Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The new Windows 10 operating system will allow users to sign in to a device without a password by using biometrics, including facial recognition.
Yahoo announced a new way to let users to login to their account without the need for a password. With the new features, when signing in, an on-demand password is texted directly to a user’s mobile phone.
Barracuda Networks has rebranded its eSignature product SignNow to CudaSign, and will offer the solution at just $1per user per month.
Apple has extended its two-factor authentication (2FA) feature to the FaceTime and iMessage communication services to allow users to protect their accounts against unauthorized access.
In an effort to contribute to making authentication more secure, a researcher has decided to publish 10 million username/password combinations that he has collected over the years from the Web.
Please join us on Tuesday, Feb. 3rd at 1PM ET for a special webcast: How To Avoid Being Tomorrow's Headline: Mitigating Insider Threats and Breaches, presented by Centrify.
A new version of OpenVPN was released to address a critical denial-of-service (DoS) vulnerability (CVE-2014-8104) that can be exploited to cause servers to crash.
Intel has acquired PasswordBox, a Montreal-based identity management service that enables users to log into websites and applications without having to type or remember passwords.
Google released two new security tools designed to help Google Apps users protect their accounts.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.

FEATURES, INSIGHTS // Identity & Access

rss icon

Travis Greene's picture
The combination of access governance and self-service access request and approval provides the best approach to strike back at the access clones.
Travis Greene's picture
Just as automation is applied to the process of Access Certification, the process of revocation needs automation to deliver an Access Governance program that not only satisfies compliance mandates, but actually reduces risk.
Tal Be'ery's picture
Passwords needs to be strong enough to resist a guessing attack, often named a "Brute-force" attack. The brute-force attack comes in two flavors: online and offline.
Eddie Garcia's picture
By default, Hadoop is not secure and simply trusts that users are who they say they are. Within real business use cases, especially when confidential and sensitive data sets are involved, restricting access to only authorized users is critical.
Jon-Louis Heimerl's picture
We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.
Travis Greene's picture
Done correctly, process automation can be used for triggering and diagnosing, with corrective actions presented as a menu of options for overworked security teams.
Travis Greene's picture
IAM is sometimes forgotten in the discussion of controls. However, it’s best to have these conversations when planning and evaluating controls, rather than after a breach.
Travis Greene's picture
Though there are unique risks associated with identity and access from mobile devices, there are also opportunities that mobile devices bring to address identity concerns.
Travis Greene's picture
If you can’t interpret user activity with the context of identity and what is normal behavior, your organization may be living with a false sense of security, providing a significant window of opportunity for attackers.
Travis Greene's picture
The significant breaches of today are executed by people infiltrating the organization, and attackers are doing this by assuming identities or abusing insider privileges.