security

Password spraying has been one of the hottest topics in cyber security in the last few years. Right off the heels of multiple high-profile breaches, it’s been getting a lot of attention from security vendors, reporters, and the security community as a whole. In this post, we’ll discuss why password spraying is increasing in prevalence, and steps…

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…

The benefits of implementing identity and access management (IAM) speak for themselves. Having a centralized IAM solution means fewer passwords, a better end user experience, and a centralized solution for managing access to both cloud and on-prem apps and services. Despite this, investing in identity and access management is not top of mind for…

We’re living in a landscape where risks are prolific, diverse, and often unanticipated. Organizations are under immense pressure to implement strong security measures and avoid cyber attacks from highly specialized threat actors looking to capitalize on the smallest oversight. In this post, we’ll look at some strategies you can leverage to manage…

Organizations are under ever-greater pressure to leverage new app technologies to drive competitive advantage and growth. Yet these ambitious plans all come crashing down if they can’t guarantee that modern IT systems are built on a secure foundation. Security analytics that incorporate data from access control systems are a crucial tool in the…

As more companies move to support cloud-based environments to work with better mobility and flexibility, their number of vulnerability points also increase. A thriving underground economy that trades in hacking tools, cyber crime services, stolen data, and credentials is estimated to be worth $600 billion annually—that’s more than the film, gaming…

With the rise of of credential stuffing and similar attack methods, simple username and password authentication is not enough to deter bad actors. According to the Verizon Data Breach Investigations Report, there were over 55,000 security incidents and 2,200 confirmed data breaches in 2018, with a whopping 81% of those incidents being tied to…

To put it bluntly, 2018 was a bad year for data security. Major consumer-facing corporations like Marriott and Facebook experienced some of the largest data breaches in history, exposing the data of millions of consumers. In total, 2018 saw an overall increase in compromised company records of 133% YoY, with an average of 291 records stolen every…

Too busy to watch the Zero Trust in Practice webinar? Don’t worry—we’ve got you covered. There’s a lot of hype around Zero Trust security, but it’s proving to be more than just theory. Trust used to be a binary decision determined by the network, but as organizations move to mobile and cloud based services, the perimeter as we knew it has…

You may have heard about a new phishing tool called Modlishka, and have questions about its potential impact on multi-factor authentication or single sign-on. To be clear, Modlishka is not a vulnerability in MFA or SSO. Rather, it is an automation tool designed to make it easier for attackers to phish your employees. In this post, I will outline…