The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of July 7. This curated list features identity management and information security vendors such as SandboxAQ, Dig Security, Kivera, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of July 7

DISA Awards SandboxAQ Other Transaction Authority Agreement

SandboxAQ, a quantum security solutions provider, this week announced it has been awarded the Prototype Quantum Resistant Cryptography Public Key Infrastructure Other Transaction Authority Agreement by the U.S. Defense Information Systems Agency (DISA). DISA, which provides a globally accessible enterprise IT infrastructure in direct support to joint warfighters, national-level leaders, and other mission and coalition partners, selected SandboxAQ from a pool of vendors after a three-phase process. To deliver on this program, SandboxAQ selected Microsoft, which will provide the DevSecOps platform, and global systems integrator Deloitte & Touche LLP for their respective software and services capabilities.

Read on for more.

Dig Security Announces Support OCR For Image Classification

Dig Security, a data security solutions provider, this week announced it has added support for Optical Character Recognition (OCR) to the Dig Data Security Platform. Dig can now detect sensitive customer data in image files, such as passports and driver’s licenses, that are stored in multi-cloud environments. OCR capabilities are critical as enterprises increasingly collect and store data in image files, and unless they can map all the sensitive data, it remains open to mass exposure. The new OCR capabilities enable Dig customers to identify sensitive data hidden in image files and move it to a secure environment. In one user’s environment — a company that validates customers via a driver’s license or passport — Dig found that the number of images containing Personal Identifiable Information (PII) was as high as the total number of customers. Dig found 80K images in one bucket.

Read on for more.

Thales Report: “Cloud Assets the Biggest Targets for Cyberattacks”

Thales, a cloud security solutions provider, announced the release of the 2023 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3,000 IT and security professionals across 18 countries. This year’s study found that more than a third (39 percent) of businesses have experienced a data breach in their cloud environment last year, an increase on the 35 percent reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55 percent) of those surveyed. This comes as businesses reported a dramatic increase in the level of sensitive data stored in the cloud. Three quarters (75 percent) of businesses said that more than 40 percent of data stored in the cloud is classified as sensitive, compared to 49 percent of businesses this time last year. More than a third (38 percent) ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36 percent). ​

Read on for more.

Deloitte and the World Economic Forum Collaborate to Launch the Quantum Readiness Toolkit

This week, in collaboration with Deloitte, the World Economic Forum (The Forum) released actionable guidance to help protect organizations during the rapid development of quantum computing technology. The Quantum Readiness Toolkit provides specific guidance in line with the overall framework presented in last year’s flagship report, Transitioning to a Quantum-Secure Economy. Advancements in quantum computing have the potential for systemic cybersecurity risk, whether through increased breaches of sensitive health and financial personal data, compromised private communications, or forged digital versions of information, identities and sensitive data. The new paper, Quantum Readiness Toolkit: Building a Quantum Secure Economy, outlines five principles businesses and organizations should follow when building their quantum security readiness.

Read on for more.

Kivera Welcomes Joe Lea as CEO

Cloud security company Kivera this week announced the appointment of Joe Lea as Chief Executive Officer of the company. In this role, Lea will oversee and manage the company in its mission to “provide a generational leap in cloud security through proactive policy enforcement.” He will focus on the operations as well as the strategic direction for Kivera, ensuring growth and success of Kivera’s Cloud Security Protection Platform (CSPP). Lea is a veteran in the enterprise and cybersecurity spaces. With 25 years of operating experience including serving Boards of Directors and advising startups, he most recently held the role of President at Shift5 where he managed operations as the company raised its Series A through B rounds while deepening its customer base within the U.S. Department of Defense (DoD). Before that, Lea led Product for IoT security trailblazer and asset intelligence platform, Armis, from its earliest days through its unicorn status. Prior to that, Lea led Product at Tanium, the endpoint management and security platform used by half of the Fortune 500 which is valued at $10B.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

Prioritizing Vulnerabilities Through Knowledge and Automation

Jacob Baines of VulnCheck examines how automation and shared knowledge can aid teams in prioritizing vulnerabilities. CISOs and security teams are at a real disadvantage these days in dealing with the exponentially growing list of software vulnerabilities. Teams are inundated every month with new lists of weaknesses via Patch Tuesdays, threat research from cybersecurity organizations, and other vendor resources. The challenge, however, is knowing which vulnerability to fix first, which is an increasingly complex problem as workloads continue to increase. It can leave teams working to address minor or low-priority threats while letting more critical ones linger for months or longer. The need to prioritize the most severe vulnerabilities and fix them quickly is urgent, as research shows they can be exploited in a matter of days. But while the information on new vulnerabilities that organizations regularly receive is helpful, it doesn’t offer much assistance in identifying which poses the most significant risk to them. In this new threat environment, the need to establish a process for assessing the risks posed by a vulnerability is just as critical as identifying them in the first place.

Read on for more.

The post Identity Management and Information Security News for the Week of July 7; SandboxAQ, Dig Security, Kivera, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of June 23. This curated list features identity management and information security vendors such as Brinqa, Securiti, Baffle, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of June 23

Brinqa Announces Partnership with Checkmarx

Brinqa, a cyber risk management solutions provider, this week announced a strategic partnership with Checkmarx, a vendor for application security solutions, to help organizations build “world-class” application security programs that meet the needs of today’s evolving threat landscape. This partnership combines the risk-based prioritization, automation, and reporting in the Brinqa Attack Surface Intelligence Platform with the Checkmarx One Application Security Platform, a comprehensive application security solution.

Read on for more.

Securiti Unveils Unify Partner Program

Securiti, a provider of unified data controls, this week announced the introduction of its Securiti Unify Partner Program (UPP). The company’s partner program brings together global technology, cloud, and solution providers to customers by creating a layer of unified data intelligence and controls. Securiti’s DataControls Cloud partners can support organizations to realize greater value and outcomes from their existing data systems and investments across multi-cloud, SaaS, and on-premise environments.

Read on for more.

QuProtect Awarded AWS Qualified Software Certification

QuSecure, Inc., a leader in post-quantum cryptography (PQC), this week announced that its QuProtect PQC solution has been recognized as Qualified Software by Amazon Web Services (AWS). Certification was achieved upon successful completion of the Foundational Technical Review (FTR). Passing the FTR recognizes QuSecure as a validated partner on the Software Path in the AWS Partner Network, fast-tracking QuProtect toward a co-selling program. QuSecure also achieved AWS Public Sector Partner Program designation, which recognizes AWS Partners with cloud-based solutions and expertise in the areas of government, space, education, and non-profit organizations. With this designation, QuSecure can now leverage the AWS brand and ecosystem to bolster its distribution efforts.

Read on for more.

Oreo Cookie Parent Company, Mondelez Global, Hacked; 50k+ Employees’ Personal Info Leaked

Mondelez Global LLC, the parent company of Oreo cookies and other major food products have released a notice stating that Oreo cookie maker Hacked, they have faced a data breach that involves several personal information. Bryan Cave, which acts as a legal supporting firm for Mondelez mentioned that unauthorized access to the systems has been detected between February 27, 2023 and March 1, 2023. Investigations are still being done and legal authorities have been contacted. Second unauthorized access to the systems was detected on March 24, 2023, 23 days prior to the first breach. Data that was stolen during these breaches are under investigation and yet to be confirmed. The data that has been confirmed to be leaked during this breach belongs to current and former employees of Mondelez. Affected employees are currently being notified about the breach and the company is working on taking necessary actions.

Read on for more.

USDA Investigating Possible Russian-Hacker-Related Data Leak

The US Department of Agriculture is investigating a “possible data breach” of a department contractor connected to a broader hack on multiple federal agencies that officials have blamed on Russian cybercriminals, a department spokesperson told CNN on Saturday night. The news brings the list of publicly known US agencies to be targeted or breached by the Russian-speaking hackers to three. The US Office of Personnel Management is impacted by the cyber incident, CNN first reported on Friday, as are two organizations in the US Department of Energy.

Read on for more.

