Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company.
Kaseya plans to add identity management as a service to its offerings, and views the acquisition as an important step.
Private equity investment firm Thoma Bravo announced on Wednesday that it would take a significant equity investment in SailPoint, a provider of identity and access management (IAM) solutions.
Amazon is giving customers the option of an an extra layer of protection to their WorkSpaces virtual desktops by enabling a new two-factor authentication (2FA) feature.
IBM has made another move to expand and enhance its Identity and Access Management (IAM) offerings, announcing that it has acquired the business operations of cloud-based IAM vendor Lighthouse Security Group.
Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don't want Apple's Gatekeeper anti-malware feature to block them.
IBM has acquired CrossIdeas, a privately held provider of Access Governance software that helps organizations manage user access to applications and data across on-premise and cloud environments.
A vulnerability in Microsoft's Active Directory service can be exploited by an attacker to change a targeted user's password.
The developers of the popular password manager LastPass informed users on Friday of security vulnerabilities reported to the company last year.
Microsoft has released new guidance to help customers defend against credential theft stemming from Pass-the-Hash (PtH) attacks.

FEATURES, INSIGHTS // Identity & Access

rss icon

Travis Greene's picture
Though there are unique risks associated with identity and access from mobile devices, there are also opportunities that mobile devices bring to address identity concerns.
Travis Greene's picture
If you can’t interpret user activity with the context of identity and what is normal behavior, your organization may be living with a false sense of security, providing a significant window of opportunity for attackers.
Travis Greene's picture
The significant breaches of today are executed by people infiltrating the organization, and attackers are doing this by assuming identities or abusing insider privileges.
Travis Greene's picture
There is pressure for IT to deliver access to information from anywhere, on any device, without security hassles. Yet complaints about security hassles cannot dictate excessive risk exposure.
Chris Hinkley's picture
Why aren’t more organizations implementing two-factor authentication? In a word: inconvenience. Businesses are afraid of annoying their buyers by demanding multiple passwords or asking them to take an extra action that might spur them into abandoning the sale.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Mike Tierney's picture
Much can be learned from airport security that can applied to dealing with insider threats. As a starting point, let’s compare two approaches to airport security – the US approach and the Israeli approach.
Gil Zimmermann's picture
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained.
Nimmy Reichenberg's picture
By including security into the DevOps model, organizations can attain that improved agility and operational excellence while also improving the necessary checks and balances before changes are pushed into production.
Nick Cavalancia's picture
Recognized Big Data security solutions can only examine data that administrators and engineers have programmed them to identify. They cannot, on their own, choose to browse data sets that they "think" might yield information, nor can they detect information about risky user behaviors that hasn't been captured.