the press every week and the dangers these leaks pose, particularly to those who reuse passwords across several sites. In Project Cumulus, we set out to understand just how fast credentials spread once they are leaked onto the dark web, what kind of data hackers are looking for, and how many other accounts are compromised in the process.

The Bitglass research team decided a bank employee would be a compelling target. Hackers could easily be convinced to take a small risk and attempt to download bank files in the hope of finding sensitive account information. It's the potential value of the leaked data that makes it so compelling to these underground criminals. Our team created a Google Apps for Work account and a complete online identity for an employee of a fictitious bank and a web portal for the bank. The "phished" credentials were then leaked onto the dark web for all to see and use.

One interesting thing to note about the dark web is the sheer difficulty of finding and accessing illicit sites. Unlike the surface web, there are no readily accessible search engines and in the case of Tor, an anonymization service, all URL's must be accessed through a special browser that routes your traffic through remote servers. The big advantage for hackers is that Tor provides a means of masking your identity, making it appear as if you are accessing a site from another location.

Read More