Baffle Launches Baffle Manager 2.0

Data security solutions provider, Baffle, Inc. released Baffle Manager 2.0 this week . The updated platform delivers a new user interface (UI) and other features that highly automate enterprise-wide data protection for applications, analytics and AI. Baffle Manager 2.0’s new UI, APIs, automation and expanded integrations deliver a single platform to create and manage data-centric protection policies that can be reused and enforced across all cloud-native stores, legacy and third-party applications and new AI initiatives. Baffle Manager 2.0 also includes a secrets store, certificates store and Single Sign-on (SSO) authentication to simplify deployment and enterprise integration. And virtually every action can be fully automated with Baffle Manager 2.0’s integrations.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

ChatGPT, DALL-E, and the Future of AI-Based Identity Fraud

Avidan Lamdan of AU10TIX looks at the current state of identity fraud, AI tech, and the ever-evolving future of AI-based identity fraud. As artificial intelligence advances, it’s taking on an ability to mimic humans in amazing ways. While the potential for positive impact is enormous, it also poses a risk for malicious use, particularly in the realm of synthetic identity fraud. This type of fraud involves bad actors using a combination of real and fake information to create a new identity, and can be perpetrated using deepfakes — artificially created media such as videos or images that are so convincing they appear to be real — and other forms of AI-generated identity fraud. While current ID verification solutions are effective against more established forms of identity fraud, they may not be equipped to tackle the newer generative AI-based threats. In this article, we will explore how AI technologies and large neural networks like ChatGPT and DALL-E are being exploited through deception. We will also discuss the emerging technologies that can help address this challenge.

Read on for more.

The AI Era: Why Cybersecurity Needs to Be Ready

Dr. Jason Zhang of Anomali warns all involved in cybersecurity that the AI era is here, and we all need to be ready to brave the new world. From a defender’s perspective, the advent of AI is a welcome development. It can play an incredibly useful role in identifying malicious behavior from the millions of different events taking place each day across a network. For instance, it’s increasingly common for the bad guys to leverage legitimate software used in the Windows system to execute malware. That makes it hard to differentiate between malicious and legitimate behavior, which both use similar tools to execute. But here’s an instance where leveraging machine learning and AI improves the signal-to-noise ratio in the events to help security teams differentiate between the malicious and the benign. However, at the same time, AI now serves as a valuable weapon for cyber-criminals and other malicious actors to analyze huge amounts of data. That helps them more precisely target victims and automate their processes to speed up the cadence of attacks, making it harder for targeted victims to keep up with the pace of their cyber barrages.

Read on for more.

DPUs and the Importance of Data Center Fabric Technology

Soni Jiandani of AMD gives us a closer look at DPUs (Data Processing Units) and the importance of data center fabric technology. Over the past decade, the evolution of data center fabrics has evolved into high-performing leaf-spine topologies to address the volume and velocity of emerging application architectures. Despite advancements in these fabrics, their associated services have not kept pace, resulting in efficiency bottlenecks and security vulnerabilities that impede productivity. This is where Data Processing Units (DPUs) come into play. DPUs are typically integrated into Smart Switches and other network devices to enable distributed services. Distributed services technology allows customers to scale and realize the potential of next-generation data center technology without the need to rip and replace existing infrastructure. DPUs and the advanced stateful software services they enable can be added incrementally to the fabric without adding performance and administrative overhead to application servers.

Read on for more.

The post Identity Management and Information Security News for the Week of June 23; Brinqa, Securiti, Baffle, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Avidan Lamdan of AU10TIX looks at the current state of identity fraud, AI tech, and the ever-evolving future of AI-based identity fraud.

As artificial intelligence advances, it’s taking on an ability to mimic humans in amazing ways. While the potential for positive impact is enormous, it also poses a risk for malicious use, particularly in the realm of synthetic identity fraud. This type of fraud involves bad actors using a combination of real and fake information to create a new identity, and can be perpetrated using deepfakes — artificially created media such as videos or images that are so convincing they appear to be real — and other forms of AI-generated identity fraud.

The examples are already prevalent. A group of fraudsters claimed to be the CEO of an energy company based in the United Kingdom and coerced an amount of $243,000. Similarly, in the early months of 2020, a bank manager in Hong Kong was deceived into transferring a large sum of money by an individual who used voice-cloning technology. Furthermore, this year, several elderly individuals in Canada were victims of a voice-cloning scam and lost approximately $200,000 collectively.

While current ID verification solutions are effective against more established forms of identity fraud, they may not be equipped to tackle the newer generative AI-based threats. In this article, we will explore how AI technologies and large neural networks like ChatGPT and DALL-E are being exploited through deception. We will also discuss the emerging technologies that can help address this challenge.

AI-Based Identity Fraud: Now and in the Future

The increasing sophistication of artificial intelligence is escalating the risk of identity fraud. Criminals can now use AI to create convincing forgeries of documents such as IDs and passports. While such counterfeits historically required manual labor, AI makes it easier and more scalable to automatically create synthetic documents that look real. For instance, AI-generated deepfakes can be used to create false identities that are nearly impossible to distinguish from real ones. Moreover, large neural networks can create highly realistic text and images for use in fake IDs and other documents. This has serious implications for both organizations and individuals, including identity theft, financial fraud, and other criminal activities.

To combat this threat, there is a need for increased awareness and education on the dangers of AI-generated identity fraud. Companies and governments must invest in cutting-edge tools to detect and prevent fraudulent activities. They should also implement multi-factor authentication and other security measures to make it more difficult to create fake identities.

Consequences and Challenges

The consequences of synthetic identity fraud can be devastating. Individuals may suffer financial loss, reputational damage, and even legal troubles if their identity is stolen and used for criminal activities. Organizations face the same repercussions if they fail to detect fraudulent activities. Therefore, it is critical to invest in effective prevention measures to protect against AI-generated identity fraud.

To be clear, there is reason for hope. AI-based document forgery is not easy and may require adaptation of models for specific purposes. Criminals want to do as little work as possible, and as long as traditional tools like Photoshop are working, they may see no reason to spend time and effort on AI. However, as the technology continues to advance, it will likely become easier and more accessible for scammers to exploit.

Emerging Technologies and the Cat-and-Mouse Game

Identity verification technology has become increasingly important for fraud detection. Many companies are already using AI-based document analysis, which involves extracting and verifying data from passports, driver’s licenses and other forms of ID. Verified credentials and digital IDs are also cutting-edge tools that can be used to combat synthetic identity fraud. However, even these advanced technologies may not be enough to detect the most sophisticated types of fraud, like deepfakes. Advanced methods such as liveness testing are required. This involves requiring a person to perform specific actions or movements to prove they are physically present and not just a recorded image.

Detecting the most sophisticated deepfakes may also require tracking the injection of content such as fabricated or manipulated media, and then analyzing the connection between devices or the content itself. This involves looking for clues such as metadata, timestamps, and network data that can help identify the source of the content and how it was created. The fight against identity fraud is ongoing, with criminals constantly trying to outsmart detection measures at the same time tech vendors are working to defeat the bad actors. Unfortunately, the criminals only have to be successful once, while fraud detection must be successful every time.

The Future of Identity Fraud Prevention

The future of identity fraud prevention may lie in the use of verifiable credentials (VCs). VCs are digital documents that contain information about an individual’s identity that can be verified by authorized parties without the need for a central authority or database. They enable individuals to maintain control over their personal information and prevent bad actors from accessing it. They can also choose which information to share with each verifier, eliminating the need to disclose unnecessary personal data.

As AI continues to advance, so too must our efforts to prevent its successful use by identity thieves. By embracing emerging technologies and collaborating across industries, we can stay ahead of scammers and protect individuals’ identities and personal information.

The post ChatGPT, DALL-E, and the Future of AI-Based Identity Fraud appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review examine and debunk some common IAM myths that might be plaguing your workplace.

