Blog posts by John Tolbert

The Payment Card Industry (PCI) Standards Council has published a major update to the Data Security Standard (DSS), version 4.0. This version is an improvement over the current version, 3.2.1, which came out in 2018.   The new publication directs organizations that need to be compliant with the standard to use Multi-Factor Authentication (MFA) build-in “Dynamic Analysis”, or risk-based authentication, in alignment with Zero Trust perform access reconciliations harden systems and servers deploy anti-malware solutions ( Endpoint Protection Detection...

SentinelOne has announced that they will acquire Attivo Networks, a leading Distributed Deception Platform (DDP) and Identity Threat Detection & Response (ITDR) solution provider. This appears to be a good move for SentinelOne, which is a leading Endpoint Protection Detection & Response (EPDR) vendor. SentinelOne went public with the one of the largest IPOs ever last year. Attivo was founded in 2011 in the Bay Area. Their initial focus was on the DDP market. DDP is an innovative approach to detecting and preparing for cyberattacks, whereby organizations deploy decoy resources to...

Have you entered a password somewhere today? Do you wonder why you’re still having to do that? Did entering that password give you a feeling of digital safety? Did it make your consumer experience more enjoyable? Cybersecurity and identity management experts have been proclaiming the benefits of and absolute necessity of Multifactor Authentication (MFA) and risk-adaptive authentication for years now.  MFA is the leading concept for implementing strong authentication, which is defined as the combination of two or more of the following: something you know, something you have,...

Almost all enterprises have many security tools in place already, some of which are still focused on perimeters/DMZs and on hosts, such as servers and endpoints. Endpoint Detection & Response (EDR) tools are becoming more commonplace in enterprises and SMBs. EDR tools depend on agents installed on endpoints to collect and transmit telemetry to the EDR console. EDR agents can be instructed by administrators and programmatically to respond to suspicious and malicious events, taking actions like gathering forensic evidence, terminating processes, removing malware, etc. EDR tools emerged...

Last week Colonial Pipeline, one of the largest pipelines in the US, was hit by a ransomware attack from the Dark Side cybercrime group. While many pertinent specifics about the attack are not known, FireEye and US Cybersecurity and Infrastructure Security Agency (CISA) have shed some light on how Dark Side’s malware works. These two posts point out some common Tactics, Techniques, and Procedures (TTPs) that all organizations should be on the lookout for as indicators of attack: Password spraying against Virtual Private Network (VPN) devices. Legitimate user credentials...

Security Orchestration, Automation, and Response (SOAR) platforms are attracting a lot of attention from many organizations, from enterprises to government agencies and even those on the upper end of Small-to-Mid-Sized Businesses (SMBs). The reason for this is clear: the cybersecurity landscape continues to evolve and get more complex in order to combat the corresponding rise in frequency and complexity of attacks. SOAR platforms can be the capstone application for Security Operations Centers (SOCs). Most organizations have a plethora of security tools already, such as Endpoint...

STG announced that they intend to acquire McAfee’s enterprise business for around $4B. The McAfee brand will continue to operate and focus on consumer cybersecurity. STG will pick up MVISION, Global Threat Intelligence, database security, unified endpoint security, CASB, CSPM, CWPP, DLP, SIEM, SWG, XDR, and policy management products and services. STG picked up RSA from Dell in September 2020. When the deal closed, STG stated that RSA would remain independent and would pursue growth in their most successful product lines: Archer, SecurID, NetWitness, and the Fraud & Risk...

Okta will purchase Auth0 for $6.5B. Okta is a leading IDaaS vendor , originally focused on workforce but now addressing B2E, B2B, and B2C use cases. Okta’s solutions are designed for organizations that want to quickly enable cloud-delivered identity and seamlessly interoperate with other SaaS applications. Auth0 had a different entry point into the realm of IAM. Auth0 was aimed at developers, both in functionality and their marketing approach. Auth0’s founders knew that this was an underserved market. Consider a case where a company needs to expose one or two major...

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal implementation of Zero Trust, users authenticate with the proper identity and authentication assurance levels to get access to local devices, on-premises applications and data, and cloud-hosted resources. Access requests are evaluated against access control policies at runtime. In order for Zero Trust...

Many if not most organizations have moved to a risk management model for cybersecurity and identity management. Priorities have shifted in two major ways over the last decade: decreasing attack surface sizes focusing on detection and response technologies instead of prevention only Reducing attack surfaces inarguably improves security posture. Achieving the objective of reducing attack surfaces involves many activities: secure coding practices, vulnerability scanning and management, consolidation of functions into fewer products and services, access reconciliation, user...