Man-in-the-middle (MiTM) attacks – where an attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other – are a very real threat, especially when it comes to authentication. Various solutions have been put forward to prevent, or at least manage, this threat. These have met varying levels of success, although it [...]
As the modern workforce becomes increasingly more mobile, businesses are allocating more and more on resources to secure remote connections. For years, Virtual Private Networks, or VPNs, have been the standard bearer for remote access. VPNs allow users to transfer sensitive data across a public network as if their devices were directly connected to private one. The New Paradigm Unfortunately, the [...]
Effective identity and access management platform? System? is likely the single most important responsibility for today’s chief information security officers (CiSO). Information and Access Management, or IAM, is the bread and butter of securing a network, ensuring access to data and applications is controlled and uncompromising. IAM plays a vital role in a company’s overall security framework. Having an effective strategy [...]
Tokens form an important part of the authentication process. In our previous post, we looked at how tokens fit into this process, and the different types of tokens available. In this piece, we’ll take a closer look at hardware tokens versus software tokens, and take a glimpse into the future of which token is likely to be the most widely adopted [...]
Proving your identity in order to authenticate yourself and gain access to some kind of system, is more of a challenge than most people realize. This process has to be designed so that on one hand it’s as easy as possible for the user of the system to gain access, while on the other it’s as difficult as possible for someone [...]
Securing our online communications has always been an ongoing task, one that has to stay in-synch with our ever-expanding communication technology. For years, the basis of this security has been Secure Sockets Layer (SSL) cryptography, now in its more updated version of Transport Layer Security (TLS). These protocols work by generating keys for every connection made between parties (say, your internet [...]
Zero knowledge proof authentication is the basis of modern-age authentication. It allows for the highest level of security, by ensuring passwords, transactions and conversations don’t get compromised when transferred over an unsecured connection. In this article we will look at zero knowledge proof to understand the need for it, how it works, and where it’s being utilized to verify parties today. [...]
“Zero Trust” is a concept that can revolutionize the way people interact with networks, and each other. At its core, it’s a different approach to network security, but its practical implications are far-reaching. In this article, we dive into Zero Trust Authentication, as well as clarify and understand the basics of the approach and the practical ramifications of it. The [...]
Managing identities across an enterprise is one of the bigger challenges facing the world of digital security. In a company where large numbers of users access multiple applications in a diverse work environment, managers need reliable tools that allow smooth access for workers, while maintaining strong authentication standards. Making Some Order When looking at the most common tools used in [...]
The latest standards governing the world of digital payments have come into effect. On 1 February 2018, the new Data Security Standards of the Payment Card Industry’s (PCI) Council, or PCI DSS, came into effect. These new standards upgraded many protocols that used to be merely “best practices”, to full requirements. The updated PCI DSS is a significant shift from earlier [...]