When enterprises have accurate knowledge about IAM (Identity and Access Management), they can effectively assess their security needs, allocate appropriate resources, and implement the right IAM solutions. By dispelling myths, organizations can avoid misconceptions that might lead to flawed security practices or underestimating the importance of IAM. Debunking IAM myths also helps foster a more comprehensive approach to cybersecurity. IAM is just one piece of the puzzle, and enterprises need to view it within the broader context of their overall security framework. By dispelling myths, organizations recognize that IAM is not a standalone solution but an integral part of a layered security approach. This understanding encourages enterprises to combine IAM with other security measures such as network security, encryption, and incident response to create a more robust and resilient security posture.

The editors at Solutions Review look at some of the more common IAM myths and break down how they can prove dangerous to you and your team.

7 Common IAM Myths

Here are some common IAM myths explained in detail:

• Myth 1: IAM is Only for Large Organizations. This myth suggests that IAM solutions are only necessary for large enterprises with many users and resources. In reality, IAM is essential for organizations of all sizes. Even small businesses must control user access to sensitive information and protect their systems from unauthorized access.
• Myth 2: IAM is Purely an IT Responsibility. IAM is often perceived as a responsibility solely for the IT department. However, effective IAM implementation requires collaboration across different departments, including HR, legal, and compliance teams. IAM policies must align with business objectives and regulatory requirements, making it a cross-functional effort.
• Myth 3: IAM is Only about Password Management. While password management is an essential aspect of IAM, it is not the sole focus. IAM encompasses a broader set of practices, including user provisioning, role-based access control (RBAC), access request and approval workflows, multi-factor authentication (MFA), and more. IAM aims to ensure the right individuals have appropriate access to resources based on their roles and responsibilities.
• Myth 4: IAM Slows Down User Productivity. Some believe implementing strong IAM controls can hinder user productivity by introducing additional authentication steps and access restrictions. While it’s true that IAM can add some friction, a well-designed IAM system strikes a balance between security and usability. IAM solutions can streamline access management processes, automate user provisioning, and enable Single Sign-On (SSO), ultimately enhancing productivity and user experience.
• Myth 5: IAM Solves All Security Challenges. IAM is a critical security measure, but it is not a silver bullet that solves all security challenges. IAM should be part of a comprehensive security strategy that includes other layers of defense, such as network security, endpoint protection, and data encryption. Combining multiple security measures provides a more robust defense against various threats.
• Myth 6: IAM is a One-time Implementation. IAM is not a one-time project; it is an ongoing process. User access requirements change over time due to employee onboarding, role changes, and offboarding. Additionally, IAM systems need regular updates and maintenance to address evolving security threats and technology advancements. Continuous monitoring, evaluation, and adjustments are necessary to ensure the effectiveness of IAM controls.
• Myth 7: Cloud Providers Handle IAM Completely. Some organizations assume that the cloud provider takes care of all IAM responsibilities when using cloud services. While cloud providers offer IAM capabilities, the responsibility for IAM remains a shared one. Organizations must configure and manage IAM settings within the cloud environment, define access policies, and monitor user activity to maintain a secure cloud environment.

By dispelling these IAM myths, organizations can better understand the importance, scope, and collaborative effort required to implement effective access management practices. Debunking IAM myths is essential for enterprises as it leads to informed decision-making, better risk management, a comprehensive security approach, improved operational efficiency, and enhanced compliance efforts. By gaining a clear understanding of what IAM truly entails, organizations can strengthen their security posture, protect sensitive assets, and ensure the right individuals have the appropriate level of access to resources.

This article on common IAM myths was AI-generated by ChatGPT and edited by Solutions Review editors.

The post Debunking 7 Common IAM Myths appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of June 9. This curated list features identity management and information security vendors such as Quantum Brilliance, QuSecure, Frontegg, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of June 9

Quantum Brilliance Releases Open-Source Software for Miniature Quantum Computers

This week, Quantum Brilliance, a quantum computing solutions and hardware provider, announced the full release of the Qristal SDK, an open-source software development kit for researching applications that integrate the company’s portable, diamond-based quantum accelerators. Previously in beta, the Quantum Brilliance Qristal SDK is now available for anyone to develop and test novel quantum algorithms for real-world applications specifically designed for quantum accelerators rather than quantum mainframes. Potential use cases include classical-quantum hybrid applications in data centers, massively parallelized clusters of accelerators for computational chemistry and embedded accelerators for edge computing applications such as robotics, autonomous vehicles and satellites.

Read on for more.

QuSecure Awarded U.S. Army Contract for Post-Quantum Cybersecurity Solutions

QuSecure, Inc., a leader in post-quantum cybersecurity (PQC), this week announced the United States Army has awarded the company a Small Business Innovation Research (SBIR) Phase II Federal Government contract to develop quantum-resilient software solutions. With this award, QuSecure will continue to advance research and development of quantum-resilient technologies and encryption solutions for the U.S. Government. The award states that QuSecure’s work has merit, will result in important benefits for the Army, and allots upwards of $2 million to address uses in tactical edge and tactical IoT devices that can be used for battle–ready deployment.

Read on for more.

Rezonate Delivers Identity-Centric Security Solution to AWS Marketplace

Rezonate, an identity-centric security platform, announced this week further advancements in its relationship with Amazon Web Services (AWS), bringing its platform to the AWS Marketplace. The availability of Rezonate on AWS Marketplace simplifies the process for mutual customers to continuously prevent identity risks and stop active attempts in real time, particularly as more critical data and applications transition to the public cloud. Rezonate provides a comprehensive view of all identities and their access routes to multi-cloud assets and critical SaaS applications, including federated privileges from different identity providers. This offers security and infrastructure teams an identity-centric security framework to automate the remediation of exposure risk and respond faster to active attacks.

Read on for more.

LogicGate Introduces OpenAI Integration

This week, LogicGate, a risk management solutions provider, introduced a new OpenAI integration that will help automate and inform GRC processes, including policy generation. The integration of OpenAI will help LogicGate customers easily implement and utilize AI technology with current Risk Cloud applications, scale content generation, and quickly solve complex problems with AI-powered systems and models like GPT-4.

Read on for more.

Frontegg Unveils Entitlements Engine

Frontegg, an identity and access management provider for SaaS companies, this week announced the launch of its Entitlements Engine, powered by its unique Context-Aware Logic Controls (CALC) technology. Entitlements Engine provides app builders and revenue teams with fine-grained feature authorization designed to meet modern SaaS builders’ need for speed of deployment and flexibility. Frontegg delivers this capability through a visual dashboard that allows non-technical users to design product bundles in minutes without adding additional code, complex configurations or products from other vendors.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

Submarine Cables: Cyber Risks and Consequences

Martin Lee of Talos dives deep into the cyber risks presented by submarine cables, and the consequences of ignoring them. At the best of times, the seabed can be a hostile environment. Fishing, errant anchors, geological activity, and the corrosive effects of seawater all act to ensure that the expected design life of an undersea cable is 25 years. Failure of submarine infrastructure is not unexpected. The loss of a single cable can be planned for. The architecture of the internet means that the packets of data carrying information can be switched and rerouted around areas of disruption. If redundant routes exist, network availability should not be interrupted despite the severing of a connection. However, as excess traffic is squeezed into the remaining connections and the contention ratio increases, the quality of connections may degrade.

Read on for more.

Embracing Biometrics to Increase Authentication Safety

“Good practice and discipline are essential for maintaining password safety, as well as embracing technologies that utilize physical characteristics for authentication – biometrics – as an additional stopgap. Both passwords and biometrics have their own advantages and disadvantages. Passwords are easy to set up, easy to use and can be changed frequently to enhance security. However, they are more easily compromised if they are easy to guess or shared with others. Biometrics, while more difficult to compromise, can be expensive to set up and maintain, and there are concerns about privacy and the collection and storage of personal data. We use biometrics more and more throughout everyday life without noticing the handoff of the security check. Being conscious of the layers of security in your digital life will set you up for security success: biometric passwords for devices you trust to act as your security broker, password keepers (sometimes with biometric logins) and multi-factor authentication. A current challenge is the hand-off between devices while still maintaining security; password keepers and even biometrics will eventually become seamless in order to maintain a higher level of security. AI brings an additional layer of concern around security, as it can brute force not just passwords but email addresses as well. Email addresses are much more secure than passwords – there have been estimates that it is 36 times easier to guess a password than an email address, due to the number of permutations in existence. Actively using resources like haveibeenpwned.com to check for security breaches and data loss is a great personal exercise. Ultimately, the choice between passwords and biometrics depends on the level of security needed and resources available.”

