Enterprise identity and access management

What to know before implementing an IAM system

IT administrators have many features to choose from and requirements to meet when looking for an IAM tool. Check these boxes before committing to IAM. Continue Reading

How do admins check the Exchange IRM setup?

Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators that streamlines the process. Continue Reading

How can IT combat rogue RDP access?

Hackers can gain remote access to users' desktops through RDP hijacking. As a result, IT pros must know what they can do to prevent such an attack. Continue Reading

New SAML vulnerability enables abuse of single sign-on

Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading

Use caution with OAuth 2.0 protocol for enterprise logins

Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication. Continue Reading

Security Controls Evaluation, Testing, and Assessment Handbook

In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading

How to balance organizational productivity and enterprise security

It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading

Common web application login security weaknesses and how to fix them

Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading

Are biometric authentication methods and systems the answer?

Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management. Continue Reading

Risk & Repeat: Should IAM systems be run by machine learning?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems. Continue Reading

Q&A: Ping CEO on contextual authentication, intelligent identity

Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading

The best endpoint security practices are evolving and essential

Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.

The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.

This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.

Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.

 Continue Reading

Advanced endpoint protection takes on the latest exploits

Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints. Continue Reading

Do thoughts of your least secure endpoint keep you up at night?

Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies. Continue Reading

Machine learning in cybersecurity is coming to IAM systems

Machine learning in cybersecurity applications for identity management systems are becoming more common today. But will algorithms be the best option for authenticating and authorizing users? Continue Reading

Ping embeds multifactor authentication security in mobile apps

At the 2017 Cloud Identity Summit, Ping Identity launched a new software development kit that will embed multifactor authentication security features in mobile apps. Continue Reading

How SSH key management and security can be improved

The widespread use of SSH keys is posing security risks for enterprises due to poor tracking and management. Expert Michael Cobb explains how some best practices can regain control over SSH. Continue Reading

How did a Slack vulnerability expose user authentication tokens?

A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful. Continue Reading

Avoid privilege creep from the software development team

Too often, privilege creep occurs via the software development team, the result of pressure to update or launch apps. Learn what tools and tactics can counter privilege creep. Continue Reading

Start redrawing your identity and access management roadmap

Securing enterprise systems and information requires an IAM roadmap that helps you identify effective policy, technology and tools. Continue Reading

Identity and access management strategy: Time to modernize?

More likely than not, your company's identity and access management strategy needs an update. Learn how to decide if that's the case and, if so, what you should do now. Continue Reading

How to deal with Identity and access management systems

An identity and access management system is increasingly essential to corporate security, but technological advances have made managing an IAM more complex than ever. Continue Reading

From the gateway to the application: Effective access control strategies

Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway and complementary application-level controls. You'll learn how gateway-based access control works, the value in managing authorization in a centralized manner and the access control functions left for the application to perform. You'll also learn the role each variety of control plays in moving an organization toward single sign-on. Continue Reading

How to lay the foundation for role entitlement management

Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps. Continue Reading

Key management challenges and best practices

Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them. Continue Reading