Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Feature 27 Nov 2023
How passwordless authentication aids identity security

Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods. Continue Reading
Tip 15 Nov 2023
Traditional MFA isn't enough, phishing-resistant MFA is key

Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails. Continue Reading

Tip 13 Nov 2023

What should admins know about Microsoft Entra features?

Microsoft Entra combines new and existing cloud-based products and packages them under a new name. Learn how this change affects identity access management in your organization. Continue Reading
News 08 Nov 2023

FBI: Ransomware actors hacking casinos via third parties

A new Private Industry Notification focuses on ransomware trends involving attacks against casinos as well as a callback phishing campaign perpetrated by the Luna Moth gang. Continue Reading
News 03 Nov 2023

Okta breach led to hijacked sessions for 5 customers

Okta provided a detailed timeline of the events surrounding the breach against its customer support case management systems and said five customers had sessions hijacked. Continue Reading
Opinion 31 Oct 2023

Collaborate with third parties to ensure enterprise security

Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly. Continue Reading
Podcast 26 Oct 2023

Risk & Repeat: Okta under fire after support system breach

This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
Tip 26 Oct 2023

How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
News 24 Oct 2023

1Password stops attack linked to Okta breach

1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
News 23 Oct 2023

Okta customer support system breached via stolen credentials

During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
Opinion 18 Oct 2023

SailPoint extends identity security platform with data security

With DAS, privilege access management, AI and other features, SailPoint moves Atlas from an identity governance platform to an identity security platform. Continue Reading
News 18 Oct 2023

Mandiant: Citrix zero-day actively exploited since August

Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
Tip 18 Oct 2023

Use these 6 user authentication types to secure networks

One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
News 16 Oct 2023

Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
Answer 16 Oct 2023

Best practices to conduct a user access review

User entitlement reviews ensure only authorized users have access to essential systems and data. Uncover the steps of a user access review and helpful best practices. Continue Reading
Tip 11 Oct 2023

Top 6 password hygiene tips and best practices

Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
Opinion 11 Oct 2023

Takeaways from Oktane23: Okta AI, universal logout and more

New game-changing security features from Okta speed threat detection and response times, enabling IT pros to log all users out of applications during a cyber attack. Continue Reading
Tip 10 Oct 2023

How to remove digital signatures from a PDF

Digital signatures let organizations execute and secure agreements, but users can remove them if they need to reformat documents or protect signers' privacy. Continue Reading
News 04 Oct 2023

Okta debuts passkey support to combat account compromises

The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
News 25 Sep 2023

Dallas doles out $8.5M to remediate May ransomware attack

The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
Tip 25 Sep 2023

How to add digital signatures to a PDF

Organizations use digital signatures to secure agreements. Common document applications, such as Adobe Acrobat and macOS Preview, let users quickly add digital signatures to PDFs. Continue Reading
Opinion 21 Sep 2023

Strong identity security could've saved MGM, Caesars, Retool

Three cyber attacks that featured vishing led to compromised identities, data loss and the interruption of operations. Passwordless authentication could have prevented all three. Continue Reading
News 14 Sep 2023

Developer platform Retool breached in vishing attack

A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
Opinion 12 Sep 2023

Time for an identity security revolution

Identity needs to be the foundational component of the cybersecurity stack, because attackers are primarily after an organization's data. Continue Reading
News 11 Sep 2023

Cisco VPN flaw faces attempted Akira ransomware attacks

Cisco said it became aware of 'attempted exploitation' last month and referenced an Aug. 24 security advisory saying its VPNs were under attack by the Akira ransomware gang. Continue Reading
News 06 Sep 2023

Okta: 4 customers compromised in social engineering attacks

Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
Opinion 06 Sep 2023

Identity needs a seat at the cybersecurity table

The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns. Continue Reading
News 30 Aug 2023

CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security

CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
News 29 Aug 2023

Cisco VPNs under attack via Akira, LockBit ransomware

Cisco and Rapid7 say ransomware actors LockBit and Akira have apparently been targeting Cisco VPNs not configured for multifactor authentication. Continue Reading
Tip 24 Aug 2023

How do digital signatures work?