– Rob Price, Director, Field Security Office at Snow Software

Passwords Are Here to Stay; Adhering to Best Practices Matters

“Despite passwordless authentication being a recent trend, passwords will definitely continue to serve as the simplest and most effective means to secure identities in 2023. They are easy to use, can be changed if needed, and do not demand additional software or hardware to function. As crucial as they are for identity security, passwords can also be vulnerable to various attacks. Weak and easy-to-remember user passwords are usually the main cause behind these attacks. Additionally, seldom changing passwords and using the same login credentials for multiple online platforms and personas creates a higher risk of falling victim to password attacks. The only way in which organizations can withstand password attacks is by adhering to the password best practices recommended by regulatory standards. Employing longer passwords, as suggested by NIST, works wonders in defending against sophisticated password attacks. Including all character types and symbols, and avoiding dictionary words, common patterns, and usernames in passwords enhances their complexity and security. Compliance regulations like the GDPR, HIPAA, and the PCI DSS also recommend that companies use multi-factor authentication (MFA) methods to bolster identity security.”

– Manikandan Thangaraj, Vice President at ManageEngine 

The post Identity Management and Information Security News for the Week of June 9; Quantum Brilliance, QuSecure, Frontegg, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of May 26. This curated list features identity management and information security vendors such as SandboxAQ, QuSecure, TrustCloud, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of May 26

SandboxAQ Successfully Tests its Quantum Navigation System with the U.S. Air Force

SandboxAQ, a quantum security solutions provider, this week announced it has successfully tested its advanced, quantum sensor-based magnetic anomaly navigation system with the U.S. Air Force (USAF). The test flights, conducted last week at Travis Air Force Base by the 60th Air Mobility Wing, were part of an ongoing readiness and modernization effort to explore and develop an Assured Positioning, Navigation, and Timing (APNT) solution to augment the Global Positioning System (GPS). Such solutions will provide uninterrupted navigation in situations where GPS is unavailable or intentionally denied or spoofed. In January 2023, the USAF awarded SandboxAQ a Direct-to-Phase-II Small Business Innovation Research (SBIR) contract to research quantum navigation technologies. “The need for GPS-alternatives is critical,” said Maj. Patrick Morgan, Wing Tactics. “If we’re executing a mission where GPS is not available, it’s important to have another solution to ensure mission continuity and ensure a safe exit and return to base for our Airmen.”

Read on for more.

VulnCheck Launches XDB, A Comprehensive Hub of Exploits for Security Teams

VulnCheck, a vulnerability intelligence company, this week announced the launch of VulnCheck XDB, a comprehensive repository of exploits and proof-of-concepts hosted on git repositories. The complementary tool helps vulnerability researchers, offensive teams, and detection engineers prioritize the vulnerabilities that matter most and enhance security in company environments. VulnCheck XDB crowdsources data while also scouring public records, threat research and open-source git repositories in real-time for exploit code. The complimentary exploit hub associates exploit proof of concept code with known CVEs. Users can access XDB on VulnCheck’s website and search by CVE to discover which vulnerabilities have written exploits, helping improve prioritization and security.

Read on for more.

QuSecure Named as “Most Promising Unicorn” in SC Media’s 2023 SC Awards Program

QuSecure, Inc., a leader in post-quantum cybersecurity (PQC), this week announced that it has been recognized as a 2023 SC Award finalist in the Excellence Award category for Most Promising Unicorn. The announcement was made as part of SC Media’s 2023 SC Awards coverage. Now in its 26th year, the SC Awards program is cybersecurity’s most prestigious and competitive program, recognizing the solutions, organizations, and people driving innovation and success in information security. Hundreds of entrants vying for Excellence Awards were judged by a panel of industry leaders, from sectors including healthcare, financial services, manufacturing, consulting, and education.

Read on for more.

Black Ink Tech and Incode Partner on Joint Identity Solution

Black Ink Technologies Corp, a digital ledger and tokenization provider, is pleased to announce its partnership with Incode on a solution that delivers validated global identity. Incode is a leading provider of digital biometric verification and identification authentication solutions. The “everywhere digital identity” solution will capture a person’s digital identity using Incode’s biometric system, then match it to government records for validation and verification. That verification can then be transferred through Blank Ink Tech’s Validated Data Tokens and ChainIT platform. The generated QR code displays the Individual’s Validated Data Token ID, or IVDT-ID, record, where and when it was created, how it was created, as well as who validated and verified the information. The IVDT-ID is device independent, meaning even a smartphone can be used to validate an identity. With the permanent, immutable blockchain record, they can confirm the identity is authentic without needing to access the government records directly. The Incode system biometrically matches the individual to their digital identity, and all of the data points are Touch Audit enabled.

Read on for more.

TrustCloud Expands Audit Partner Network

TrustCloud, a trust assurance solutions provider, announced the expansion of its Trusted Partner Network to provide customers with access to premier audit experts. TrustCloud customers get preferred access to the audit firm that will best suit their needs, with special rates available, to reduce the time and costs associated with the compliance process. The right audit partner can turn a potentially time-consuming, expensive, and confusing process into a straightforward exercise, designed to improve an organizations’ security posture and win business from prospective customers. TrustCloud audit partners have demonstrated an exceptional ability to guide companies through the audit process, fairly evaluate their security posture, and provide helpful advice to maintain ongoing compliance.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

FAR, FIPS, and Federal Networks – The Cryptography Conundrum

Karen Walsh of Allegro Solutions decrypts the cryptography conundrum our country is facing at the federal level. While security-first compliance can enable organizations to achieve basic cyber hygiene, outdated laws and standards often reinforce the use of outdated technologies. For anyone watching the Cybersecurity Maturity Model Certification (CMMC) drama unfold over the last three years, the update to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 highlights the inconsistencies inherent in compliance objectives and security outcomes. As the federal government inches closer to a comprehensive standard across the Defense Industrial Base (DIB) and Federal Civilian Executive Branch (FCEB) supply chains, it must address the FIPS-validated cryptography conundrum.

Read on for more.

Removing the Confusion Around Methods of Data Security

Billy VanCannon of Baffle breaks down all current data security methods, helping remove much of the confusion. Once isolated to the IT department, data privacy and security are now top priorities across the organization and the boardroom. Executives understand that protecting data has profound business implications, from maintaining compliance to securely analyzing data for market differentiation. However, there needs to be more clarity around which protection methods a company might implement based on their business needs.

Read on for more.

What to Consider When Building an Autonomous SOC

Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours. Today’s threat landscape demands more from IT and security professionals than ever before. Schools are being forced to shut down due to ransomware attacks, major brands are falling victim to reputation-harming data breaches, and an explosion of connected devices has broadened the attack surface. At the same time, cyber-criminals are getting smarter and savvier, developing new ways to evade detection software and make money. As cyber-criminals are getting more creative, the cybersecurity industry is improving and developing innovative solutions to protect businesses. Earlier this year, the FBI revealed it had turned the tables on the notorious Hive ransomware gang by secretly hacking the group’s systems, saving $130 million in ransomware demands for more than 300 victims. Despite our best efforts, there are still elements holding us back as an industry and continuing to make organizations vulnerable to cyber-attacks. Prevention, monitoring, and mitigation all happen in the Security Operations Center (SOC), and, right now, SOCs are facing the perfect storm for cyber-crime: lack of visibility into complex operating environments, inability to analyze cloud-scale volumes of data, and an industry-wide shortage of cybersecurity talent. As a result, security professionals are experiencing widespread burnout and unrealistic workloads, which lowers their productivity and creates higher security risks.

Read on for more.

