23 August 2018

New partners Exabeam and Okta deliver an identity security solution that enables organisations to detect and react to credential-based attacks in real time. By joining the Okta integration network, Exabeam benefits from the identity platform, helping security teams to respond to user-based threats before they become critical. The 2018 Verizon Data Breach Investigations Report indicated that stolen credentials continue to top the list of causes for data breaches. By adopting a zero-trust security model, organisations can position themselves to respond to credential-based attacks by shifting their focus from protecting legal large perimeters to defending every user and device within the organisation. The joint solution will help security teams to monitor and protect enterprises against credential-based threats. Exabeam security intelligence platform (SIP) ingests authentication events and identity context via API integration. Exabeam then analyses that information and adds context to enable the detection of suspicious login activities. Security teams can then take immediate action by either; forcing individuals to verify their identity, disabling the user’s account, reducing the user’s access or denying authentication attempts. “Whether it’s a malicious or compromised insider, credential-based threats are tricky to identify,” said Ted Plumis, vice president of Worldwide Channels at Exabeam. The solution should, “provide customers with visibility and additional context – empowering analysts to identify and remediate compromised user accounts in real time.” “In today’s threat environment, security is at the forefront of every organisation’s mind, no matter what industry they are in, and the more intelligence that is available to them, the better decisions they can make to keep their users and data safe,” concluded Chuck Fontana, vice president of Integrations and Strategic Partnerships, Okta. https://www.exabeam.com/product/iden

Sequr Access Sync is a new solution built on Sequr’s smartphone and Apple Watch-enabled physical access control platform. It automates perimeter security for buildings, offices and other kinds of commercial property. This connects organisations’ physical and cyber security systems to provide integrated access management. Physical and cyber security have historically been handled separately using different tools. In the cyber arena, everything from the CEO’s email account to the customer database is protected by technology called Identity and Access Management (IAM) software that’s used by many modern security-conscious organisations. IAM solutions enable automated enforcement of access rules for every user, a capability that Sequr Access Sync carries over into the real world to the physical facility. Sequr Access Sync connects to an organisation’s IAM development and from there it analyses the security information of the system and determines how to manage their physical access. Administrators can customise the physical perimeter’s automated behaviour using a powerful rules engine with set-it-and-forget-it capabilities.  Following the creation of an individual profile, Sequr should identify those who need access to certain facilities or offices. The technology then pulls data from the IAM system on their job role, department and location to understand how to best manage their access.  Sequr Access Sync can also adapt to physical security changes. If a person switches department, then the system will become aware of the changes and update their access credentials onto the individual’s mobile device. This allows certain doors and entrances to be tailored for the specific individual.  “Access control is a fundamental requirement for any organisation to achieve security compliance and to pass their regular security audits,” states Chief Technology Officer for Sequr, Mishi Patel. “Misplaced or stagnant employee access credentials can be dangerous.” https://sequr.io

Ping Identity announced findings from its most recent CISO (Chief Information Security Officer) Advisory Council meeting. The Council is aimed at better understanding the challenges and opportunities impacting the modern CISO. Access to guidance and advice is available from these kinds of meetings and aids the dissemination of information related to infosecurity, privacy and compliance. The talking-points of the meeting were turned into two research papers recently published by Ping Identity. Details which are discussed include fresh methods of digital proofing, the Internet of Things managing device identity and the discussion of password-less authentication. A further paper published by Ping Identity is 8 things your C-suite should know about identity enforcing this as a crucial component to digital security and therefore business. Associates of the 2018 council represent organisations, including the American Red Cross, Allegiant Travel Co., PowerSchool, GCI, Vertafore Inc., CoBank, and Greenway Health. These companies span a multitude of industries including healthcare, banking, travel, fashion, technology, consulting, education and construction. “Our customers are the catalysts of change in the creation of products and services at Ping Identity, so we take their feedback on innovation seriously,” said Andre Durand CEO of Ping Identity. “These CISOs from leading organisations view identity as a strategic imperative for succeeding as a digital company.” https://www.pingidentity.com/en.html