A Review of the Best News of the Week on Identity Management & Web Fraud
WebAuthn: What It Is and What It Means for Passwords (The Duo Blog, Dec 01 2017)
Since mid 2016, a group of security professionals and researchers from across the industry have been working on a new way to handle authentication and proving one’s identity on the internet without the help of passwords. The new standard known as Web Authentication, or WebAuthn for short, is a credential management API that will be built directly into popular web browsers. It allows users to register and authenticate with web applications using an authenticator such as a phone, hardware security keys, or TPM (Trusted Platform Module) devices.
Gartner’s CASB Magic Quadrant is Finally Here (Skyhigh, Dec 01 2017)
Cloud access security brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud.
Israeli Start-Up Leaks Data on 31m Users (Infosecurity Magazine, Dec 06 2017)
Virtual keyboard maker collected huge range of personal and device data
Apple Using Face ID Data for Far More Than Unlocking Your iPhone (eWEEK, Dec 05 2017)
Apple is sharing the digital model of your face with app developers so they can use Face ID to unlock their apps or to perform other functions ranging from live emojis to fitting glasses.
Identity Verification and the Social Security Number: Is There a Future? (ThreatMetrix, Dec 05 2017)
In 2015, it was estimated that up to 60 percent of Social Security numbers had been stolen in cyberattacks. Yet, the Social Security Administration only assigned 274 new numbers.
Cybersecurity’s Dirty Little Secret (Infosec Island, Dec 06 2017)
57 percent admit to only monitoring some or none of their privileged accounts
21 percent admit that they do not have any ability to monitor privileged account activity
31 percent report that they cannot identify the individuals that perform activities with administrative credentials.
Gartner IAM Summit 2017 – Las Vegas (Axiomatics, Dec 05 2017)
Gartner analysts Homan Farahmand and Lori Robinson said it is imperative that IAM leaders look to artificial intelligence and other emerging automation tools in order to manage the rapidly growing complexity and scale of modern IT deployments. Homan also spoke about how blockchain is beginning to mature to a point where we need to think about where it fits into an IAM strategy as there are significant potential benefits in a blockchain-based identity trust fabric.
Centrify Identity Services Now Available on AWS Marketplace (Centrify, Nov 30 2017)
You can now purchase Centrify Identity Services by the hour and use only what is needed on an on demand basis. Beside saving money this gives customers the ability to try new services without a huge financial commitment or investment in technology.
Okta + AWS = Simple, Secure Management for Multi-Account Customers (Okta, Nov 30 2017)
Companies using Okta for access management to the AWS console can now easily solve this problem. With the Okta Identity Cloud, customers can now simply and securely manage up to 50 AWS accounts, and they are also now starting a beta program for unlimited account management…
IBM Security Adds New Multi-Factor Authentication Capabilities (eWEEK, Dec 06 2017)
Among the new partner integrations are apps from BuyPass, DualAuth, Imageware and Yubico. IBM is now enabling the partner multifactor authentication (MFA) technologies through its IBM Security Access Manager (ISAM) platform.
Cr3dOv3r – Credential Reuse Attack Tool (Darknet, Dec 04 2017)
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
Microservices for IAM: container security and personal data (CSO Online, Dec 06 2017)
Microservices are an architectural method that is based on using distinct separate modules to run applications – the application being hived off into symbiotic services with a backbone of an API communicating between them. It can be thought of as a new, highly evolved version of the more traditional Service-Oriented Architecture (SOA) that used web-services as its core.