The post Identity Management and Information Security News for the Week of May 26; SandboxAQ, QuSecure, TrustCloud, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of May 12. This curated list features identity management and information security vendors such as Corvus Insurance, Qumulo, UberEther, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of May 12

Corvus Insurance Delivers an “Industry-Leading” Loss Ratio of 36 Percent

Corvus Insurance, a cyber risk solutions provider, this week announced its U.S. industry-leading 2022 ultimate loss ratio of 36 percent, which has been independently verified and includes all lines and all risk capital partner results. This figure is indicative of the strength of Corvus’s cyber underwriters and the team’s sharp focus on delivering strong underwriting results. Across its book, Corvus grew cyber premiums by 80 percent in 2022 while maintaining this leading loss ratio.

Read on for more.

HID Fingerprint Biometric Tech Now Conformed to Industry’s Highest PAD Standards

HID Global, an identity solutions provider, this week announced that its latest V-Series fingerprint modules and readers with multispectral imaging (MSI) technology are now certified to ISO/IEC 30107-3 PAD Level 2 standards. The product detects much more sophisticated spoofing attempts based on 3D-type artifacts like those crafted from resin, latex, silicone and prosthetics and ISO 30107-3 PAD Level 2 compliance requires products successfully block 99 percent of spoof attempts. HID Lumidigm V-Series products are among the few solutions that conform with the industry’s rigorous PAD standards for fingerprint biometric technology.

Read on for more.

LogRhythm Announces Technology Partnership with Mimecast

LogRhythm, a SIEM platform and cybersecurity solutions provider, announced its technology partnership with Mimecast, an advanced email and collaboration security company. LogRhythm and Mimecast’s integration will help organizations around the globe protect against modern cyberattacks. LogRhythm SIEM integrates Mimecast’s email security capabilities with LogRhythm’s enterprise threat management. LogRhythm’s scenario and behavioral-based analytics automatically consumes email security data from the Mimecast cloud service, along with other security data from across an organization to deliver real-time threat protection based on up-to-date situational awareness and comprehensive security analytics.

Read on for more.

Qumulo Announces Integration with Varonis Data Security Platform

Qumulo, a data management provider, this week announced integration with the Varonis Data Security Platform and introduced their new Snapshot-Locking capability to protect customers against ransomware. Qumulo and Varonis have partnered to provide an end-to-end solution that protects Qumulo customers from ransomware in both cloud and on-premises environments. The Varonis Data Security Platform provides real-time visibility and control over cloud and on-premises data and automatically remediates risk. Varonis’ behavior-based threat models detect abnormal activity proactively and can stop threats to data before they become breaches. In the storage layer, Qumulo offers data protection by cryptographically locking snapshots, allowing administrators a simple mechanism to stop attackers from infecting valuable customer data.

Read on for more.

Incode Releases “Consumer Pulse on Biometrics” Survey Report

Incode Technologies Inc., a provider of identity verification and authentication solutions for global enterprises, recently released its inaugural “Consumer Pulse on Biometrics” survey report, with indicators about consumer priorities and beliefs about biometrics. The report is based on a survey of global consumers with experience using digital identification apps and services. Over half (54 percent) of survey respondents indicate that digital authentication methods such as biometrics are revolutionizing the customer experience when it comes to online transactions and payments. However, they are not fully committed. Consumers are hesitant to embrace digital identification. Nearly half (48 percent) of survey respondents do not see digital authentication as contributing to trust in the online world. This is due to concerns about fraud protections, privacy, and security.

Read on for more.

UberEther Announces IAM Advantage

UberEther, an identity security solutions provider, this week announced the launch of IAM Advantage, the “first solution of its kind” to achieve DoD IL5 authorization. IAM Advantage is an identity, credential, and access management (ICAM) solution designed to help Government agencies and suppliers modernize their legacy identity systems. IAM Advantage can manage access for employees, contractors or citizens and will secure end-to-end workflows from account registration to digital transactions. IAM Advantage is a preconfigured solution, ensuring cost and time savings for Government procurement and security teams. UberEther offers flexible deployment models: on-premises, in any cloud or hybrid environment, or in air-gapped or disconnected (DDIL) environments at the tactical edge. Security is enhanced with a single-tenant environment, and customers control their own encryption keys. Further, IAM Advantage is applicable to both desktop and mobile applications – and in both single sign-on and federated identity management models. Integrations with Salesforce and ServiceNow are prebuilt and will allow Government customers to integrate IAM Advantage into their existing software stack quickly and affordably.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

5 Facts About the Future of Cybersecurity

Stephen Moore and Tyler Farrar of Exabeam team up to beam up five facts about the future of cybersecurity. Today’s attackers have become increasingly elusive by generally just using stolen credentials or looking for misconfigured systems. With the evolving nature of the cyber landscape, they are taking advantage of the current geopolitical climate to exploit new areas of business operations. Plus, as organizations are facing uncertain macroeconomic times, security risks are becoming even more challenging to detect, escalate, and manage with additional scrutiny on budgets. Using our combined military, SOC, and internal experience, we have compiled our top five insights on how organizations can keep an eye on the most prevalent threats– and build out more robust security architectures to defend against them.

Read on for more.

The post Identity Management and Information Security News for the Week of May 12; Corvus Insurance, Qumulo, UberEther, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

For World Password Day, the editors at Solutions Review have compiled a list of comments from some of the top leading industry experts.

As part of World Password Day (May 4) we called for the industry’s best and brightest to share their Access Management comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value.

18 World Password Day Quotes from Experts

Igor Volovich, VP of Compliance Strategy at Qmulos

In today’s increasingly connected world, it is important to recognize that password security is only one aspect of a larger, multidisciplinary effort to protect digital assets and personal information. A secure and resilient enterprise must adopt a multifaceted approach to cybersecurity, incorporating various defense, monitoring, and response measures. This holistic perspective acknowledges that security is a continuous process, with security frameworks serving as invaluable guides for organizations to deploy and maintain comprehensive protection. Passwords, simply put, are just not enough, no matter how strong.

Often, compliance is treated as a lagging indicator due to its focus on the past state of security controls. However, integrating compliance into real-time monitoring can significantly transform this perspective. By employing continuous control monitoring, enterprises can maintain awareness of their security posture on the same timescale as potential attackers, rather than relying solely on traditional defensive measures like strong passwords or multi-factor authentication. In a rapidly evolving threat landscape, organizations must prioritize real-time assessments to effectively mitigate risks and maintain a robust cybersecurity infrastructure.

Shiva Nathan, Founder & CEO of Onymos

There will be increased adoption of more secure technologies than passwords, particularly with the onslaught of cybercriminal activity and increased focus on privacy. More websites and apps will offer alternate authentication mechanisms to passwords, many of which will involve biometrics. The two major platform players — Apple & Google — will increase the adoption of passkeys/FIDO. It will be interesting to watch how the other two behemoths that do not control a consumer platform — Amazon & Microsoft — react to this change.

Jim Alkove, CEO of Oleria

The time for protecting data solely with passwords has come and gone. Today’s rapidly accelerating business environment necessitates strong multi-factor or passwordless authentication and a transition to new adaptive and autonomous approaches to access. Adaptive access allows an organization to reduce the risk of breaches by granting just the right access at the right time for the right duration. Autonomous access frees an organization from the expense of today’s largely manual approaches to managing access and allows them to accelerate with the pace of business, confident that data is protected.

Patrick Harr, CEO of SlashNext

Every May, we recognize World Password Day as an international effort to empower individuals and businesses to keep their data safe and enable better password habits. Passwords have been basic cyber hygiene for decades But, sadly, they are no longer enough to keep our personal and corporate information safe amid today’s rising attacks. If you don’t use strong passwords or if you are constantly using the same ones across all your devices, you’re putting your data and devices at risk. Proper password hygiene is of course critical, but even following password best practices to the letter can’t prevent hackers from obtaining access to accounts and systems.

According to SlashNext’s The State of Phishing Report 2022, 76 percent of the attacks found in 2022 were credential harvesting, which is still the number one cause of breaches, as demonstrated in the high-profile breaches in 2021 and again in 2022 with Twilio, Cisco, and Uber, all starting with credential theft. Additionally, given the rise of new AI tools like ChatGPT, hacking passwords has become easier than ever. According to a study by Home Security Heroes, almost 51 percent of all common passwords can be cracked easily in less than a minute by AI. Apart from this, 65 percent of the common passwords were cracked by the AI in less than an hour, whereas 81% of the passwords took less than a month. In this case, using security tools with AI technology is important to stop these AI-based attacks that are aiming to steal your credentials. You have to fight AI with AI.

