Identity and Access Management

Identity and Access Management | News, how-tos, features, reviews, and videos

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms
Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

iot security startups hot highlights planets rocket lock security

18 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

access control / authentication / privileges / security / key

NTLM relay attacks explained, and why PetitPotam is the most dangerous

Attackers can intercept legitimate Active Directory authentication requests to gain access to systems. A PetitPotam attack could allow takeover of entire Windows domains.

binary code flows around a corporate structure / cybersecurity / technology companies

The 10 most powerful cybersecurity companies

What makes these 10 security vendors the biggest power players? We break it down.

login credential - user name, password - administrative controls - access control - single sign-on

How to find the right testing tool for Okta, Auth0, and other SSO solutions

Implementing a single sign-on solution can be complicated, especially if you have apps that are not in the SSO vendor's catalog. These tools can simplify the process.

iot internet of things chains security by mf3d getty

IoT devices have serious security deficiencies due to bad random number generation

It's not the IoT vendors' fault. Lack of a cryptographically secure pseudo-random number generator subsystem for the internet of things devices will be vulnerable.

One lock in a series is unlocked / weakness / vulnerability

6 vulnerabilities Microsoft hasn't patched (or can't)

Your IT and security admins need to be aware of these unpatched Microsoft vulnerabilities so that they can mitigate them in other ways.

A large 'X' marks a conceptual image of a password amid hexadecimal code.

How to review password quality in Active Directory

Regular reviews of the effectiveness of user, admin, and service passwords stored in Active Directory is a good idea. Here's how one password review tool works.

Conceptual image of a network labeled 'Zero Trust.'

7 tenets of zero trust explained

Cut through the hype. NIST's core zero trust elements provide a practical framework around which to build a zero trust architecture.

virtual connections / social networking / remote teams

How long-term hybrid work is changing security strategies

CISOs across industries are revisiting the stopgap security tools and the temporary policies they enacted to quickly enable remote work to replace them with stronger permanent solutions. But the old rules no longer apply.

Windows security and protection [Windows logo/locks]

How to check for Active Directory Certificate Services misconfigurations

Recently discovered Microsoft Windows AD CS configuration errors could give attackers account and domain control. Here's how to audit AD CS for vulnerable configurations.

Conceptual image of a password amid hexadecimal code.

Rainbow tables explained: How they work and why they're (mostly) obsolete

Rainbow tables are password cracking tools with origins dating back to research from the early 1980s. Here's how they work, why attacks are easy to prevent, and how they compare to modern password cracking.

access control / authentication / privileges / security / key

How to test the impact of new Windows DCOM Server authentication

Microsoft has hardened authentication for its DCOM Server in response to a vulnerability. Check for the impact on your network now before the change becomes permanent.

login credential - user name, password - administrative controls - access control - single sign-on

4 tips to prevent easy attacker access to Windows networks

The Colonial Pipeline attackers likely got in using old, compromised VPN credentials. This advice will force attackers to work much harder.

Cybersecurity awareness  >  A man with a binary blindfold finds his way through question marks.

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

Microsoft's Active Directory PKI component commonly have configuration mistakes that allow attackers to gain account and domain-level privileges.

Microsoft Windows security  >  Windows laptop + logo with binary lock and key

6 minimum security practices to implement before working on best practices

Every Windows network admin can improve their security posture by focusing on these six basic areas.

Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.

How to hack 2FA: 5 attack methods explained

As two-factor authentication becomes more widespread, criminals seek novel ways to subvert it. Here's what you need to know.

CSO > Invalidated cyber insurance

17 cyber insurance application questions you'll need to answer

Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking.

Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect, and defend against it

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.

Load More
You Might Also Like