Not surprisingly, artificial intelligence in all forms was on full display this year at the NRF Big Show. One AI application that caught my attention was facial recognition technology. Last year, 23% of business technology decision-makers said their firm is using or likely to use facial recognition technology, just 3.5% less than machine learning platforms. […]
I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evident to those who explore how it benefits their security needs. If we’re honest about Zero […]
Good news for luxury brands – Luxury will see continued growth for online sales and for in-store sales that are influenced by digital touchpoints, per Forrester’s newly updated Global Luxury Retail Sales Forecast 2017 to 2022. So that’s great – but, as we saw in our research last summer, many luxury brands still have work […]
In 2017, we conducted one of the most comprehensive customer surveys on Customer Experience in the Australian market. It’s called the CX Index. And the results may upset banks, but that’s too bad – this is what the customers think. In sum, customers aren’t feeling the impacts of investments in CX and most banks don’t […]
At the packed NRF Big Show #NRF2018 in New York last week, many retailers looked at vendors touting new tech, including AI, AR/VR, and more, all in the name of improving customer experiences. But most of those same retailers know that, before leaping into that arena, they first need to bring existing systems up to […]
This year’s NRF Show was a surprise, in that it lacked a lot of the hyped-up tech in year’s past (VR in 2017, Beacons in 2016, etc., etc.). That left plenty of room for themes and solutions to shine that let retailers improve in the areas of customer experience, operational efficiency, and incremental, bottom-line profitability. […]
GUEST BLOG POST, FROM DREW GREEN As a voracious media consumer, I’m exposed to a mind-numbing amount of advertising. Enough that trends start to emerge. One recent trend standing out more than others is an influx of “cause marketing” tactics, where brands incorporate their values into their messaging. Look no further than the composition of […]
Public cloud platforms owed much of their early success to adoption by startups. With a bright idea, a web browser, a credit card, and no legacy baggage, the public cloud was an obvious place to build and grow a new business. For most enterprises, those early public clouds were a harder sell: If they were […]
Last week’s NRF Big Show at the Javits Center in New York City is the industry’s largest confab and its timing (as most retail fiscal years close) makes it a good prognosticator of which retail technologies companies will be investing in (or at least investigating) in the coming year. After talking to retailers, exhibitors and […]
Forrester’s China Tech Market Outlook, 2018 To 2019 report forecasts that business and government purchases of technology goods and services will grow by 8% in 2018 and 9% in 2019 in US dollar terms. In the past two years, weak domestic demand and rapid currency devaluation put critical pressure on China’s economy — but tech […]
Perhaps it's time to shine an uncompromising light on the IT security failures of 2017—the sins we are guilty of as IT professionals—in a hopeful bid to inspire us to instigate change and maybe even prepare New Years' resolutions for 2018 that will actually be kept.
by Martin KuppingerYesterday, One Identity announced that they have acquired Balabit, a company specialized on Privileged Management, headquartered in Luxembourg but with their main team located in Hungary. One Identity, a Quest Software business, counts amongst the leading vendors in the Identity Management market. Aside of their flagship product One Identi […]
by Mike SmallSAP HANA Platform securely supports the IT applications and services needed by organizations to achieve digital transformation as well as the traditional IT systems of record. It offers a high - performance database through in - memory processing and provides enterprise grade security features that cover the confi dentiality, integrity and ava […]
by Martin KuppingerPowerBroker for Unix & Linux von BeyondTrust bietet Server Privilege Management und Session Management speziell für Unix- und Linux-Server. Solche Server sind häufig Angriffen sowohl von böswilligen Insidern als auch externen Hackern ausgesetzt. PowerBroker for Unix & Linux bietet umfassenden Schutz für privilegierte Accounts auf U […]
Whenever people are talking about the Digital Transformation, they usually think about modern technologies like cloud computing. However, although adopting new technologies is important for staying relevant and competitive in the rapidly changing market, this transformation primarily reflects the growing volume of digital information that is powering key bus […]
by Mike SmallMany organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of Symantec Cl […]
by Martin KuppingerOsirium’s Privileged Access Management provides a secure, streamlined way to monitor privileged users for all relevant systems. It manages context-driven access over any number of systems across an infrastructure, and supports an innovative, task-based approach. Furthermore, it comes with a well-thought-out gateway approach for supporting […]
by Dan BlumAn enterprise security architecture (ESA) is a critical component to an enterprise architecture (EA) that describes how IT services, processes, and technologies should be protected given a customer’s unique business, security, and compliance requirements.
by Martin KuppingerThycotic Privilege Manager is a tool focused on Least Privilege management and enforcement on endpoint systems, supporting both Windows and Mac systems. It provides application control and privilege management features to restrict the access and use of highly privileged accounts and thus minimize risks caused by cyberattacks and fraudulent […]
Identity and Access Management (IAM) is one of the most important and challenging disciplines, involving multiple departments and systems across the enterprise and requiring constant communication between the business and IT. Without IAM, it is difficult to mitigate access risks, to comply with regulations and to deliver a consistent and frictionless user ex […]
CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrati […]
2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror t […]
When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintai […]
The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at th […]
This is the third entry in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from coding to testing to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations sec […]
The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not […]
For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the […]
What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above […]
Metrics are critical for measuring and expanding an application security program. And there are a lot of important numbers you need to track to gauge your program’s progress, but sometimes you need one number that sums up your progress. Executives don’t always want to see a slew of complicated charts and graphs – they want one simple number that answers, in […]
I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that CA Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static applicati […]
Leverage next generation cyber security technology to curtail lateral movement should hackers gain a foothold inside your network. The post Limiting Losses from Cyber Attacks with Privileged Identity Management appeared first on Identity Week.
