Security Experts:

long dotted


Researcher discovers that Cisco’s CSPC product, which collects information from Cisco devices installed on a network, has a default account that can provide access to unauthorized users. [Read More]
SSL/TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi. [Read More]
BlackBerry Cylance, the company that resulted from BlackBerry’s acquisition of Cylance, unveils CylancePERSONA, an endpoint behavioral analytics solution. [Read More]
Armor Scientific emerges from stealth mode with a platform that provides identity and authentication services through a combination of wearables and blockchain-enabled middleware. [Read More]
Tripwire launches Penetration Testing Assessment and Industrial Cybersecurity Assessment services to help organizations find vulnerabilities in their systems. [Read More]
Obsidian Security, an identity protection company led by founders of Cylance and Carbon Black, raises $20 million in a Series B funding round. [Read More]
Many PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating the signature, researchers warn. [Read More]
Android becomes FIDO2 Certified, making it easier for developers to provide passwordless authentication for their Android apps and websites. [Read More]
The Face ID and Touch ID authentication feature introduced recently to WhatsApp for iOS can be easily bypassed, but a patch has been released. [Read More]
Pulse Secure unveils Software Defined Perimeter (SDP) solution designed to help enterprises securely access their applications and resources. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Erin O’Malley's picture
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Torsten George's picture
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Torsten George's picture
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
Torsten George's picture
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
Travis Greene's picture
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Torsten George's picture
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.