Enterprise identity and access management

Blockchain for identity management: Implications to consider

Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading

By

• Jessica Groopman, Kaleido Insights

Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database. Continue Reading

By

• Ben Lutkevich, Site Editor
• Toni Boger, TechTarget

How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading

By

• Michael Cobb

Corral superuser access via SDP, privileged access management

Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading

By

• John Burke, Nemertes Research

5 steps to secure the hybrid workforce as offices reopen

Companies must now face the security challenges of overseeing a hybrid workforce as employees return to the office. Continue Reading

By

• Ashwin Krishnan, StandOutin90Sec

When should you use AWS IAM roles vs. users?

Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS resources. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

RSA Conference 2021: 3 hot cybersecurity trends explained

In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading

By

• Sharon Shea, Executive Editor

Despite confusion, zero-trust journey underway for many

Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading

By

• Sharon Shea, Executive Editor

session key

A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Continue Reading

By

• TechTarget Contributor

user authentication

User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity. Continue Reading

By

• TechTarget Contributor

PKI (public key infrastructure)

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading

By

• TechTarget Contributor

Jumio CEO discusses new $150 million funding round

Jumio CEO Robert Prigge talks about Jumio's new funding round and how the COVID-19 pandemic has affected Jumio's digital identity verification and fraud prevention business. Continue Reading

By

• Mark Labbe

Stay in control with Azure AD Privileged Identity Management

Rampant use of elevated privileges can prove hazardous to enterprises. Rein in access and manage resource access with help from this Azure Active Directory feature. Continue Reading

By

• Reda Chouffani, Biz Technology Solutions

Top incident response tools to boost network protection

Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading

By

• Dave Shackleford, Voodoo Security

7 privileged access management best practices

Privileged access is a given in enterprise environments, but it presents many security issues if breached. Follow these seven PAM best practices to mitigate risk. Continue Reading

By

• Ashwin Krishnan, StandOutin90Sec

Azure Information Protection P1 vs. P2: What's the difference?

Azure Information Protection adds security to files such as sensitive emails and files copied to flash drives. See which features Microsoft offers in its two licensing levels. Continue Reading

By

• Reda Chouffani, Biz Technology Solutions

2021 IT priorities require security considerations

AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading

By

• Sharon Shea, Executive Editor

Azure AD Premium P1 vs. P2: Which is right for you?

Azure Active Directory is more than just Active Directory in the cloud. See how the premium editions of the directory service stack up to find the best fit for your organization. Continue Reading

By

• Adam Fowler

Explore the benefits of Azure AD vs. on-prem AD

A move to Office 365 doesn't require cutting the cord from on-premises Active Directory, but it is an option. Here's what you need to know when comparing Azure AD vs. on-prem AD. Continue Reading

By

• Reda Chouffani, Biz Technology Solutions

New Yugabyte release boosts distributed SQL database security

Yugabyte now has row-level geo-partitioning for its open source distributed SQL database, enhanced multi-region features and several new features to improve security. Continue Reading

By

• Sean Michael Kerner

Understanding the zero trust-SDP relationship

Zero trust is a complicated framework that spans the IT stack. Find out how software-defined perimeter can address zero trust's network-level access requirements. Continue Reading

By

• John Burke, Nemertes Research

Zero-trust implementation begins with choosing an on-ramp

Zero-trust security has three main on-ramps -- each with its own technology path. For a clear-cut zero-trust implementation, enterprises need to choose their on-ramp wisely. Continue Reading

By

• Johna Till Johnson, Nemertes Research

Ping acquires blockchain identity startup ShoCard

Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities. Continue Reading

By

• Rob Wright, Senior News Director

Quiz: Network security authentication methods

There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security. Continue Reading

By

• Katie Donegan, Social Media Manager

Remote work fuels identity and access management market

Channel partners have an opportunity to help customers adopt and implement identity and access management programs across their organizations. Learn more about IAM offerings. Continue Reading

By

• Michael Mahar

3 key identity management tips to streamline workflows

Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading

By

• Mike Chapple, University of Notre Dame

How security teams can prevent island-hopping cyberattacks

Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading

By

• Nick Cavalancia, Techvangelism

How security testing could change after COVID-19

As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT. Continue Reading

By

• Mark Whitehead, Guest Contributor

Top 2 post-COVID-19 CISO priorities changing in 2020

CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal. Continue Reading

By

• Ashwin Krishnan, StandOutin90Sec

Find and lock down lax Windows share permissions

With help from PowerShell, you can identify the shares that need adjustments across your infrastructure then use a script to fix them to protect sensitive data. Continue Reading

