Organizations exploring potential Identity Access and Management (IAM) solutions often begin by determining how best to control the login and other activities of users who are on their own internal networks and/or connected by Virtual Private Network (VPN). This is a great first step but poses several challenges to the modern enterprise that should not be overlooked. The sooner additional factors are considered, the better overall security the organization can deploy.
What Are Geo-Location and Geo-Velocity in Identity Authentication?
Geo-location and geo-velocity are just two of the pre-authentication risk checks included in SecureAuth’s adaptive access control solution. Geo-location and geo-velocity can both offer different levels of protection, and may be employed independently or in tandem; but what exactly are they and how do they work?
We all hate passwords. Either you can't remember them, or you re-use the same one over and over to avoid forgetting it. Trying to come up with new passwords is a never-ending battle against human memory versus the potential for someone to guess the one you have. So how do you create secure passwords, and remember them?
Why Do I Have to Change my Password Every 30/60/90 Days?
"My company makes me change my password every so often. Why do they make me do this even if we haven't been breached or anything like that?"
The answer is simple, and there are two reasons why this policy is standard for most companies. The first is protection against stuff that hasn't happened yet. The second is protection against stuff that has happened - just not to your company.
"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?"
Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the site in the middle. There are two common ways this happens:
SecureAuth and Core Security have been monitoring the evolving situation with “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) – the recently disclosed processor (CPU) vulnerabilities. Our team has not detected any current impact to customer implementations at this time. We have already initiated our standard processes to test and apply patches in our hosting environments per vendor recommendations.
The healthcare industry is undergoing a fundamental transformation — from healthcare delivery organization to technology-driven health organization. To thrive, and indeed even to survive, healthcare providers and payers must leave behind old technologies and methodologies and embrace a new, more modern approach to improving consumer engagement, enhancing the customer experience, and reducing risk.
Each year, organizations spend millions of dollars on network and endpoint security, yet breaches continue to happen. Across today’s security vendor landscape, there are hundreds of point products that protect against all points of penetration in the attack lifecycle.
While there is no silver bullet when it comes to infrastructure security, aren’t we stronger together? Shouldn’t security products work together to provide the best protection?
Hey, Siri. What is the capital of New York?” We all know what happens next — Siri provides the answer. How Siri knows the correct answer is not a mystery (we have the Internet to thank for that), but what is more interesting is the fact that Siri is able to understand the question at all.
Siri can understand and respond to human speech for the same reason Facebook knows which friend to tag in a photo before you even type their name. This “knowledge” is a technology called machine learning.