Netwrix Blog | Insights for Cybersecurity and IT Pros

This post first appeared on blog.netwrix.com and was written by Tatiana Severina.
Introduction Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. … Continued

This post first appeared on blog.netwrix.com and was written by Farrah Gamboa.
We’re thrilled to announce that Netwrix Access Analyzer has been named a Visionary in Data Security Posture Management (DSPM) at the 2025 Global InfoSec Awards, presented by Cyber Defense Magazine during this year’s RSA Conference. This recognition underscores Netwrix’s commitment to pushing the boundaries of what modern data security solutions can do — especially in … Continued

This post first appeared on blog.netwrix.com and was written by Jeff Warren.
Artificial intelligence is no longer a distant vision—it’s a present-day force reshaping how enterprises manage, process, and secure their data. Among the most influential innovations driving this transformation is Microsoft Copilot. Marketed as an AI-powered productivity enhancer, Copilot integrates seamlessly with Microsoft 365 applications, unlocking new levels of efficiency across industries. However, as with any … Continued

This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
The endpoint is no longer just a device—it’s the new battleground. As remote work, BYOD (Bring-Your-Own-Device), and cloud-first strategies redefine the modern enterprise, traditional perimeter defenses are crumbling. Attackers know this, and they’re targeting endpoints as the easiest way in. That’s why Zero Trust must begin where the risk is greatest: at the device level. … Continued

This post first appeared on blog.netwrix.com and was written by Farrah Gamboa.
Introduction As the cyber threat landscape continues to evolve, organizations face unprecedented challenges in securing their digital assets. With 49% of workloads already in the cloud and the rise of AI-driven threats, organizations are increasingly vulnerable to data breaches, compliance failures, and malicious actions. Data Security Posture Management (DSPM) is emerging as a critical component … Continued

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
What is Attribute Based Access Control (ABAC)? ABAC is an access control paradigm where access rights are granted through the use of attributes associated with: Access decisions are made using policy rules that evaluate these attributes. For example, a doctor can access patient records only if they are on duty and the patient is in … Continued

This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
Most posts about types of endpoint security mention antivirus software, firewalls, or maybe EDR/XDR. And while those security technologies are important, they’re not enough. Cyberattacks have evolved. Today’s cyber threats target laptops, smartphones, and even IoT devices. Ransomware moves laterally. Zero-day exploits bypass signature-based defenses. Phishing attacks hit the end-user, not just the firewall. That’s … Continued

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
Endpoint security compliance isn’t just about meeting regulatory requirements—it’s about building a robust security architecture that protects your organization from advanced threats. As more businesses adopt modern management frameworks for Windows devices, ensuring compliance while enhancing security is a critical challenge. Traditional endpoint management primarily focuses on device administration and configuration with a rather reactive … Continued

This post first appeared on blog.netwrix.com and was written by Ian Andersen.
Introduction to ITDR Identity threat detection and response (ITDR) is a cybersecurity discipline focused on detecting, investigating, and responding to threats targeting identity systems like Active Directory (AD) and Entra ID, identity providers (IdPs), and authentication mechanisms. It enhances traditional identity and access management (IAM) by introducing threat intelligence, behavioral analysis, and automated response capabilities … Continued

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
People come and go within your organization, and those who remain move throughout the organization through promotions and transfers. However, the fundamental organizational structure remains relatively stable: Customer support agent, sales rep, HR manager, and software developer represent enduring functional roles, even as individual employees cycle through these positions. This organizational constant provides the perfect … Continued

This post first appeared on blog.netwrix.com and was written by Farrah Gamboa.
Understanding Personally Identifiable Information (PII) Personally identifiable information (PII) is any data that can be used on its own or in combination with other information to identify, contact, or locate an individual. Examples of PII include full name, Social Security number, passport number, driver’s license number,r and biometric data. The term “personally identifiable information” gained … Continued

This post first appeared on blog.netwrix.com and was written by Jeff Warren.
Cloud security monitoring refers to the ongoing surveillance, observation, analysis of cloud-based infrastructure and services to detect security threats, patch vulnerabilities, and address compliance gaps. As cloud environments expand, organizations need effective cloud-based security monitoring tools to ensure those resources remain secured. Although existing security standards such as SIEM, SOAR, or IAM are all essential … Continued

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
On April 15th of 2024, ISC² implemented a refreshed set of objectives for the CISSP exam. The goal of refreshing the exam objectives is to keep the exam relevant to the latest happenings in security. As things progress and new technologies are introduced, the objectives are updated to account for them as well as for … Continued

This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
Most IT and security teams think they already have endpoint policy management in place.They’re using Microsoft Intune. Maybe Defender. Maybe a mix of Mobile Device Management, AV, and EDR. But here’s the catch: delivering policies isn’t the same as enforcing them. Without visibility into policy drift, without enforcement at the point of risk, and without … Continued

This post first appeared on blog.netwrix.com and was written by Joe Dibley.
Introduction to Service Principal Names (SPNs) What is an SPN? Even a Windows Admin with some experience with Active Directory may be unaware of the role that Service Principal Names have in domain environments. A security principal name (SPN) is a unique identifier that links a specific service instance to the account running it, enabling … Continued

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
What Is CMMC? The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the US Department of Defense (DoD) to enhance the cybersecurity posture of companies within the Defense Industrial Base (DIB). It establishes security requirements that contractors must meet to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) from cyber threats. … Continued

This post first appeared on blog.netwrix.com and was written by Adam Turner.
In today’s competitive IT landscape, certifications serve as valuable credentials that validate technical expertise and enhance career prospects. Whether you’re entering the field or looking to advance, earning the right certification can set you apart from the competition and open doors to better jobs and opportunities. Among the most sought-after IT certifications are CompTIA Security+ … Continued

This post first appeared on blog.netwrix.com and was written by Grady Summers.
Securing a hybrid environment is complex, but uncovering possible security risks within your environment doesn’t have to be. In fact, you can do it asking simple questions without the need to log into a dashboard or dig through manual reports. It only takes you and a single AI prompt.  This isn’t some distant future scenario … Continued

This post first appeared on blog.netwrix.com and was written by Joe Dibley.
Active Directory persistence through userAccountControl manipulation I’ve been doing some research on group Managed Service Accounts (gMSAs) recently, and reading the MS-SAMR protocol specification for some information. I happened to stumbled across some interesting information in the userAccountControl section which made us drop what we were doing to test it: Effectively, when the UF_SERVER_TRUST_ACCOUNT bit … Continued

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
PowerShell Replace String    Being able to find and replace specific text within strings is useful for many tasks, including data processing, automation and file management. For instance, replacing outdated information with current data is important for data standardization. PowerShell offers two primary methods for string replacement: Handpicked related content: [Free eBook] Windows PowerShell Scripting Tutorial … Continued