Endpoint

4/26/2018
01:15 PM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail

12 Trends Shaping Identity Management

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
2 of 13

Identity Verification by KBA is Dead

After a breach at Equifax and a leak at Alteryx (which exposed Experian data), the Knowledge-Based Authentication (KBA) systems that many organizations use has been compromised. Why ask a customer to verify their identity by confirming their former employers, addresses, or mother's birthdays, when attackers know all that information too - plus what magazines they subscribe to and whether they have a pool in the backyard? 

(Image by jorg rose-oberreich, via Shutterstock)

Identity Verification by KBA is Dead

After a breach at Equifax and a leak at Alteryx (which exposed Experian data), the Knowledge-Based Authentication (KBA) systems that many organizations use has been compromised. Why ask a customer to verify their identity by confirming their former employers, addresses, or mother's birthdays, when attackers know all that information too - plus what magazines they subscribe to and whether they have a pool in the backyard?

(Image by jrg rse-oberreich, via Shutterstock)

2 of 13
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 11:18:25 PM
not only are they manageable, theyre fundamentally consumable from a price point
This item has monumental importance. For IAM and PAM to gain widespread acceptance it needed to become some what of a commodity amongst the different organziational sectors. 
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
Election Websites, Backend Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10510
PUBLISHED: 2018-08-15
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
CVE-2018-10511
PUBLISHED: 2018-08-15
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
CVE-2018-10512
PUBLISHED: 2018-08-15
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).
CVE-2018-8753
PUBLISHED: 2018-08-15
The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.
CVE-2018-9129
PUBLISHED: 2018-08-15
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.