#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

Identity Management | Breaking Cybersecurity News | The Hacker News

Category — Identity Management
Using Roles and Attributes to Protect Identities

Using Roles and Attributes to Protect Identities

Feb 03, 2025
In every industry, Active Directory (AD) and Entra ID are the de facto standard identity directories . While cloud environments are becoming more prevalent, many industries' governing bodies require sensitive and private data and the applications utilized by them to remain on the premises. The hybrid combination of AD and Entra ID creates a complex web of identities in domains and forests that are often managed from separate consoles, creating a costly and risky administrative challenge. The complexity of hybrid environments often results in vulnerabilities that can put businesses at risk. These vulnerabilities take the form of privilege sprawl as a result of mergers, acquisitions, mobility within a company, and the resulting creation or addition of new identity accounts. Each individual identity account requires specific rights to access corporate resources. How those rights are allocated and protected is critical to an organization's security and productivity. Any gaps create s...
Zero Trust Security, Why It's Essential In Today's Threat Landscape

Zero Trust Security, Why It's Essential In Today's Threat Landscape

Jan 16, 2025
Coined in 2010 by Forrester Research , the term "zero trust" has long been hijacked by security vendors eager to take advantage of the hype that surrounds the concept. Today, it's so overused and misused that many see it as a meaningless buzzword—but that's far from the truth. In fact, its widespread misappropriation demonstrates the power of zero trust security. Why else would countless vendors try to capitalize on it? As they say, imitation is the sincerest form of flattery. Zero trust is not a mere label. Rather, zero trust is an architecture—though you'll also hear of a zero trust methodology, framework, paradigm, and infrastructure—and it's based on the idea of zero implicit trust, meaning no one should be trusted by default. The key zero trust principle of least-privileged access says a user should be given access only to a specific IT resource the user is authorized to access, at the moment that user needs it, and nothing more. Hence the zero trust maxim,...
Security Operations for Non-Human Identities

Security Operations for Non-Human Identities

Sept 28, 2024
Non-Human Identities (NHIs) are an emerging focus for Security Operations Centers (SOCs) in the age of automation and autonomous tooling. With many of the most recent cyber-attacks focused on compromising NHIs such as secrets, machine identities, and OAuth tokens, securing NHIs has become a forefront concern when protecting confidential information and other digital assets. The Problem Findings from recent research from Entro Labs indicate NHIs outnumber human identities in modern enterprises by over 92:1, requiring more extensive visibility and investigation throughout the enterprise to secure than ever before. The rapid proliferation of Non-Human Identities throughout modern enterprises has standardized security exposure as a de-facto practice of most organizations - While Identity Access Management (IAM) tools and Identity Governance and Administration (IGA) processes safeguard human identities and manage their lifecycles (onboarding, offboarding, role changes, etc…), NHI mana...
Privileged Identity Management (PIM): For Many, a False Sense of Security

Privileged Identity Management (PIM): For Many, a False Sense of Security

Sept 09, 2024
Privileged Identity Management (PIM): PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing Microsoft Entra ID, Azure, and other Microsoft Online Services like Microsoft 365 and Microsoft Intune. In the cybersecurity landscape, Privileged Identity Management (PIM) emerges as a pivotal element, but its effectiveness in managing privileged access is subject to scrutiny. Integral to the broader identity and access management (IAM) framework, PIM's role in upholding the least privilege and just-in-time access principles is increasingly questioned amidst evolving digital threats. While theoretically vital for risk mitigation and regulatory compliance, the practical application of PIM, especially in complex cloud and IT environments, often reveals limitations in its ability to adapt to sophisticated cyber threats. This dichotomy between PIM's intended role and its real-world effica...
FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

FinTech, Healthcare & SaaS Need Non-Human Identity Management More Than Ever Before

Sept 01, 2024
Though every organization is susceptible to data breaches, those in FinTech, Healthcare, and SaaS are particularly vulnerable to attacks due to the high volume of data they possess. It's all the more necessary for these organizations to secure their digital estate end-to-end. Identity & access management (IAM), authorization policies, and observability tools are required to enforce security. But with the proliferation of microservices, distributed architectures, numerous vendor and partner integrations, as well as open-source components, the digital supply chain has become more vast and complex than ever. This requires a purpose-built security solution that addresses the new needs of organizations in these sectors, to which Non-human identity management has risen to meet. Let's dive deeper, by looking at recent data breaches in each of these three sectors, beginning with FinTech. Breach examples in FinTech The term 'FinTech' includes a range of organizations such as banks, no...
Cybersecurity Resources