One of the most effective ways to prevent unauthorized access is by requiring additional validation of login credentials during a user’s authentication process known as Multi-Factor Authentication (MFA). MFA effectively protects against “credential harvesting,” where hackers gather stolen passwords to launch attacks. This can be as easy as a user providing his/her password, then entering an accompanying numeric code from an SMS text.

It’s also common knowledge (although often ignored) that you should never use the same password for different accounts, since hackers who obtain a legitimate password will try it across different systems in hopes of gaining access to more critical data. You should also change passwords routinely to limit the amount of time a hacker can spend in accounts in the case it was compromised.

Overall, World Password Day reminds us how important it is to make cyber hygiene a top priority, especially in this new hybrid work environment which has made employees more vulnerable to attacks.

Darren Guccione, CEO and Co-Founder of Keeper Security

Along with evaluating personal password hygiene, World Password Day is a fantastic opportunity for IT security teams to consider their password and secrets management policies. This is a pervasive problem, as our 2022 UK Cybersecurity Census report found that nearly a third of organizations allow their employees to create their own passwords and share passwords using insecure means.

We recommend strong, unique passwords or passphrases for each account that are at least 12 characters with upper and lowercase letters, numbers and special characters. To achieve this, it is essential to use a password manager as a first line of defense. This will help employees use high-strength random passwords for every website, application and system. A password manager will drastically reduce the chances of a compromise that can hurt a company’s reputation or brand. To add an additional layer of security, we also recommend enabling MFA, such as an authenticator app, to protect against remote data breaches.

Password managers can also help colleagues securely share passwords and access to accounts. Some common mistakes include sharing passwords through unencrypted emails or messages, storing passwords in a spreadsheet or text file and making the passwords less complex so they are easier for multiple people to remember. Another key advantage of a password manager is that it makes it easier for teams to protect their shared accounts with MFA.

Ricardo Amper, CEO and Founder of Incode Technologies

This isn’t a reminder to change your password– this is a call to dramatically revolutionize everyone’s day-to-day lives.

Machine Learning, quantum computers, fingerprint biomarkers– we’re living in the future, and the next generation of passwords is finally at our disposal. AI is mature enough for us to skip past band-aid fixes and leapfrog to the end all be all: biometrics. With your unique identity markers, yesterday’s hard-to-remember framework can be fully transformed – say goodbye to the 85 different passwords supplemented by tokens and MFA codes accessed via app or SMS for full control over who accesses your account. It’s no longer a matter of time before your account is hacked: your face is the best defense against cybercriminals’ man-in-the-middle or phishing attempts, since it’s entirely unique to your own identity. We can bypass the easily broken, friction-filled system to create lasting Trust between people and the organizations that serve them.

On this World Password Day, we echo last year’s call for biometrics as the future of passwords and challenge organizations to rethink the way they serve people. Supplementing biometrics with AI creates a more secure, accurate, and seamless means of verifying someone’s identity instead of or alongside passwords. This unprecedented turning point is an opportunity to reimagine everything from lines at the DMV to how we connect with each other online.

We have the ability to eliminate friction but, most importantly, create global equity and social and economic mobility through self-sovereign identities.

Joseph Carson, Chief Security Scientist at Delinea

World Password Day serves as a reminder to reflect and think about your password health. If you’re anything like me, you are not a fan of passwords – having to frequently change them and choose the next great password that is better, longer and more unique than the previous one.

This World Password Day, let’s take a moment and think about how we can remove passwords from our lives and into the background, while making our digital lives safer. A great place to start is by using a Password Manager. A Password Manager will let you know when your password needs to be changed, when it’s weak, or when it’s reused. Even better, when used in conjunction with multi-factor authentication (MFA), it takes away the tedious take of choosing – and remembering – your next great password.

Let’s use this World Password Day to move passwords out of our lives, into the background, and make our digital world a safer place.

Kevin Higgins, Senior Consultant at Optiv

World Password Day is a great reminder that strong password hygiene remains one of the most effective ways to prevent account credentials from being compromised. And, we need this reminder because people continue to be the weakest link when it comes to password security. We are conditioned to choose passwords that are easy to remember and to follow similar password creation patterns (e.g., capitalizing the first character or ending with an exclamation point). Not to mention, many people still reuse passwords across accounts and share passwords with others. In fact, according to PC Magazine, 70 percent of people admit they use the same password for more than one account, and Google reported that 43 percent of adults have shared their password with someone.

Weak passwords can lead to cyberattacks, not only against consumers but entire organizations. With this in mind, World Password Day is the perfect reminder for us to review our password practices and make improvements, where necessary. A few best practices include making your passwords complex with at least 12 or more characters; considering using a ‘passphrase’ where a sequence of words makes up the password (e.g., penguins live at the zo0!); not using the same passwords on multiple accounts; using a password manager to auto-generate passwords and store credentials in a safe, encrypted database; and use multi-factor authentication when available.

Danny de Vreeze, Vice President, Identity and Access Management at Thales

The average consumer has hundreds of passwords, and despite continued warnings, these passwords are consistently reused, weak and easily hackable. Stolen credentials are one of the leading entry points for cyberattacks, and 37 percent of respondents to the 2023 Thales Global Data Threat Report (DTR) reported experiencing a breach in the past 12 months, many of which have led to time and money lost for enterprises and individuals alike.

The good news is that we’re seeing improvements across the board on awareness of these risks — and solutions to mitigate them. We’re seeing a renewed focus on staff training, strong authentication implementation and changing security policies around access management, all designed to reduce human error and improve weak password practices. In fact, 28 percent of respondents to the DTR believed that identity and access management (IAM) was the best defense against security risks. As we look to shift towards more secure authentication, these are the critical stepping stones to ensuring weak passwords are a threat of the past.

Jim Broome, President and CTO of DirectDefense

When it comes to password security, it’s important to remember that the password prompt is often the first line of defense against cyber threats. One effective strategy is to replace traditional passwords with password phrases, which are easier to remember and more secure. Increasing the domain password length to 15 characters and blacklisting commonly used passwords such as Password1, Welcome1, or Winter2016! can also significantly reduce the risk of password-related security breaches. It’s equally important to perform regular password audits and disable legacy protocols to uncover potential vulnerabilities. Strengthening monitoring and alerting capabilities within the internal network can also help detect and respond to security threats more effectively. Additionally, password-less authentication solutions like Microsoft Entra can offer a more advanced solution for organizations that have the resources to implement them.

Bassam Al-Khalidi, Co-Founder & Co-CEO of Axiad

This World Password Day, instead of coming up with new ways to secure passwords, organizations should consider doing away with them altogether. Passwords are an ineffective way to protect data – they’re complicated to remember, easily hackable and an interruption to workflows. Instead, forward-looking organizations are adopting passwordless approaches. The benefit of a passwordless strategy is not just improved security, but also lower end user friction as well as lower administrative costs associated with tactical actions like password resets. On top of that, many passwordless alternatives – like certificate-based authentication (CBA) and FIDO passkeys – also deliver phishing resistance. With recent guidance from CISA, NIST, and even the White House OMB focusing on the importance of becoming more resilient to phishing-based attacks, this added benefit is timely and significant. Passwordless is the most effective way in today’s threat landscape to protect what matters most; and with so many benefits for security executives, administrators, and end users, it truly represents a win-win-win.

Dan Conrad, AD Security and Management Team Lead at One Identity

World Password Day was created as a cybersecurity reminder to use strong passwords or change old or unsecure ones. If we’re honest, it’s been an overdue reminder for longer than any of us in security thought necessary. It can seem obvious to some, but many businesses are still dealing with the most basic of breaches because they aren’t using best practices. Organizations need to be accountable for having – or not having – password and identity security practices that secure their critical assets. If critical assets aren’t explicitly protected by MFA (and admin privileges aren’t protected in the same way), or if someone can get data by typing in “Password1”, that’s a serious oversight, and an unacceptable risk to the business.

