Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In July 2024, Google introduced a new feature to better protect cookies in Chrome: AppBound Cookie Encryption. This new feature was able to disrupt the world of infostealers, forcing the malware developers to quickly modify their malware to adapt to the latest protections. In the new era of cookie protection, infostealer malware either need direct access to the Chrome process or to run with elevated privileges.

The line between human and machine is blurring—and it’s not a question of whether machines can do more, but how far we’re willing to let them go. The frontier lies in tackling the chaos and solving the fragmented processes that slow enterprises: siloed rulebooks, scattered pricing spreadsheets, and manual approvals.

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation. Listeners will learn.

Machine identities—like the API keys, certificates, and access tokens that secure machine-to-machine connections—are swarming businesses. Yet, many teams still reach for manual tools while their systems overclock. At the start of the year, I predicted the ratio of machine to human identities would likely soon tip past 100:1. As of mid-year, most organizations are clocking in at more than 80:1—and I’ve seen environments as high as 500:1.

Running Kubernetes on Amazon EKS? You’re likely already using cert-manager—the open source standard for TLS and mTLS certificate automation in Kubernetes clusters. Today, we’re excited to announce that CyberArk Enterprise Support for cert-manager is now available through AWS Marketplace, giving EKS customers a direct path to operational reliability, compliance, and expert support at scale.

This blog is the second part of a two-part series on post-quantum cryptography (PQC). In Part 1, we explored how the Harvest Now, Decrypt Later (HNDL) strategy has moved from crypto-conspiracy theory to a real threat model. This follow-up dives into how forward-thinking enterprises are already operationalizing PQC in their day-to-day security efforts—and how your team can take practical steps to do the same before quantum risk becomes quantum reality.

This blog is the first part of a two-part series on post-quantum cryptography (PQC). In this piece, we explore why quantum threats are no longer theoretical. In Part 2, we’ll cover practical steps for building post-quantum readiness. Security leaders have become digital-first responders. They perform triage on multiple emergencies every day, except with fewer thanks and more acronyms.

Unless you lived under a rock for the past several months or started a digital detox, you have probably encountered the MCP initials (Model Context Protocol). But what is MCP? Is this just a glorified API call, or is there really something there? This post thoroughly explains what MCP is and why it makes LLMs more powerful. It also provides a comprehensive threat model analysis and reviews the fundamental security vulnerabilities.

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.

If the mere mention of identity governance and administration (IGA) stresses you out, you’re in good company. Managing digital identities and access privileges is a significant challenge that only grows more difficult as cloud adoption accelerates, and environments and threats become increasingly complex. Today, many organizations struggle to support the three key IGA business drivers: compliance, lifecycle management, and security.

The identity is the main attack vector for cybercriminals, with cybercriminals using stolen identity to infiltrate the organization, move laterally and vertically throughout the organization, and extract data, deploy ransomware, establish backdoors, and cause major service disruptions. All with long term impact to organizations.

“The modern ‘software as a service’ (SaaS) delivery model is quietly enabling cyber attackers and—as its adoption grows—is creating a substantial vulnerability that is weakening the global economic system.” These are the words of JPMorgan Chase CISO Patrick Opet in an open letter to third-party suppliers that has gone viral, at least in the cybersecurity world, and sparked a broader conversation about building trust in cyberspace.