02.18.2019 - Mergers, Acquisitions and Divestitures – How to Unite Your Active Directories
CIOs that are under pressure to bring two companies’ IT systems and applications together after a merger or acquisition can unify their directory services quickly and inexpensively with a Virtual Identity Server. This paper looks at three of the leading approaches to bridging disparate sets of directory services into one seamless directory following a merger or acquisition. Conversely, we’ll look at the aspect of a divestiture, in which one company must entirely split out from another. Here, too, directory services play a role in a clean and quick divestiture or spin-off. ...
01.17.2019 - Typing Biometrics and Other Multi-Factor Authentication Methods: When Passwords Are Not Enough
81% of data breaches are from weak, default or stolen passwords. Leveraging MFA when it’s offered lessens the attack vector for digital identity impersonation attempts. This paper looks at existing MFA options, including biometric typing technology, examines decision factors for MFA and discusses the difference between various authentication methodologies. ...
11.30.2018 - HTTP Header Session Protection
The HTTP protocol was designed as a transport protocol to fetch and return content and to display HTML or other functions. But, HTTP wasn’t designed with authentication security top of mind. Approximately 40% of data breaches originate from attacks on web apps. And many of these breaches are preventable. HTTP header session protection as a part of your SSO solution should be at the forefront of your mind. ...
07.23.2018 - Manufacturers Need Industrial-Quality Access Control
Ideas about cybersecurity in the manufacturing sector have started to change, and it’s about time. Until recently, a common misperception among those in the industrial world was that that they had little to attract hackers—no credit card data, no health records, no bitcoin. But manufacturers do have data, and it’s immensely valuable — their trade secrets. Profit isn’t the only motivation for hackers many just want to cause chaos. There are plenty of reasons for hackers to attack manufacturing systems; the proof is that one out of three industrial control systems (ICS) computers were hacked last year (Kaspersky Lab, Sept 2017). ...
07.17.2018 - Troubleshooting Federation with Fiddler – Part 2 of 3 – Debug SAML 2.0 Federation Issues
In part one of our series on “Troubleshooting Federation with Fiddler”, we covered how to use Fiddler to debug WS-Federation issues. In part two we will cover how to use Fiddler to debug SAML 2.0 federation issues. ...
07.5.2018 - Troubleshooting Federation with Fiddler – Part 1 of 3 – Debugging WS-Federation Issues
Fiddler is simply the best tool to debug federation issues. Optimal IdM has just released a White Paper on this which you can download on the left side of this page. This is part one of a three-part blog series on this topic. In this blog we will cover how to use Fiddler to debug WS-Federation issues. ...
05.31.2018 - Protecting Your Patient’s PHI Data (Part 2 of 2)
In part one of our protected health information (PHI) series, we described why a hacker is interested in PHI and how they get it. In part two, we will cover ways to defend PHI data and best practices for mitigating attacks. ...
05.22.2018 - Protecting Your Patient’s PHI Data (Part 1 of 2)
For healthcare, there’s never been a more urgent time to reassess your cybersecurity and identity and access management strategy. Until recently, protected health information (PHI) was the most valuable merchandise on the Dark Web. Complete healthcare records were going for $75 to $100 dollars at the height of demand according to Institute for Critical Infrastructure Technology (ICIT). In fact, there’s so much PHI on the market now that the ICIT says prices have plummeted by about half. ...
05.2.2018 - Know Your Credentials: The Other KYC Requirement
The way people want to interact with their financial providers has changed quickly in the past few years. Now, account holders want control over their funds, and they don’t want to jump through hoops to exert that control. They expect a streamlined customer experience that lets them accomplish their tasks quickly, and there are great rewards to be reaped by institutions able to meet those expectations. For example, according to PwC’s 2017 Digital Banking Consumer Survey, 46 percent of consumers do all their banking online, a percentage that will grow even larger as the first generation of digital natives—those graduating high school around now—enter their adult lives and establish relationships with banks and investment firms. ...
03.31.2018 - Password Security – MFA and Agentless SSO Explained: Cyber Defense Magazine
Author: Mark Foust, Director of Worldwide Technical Sales for Optimal IdM ...