Digital signatures add a level of security to online agreements, which can prevent bad actors from impersonating other individuals or tampering with sensitive contracts. Continue Reading
News 09 Aug 2023

Wiz warns of exposed multi-tenant apps in Azure AD

During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications. Continue Reading
News 08 Aug 2023

CrowdStrike observes massive spike in identity-based attacks

Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report. Continue Reading
Tip 28 Jul 2023

Improve IAM with identity threat detection and response

Attackers increasingly target user accounts to gain access. Identity threat detection and response offers organizations a way to improve security for identity-based systems. Continue Reading
News 25 Jul 2023

DocuSign launches AI-backed live video ID verification tool

The e-signature vendor's new AI-supported identity confirmation tool uses biometrics and live video to verify signers' identity and physical presence at the time of signing. Continue Reading
Tip 19 Jul 2023

How to fit customer experience security into your strategy

Most organizations overlook security in their CX strategies. However, with collaboration, personalization, CIAM controls and more, organizations can offer a secure and positive CX. Continue Reading
Feature 13 Jul 2023

8 best practices for a zero-trust storage strategy

Explore how to apply the zero-trust security model to storage systems. Given today's threat landscape, additional data protection is key for enterprises. Continue Reading
News 12 Jul 2023

Threat actors forged Windows driver signatures via loophole

Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community. Continue Reading
News 06 Jul 2023

JumpCloud invalidates API keys in response to ongoing incident

The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
News 27 Jun 2023

ChatGPT users at risk for credential theft

As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
News 14 Jun 2023

HashiCorp Vault trims SaaS; Boundary hooks up Enterprise

HashiCorp Vault's appeal to a broader field of users gets a boost from a new entry-level cloud service, while a new Boundary Enterprise targets the high end of the market. Continue Reading
News 13 Jun 2023

AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
Tip 08 Jun 2023

How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
Tip 07 Jun 2023

6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
News 16 May 2023

Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
News 10 May 2023

Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
Opinion 10 May 2023

2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
Feature 05 May 2023

How to implement principle of least privilege in Azure AD

Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
News 03 May 2023

Google rolls out passkeys in service of passwordless future

Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.' Continue Reading
News 01 May 2023

1Password execs outline shift to passwordless authentication

1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
News 26 Apr 2023

CrowdStrike details new MFA bypass, credential theft attack

At RSA Conference 2023, CrowdStrike demonstrated an effective technique that a cybercrime group used in the wild to steal credentials and bypass MFA in Microsoft 365. Continue Reading
News 25 Apr 2023

Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
Tutorial 12 Apr 2023

How to create fine-grained password policy in AD

Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
Tutorial 12 Apr 2023

How to enable Active Directory fine-grained password policies

Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
Answer 12 Apr 2023

How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
Answer 11 Apr 2023

What are the Microsoft 365 password requirements?

When IT administrators manage passwords for Microsoft 365 accounts in Azure AD, they can deploy and remove critical policies that can improve overall security posture. Continue Reading
News 11 Apr 2023

FTX bankruptcy filing highlights security failures

Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
Feature 11 Apr 2023

How to use Azure AD Connect synchronization for hybrid IAM

Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
Tip 11 Apr 2023

Centralized vs. decentralized identity management explained

With decentralized identity, organizations can worry less about data security and privacy, while users get more control over their information. But it's not without challenges. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
Tip 06 Apr 2023

Comparing enabled and enforced MFA in Microsoft 365

When managing Microsoft 365 authentication, IT admins may encounter the distinction between enabled and enforced MFA. Find out what those terms mean. Continue Reading
News 06 Apr 2023

119 arrested in Genesis Market takedown

The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
News 27 Mar 2023

Zoom launches Okta Authentication for E2EE to verify identity

Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
News 09 Mar 2023

GitHub 2FA plan adds SMS, account lockout safeguards

GitHub has added SMS support and fresh account lockout prevention features to its phased rollout plans as it prepares to implement a 2FA requirement for accounts beginning Monday. Continue Reading
News 28 Feb 2023

LastPass breach tied to hack of engineer's home computer

LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources. Continue Reading
Guest Post 23 Feb 2023

Web3 blockchain enables users to take control of identity

A centralized identity model creates security and privacy risks. Decentralized identity through Web3 could mitigate these risks, but companies must adapt to keep pace. Continue Reading
Feature 23 Feb 2023

Top incident response tools: How to choose and use them

The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events. Continue Reading
Feature 21 Feb 2023

8 best password managers of 2023

A dedicated tool can help simplify password management and improve online security for individuals and enterprises alike. Continue Reading
Tip 16 Feb 2023

How to filter Security log events for signs of trouble

Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
Tip 16 Feb 2023

Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
Opinion 03 Feb 2023

4 identity predictions for 2023

Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading
Podcast 24 Jan 2023

Risk & Repeat: Another T-Mobile data breach disclosed

This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts. Continue Reading
News 24 Jan 2023

Customer data, encryption key stolen in GoTo breach

GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year. Continue Reading
News 23 Jan 2023

Experts applaud expansion of Apple's E2E encryption

Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud. Continue Reading
Opinion 20 Jan 2023

6 cybersecurity buzzwords to know in 2023

Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
Podcast 20 Jan 2023

Risk & Repeat: Breaking down the LastPass breach

This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager. Continue Reading
News 18 Jan 2023

LastPass faces mounting criticism over recent breach

LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Continue Reading
Feature 05 Jan 2023

Windows security tips for the enterprise

Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
Podcast 21 Dec 2022

Risk & Repeat: OT security progress, threats in 2022

This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape. Continue Reading
Tip 20 Dec 2022

What enumeration attacks are and how to prevent them

Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
News 19 Dec 2022

The state of OT security: a rapidly evolving landscape

Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
News 15 Dec 2022

Google drops TrustCor certificates as questions loom

Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors. Continue Reading
Tip 13 Dec 2022

What are the differences between su and sudo commands?

Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure. Continue Reading
Tip 06 Dec 2022

How to implement least privilege access in the cloud

More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
Tutorial 06 Dec 2022

How to use the Hydra password-cracking tool

Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with these step-by-step instructions and companion video. Continue Reading
News 22 Nov 2022

Google's new YARA rules fight malicious Cobalt Strike use

Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
News 17 Nov 2022

CISA: Iranian APT actors compromised federal network

CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading
News 15 Nov 2022

Twitter users experience apparent SMS 2FA disruption

The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed. Continue Reading
Feature 08 Nov 2022

5 ways to overcome multifactor authentication vulnerabilities

Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
Tip 26 Oct 2022

Why it's time to expire mandatory password expiration policies

Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
Tip 24 Oct 2022

6 ways to prevent privilege escalation attacks

Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
Feature 14 Oct 2022

How Jamf zero trust can improve Apple device security

Jamf is supporting zero trust with new features across its suite of Mac management software. The proliferation of remote work has made this security model more important. Continue Reading
Tip 12 Oct 2022

An overview of the CISA Zero Trust Maturity Model

A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
Tip 07 Oct 2022

Perimeter security vs. zero trust: It's time to make the move

Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
Opinion 29 Sep 2022

Multifactor authentication isn't perfect, passwordless is better

Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy. Continue Reading
Tip 28 Sep 2022

Why zero trust requires microsegmentation

Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading
News 21 Sep 2022

Cybercriminals launching more MFA bypass attacks

New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
News 19 Sep 2022

Rockstar Games confirms hack after 'Grand Theft Auto' leak

A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
News 16 Sep 2022

Uber responds to possible breach following hacker taunts

Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
News 14 Sep 2022

Consumer data needs better protection by government

Though legislation is before Congress that would address data privacy, it may not set clear enough guidelines or give individuals enough control. Continue Reading
News 14 Sep 2022

Data privacy concerns grow as legislation lags

While healthcare and financial data are protected by federal legislation, individuals have little control over how consumer data is collected and used. Continue Reading
News 13 Sep 2022

Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading

1
2
3
4
5

Networking

Top 5 use cases for 5G augmented and virtual reality
By integrating augmented and virtual reality technologies with 5G, several industries could reap significant benefits. But beware...
Palo Alto Networks SASE Converge updates boost security, UX
With the announcement of its latest SASE portfolio updates and the acquisition of Talon, Palo Alto Networks connects the dots ...
5G Advanced features include accurate timing, AI support
5G Advanced is the latest 5G specification, aiming to deliver enhanced massive MIMO, 5G integration with AI and accurate location...

CIO

8 blockchain security risks to weigh before adoption
Blockchain and smart contracts have their own unique vulnerabilities. But poor code testing, cryptographic keys and generic ...
How AI is radically changing business process management
Deploying AI's discovery and automation capabilities in BPM powers advancements in front-office processes, process data analysis,...
Former OpenAI CEO gains strong legal backing with Microsoft
Should ousted OpenAI CEO Sam Altman be involved in any federal investigations going forward, he now has the legal backing of ...

Enterprise Desktop

The 6 best rugged computers for business use cases
Finding the right device for a business scenario can be challenging, and adding rugged conditions to the mix can complicate ...
What IT admins and office workers get in MS 365 Copilot
Microsoft 365's Copilot assistive AI features come with a big price tag, but experts are bullish that they could return the ...
Observations from the intersection of UCC and EUC
End-user computing tends to overlap with numerous other business technologies, such as cloud computing, security and mobility. ...

Cloud Computing

Evaluate serverless computing best practices
Serverless computing strategies require enterprises to evaluate tools, features and costs, while understanding application ...
Hybrid cloud connectivity best practices and considerations
Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a ...
Use resource tagging to optimize cloud costs
When it comes to cost management in cloud computing, tags and additional metadata can help with reporting, allocation and ...

ComputerWeekly.com

The all-flash datacentre: Mirage or imminent reality?
Some say disk is dead and we’re on the cusp of the all-flash datacentre. But when will flash capacity and cost hit a point where ...
Prepare for your worst day: How to create a cyber incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately ...
AWS debuts model evaluation tool in Bedrock
The Model Evaluation tool in Bedrock will help organisations evaluate and test large language models that are best suited to ...

Close