CS Mar-Apr 2024

More documents

Recommendations

Info

passwords SHOULD YOU SAY ‘PASS’ TO PASSWORDS? WITH GOOGLE MOVING TOWARDS A FUTURE WITHOUT PASSWORDS, THE PATH HAS BEEN THROWN OPEN FOR OTHERS TO FOLLOW Alex Laurie, Ping Identity: broken system that needs to change. Peter Barker, chief product officer at Ping Identity, has been quick to identify why he feels passwords are way past their 'best-before date' and how he hopes Google's move to a passwordless future will prove to be an inspirational force for change. "Passwords have been a persistent security challenge for the past seven decades, leaving us susceptible to phishing attacks and the looming threats of fraud and identity theft. Consumers increasingly crave greater convenience, without compromising on security. The path we must embark on leads us toward a passwordless future, though this transition will undoubtedly require time to be embraced on a grand scale. "Notably, we have already witnessed the widespread integration of biometric authentication methods, such as facial recognition and fingerprint scans, into our daily lives. These technologies serve as stepping stones towards the ultimate goal of a world where the arduous task of logging in becomes a thing of the past. However, to truly reach this passwordless utopia, the general public needs a better grasp of the underlying technology. "In light of these developments,", continues Barker, "Google's decision to champion passkeys as the default login option couldn't have come at a better time. Sometimes, it takes industry giants to take the lead, pushing for change more assertively." Meanwhile, Alex Laurie, SVP EMEA at Ping Identity, points to how passwords also act as a barrier to achieving a smoother user experience. "Think back to the number of times you've been locked out of a site or app and had to go through the painstaking process of resetting your password. It's a broken system that needs to change." Given such challenges, the most logical path access management organisations could take would be towards a passwordless future, he continues. "While this transition will undoubtedly require time to be embraced at scale on both the B2B and B2C side, our research shows that consumers welcome passwordless authentication. In the UK, 59% said they'd be happy to switch website/app/service, if a passwordless authentication method was offered." Laurie feels that the move away from passwords, led by major technology firms like Google and Amazon, is the path that others now need to go. "Passkeys signify a significant leap forward, sparing users from the hassle of remembering passwords and the constant worry of someone stealing them. This proactive move promises to reduce fraud, and usher in a simpler, faster and more secure user experience that we can all benefit from." 32 computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk
endpoint protection GETTING STRAIGHT TO THE (END)POINT ENDPOINT PROTECTION IS REGARDED AS A 'MUST HAVE' WHERE CYBER THREATS ARE CONCERNED. BUT HOW DO YOU SET ABOUT IDENTIFYING THE SYSTEM THAT IS RIGHT FOR YOUR ORGANISATION? An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts. Expending on this EPP take, Gartner continues: "Detection capabilities will vary, but advanced solutions will use multiple detection techniques, ranging from static IOCs to behavioural analysis. Desirable EPP solutions are primarily cloud-managed, allowing the continuous monitoring and collection of activity data, along with the ability to take remote remediation actions, whether the endpoint is on the corporate network or outside of the office. In addition, these solutions are cloud-data-assisted, meaning the endpoint agent does not have to maintain a local database of all known IOCs, but can check a cloud resource to find the latest verdicts on objects that it is unable to classify." In the company's 'Hype Cycle for Endpoint Security, 2023' report (Franz Hinner, Satarupa Patnaik, Eric Grenier, Nikul Patel), Gartner offers several key insights into endpoint protection and why it matters. "Endpoint security innovations focus on faster, automated detection and prevention, and remediation of threats powering integrated, extended detection and response (XDR) to correlate data points and telemetry from solutions such as endpoint, network, web, email and identity. Methods to provide lightweight, secure remote access remain in demand driving desktop as a service (DaaS) and endpoint and browser isolation for increased control and security posture. "We see continued adoption of zero-trust network access (ZTNA), increasingly as a part of security service edge (SSE) or a wider secure access service edge (SASE). This enables application access from any device over any network, with minimal impact on user experience." The Hype Cycle for Endpoint Security tracks developments that help security executives defend their companies. Two tendencies occur when technology evolves, says Gartner: New endpoint technologies include endpoint access isolation, endpoint-agnostic workspace security, along with endpoint protection toolset integrations and upgrades Net new security investments may focus on new technologies and suppliers since most purchasers consolidate vendors. "The operational burden of deploying internal people for threat hunting demands greater signal correlation and automation of reaction to counter sophisticated, targeted attacks. This Hype Cycle shows XDR spreading again. Unified endpoint security (UES), which integrates endpoint protection platform (EPP) and MTD security assets, is rising in this Hype Cycle. While usage is limited, endpoint operations solutions that configure devices for consistency of control and speedy remedial activities are anticipated to grow. "Endpoint detection and response (EDR) adoption continues as EPP matures. This year, business email compromise (BEC) security will detect compromised accounts to prevent phishing. Network-based secure web gateways (SWGs) also prevent endpoint attacks, especially cloud-based ones. SSE is absorbing SWG capabilities," states Gartner. NEW SKILLS MATURE AND SPREAD "Bring your own PC (BYOPC), unified endpoint management (UEM) and DaaS are mature in tackling access and endpoint isolation issues, but they are rigid, encouraging technologies like enterprise application integration (EAI) to ascend the hill. SSE empowers ZTNA to let any device access any app over any network. ZTNA alone exposes endpoints to online attacks and loses control of SaaS programs. ZTNA, SASE and new zero-trust philosophy implementations, like automated moving target defence (AMTD), are being embraced at different paces. Edge security services are touted. Buyers want platform-wide security 33 computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news TORSION ANNOUNCES FILING OF PA
Page 8: news Greg Wetmore, Entrust. TIME TO
Page 11 and 12: legal focus GETTING YOUR ACT TOGETH
Page 13 and 14: artificial intelligence stratospher
Page 15 and 16: artificial intelligence "In an intr
Page 17 and 18: Computing Security Secure systems,
Page 19 and 20: 2024 predictions ?? ? actors can so
Page 21 and 22: 2024 predictions ?? ? security is t
Page 23 and 24: iometric cybersecurity the previous
Page 25 and 26: data management NEW DATA STATS ARE
Page 27 and 28: energy industry incidents in 2020 -
Page 29 and 30: ansomware NEW THREAT ACTORS SEND RA
Page 31: penetration testing I.T. SYSTEMS RE

CS Mar-Apr 2024

Create successful ePaper yourself

Delete template?

Save as template?