Abstract: Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

Abstract: Methods and systems are disclosed for detecting improper, and otherwise unauthorized actions, associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of user actions employing accounts managed by a privileged access management system and associated with a network resource against profiles and rules to discover anomalies and/or deviations from rules associated with the network resource or accounts.

Abstract: Methods and systems are disclosed for detecting unauthorized actions associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of a client action associated with the network resource against credential retrieval data including records of authorized actions and/or procedures for performing an action associated with the network resource.

Abstract: The present invention discloses methods, media, and systems for handling hard-coded credentials, the system including: an interception module configured for: intercepting credential usage upon receiving an application request for application credentials in order to provide access to a host application; a configuration/settings module configured for reading system configurations and settings for handling the application credentials; a credential-mapping module configured for: applying appropriate credential-mapping logic based on the system configurations and settings; and upon determining that the application credentials need to be replaced, obtaining appropriate credentials from a secured storage.

Abstract: A data access engine 22, computerized system 20 and method 40 for increasing a level of efficiency of a network server are disclosed. Data access engine 22 located in first data processing machine 21 is capable of communication with at least one pseudo server 28 located in a second data processing machine 27 (i.e. LAN server 26). The physical separation between data access engine 22 and the server logic and interface of pseudo server 28 is a distinguishing characteristic of the invention. Any request for a subset of data stored in data access engine 22 must be routed through at least one pseudo server 28.

Abstract: The present invention discloses methods, media, and systems for handling hard-coded credentials, the system including: an interception module configured for: intercepting credential usage upon receiving an application request for application credentials in order to provide access to a host application; a configuration/settings module configured for reading system configurations and settings for handling the application credentials; a credential-mapping module configured for: applying appropriate credential-mapping logic based on the system configurations and settings; and upon determining that the application credentials need to be replaced, obtaining appropriate credentials from a secured storage.

Abstract: A system for secure data storage, exchange and/or sharing through a protected central storage facility, containing at least one “network vault” to which access is controlled through a single data access channel. The network vault is similar to a physical safe, in that substantially any type of information can be stored in the network vault, and in that the user need only place the information inside the network vault for the information to be secured. Thus, the system of the present invention combines the flexibility of data storage and retrieval through a network, with the security of controlled access for data storage and retrieval at a fixed physical location. The restriction of data access through a single data access channel greatly simplifies the task of protecting access to the data, since only this single channel must be monitored for unauthorized access, rather than monitoring many such channels (or interfaces).