RED Systems Management can quickly block access to the files NotPetya intends to use to infect you. With patented Access Control List (ACL) management technology, RED Systems Management can lockout NotPetya from executing on client systems. The post Battling the NotPetya (Petna) Ransomware appeared first on Identity Week.
It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyber attacks, you need to move faster than the attackers to minimize damage. The post In Cyber Warfare, Speed Heals appeared first on Identity Week.
Stolen passwords are the leading cause of hacking-related data breaches. To discuss what can be done to mitigate this security vulnerability, Identity Week spoke with Steve Tout, CEO of VeriClouds. The post Protecting Against Stolen Passwords – a Q&A with Steve Tout of VeriClouds appeared first on Identity Week.
Two years removed from the announcement of the attack, we can now take a look at the lessons we learned from the OPM data breach. The post Lessons Learned from the OPM Data Breach – Two Years Later appeared first on Identity Week.
The security of your entire network is only as good as your least secure server. And, relegating the Unix/Linux infrastructure to a status of any lesser degree is the attack surface that hackers are looking to exploit. The post Securing Identities – Don’t Forget Unix and Linux Servers appeared first on Identity Week.
Watch this FedScoop video interview of IT security expert Philip Lieberman to find out how federal government agencies can redesign their networks for better resilience against cyber attacks. The post Video: Cyber Defense for the Federal Government appeared first on Identity Week.
Now we’ll take a look at the three practices we regularly see in the most mature Privileged Identity Management programs. The post Best Practices in Privileged Identity Management – Part Four appeared first on Identity Week.
Your organization has been breached. What do you do now? Philip Lieberman explains in this 4-minute Game Changers Silicon Valley interview. The post Video: Cyber Security Detection appeared first on Identity Week.
I am reading a fascinating book, “Identity is the New Money,” by David Birch. The book was published three years ago, but I find it extremely relevant today. I just read this paragraph: Identity becomes the key to transactions and a crucial individual resource that needs to be looked after by responsible organizations. We all need to […]
As I read a recent Risk Management Monitor article “Companies Must Evolve to Keep Up With Hackers,” I couldn’t help but think – at what cost? Perhaps you can calculate the amount a company spends on tools and processes to defend against cyberattacks, and perhaps even justify that expense by attempting to estimate the cost of a […]
Yesterday, I blogged about the inherent conflicts of interest that exist with most current or potential Identity Providers. Is it just coincidence that today I would read a post on LinkedIn by Gary Rowe, CEO/Principal Consulting Analyst at TechVision Research, highlighting the TechVision Research report, “Banking on Identity?” The report offers a compelling […]
After uploading yesterday’s blog post, I realized that I had again made a statement about a problematic “conflict of interest” inherent in many Identity providers. What do I mean by that? For many years, I have dreamed of the concept of a broadly used Identity Provider enabling each of us to leverage one set of […]
Following a blog post recommendation by Emma Firth, Communications Director of Digi.me, I just read an insightful article, “Transforming the Digital Identity Landscape,” in the June 2017 issue of Leo, an e-magazine published by Luxembourg for Finance. It was particularly interesting to read the viewpoints of four Digital Identity thought leaders who spoke at […]
How critical is Identity and Access Management to GDPR Compliance? The somewhat radical, but underlying philosophy of GDPR is that enterprises must enable individual data subjects (EU citizens) to control their own Personally Identifiable Information (PII), and grant or withdraw permission to store and use such data. Certainly, appropriate processes and tech […]
May 25, 2018 is bearing down on us like a proverbial freight train. That is the date when the European Union General Data Protection Regulation (GDPR) becomes binding law on all companies who store or use personal information related to EU citizens. (Check out the count down clock on the GDPR website). Last week, Oracle published a new white […]
This morning I read a short article stating, “Arizona businesses lead the nation in malware detections.” Wouldn’t you know — Arizona leads the nation — but not in some fun way like an NBA Championship. I immediately thought of another dubious distinction for our state – the Arizona bark scorpion is the most venomous scorpion in North America. […] […]
Lots of nostalgia this week … yesterday and today, my meetings have been on the Oracle Santa Clara Campus. It is always enjoyable to come here and remember the many meetings I attended here prior to the Oracle acquisition of Sun Microsystems in 2010 and with Oracle colleagues since then. It is fun to meet in the […]
This week, I am staying in the Santa Clara Marriott hotel for a few days while attending some corporate meetings. As I drove to Santa Clara from the San Francisco Airport yesterday, I began to reminisce about times in my early career when I spent a lot of time in this part of the world. I […]
The year 2017 saw some of the biggest cybersecurity incidents—from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya. The year ended, but it did not take away the airwaves of cybersecurity incidents, threats […]
Don't install Intel's patches for Spectre and Meltdown chip vulnerabilities. Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches, which Linux creator Linus Torvalds calls 'complete and utter garbage.' Spectre and Meltdown are security vulnerabilities disclosed by researchers earlier this […]
A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers’ computers. Played every month by half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment. To play Blizzard games […]
Cybercriminals have stolen a massive trove of Norway's healthcare data in a recent data breach, which likely impacts more than half of the nation's population. An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 mi […]
Remember "Crackas With Attitude"? A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015. Believe or not, the leader of this hacking group […]
OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website. In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers wa […]
A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers. The advanced persistent thre […]
Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements […]
Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Ac […]
Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years. Since 2014, the Skygofr […]