By

• Adam Bertram

Zero-trust management challenges outweighed by benefits

The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises. Continue Reading

By

• Sharon Shea, Executive Editor

Using AIOps for cybersecurity and better threat response

AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways. Continue Reading

By

• Andrew Froehlich, West Gate Networks

The future of facial recognition after the Clearview AI data breach

The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading

By

• Kjell Carlsson

Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access

Seeing more and more vendors jump on the passwordless train makes my heart swell! Continue Reading

By

• Kyle Johnson, Technology Editor

Stop business email compromise with three key approaches

Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading

By

• Nick Cavalancia, Techvangelism

Idaptive is taking machine learning for authentication and applying it to authorization

We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should? Continue Reading

By

• Jack Madden

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane. Continue Reading

By

• Dave Shackleford, Voodoo Security

Login.gov starts to fill the gap between social logins and enterprise identities

Access federal services with a service designed for governmental use but that uses common standards. Continue Reading

By

• Kyle Johnson, Technology Editor

How to use and manage BitLocker encryption

Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC
• Tony Bradley, Bradley Strategy Group

IAM-driven biometrics in security requires adjustments

IAM is foundational to cybersecurity, but the latest systems use biometrics and other personal data. Learn how to cope with the resulting compliance and privacy issues. Continue Reading

By

• Mary K. Pratt

Biometric data privacy, ethical questions complicate modern IAM

Use of biometrics in IAM systems may help secure company systems and data, but it also raises privacy issues. Here's how to keep both your security and ethical standards high. Continue Reading

By

• Ashwin Krishnan, StandOutin90Sec

Creating and managing a zero-trust security framework

IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading

By

• Sharon Shea, Executive Editor

Okta is making big investments in on-premises identity

Okta is also working to bring more context into access decisions. Continue Reading

By

• Jack Madden

Ping Identity launches identity and access management tool

PingCentral aims to streamline the identity and access management processes and bridge the gap between IAM teams and application teams to improve productivity. Continue Reading

By

• Tanner Harding

How to rebuild the SYSVOL tree using DFSR

Active Directory is the key component in many organizations to keep tabs on access and identity. If the SYSVOL directory disappears, these steps can get the system fixed. Continue Reading

By

• Richard Siddaway, Independent consultant

RPA security best practices include access control, system integration

Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good. Continue Reading

By

• Kevin Tolly, The Tolly Group

Latest news from the Black Hat 2019 conference

Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. Continue Reading

By

• Brenda L. Horrigan, Executive Managing Editor

CloudKnox Security adds privileged access features to platform

CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. Continue Reading

By

• Ha Ta

New tech steers identity and access management evolution

IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading

By

• Alissa Irei, Senior Site Editor

New tech steers identity and access management evolution

 Continue Reading

Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading

By

• Ben Cole, Executive Editor

Is your identity management up to the task?

 Continue Reading

Managing identity and access well unlocks strong security

 Continue Reading

What's the difference between a password and a PIN?

A question I've always had but was too afraid to ask when I first learned about passwordless experiences. Continue Reading

By

• Kyle Johnson, Technology Editor

A look at MobileIron’s zero sign-on and passwordless authentication plans

MobileIron’s “zero sign-on” tech uses phones to authenticate when accessing SaaS apps from unmanaged devices. Continue Reading

By

• Jack Madden

Identity management strategy starts with people, not technology

Organizations have the tough job of creating an overarching view of identity inside and out of the company. One thing they should remember? Focus on people rather than technology. Continue Reading

By

• Jesse Scardina, News Writer

IAM market evolves, but at a cost

At a recent security and identity conference, attendees discussed the IAM market in clear terms: Shiny new features might be cool, but practicality reigns. Continue Reading

By

• Jesse Scardina, News Writer

Identity access management at a crossroads

In this Q&A, Ping Identity CEO Andre Durand explains why identity management is being subsumed by security and how AI and automation will modernize identity management systems. Continue Reading

By

• Jesse Scardina, News Writer

Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

How to retool incident response best practices for the digital age

As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible. Continue Reading

By

• Johna Till Johnson, Nemertes Research

Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading

By

• Stan Gibson, Stan Gibson Communications

What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading

By

• Johna Till Johnson, Nemertes Research

Netskope announces enterprise application security platform

Netskope for Private Access is a cloud-based platform that secures private enterprise applications on public clouds and in on-premises data centers using zero-trust access. Continue Reading

By

• Tanner Harding

Kaseya acquisition trail continues with ID Agent -- is DR next?

ID Agent, the latest Kaseya acquisition, adds its identity protection capabilities to IT Complete and will be integrating with Spanning and Unitrends products. Continue Reading

By

• Johnny Yu

How does an identity and access management framework work?