In the future, I’d love to see World Password Day become World Secure Authentication Day, World MFA Day or even World Passwordless Day as our strategies for identity security evolve. If we can all get on board with basic best practices and rigorous education, we might just get there.

Vittorio Bertocci, Principal Architect at Okta

It’s 2023. Celebrating “World Password Day” honors a 60-year-old technology. Passwords are a bad habit we should help the world break free from, even if we know it will take years to do so. We should take a page from the many holidays that have evolved over time and institute a “World Passwordless Day”, during which we collectively come together as an industry to raise awareness about the dangers of passwords. Together we can help users, developers and administrators alike to learn about what options they have to migrate to passwordless, and how much better their life can be without passwords.

Will Bass, Vice President, Cybersecurity Services at Flexential

Passwords are the first line of defense to keeping systems safe from bad actors. Unfortunately, many passwords are easily cracked using widely available tools. An eight-character password can be cracked within a few hours, even when using numbers, upper and lowercase letters, and symbols. As a result, it is important to use hard-to-crack passwords as well as unique passwords, especially when accessing sensitive data.

The most important thing you can do to have a solid password is to make it long. With current technology, a password of 18 upper and lowercase letters would take six trillion years to crack. Adding numbers and symbols makes it even harder. The two easiest ways to do this are by using passphrases and password safes, which also help with keeping passwords unique.

Ian Leysen, CEO, CSO, and Co-Founder of Datadobi

World Password Day serves as an important reminder to individuals and businesses alike about the critical importance of password security in protecting sensitive data. World Password Day is also a reminder that as the frequency of data breaches and cyber-attacks continue to rise, we cannot rely on passwords alone.

From a business perspective, relying solely on passwords to protect critical data is an especially risky proposition. The next step must be to employ data governance policies that designate what constitutes critical data that must be protected. However, even with these policies in place, protecting data that you cannot find is impossible. Businesses need a technology solution that enables them to locate and organize all critical data, and then take appropriate action to secure it. This may involve creating an immutable copy, moving it to a more secure environment, creating a “golden copy,” and/or transferring the data to a storage solution that can be air-gapped for even greater protection from online threats. This tailored approach is much smarter than relying on broad security measures that may not be effective in all situations.

To sum it up, combining strong passwords with data governance policies and a technology solution to enforce those policies is an unbeatable approach to data protection and security. In doing so, businesses can safeguard their sensitive information – especially from the growing threat of cyber-attacks, consequently enabling them to comply with regulations, as well as protect their intellectual property, reputation, and bottom line.

Don Boxley, CEO and Co-Founder of DH2i 

World Password Day is a day to acknowledge the pivotal role that passwords play in our digital lives. It is also a day that reminds us how prevalent cybercrime has become, and while creating strong and unique passwords and regularly changing them is critical, passwords must be considered a first-line, not the only-line, of defense.

Historically, VPNs were considered a reliable line of defense against cyber threats, but their popularity is rapidly declining due to their limitations in terms of security, slow connection speeds, bandwidth constraints, configuration and management complexity, and high cost. On the other hand, Software-Defined Perimeters (SDP) are gaining popularity as a safer and more efficient alternative. Advanced implementations of SDP allow users to establish direct connections with application-level Zero Trust Network Access (ZTNA) tunnels, eliminating the involvement of third-party vendors in the data stream. With SDP, users have direct access to the data endpoints they need, without any intermediaries. In comparison to VPNs, only SDP can prevent lateral network attacks, enhance data transfer rates by up to 3x, and offer complete control over the data stream.

Bottom-line, bullet-proof passwords combined with SDP provide unparalleled security to eliminate cyber threats. Passwords act as the first line of defense, while SDP’s advanced security features ensure only authorized users access the network and data endpoints, reducing the risk of cyberattacks, data breaches, and lateral network attacks on World Password Day, and all year round.

Steve Santamaria, CEO of Folio Photonics

Cybercrime is a growing threat to individuals and businesses alike. Hackers are constantly looking for ways to exploit weaknesses in our digital security, steal our personal and sensitive information, and hold it for ransom. One of the most common ways that cybercriminals gain access to our accounts and information is through weak or easily guessable passwords. World Password Day serves as a reminder that using strong and unique passwords is critical to protecting our digital presence. But it’s not enough. Hackers are becoming more sophisticated in their tactics, and relying solely on passwords for protection is like leaving your front door unlocked in a high-crime area.

To truly safeguard our digital assets, we need to employ multiple layers of data protection. This includes things like two-factor authentication, encryption, and regular system updates. But even those measures may not be enough. That’s why having a secure, tamper-free data archive that uses WORM media is so important. It can safeguard your assets while helping you recover from a ransomware attack or other data loss event; subsequently, reducing the impact that this disaster has on your business operations.

But to truly take your cybersecurity to the next level, you may need to consider air-gapping your data archive. Air-gapping your data means physically disconnecting it from the internet or any network connection, making it virtually impossible for cybercriminals to access it. When an air gap is combined with WORM media, it becomes the ultimate protection and should sit at the base of any cyber-resilient infrastructure. While this has often been used in the most sensitive, highest security environments, it is becoming more-and-more commonplace to see other types of organizations deploying it as well.

So, if you’re not taking cybersecurity seriously, it’s time to wake up and smell the coffee. The threat of cybercrime is real and growing. If you don’t take steps to protect your digital presence, you could be the next victim. So, use World Password Day as a reminder to take action and employ multiple layers of protection to safeguard your digital assets.

Bob Eckel, CEO of Aware

We know that changing ingrained systems can often be very difficult, and passwords are no exception. Having been the de facto form of authentication since the beginning of the computing era, there are many reasons for passwords’ longevity, including the fact they are inexpensive and easy to implement. But passwords’ weaknesses are obvious, with an estimated 80 percent of breaches being the direct result of stolen and/or weak passwords.

More recently, password management systems have been encouraged as a way to promote good password hygiene, supposedly making them less prone to theft or misuse. However, last year’s hack of LastPass, a major password manager, dramatically changed this landscape and raised a vital question: if a major password provider can be breached, why are we still relying on non phishing-resistant, outdated authentication techniques like passwords anyway?

The aim of World Password Day – “fostering good password habits that help keep our online lives secure”: – is commendable. But with cloud-based biometric authentication within reach for even the smallest organizations – combined with the adoption of decentralized identity techniques meaning there’s no central repository of biometric data to hack – we believe the best type of password hygiene for today is actually the elimination of passwords altogether.

The post 18 World Password Day Quotes from Industry Experts in 2023 appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Dr. Mohamed Lazzouni of Aware centers a discussion around decentralized identity and the future of authentication solutions.

There is an increasing trend, particularly in certain industries like crypto, of moving towards a decentralized identity model. Yet, the concepts of centralized versus decentralized identities may be challenging for people to conceptualize and understand. At the highest level, a decentralized identity model challenges the idea that a third party is required to manage the sensitive data used in authentication. Here, we offer simple explanations to define each of these terms, along with thoughts on the future use of these approaches.

Decentralized Identity: The Way Forward

What is Meant by “Centralized Identity”

Centralized identity means peoples’ credentials – passwords or biometrics, for example – are collected and stored in one centralized database. However, there are numerous shortcomings to this traditional approach, the biggest liability being, of course, that central databases can be hacked and the data compromised. This is why some organizations are wary of using biometric authentication. The other issue is that organizations that own these central databases may not always handle the information in alignment with users’ wishes.

What is Meant by “Decentralized Identity”

On the other hand, the Web3 concept of decentralized authentication means there is no central authority where someone’s credentials are stored, and no central authority is needed to verify a person’s identity. In this model, users authenticate themselves to a neutral third party only once, with proof of one’s identity then saved in an identity trust fabric (ITF) that may include blockchain technology. This ITF acts as a middleman between a user and all of their service providers, handling all identification and access requests. Any data held by the ITF is encrypted and encoded under complex mathematical operations, increasing security to levels the likes of which humankind has never before seen.

