Click on the slide!

PCI DSS: Blue Skies Ahead!

Live Webcast!             Join this live webinar for advice on preventing costly cases of non compliance.

Click on the slide!

Mitigating 3rd Party Vendor Risks

On-Demand               Play this educational discussion now.

Click on the slide!

A Risk Migration Plan for PCI DSS

On-Demand               Play this educational discussion now.

Click on the slide!

Using TVM to Enable Your GRC Program

On-Demand               Play this educational discussion now.

Frontpage Slideshow (version 2.0.0) - Copyright © 2006-2008 by JoomlaWorks
KuppingerCole
KuppingerCole News

  • Executive View: Atos DirX Identity V8.5 - 70896

    by Ivan Niccolai

    Atos DirX Identity encompasses a rich feature set for all areas of Identity Management and Governance. Its comprehensive business and process-driven approach includes very strong modelling capabilities of the organisational structure and user relationships thus providing the foundation for a business, rather than a technology-centric approach to identity management. 



  • Enforcing Fine Grained Access Control Policies to Meet Legal Requirements
    Attribute Based Access Control (ABAC) solutions provide an organization with the power to control access to protected resources via a set of policies. These policies express the increasingly complicated legal and business environments in which companies operate these days. However, due to the number of moving parts, it becomes harder to understand the effect a policy change might have in a complex policy set. These moving parts include the policies themselves, attribute values and the specific queries under consideration.



  • Executive View: BeyondTrust PowerBroker - 71504

    by Ivan Niccolai

    BeyondTrust’s PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker provides deep support for privilege management on Windows, Unix/Linux as well as Mac systems.



  • Executive View: Gigya Customer Identity Management Suite - 71529

    by Matthias Reinwarth

    A feature-rich customer identity management platform providing strong analytics and tools for business-oriented decision-making processes while enabling compliance with legal and regulatory requirements and an adequately high level of security.



  • Executive View: SAP Enterprise Threat Detection - 71181

    by Martin Kuppinger

    In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.



  • Executive View: Balabit Shell Control Box - 71570

    by Alexei Balaganski

    Balabit Shell Control Box is a standalone appliance for controlling, monitoring and auditing privileged access to remote servers and network devices. Shell Control Box provides a transparent and quickly deployable PxM solution without the need to modify existing infrastructure or change business processes.



  • Customer-centric Identity Management
    While most organizations are at least good enough in managing their employee identities, dealing with millions of consumer and customer identities imposes a new challenge. Many new identity types, various authenticators from social logins to device-related authenticators in smartphones, risk mitigation requirements for commercial transactions, the relationship with secure payments, customer retention, new business models and thus new requirements for interacting with customers: The challenge has never been that big.



  • Jun 07, 2016: Data Loss Prevention Best Practice – Applying User-driven Data Classification
    The first step in protecting intellectual property and sensitive information is to classify it. This can be accomplished manually via author classification or automatically via content filtering. Some tools simplify the process and provide greater governance.

  • Alles zu Consumer Identity Management
    Mittlerweile sind die meisten Unternehmen in der Lage, sicher mit den Identitäten ihrer Mitarbeiter umzugehen. Doch die Handhabung von Kundenidentitäten, deren Anzahl oft in die Millionen geht, stellt noch immer eine Herausforderung für die meisten Unternehmen dar. Mehr Identitäten, der Zugang über Social Logins, mehr Flexibilität bei der Authentifizierung beispielsweise über die in Smartphones integrierten Funktionen, die Anforderungen zur Risikominderung beim eCommerce, die Integration mit sicheren Bezahlsystemen, Kundenbindung, neue Geschäftsmodelle sowie neue Anforderungen für die Interaktion mit Kunden. Die Zahl der Herausforderungen für Unternehmen war nie größer.



  • Multi-Factor, Adaptive Authentication Security Cautions

    by Ivan Niccolai

    KuppingCole has written previously on the benefits of adaptive authentication and authorization, and the need for authentication challenges that go beyond the password. These benefits fall largely under the categories of an improved user experience, since the user only gets challenged for multiple authentication challenges based on risk and context, as well as improved security precisely due to the use of multi-factor, multi-channel authentication challenges.