A comprehensive identity and access management framework is an IT necessity. But how do the two components work together? Continue Reading

By

• Andrew Froehlich, West Gate Networks

Mobile authentication best practices quiz for IT pros

IT pros can secure mobile endpoints with the right mobile authentication best practices, but they must know about new technologies and use cases to enforce them properly. Continue Reading

By

• John Powers, Senior Site Editor

Tackle mobile device authentication with modern methods

Mobile user authentication should require more than a password. New technologies enable authentication methods that IT should consider for its mobile deployment. Continue Reading

By

• John Powers, Senior Site Editor

Benefits of direct autonomous authentication for mobile

Direct autonomous authentication, a new mobile technology, authenticates users with mobile carrier technology faster than typical two-factor authentication methods. Continue Reading

By

• Robert Sheldon

How automated patch management using SOAR can slash risk

Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading

By

• Mike Chapple, University of Notre Dame

Automating incident response with security orchestration

Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading

By

• Mike Chapple, University of Notre Dame

Plugging the cybersecurity skills gap with security automation

Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading

By

• Mike Chapple, University of Notre Dame

RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading

By

• Madelyn Bacon, TechTarget

Cryptography techniques must keep pace with threats, experts warn

Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption. Continue Reading

By

• Bridget Botelho, Editorial Director, News

Three examples of multifactor authentication use cases

When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading

By

• David Strom

CIAM vs. IAM: The key differences 'customer' makes

Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization. Continue Reading

By

• Ed Moyle, Drake Software

For effective customer IAM, bundle security and performance

CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading

By

• Johna Till Johnson, Nemertes Research

5 actionable deception-tech steps to take to fight hackers

Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading

By

• Dave Shackleford, Voodoo Security

Risk & Repeat: DeepMasterPrints spells trouble for biometrics

This week's Risk & Repeat podcast looks at the future of biometric authentication after researchers unveiled a new approach that uses neural networks to bypass fingerprint scanners. Continue Reading

By

• Rob Wright, Senior News Director

DeepMasterPrints fake fingerprints can fool fingerprint sensors

Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks. Continue Reading

By

• Michael Heller, TechTarget

Risk & Repeat: Who's to blame for bad passwords?

This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame. Continue Reading

By

• Rob Wright, Senior News Director

Jumio identity verification technology benefits from AI

ID verification technology is boosted by products of AI and machine learning, including natural language processing, image processing and biometric tools. Continue Reading

By

• Mark Labbe

Weighing privileged identity management tools' pros and cons

Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company. Continue Reading

By

• Michael Cobb

Advances in access governance strategy and technology

Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data. Continue Reading

Microsoft launches Identity Bounty Program, offers up to $100,000

Microsoft introduced its new Identity Bounty Program that offers up to $100,000 in rewards for reported vulnerabilities in its identity services, such as Azure Active Directory. Continue Reading

By

• Rob Wright, Senior News Director

As AI identity management takes shape, are enterprises ready?

Experts at the Identiverse 2018 conference discussed how artificial intelligence and machine learning are poised to reshape the identity and access management market. Continue Reading

By

• Rob Wright, Senior News Director

What are the Microsoft IRM requirements for Exchange 2016?

Before a company can take advantage of information rights management on the Exchange 2016 platform, administrators must ensure the server setup meets the technical requirements. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

How do you use Outlook IRM to protect email content?

The information rights management feature in Exchange prevents unauthorized parties from viewing sensitive content. Admins can tailor the settings to fit the company's needs. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

Risk & Repeat: Is AI-driven identity management the future?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management. Continue Reading

By

• Rob Wright, Senior News Director

Ping adds AI-driven API protection with Elastic Beam acquisition

Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. Continue Reading

By

• Rob Wright, Senior News Director

Identity and access management tools add AI, microservices

AI and as-a-service platforms enable IT to take a more hands-off approach. But with adoption in the early stages, most IT pros wonder what the future holds for identity management. Continue Reading

By

• Erica Mixon

What to know before implementing an IAM system

IT administrators have many features to choose from and requirements to meet when looking for an IAM tool. Check these boxes before committing to IAM. Continue Reading

By

• Kristen Gloss

How do admins check the Exchange IRM setup?

Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators that streamlines the process. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

How can IT combat rogue RDP access?

Hackers can gain remote access to users' desktops through RDP hijacking. As a result, IT pros must know what they can do to prevent such an attack. Continue Reading

By

• Brien Posey

New SAML vulnerability enables abuse of single sign-on

Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading

By

• Rob Wright, Senior News Director

How to balance organizational productivity and enterprise security

It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading

By

• Peter Sullivan

Common web application login security weaknesses and how to fix them

Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Are biometric authentication methods and systems the answer?

Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management. Continue Reading

By

• Michael Cobb

Risk & Repeat: Should IAM systems be run by machine learning?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems. Continue Reading

By

• Rob Wright, Senior News Director

Q&A: Ping CEO on contextual authentication, intelligent identity

Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading

By

• Rob Wright, Senior News Director

The best endpoint security practices are evolving and essential

Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.

The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.

This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.

Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.

 Continue Reading