The Role of DIDs

An immutable record of a person’s data being recorded in an ITF or on a blockchain might initially sound a little scary and risky. But this is where the concept of decentralized identifiers, or DIDs, comes in. Traditionally, many digital services have relied on password-based logins, but given how easy it is for passwords to be lost, stolen, or hacked, this is a highly insecure approach. Alternatively, multi-factor authentication schemes can increase security, but these add friction that often reduces user adoption, productivity, and stickiness. An example is when you’re trying to access a service, only to find once you successfully enter your password, you need to scramble for your phone to receive and submit a one-time code sent to you via text, thus adding another layer of inconvenience. DIDs, on the other hand, securely confirm a true, unfalsifiable digital identity without adding aggravation or inconveniencing users.

There are multiple ways to create and prove this true identity, with biometrics being one notable example – after all, nobody can fake someone else’s fingerprints, voiceprint, or facial print. When one’s DID is linked to a physical attribute, the individual can authenticate securely without revealing their name or any other identifying information.

Future Directions

There are clear signs that online authentication is slowly but surely moving to a decentralized model, especially for more modern forms of authentication like biometrics. One example is crypto-biometrics, where biometrics are used to unlock access to, say, a bank account, without ever leaving the user’s device (i.e., there is no central repository of biometric info). In this scenario, device-based configurations place the biometric functionality onto a person’s device; all biometric matching, template storage, and liveness detection happens on the device. Another early form of decentralization that works well with biometrics is the practice of breaking this data up into anonymized bits, which are spread and stored across a vast network. This means that even if a hacker could access biometric information, creating a composite would be virtually impossible.

As the adoption of more advanced forms of authentication like biometrics increases, so too will decentralized identity, as it represents the most private of private information. Organizations that understand and capitalize on it will create and benefit from a long-standing competitive advantage.  These companies will reduce the often-heavy compliance burden of dealing with and handling users’ private info. They will also enjoy a higher level of security and information protection themselves, with no central database of client information to hack.

But perhaps most of all, organizations that offer this combination of biometric authentication and decentralization will have a leg up due to providing users with the convenience of doing away with cumbersome passwords and multi-factor authentication. The importance of this cannot be overstated. Convenience has become one of the most important factors for users as they decide who they will do business with. We believe that decentralized identity is the key to advancing the next wave of online authentication, and innovative organizations will want to pay close attention to this emerging opportunity.

The post Centralized and Decentralized Identity and the Way Forward appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of April 28. This curated list features identity management and information security vendors such as Laminar, iProov, Immuta, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of April 28

Laminar Named AWS Security Competency Partner

Laminar, a data security platform, this week announced that it has achieved two important milestones in its relationship with Amazon Web Services (AWS). Laminar became the first pure-play DSPM to be named an AWS Security Competency Partner in the category of Data Protection in March. In addition, Laminar’s DSPM solution received the Amazon Relational Database Service (RDS) Ready Product designation in February. The AWS Competency Program validates and promotes AWS partners who have demonstrated technical expertise and proven customer success in specialized areas, including various security use cases. Last year, the company introduced a new category within the Security Competency, Data Protection, at its AWS re:Inforce event, and Laminar is the first pure-play DSPM provider to earn this distinction.

Read on for more.

Outpost24 Appoints Brendan Hogan as Chief Strategy Officer

Outpost24, a cyber risk management solutions provider, this week announced it has appointed Brendan Hogan as Chief Strategy Officer (CSO). Hogan is responsible for spearheading M&A Strategy, Corporate Development and Alliance strategy for the company. Hogan has over 20 years of strategy and corporate development experience across technology and security. In his new role as Outpost24 CSO, Hogan will drive the long-term strategy that enhances current product offerings, scale operations to support new growth opportunities for Outpost24’s existing businesses and look to expand the technology across new global markets.

Read on for more.

Token Debuts Next-Generation MFA at RSA Conference 2023

Token, an MFA solutions provider, debuted its new smart ring MFA solution at the RSA Conference earlier this week. Token’s next-generation MFA solution is an easy-to-implement, passwordless, FIDO2-compliant, biometric wearable that stops phishing attacks and data breaches. Those that attended the Conference in San Francisco were given a demo of the ring in action.

Read on for more.

iProov Named Winner at the Global InfoSec Awards During RSA

iProov, a leader in online facial biometric authentication is proud to have won the Biometrics Award at this year’s Global Infosec Awards run by by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award was announced at the 2023 RSA Conference. The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables.

Read on for more.

Nok Nok Partners with Carahsoft to Provide MFA Solutions to Government Agencies

Nok Nok, a passwordless authentication solutions provider, this week announced a partnership with Carahsoft Technology Corp. Under the agreement, Carahsoft will serve as Nok Nok’s Master Government Aggregator, making the company’s phishing-resistant multi-factor authentication (MFA) solutions available through Carahsoft’s reseller partners, NASA Solutions for Enterprise-Wide Procurement (SEWP), Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Cooperative Purchasing Alliance (NCPA), and OMNIA Partners contracts. By providing access to numerous contract vehicles, Carahsoft will help streamline the procurement process for the Federal Government to acquire Nok Nok’s S3 Suite and provide the integrated platform to its employees, contractors, partners, and public users.

Read on for more.

Sift Launches Online Community, “Sifters”, for Trust and Safety Professionals

Sift, a Digital Trust & Safety platform, announced the launch of its new online customer community, “Sifters.” Previously available in a limited beta, Sifters hosts product documentation, discussion forums, education, and a network of global professionals. Sift customers can learn from, interact with, and share information with each other, including emerging fraud threats they encounter. Additionally, the community portal allows any Sift customer to engage directly with product experts and the Trust and Safety Architect (TASA) team, Sift’s group of in-house advisors and advocates who previously held fraud prevention roles at companies such as Google, Facebook, Square, and Airbnb.

Read on for more.

Immuta Launches New Data Security Features for Platform

Immuta, a data security solutions provider, this week announced new vulnerability risk assessment and dynamic query classification capabilities for the Immuta Data Security Platform. These new features enable customers to promptly identify and prioritize security gaps, protecting sensitive data based on the context and sensitivity levels. These new features will help customers protect, manage, and remediate data by making it easy to identify and dynamically protect sensitive data, monitor and measure data access risk, and provide “foolproof” data protection across the leading cloud data platforms.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

The 8 Best Coursera Courses for Cybersecurity in 2023

The editors at Solutions Review compiled and curated this shortlist for the best Coursera courses on cybersecurity in 2023 to give the aspiring cybersecurity expert a strong starting point in their career. The Coursera cybersecurity courses listed below are entry-level and can be a great starting point for anybody trying to kick-off their learning this year. They’re also a great reference point for established experts looking to brush up on their knowledge. Whatever your motivation to learn more, Coursera will provide.

Read on for more.

The Evolving Cybersecurity Landscape: M&A Activity, Quantum, and More

The cybersecurity landscape for businesses is constantly evolving, with new threats and vulnerabilities emerging all the time. In recent years, cyber-attacks have significantly increased, including ransomware, phishing, and supply chain attacks. Companies are also facing regulatory pressures to ensure data privacy and security, with new laws such as GDPR and CCPA. With the rise of remote work, businesses must also contend with securing devices and networks outside of traditional office settings. At the same time, emerging technologies such as AI and IoT offer both opportunities and challenges for security. To stay ahead of these evolving threats, businesses must take a proactive approach to security, including implementing robust security measures, providing regular employee training, and staying up to date with the latest trends and best practices in cybersecurity.

Read on for more.

Automation: The Missing Link to Recession-Proof Cybersecurity

In an unprecedented threat landscape, a highly vigilant and prepared security team is an absolute necessity to ensure no suspicious activity slips through the cracks. However, improvements won’t be made if security teams are still relying on manual processes and disparate point tools to address security challenges. As such, the key to building a recession-proof cybersecurity program will lie in the hands of automation.

Read on for more.

The post Identity Management and Information Security News for the Week of April 28; Laminar, iProov, Immuta, and More appeared first on Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services.