When complying with regulations and frameworks, it’s hard to keep up when the rules keep evolving. Auditors are no longer just seeking reports on what your identities can access – they now require proof that you have controls for securing those identities (like a math assignment, you have to show your work). And if a framework or regulation’s requirements previously focused on highly privileged IT users’ access … that’s evolving too.
As technology evolves, so do the threats that loom over our communication infrastructure. The rollout of 5G, the rise of artificial intelligence (AI) and our ongoing dependence on these networks combine to make the telecommunications industry a prime target for cyberattacks.
CyberArk MFA now supports authentication with phishing-resistant passkeys and qualifies for the highest NIST Authenticator Assurance Level (AAL3). Based on FIDO2 standards, passkeys replace passwords and provide faster, easier and more secure sign-ins to websites and apps across user devices. With this release, end users can authenticate using passkeys to access their applications and resources.
More than 130 global jurisdictions have enacted data privacy laws. While each contains rules and requirements distinct to their regions, they share a common priority: identity security. That’s because if an attacker compromises a single identity in an organization where sensitive data is collected, stored and handled, it’s all downhill from there.
Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To meet compliance requirements and grow your business, you must properly secure access to the cloud services and workloads powering your SaaS app.
In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs’ Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta’s support unit.
You may not recognize the term Identity Threat Detection and Response (ITDR), but this emerging security discipline aims to address an all-too-familiar challenge: managing and securing the massive number of identities – human and machine – across the enterprise.
Picture yourself immersed in your favorite mystery novel, eagerly flipping through the pages as the suspense thickens. You’re enthralled, engrossed in the story of a hotel burglar with an uncanny ability to sneak into guest rooms without leaving telltale signs of break-ins or lock-picking. As you read on, you’re captivated – and stumped – by how this elusive bad actor can deftly close the doors behind them, leaving no clues.
The October 2023 Okta breach is the latest example in a long line of third-party identity attacks. Based on reports to date, it seems that the attack on Okta’s support case management system enabled a threat actor to launch downstream attacks into other companies. So far, 1Password, BeyondTrust and Cloudflare have publicly confirmed they were targeted. Such attacks don’t discriminate and pointing fingers is unproductive.
Today’s guest is Charles Chu, CyberArk’s General Manager of Cloud Security, who’s spent more than a decade at the forefront of cloud security. Chu joins host David Puner for a conversation that delves into secure cloud access and the concept of zero standing privileges (ZSP), a dynamic approach to securing identities in multi-cloud environments.
