Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

SSL/TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi. [Read More]
BlackBerry Cylance, the company that resulted from BlackBerry’s acquisition of Cylance, unveils CylancePERSONA, an endpoint behavioral analytics solution. [Read More]
Armor Scientific emerges from stealth mode with a platform that provides identity and authentication services through a combination of wearables and blockchain-enabled middleware. [Read More]
Tripwire launches Penetration Testing Assessment and Industrial Cybersecurity Assessment services to help organizations find vulnerabilities in their systems. [Read More]
Obsidian Security, an identity protection company led by founders of Cylance and Carbon Black, raises $20 million in a Series B funding round. [Read More]
Many PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating the signature, researchers warn. [Read More]
Android becomes FIDO2 Certified, making it easier for developers to provide passwordless authentication for their Android apps and websites. [Read More]
The Face ID and Touch ID authentication feature introduced recently to WhatsApp for iOS can be easily bypassed, but a patch has been released. [Read More]
Pulse Secure unveils Software Defined Perimeter (SDP) solution designed to help enterprises securely access their applications and resources. [Read More]
Bot protection firm PerimeterX raises $43 million in a Series C funding round, which brings the total raised by the company to over $77 million. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
Preston Hogue's picture
Even the most knowledgeable users — the very CISOs and security professionals who may be reading this article — can be duped into taking the bait.