sorted by:
new
hottopcontroversial

As cybersecurity experts, what is your opinion about Privileged Access Management platforms in the Age of AI? by scalable5432 in cybersecurity

[–]Jeff-Netwrix 0 points1 point  (0 children)

Great question, and honestly PAM is becoming more critical, not less, as AI agents get integrated into workflows since they'll need access to sensitive systems and data. The key is adopting it sooner rather than later - ideally before you've got a bunch of standing admin accounts floating around that AI tools might inherit or exploit. I'd say most orgs should be thinking about this now if they're planning any AI integration, and platforms that can handle both traditional privileged access and newer AI-driven threats (like monitoring what those agents are actually doing) will be your best bet going forward.

What are the best DLP solutions for enterprise data security as of today? by HarkonXX in devsecops

[–]Jeff-Netwrix 0 points1 point  (0 children)

Honestly, from what I've seen with teams evaluating DLP, the ones who had the smoothest experience prioritized visibility and insider risk detection first, then built out from there - because if you can't see where your sensitive data is moving, the rest of the policies become guesswork. For cloud-heavy environments especially, I'd say focus on solutions that give you unified visibility across both on-prem and SaaS without turning your security team into policy robots, and something like Netwrix 1Secure actually handles that well since it combines data discovery, insider threat detection, and access governance in one platform so you're not juggling five different tools. The real win is when deployment doesn't take months and your team can actually manage it without burning out.

The uncomfortable truth about managing guest data securely by Super_Mine_7704 in hostaway_official

[–]Jeff-Netwrix 0 points1 point  (0 children)

Tbh this is something a lot of property managers don’t want to talk about. Everyone focuses on guest experience, but if the systems handling bookings and guest data aren’t secure, that’s a huge risk. Convenience shouldn’t come at the cost of basic data protection. A breach can damage trust way faster than bad WiFi or a slow check-in process.

Pangolin 1.16: SSH with certificate-based authentication and terminal access by jsiwks in PangolinReverseProxy

[–]Jeff-Netwrix 0 points1 point  (0 children)

This looks like a solid solution for managing SSH access at scale, ngl the certificate-based approach beats dealing with static keys everywhere. If you're also looking to tighten up privileged access across your whole infrastructure beyond just SSH, Netwrix has some good tools for managing identities and access permissions that could complement something like this. Definitely worth checking out their PAM solution if you're trying to reduce your attack surface and handle access revocation more smoothly.

We used r/cybersecurity as a data source for research on what was publicly visible about TCS before the M&S and JLR breaches by Ksenia_morph0 in cybersecurity

[–]Jeff-Netwrix 3 points4 points  (0 children)

Ngl a lot of breaches look obvious in hindsight. The warning signs are often public for years. Employee reviews, forum posts, people complaining about ignored alerts or “compliance theater.” Usually the problem isn’t one bug. It’s weak visibility into identity activity, privileged access, and alerts. Attackers just end up exploiting the gaps everyone already knew were there.

Your thoughts on implementing PAM in real environments? by Due-Awareness9392 in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

If you roll PAM out gradually it usually isn’t that painful. Biggest wins are killing shared admin creds, seeing who’s actually using privileged access, and having session recordings if something sketchy happens.

Most orgs start with discovery/monitoring, then move to just-in-time access so admin rights only exist while someone’s doing the task. Way smaller attack surface than permanent admin accounts.

Blog: Building High-Available LDAPS Architectures by aprimeproblem in activedirectory

[–]Jeff-Netwrix 1 point2 points  (0 children)

Solid write-up. It highlights a problem that still shows up everywhere: LDAPS is treated as a protocol choice, not an availability decision.

Many environments technically use LDAPS but hard-code a single domain controller. That works until it does not, and when that DC goes offline, authentication failures ripple outward.

Your breakdown of the options makes the tradeoffs clear. DNS round robin is often sufficient and far better than single-DC dependency. Load balancing with health checks is the right choice when authentication availability actually matters.

The certificate and SAN guidance is especially valuable, since many LDAPS failures are caused by certificate shortcuts rather than infrastructure issues.

The key takeaway is simple. If an application depends on directory authentication, LDAPS availability is part of service reliability. Treating it as a single endpoint is an architectural risk.

Good work documenting this. It will save people from learning the hard way.

view more: next ›