Authentication After the RSA breach: Sticking to Hard Tokens Could be a Mistake
Blogmaster Note: This was originally posted on September 20, 2011 to the ComputerWorld UK Security Blog. The role of authentication as part of the CISO’s armory has been subject to some serious debate in recent months. In the wake of the RSA data breach, and the subsequent news of customers’ compromised data, the ability of [Read More...]
What’s on CISO’s minds?
A few weeks ago, I attended an InfoSec conference in Brussels, Belgium – “Enterprise Security Exchange”.
Overall, it was a great conference, as I was able to have great discussions with CISO’s of many known and respected global organizations.
APT and Layered Authentication
I was recently speaking with someone about their infrastructure and an issue they were addressing. Their infrastructure is based around Active Directory. It is a standard implementation that uses AD to identify end entities, grant privilege and to push policy. The issue is that they are faced with an Advanced Persistent Threat against this existing [Read More...]