A Call to Strengthen Identity Security - Review of MGM Attack
There is a growing trend of cyberattacks targeting privileged accounts, employing creative tactics to bypass MFAs, and exploit features provided by the Identity Providers. The recent MGM attack exemplifies this trend.
Spera’s Identity Role Mining Module - Automating Principle of Least Privilege
A common practice to ensure least privilege is granting application permissions based on a person's role within the organization, grouping identities into IAM groups, roles and policies, all organized to align with common usage patterns. In the dynamic business realm however, apps are added and removed constantly and users join, change roles, and leave - all without security oversight. Many are turning to Role Mining workflow to address this persistent problem.
How New Security Leaders Can Avoid Getting Lost in the Identity Jungle
The new organizational security leader doesn’t have the luxury of taking the time to learn about their new environment, policies and practices, and can’t try out different assumptions or ideas. They have to quickly map out the field with a “trust but verify” approach- who are the players, what’s the current strategy, where are its gaps and loopholes and they need to get this done NOW.
Gaining the biggest benefit with concept of Least Privilege
Achieving least privilege everywhere necessitates an endless battle against real-life dynamic business requirements. Security and IAM teams are overloaded with least-privileged alerts generated by various detection tools, most unactionable or do not translate to high-risk or impactful accounts.
Top five challenges of enforcing single sign-on in Salesforce
Salesforce is often the 'crown jewel' application for many organizations. Yet many face challenges in implementing security measures such as SSO. Here are top five challenges and how to overcome them.
Three pitfalls to avoid in Identity Security Threat Detection
With identity as the number one attack vector, environments becoming more complex and attackers improving their methods, organization often fall into common pitfalls when leveraging tools such as SIEMs and XDRs.
Until recently, many security vendors approached the identity attack vector in a very compartmentalized way. While these solutions offer broad coverage in their respective areas of focus, they are not architected to address identity security holistically. The result is often a disjointed security solution that offers only minimal identity security coverage.
It is well understood that identity-related security issues are the most common cause of breaches today. A key component of identity security is password, which unfortunately, are susceptible to various attacks such as phishing, brute force, and credential stuffing...
