Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google released two new security tools designed to help Google Apps users protect their accounts.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.
Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.
Adallom has released a report which analyzes the security gaps and risks associated with the usage of cloud applications.
Google launched "Security Key", a physical USB second factor that's designed to provide an extra layer of protection to user accounts.
Duo Security, a provider of cloud-based two-factor authentication solutions, has raised $12 million in Series B funding, led by venture capital firm Benchmark.
Salesforce Account administrators have been notified that Salesforce customers are being targeted by key-logging malware known as Dyre.
Remote connectivity services provider LogMeIn announced the acquisition of Meldium, a startup that specializes in cloud-based single-sign-on (SSO), password management, and identity and access management (IAM) solutions.
Oberthur Technologies announced that it would acquire NagraID Security SA for an undisclosed sum.
The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company.

FEATURES, INSIGHTS // Identity & Access

rss icon

Travis Greene's picture
It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. It’s a bit like teaching a new dog old tricks.
Scott Simkin's picture
It doesn’t take the most advanced tools to break into the the largest corporations on the planet. Between user behavior and the types of malicious files attempting to compromise enterprises, there are a few steps you can take to reduce your risk exposure.
Travis Greene's picture
When it comes to protecting against insider threat, there can be an over-reliance on policy and automated enforcement. Access Governance is a powerful tool to reduce the insider threat, but it needs to mature to the point where it is more responsive and more automated before relying on it completely.
Travis Greene's picture
The combination of access governance and self-service access request and approval provides the best approach to strike back at the access clones.
Travis Greene's picture
Just as automation is applied to the process of Access Certification, the process of revocation needs automation to deliver an Access Governance program that not only satisfies compliance mandates, but actually reduces risk.
Tal Be'ery's picture
Passwords needs to be strong enough to resist a guessing attack, often named a "Brute-force" attack. The brute-force attack comes in two flavors: online and offline.
Eddie Garcia's picture
By default, Hadoop is not secure and simply trusts that users are who they say they are. Within real business use cases, especially when confidential and sensitive data sets are involved, restricting access to only authorized users is critical.
Jon-Louis Heimerl's picture
We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.
Travis Greene's picture
Done correctly, process automation can be used for triggering and diagnosing, with corrective actions presented as a menu of options for overworked security teams.
Travis Greene's picture
IAM is sometimes forgotten in the discussion of controls. However, it’s best to have these conversations when planning and evaluating controls, rather than after a breach.