    However, these multi-factor authentication challenges only offer additional security if the multiple challenges used for these authentication challenges are sufficiently separated. Some examples of common approaches to multi-factor authentication include the use of one-time passwords sent via an SMS message, or smartphone applications which function as soft tokens for time-limited passwords. These are generally a good idea, and do offer additional security benefits. But, if the application that depends on multi-factor authentication as an additional security measure is itself a mobile application then the lack of separation between the channels used for multi-factor authentication vitiates the possible security benefits of MFA.

    Security researchers have recently proven how both a compromised Android or iOS smartphone can be manipulated by attackers in order to enable them to capture the additional step-up authentication password from the smartphone itself. This is one of the outstanding challenges of anywhere computing. Another attack that that is immune to the additional security provided by multi-factor authentication is the man-in-the-browser-attack MITB. With this type of attack, a malicious actor gains control of a user’s browser via a browser exploit. The user then logs into, for example, online banking, and successfully completes all necessary, multi-factor authentication challenges perform a high risk action such as performing an electronic fund transfer, the hijacked browser can be used by the attacker to substitute form data the the user is imputing. In this example the sum could be redirected to a strangers bank account.

    With the MITB attack, the user is seen by the accessed service as fully authenticated, but since the browser itself has been compromised, any action the user could have done legitimately can also appear to have been done by the attacker.

    With a user’s smartphone already receiving emails and being used for browsing, the additional use of smartphones for multi-factor authentication must be carefully considered. Otherwise, it only provides the illusion of security. These attacks do not make adaptive, multi-factor authentication useless, but they do show that there is no single mitigation approach that allows an organization to ignore the ever-evolving cybersecurity threat landscape.

    Tactical security approaches here include careful selection and separation of authentication channels when MFA is used, as well as the use of additional web service and browser scripting protection approaches which have been developed to mitigate MITB attacks.

    Yet the strategic solution remains an approach that is not solely focused on prevention. With the digital transformation well underway, it is difficult to employee endpoints, and almost impossible to control consumer endpoints. A strategic, holistic security approach should focus on prevention, detection and response, an approach known as Real-Time Security Intelligence. It should focus on the data governance, regardless of the location of the information asset, an approach known as Information Rights Management.

    Unknown and sophisticated attack vectors will persist, and balancing security and user experience does remain a challenge, but the RTSI approach recognizes this and does not ever assume that a system or approach can be 100% immune to vulnerabilities.



  • Executive View: Balabit syslog-ng - 71571

    by Alexei Balaganski

    The Balabit syslog-ng product family provides technologies that allow collecting, processing, and analyzing log events from a variety of different sources, going well beyond the standard syslog component. The products are relevant both as a complement to and a replacement for standard SIEM solutions.



  • Executive View: Balabit Blindspotter - 71572

    by Alexei Balaganski

    Blindspotter is a real-time analytics solution, which identifies external and internal security threats by detecting anomalies in user behavior.



  • Fueling Digital Innovation with Customer Identities
    Identity management has become far more than a key component for defining security and access controls. Understanding customers’ identities through all of their interactions with an organization is key to developing strong and enduring relationships across multiple channels. Combining information from various sources (registration forms, devices, social accounts, etc.) to provide optimal user experiences is now a prerequisite for customer-facing enterprises.



  • Executive View: AirWatch Content Locker - 71505

    by Graham Williamson

    For organizations trying to provide an attractive user experience while protecting corporate information, the continuing rise in popularity of mobile devices, connecting from both inside and outside the corporate network, is a trend that can be frustrating. For organizations with intellectual property and sensitive information that must be shared between staff and business partners, a solution to protect restricted data and documents from inadvertent release to unauthorized personnel is required. Help is at hand.



  • Consumer-Focused Identity Management
    Consumer expectations of Identity and Access Management (IAM) - even if they don't know what it is - are evolving and growing ever higher. The ability to use social media accounts to gain access to various services has revolutionised the way consumers see the space. Increasingly, banks and telcos and other traditional businesses with large user bases are finding it hard to grapple with the IAM needs of the services they deliver. What's worse, these organisations are missing out on opportunities to build deep, engaging relationships with their customers through an archipelago-like siloed approach to customer identity.