Okta Identity Governance has enjoyed success in its first quarter of global availability as businesses unify access management and governance. Okta is surprised by the amount of traction its governance offering has gained with large enterprises and in competitive bake-offs, says CEO Todd McKinnon.
The situation at LastPass keeps getting worse: The company says hackers implanted keylogger software on a DevOps employee's home computer to obtain access to the corporate vault. Customer vault data can be decrypted only with the end user master password, which LastPass doesn't store.
A lack of visibility makes it nearly impossible to protect an organization against attack. If you can't see what's lurking in the dark corners of your environment, all you can do is react instead of actively identifying and mitigating risks. But some technologies can help with threat visibility.
Twitter says it will turn off SMS second-factor authentication for all but paying customers starting March 20 in a decision provoking concerns that many customers will be less secure than before. Twitter says 2.6% of active Twitter accounts have activated second-factor authentication.
Before healthcare entities can promise advanced identity and access management technologies and practices, their IAM programs need to address important fundamentals, which many entities still struggle with due to the complexity of healthcare itself, says Erik Decker, CISO of Intermountain Health.
Identity verification and lack of WebAuthn implementation in legacy applications and smartphones are two of the biggest challenges associated with adopting FIDO authentication. Merck Germany's Andreas Pellenghar also says the current setup of jumping to a browser to log in is turning people off.
Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe. The self-proclaimed "front page of the internet" says the hackers gained access to its internal documents, code and some internal business systems.
Phishing is the number one way to compromise accounts, and Google's Christiaan Brand says passkeys have emerged as a great technical solution to the issue. He wants to ensure what FIDO Alliance has built benefits and is relevant to how Google wants to see passkeys implemented for its own accounts.
CyberArk will promote Matt Cohen, 47, to CEO on April 3. Cohen, who is credited with optimizing CyberArk's go-to-market organization and leading its transition to a subscription business model, will replace Udi Mokady, 54, who co-founded CyberArk in 1999 and has served as its CEO since 2005.
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.
Proofpoint has focused on preventing cyberattacks, but customers have increasingly asked for help with blocking lateral movement from compromised identities, says CEO Ashan Willy. Acquiring Illusive in December will help Proofpoint block identity attack paths when a user is compromised.
Okta will execute the third-largest round of layoffs of any cybersecurity company in the current economic downturn, axing 300 workers following customer identity execution challenges. The identity giant plans to reduce its staff by 5% in a push to reduce operating expenses and improve profitability.
Cybersecurity vendors have gone all-in on reducing the cloud attack surface, but efforts to shrink the SaaS and identity attack surface remain in their infancy. Vectra has leveraged its artificial intelligence expertise to help triage and automate the alert response process, CEO Hitesh Sheth says.
Cybercriminals exploited the verification process for Microsoft-certified authentication apps to obtain access to the inboxes of financial and marketing companies. Among the permissions threat actors sought were access to emails and calendars, says cybersecurity firm Proofpoint.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.