[From Yubico] _ BeyondTrust is a leading company in the field of Privileged Access Management (PAM), providing identity and access security solutions for customers across various sectors. Committed to addressing the most pressing cybersecurity challenges today, BeyondTrust implements the principles of Zero Trust, including continuous authentication, least-privilege access, and adaptive access control.

Morey J. Haber, Chief Security Officer at BeyondTrust, is a renowned cybersecurity expert with many years of experience and the author of several books on cybersecurity, including Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. With 18 years of dedication at BeyondTrust, Mr. Haber states that privileged account security is one of the top targets in cyberattacks today.

“Today's attacks primarily target identities and privileges. Most reports indicate that the main issue is identity security," Haber shared. "As a security company, we apply our own solutions to strictly control privileged access within the system.”

After being acquired in 2018, BeyondTrust merged with two other organizations to build a leading position in enterprise security. To move towards a Zero Trust architecture and achieve security certifications such as SOC 2 and ISO 27001, BeyondTrust had to restructure its internal processes and infrastructure.

BeyondTrust has now implemented a Zero Trust architecture for its internal systems, products, and end-users. This ensures that privileged accounts with access to systems, data, and applications are closely monitored and controlled to minimize risk.

In the risk assessment process, BeyondTrust identified weaknesses in its multi-factor authentication (MFA) strategy, which relied on mobile push notification apps. “We encountered issues with standard push technologies, such as SIM-jacking and Denial of Service (DoS) attacks,” said Haber. This highlights the vulnerability of traditional mobile authentication methods to phishing attacks. “We are gradually moving toward solutions that attackers cannot steal or predict, from passwords to encryption key algorithms.”

To improve security, BeyondTrust chose Yubico's YubiKey 5 series and 5C Nano security keys. YubiKeys are provided through Yubico’s YubiEnterprise Delivery service, a secure solution for global distribution of security keys. YubiKey is the only authentication technology proven to effectively prevent account takeover attacks.

“YubiKey not only complements our Zero Trust architecture but also brings us closer to our goal of absolute security.”

Morey J. Haber
Chief Security Officer, BeyondTrust