Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

EP 62 - The Evolution of Identity

In this episode of the Trust Issues podcast, host David Puner sits down with Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral guidance on identity-centric security strategies to help organizations reduce the risk of identity-related attacks. They explore the evolution of digital identity, discussing how it has transformed from simple identifiers to complex, multifaceted digital identities for both humans and machines.

Zero Standing Privileges (ZSP): Vendor Myths vs. Reality

Several new vendors entering the privileged access management (PAM) market are boldly claiming they can – or will soon be able to – provide access with zero standing privileges (ZSP). In reality, these lofty vendor claims likely ignore the limited use cases of their own technology. This betrays a fundamental misunderstanding of PAM – the most challenging problem in cybersecurity.

CIO POV: Impactful AI Programs Start with 'Why'

Generative AI (GenAI) has the power to transform organizations from the inside out. Yet many organizations are struggling to prove the value of their GenAI investments after the initial push to deploy models. “At least 30% of GenAI projects will be abandoned after proof of concept by the end of 2025, due to poor data quality, inadequate risk controls, escalating costs or unclear business value,” according to Gartner, Inc.

LLMs Gone Wild: AI Without Guardrails

From the moment ChatGPT was released to the public, offensive actors started looking to use this new wealth of knowledge to further nefarious activities. Many of the controls we have become familiar with didn’t exist in its early stages. The ability to request malicious code or the process to execute an advanced attack was there for the asking from an open prompt. This proved that the models could provide adversarial recommendations and new attacks never before seen.

EP 61 - Put Your Name on It: Identity Verification and Fighting Fraud

Aaron Painter, CEO of NameTag, joins host David Puner for a conversation that covers several key themes, including the inadequacies of current identity verification methods, the rise of deep fakes and AI-generated fraud – and the importance of preventing identity fraud rather than merely detecting it. Aaron discusses the role of advanced technologies like cryptography, biometrics and AI in improving identity verification.

CyberArk Recognized as a Leader in 2024 Gartner Magic Quadrant for PAM

Today, we’re exceptionally proud to announce our recognition as a Leader in the “2024 Gartner Magic Quadrant for Privileged Access Management (PAM)”1 for the sixth time in a row. CyberArk was positioned furthest in Completeness of Vision.

How Overreliance on EDR is Failing Healthcare Providers

Ransomware attacks have a profound impact on healthcare organizations, extending well beyond financial losses and the disrupted sleep of staff and shareholders. A University of Minnesota School of Public Health study highlighted by The HIPAA Journal reveals that these attacks can lead to higher in-hospital mortality rates for patients admitted during the incidents. Additionally, the study found that hospital volumes dropped by 17%-25% during the first week of an attack.

Taming Vault Sprawl with Modern Secrets Management

In this cloud, DevOps and AI era, security teams grapple with the growing challenge of shadow secrets and vault sprawl. As organizations scale, secrets management increasingly fragments. For example, Microsoft recommends using one Azure Key Vault, per application, per environment per region. Without centralized visibility, security policies and rotation control, vault sprawl leads to heightened security risk and compliance challenges.

Applying a 'Three-Box Solution' to Identity Security Strategies

Physical and network barriers that once separated corporate environments from the outside world no longer exist. In this new technological age defined by hybrid, multi-cloud and SaaS, identities are the perimeter. Any one identity—workforce, IT, developer or machine—can become an attack path to an organization’s most valuable assets.