Best Practices In Vendor Privileged Access Management
Vendor privileged access management best practices: Access control, strong, unified authentication, fine-audit, secure access.
Vendor privileged access management best practices: Access control, strong, unified authentication, fine-audit, secure access.
Single-Sign-On and Identity Providers are often treated as the same. But, the IdP facilitates the SSO. You can have multiple IdP if desired.
Identity vs Authentication. Who are you. Prove it. Related but different concepts. Ensure your IdP does not give identity when it realy means authentication.
Waterloo Region, top in Canada for reported Cybercrime. Why the dubious honour? Better reporting? More targets?
A multi-year attack involving 1.2M customers, hosting, DNS. What could the miscreants have achieved? DKIM? SSL? Domain verification?
As we prepare for a holiday season and a promising new year, I want to take a moment to first thank all our customers for the trust they put into Agilicus when it comes to protecting access to their critical resources.
“We are thrilled to partner with Ridge Canada to help SMBs who are scrambling to implement security controls, including multi-factor authentication and privileged access management for their cyber insurance”
Learn how zero trust protects against the new Microsoft Exchange Server zero-day exploit affecting Outlook Web Access (OWA), ProxyNotShell. With Agilicus, you’ll block lateral traversal and prevent unauthorised traffic from arriving at your resources while ensuring they are still accessible to legitimate users.
Days after announcing student loan forgiveness in the United States, 2.5 million student borrowers had their personal information exposed in a data breach and are at an increased risk of being targeted in a phishing attack.
The OWASP Top 10 is a standard awareness document that outlines the most critical web application security risks and vulnerabilities. Learn how Agilicus AnyX is designed to eliminate an attacker’s visibility into the potential OWASP Top 10 web application vulnerabilities.
Zero Trust Network Architecture can effectively meet the growing demand for enhanced cyber security in industrial and operational technology.
Devices on industrial control system networks are ill-equipped for the hardships associated with the Internet and remote access. Low-speed processors, infrequent firmware upgrades, spotty security research, Common Vulnerabilities and Exposures (CVE) publishing, etc.
This leads to a natural conflict: the operator is responsible for the security, and they are not willing to sacrifice security for accessibility since their business and reputation is at stake. The vendor wants the opposite – to have the least constraints and the most simplicity across their customer base.
Is there a better way? One that meets the security requirements of the operator’s IT department as well as the access requirements of the vendors?
Yes: a Zero-Trust Industrial Network Architecture.
Interviewed on 570 News Tech Spotlight. listen to the interview here, I talk through some of the simple risks and how we help. And a bear joke.
We are pleased to announce that Agilicus has been awarded a Government of Canada Contract with Shared Services Canada (SSC). The feedback and interaction we receive from such a marquis customer on our Any X Zero Trust platform is very valuable to us, and great validation of our ideas and technology.
The M&M is not a good network design: chewy centre, hard shell. Recent cisco router vulnerabilities discussed for defense in depth.
We are incredibly excited to announce that Agilicus has been included in the FoundersBeta Top 100 Tech Companies to Follow in 2022. Every year FoundersBeta compiles their list of the top tech companies that are disrupting markets and making waves in the… Read More »Agilicus Recognised as a Top 100 Tech Company to Watch in 2022
Cybercriminals had a record year, the cost of a breach reached new highs in 2021. With clear cybersecurity goals, businesses avoid becoming a news headline.
Who are you? Identity involves knowing who you are, and then later proving it. NIST sp 800-63A enrollment is the first step, let’s talk about that!
Zero-Trust Network Architecture has 3 steps: Authenticate (Who), Authorise(What), Access(How). 3 Levels of strength of the who are defined in NIST sp 800-63B. Does the goldilocks principle apply to you? Read on!
Ignoring systems that may be deemed ‘unimportant’ in comparison to your revenue-generating technology stack will leave your organization open to compromise from the Log4Shell vulnerability.
Two hikers see a bear. One bends over to tie shoes. Other says, you can’t out run a bear. First says, just need to outrun you. Pause laughter
A big 5 Canadian bank has a fake multi-factor authentication sytem, allowing anyone to fall back to password. Why? How is this acceptable?
Managed Service Provider Breached. Customer pays out. Who is at fault? Lawsuit to determine. Multi-factor authentication to prevent.
The Record published an article today on Agilicus. It covers the back-story on what we have set out to accomplish
Interview w/ CityNews 570. Hear the origin story of Usenet in my life, and the plan to buy Doritos. And don’t call me old, I’m experienced!
How some public sector entities have great cyber-awareness training, but exempt the elected and senior staff. From Great To Good in one step.
A simple set of controls for a Minimum Viable Secure Product. Open source for us all to use. Implement, ask in RFP, common baseline to follow
Telnet. 40 years old, not fit for purpose. Alive and well in Canada. No amount of mitigation or multi-factor authentication makes it OK.
A high(ish) profile nodejs library is compromised. No multi-factor authentication used by developer. The ripples are far and wide. Including you!
The personal verification question. The dumb, slow cousin of the password. Stored in plaintext, findable in social media. Not multi-factor auth