SecureAuth Blog

The Identity Issue: February 6, 2015

The Identity Issue is a monthly newsletter brought to you by SecureAuth. It includes company and industry articles to inform our community of the latest in security news, trends and culture.

Adaptive Authentication for the Next Generation of Business Apps

In the first dot-com era, the internet and web browsers opened up a whole new way to doing business. Oracle, Sun, Microsoft, and Cisco made billions of dollars selling infrastructure to support and deliver business apps. Typically these apps were accessed locally from a Windows desktop or remotely via a VPN connection using a web browser. I was fortunate to be part of the first doc-com era while working at Netegrity where we pioneered the Web Access Management Industry. Enabling secure access to...

Secure Access Control and a Good User Experience? Inconceivable!

The explosion of devices — laptops, desktops and now the plethora of mobile devices — has left enterprises scrambling to control access to their resources. They know that simple username and password combinations are too easily compromised to sufficiently protect enterprise information, but they are concerned about the inconvenience that adding additional factors of authentication can introduce.

To Tame Mobile and Cloud Security Risks, You Need to Become an IdP

Remember that old New Yorker cartoon, “On the Internet, nobody knows you're a dog”? That cartoon is from 1993, and it’s as relevant as ever. In fact, it may be even more difficult than ever to know whether people (or companies) on the internet are who they say they are. For example, in 2012, an attacker hijacked the credentials of Wired writer Mat Honan and then erased data on his iPhone and iPad, deleted his Google account, and commandeered his Twitter account, posting a b...

Skeleton Key Malware Exposes Organizations, and Highlights the Need for Two Factor Authentication

This week, Dell SecureWorks Counter Threat Unit (CTU) discovered ‘Skeleton Key’ - malware which is able to bypass Active Directory (single factor) authentication, e.g. AD authentication based just on a username and password, and allow an attacker to authenticate as any existing user within Active Directory by specifying a password of their choice!

A Look at 2015 - Predictions of What's to Come for the Security Landscape

With the end of the year approaching, it’s time for some predictions about security trends we will see over the coming 12 months.

The Biggest Hacks of 2014

The Biggest Hacks of 2014

Access Control — Reflections on the Events of 2014

While some are calling 2014 the “year of the breach,” I think it’s more accurate to call it the “year of raised awareness of breaches.” With the year drawing to a close, I want to reflect on the many successful and well-publicized attacks of 2014, along with related market trends, and offer my perspective on their import. 

Compromises Will Happen - Thwart Attackers with Context Based Authentication

Compromises will happen - but you can thwart attackers with context based authentication  ​ Many technologies promise to help protect the perimeter of your organization — firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs) and more. However no matter how heavily you fortify your perimeter or try to protect your internal network, some attackers will always get through — your intellectual property, financial data, personally identifiable ...

Microsoft Schannel Remote Code Execution Vulnerability

Microsoft has released a security update in response to a privately reported vulnerability (MS14-066) in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote attackers to execute arbitrary code against Windows Servers, via crafted packets. This vulnerability has a CVSS base score of 10 (High), and the security update from Microsoft is rated as critical for all supported release of Windows. This vulnerability affects Microsoft Windows Server 2...
1 2 3 4 5 6 7... >|