Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s go back to security basics with password hygiene—the simplest, and yet often overlooked step in account security. Passwords have been the bane of many internet users since the inception of the world wide web.
Users with privileged access to an organization’s systems and networks pose a special threat. External threat actors often target privileged accounts using phishing schemes and social engineering techniques, since gaining control over these credentials helps them move more freely inside the network. Moreover, people sometimes misuse their own privileged accounts; this type of cyberattack takes the longest to discover, according to the Verizon Data Breach Investigation Report.
Digital transformation changes the perimeter. When organizations had all their applications on-premises, the network firewall kept the right users inside the gate and malicious actors outside. However, the move to the cloud changed all that. In today’s hyper-connected ecosystem, understanding the components and types of access control can help you strengthen security.
These days, magic links are in the air. They are becoming an intriguing means to strengthen digital security without inconveniencing users. This article discusses magic links, their magical function, and their potential benefits for a corporation.
The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what’s necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access.
AWS Policies are a key foundation in good cloud security, but they are often overlooked. In this blog, we take a quick look on some AWS Policies, particularly for Identity and Access Management (IAM), that could become problematic if not properly managed. We'll discuss how they can be used against us to generate attacks like: Ransomware, data exfiltration, credential abuse, and more. Finally, we'll suggest some Open Source tools for cloud policy assessment and pentesting.
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.
Rubrik’s Cloud Data Management (CDM) code features the ability to protect all of your Rubrik login accounts with two-step verification by using the industry-standard time-based one-time-password (OTP) codes. The Microsoft Authenticator app has extended its functionality, recently adding Microsoft account-based autofill capabilities across platforms. Here is a step-by-step guide on how to set it up on Rubrik CDM.
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.
