#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Salesforce Security Handbook

Search results for what is identity threat | Breaking Cybersecurity News | The Hacker News

Identity Threat Detection and Response Solution Guide

Identity Threat Detection and Response Solution Guide

Aug 15, 2024 Identity Security / Threat Detection
The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions give security teams the ability to help teams answer the question "What's happening right now in my environment - what are my identities doing in my environments." Human and Non-Human Identities As outlined in the ITDR Solution Guide, comprehensive ITDR solutions cover both human and non-human identities. Human identities entail the workforce (employees), guests (contractors), and vendors. Non-human identities include tokens, keys, service accounts, and bots. Multi- environment ITDR solutions c...
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024 Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey co...
The SSPM Justification Kit

The SSPM Justification Kit

Sep 24, 2024 Identity Protection / SaaS Security
SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If you understand the importance of SaaS security, and need some help explaining it internally to get your team's buy-in, this article is just for you — and covers:  Why SaaS data needs to be secured Real-world examples of SaaS apps attacks The attack surface of SaaS apps Other types of less suitable solutions including CASB or manual audit ROI of an SSPM What to look for in the right SSPM Download the full SSPM Justification Kit e-book or request the kit in presentation format with your logo! What Is in Your SaaS Data? Nearly all business operations run through SaaS. So does HR, sa...
cyber security

CISO Board Reports: Crush It

websiteXM CyberSecure Budget / CISO
Transform how you report cyber risk to the board. Get real-world skills now.
cyber security

2025 Pentest Report: How Attackers Break In

websiteVonahi SecurityNetwork Security / Pentesting
Discover real exploitable vulnerabilities and defense gaps in our free Cybersecurity Awareness Month report.
Unified Identity – look for the meaning behind the hype!

Unified Identity – look for the meaning behind the hype!

Feb 08, 2024 Unified Identity / Cyber Security
If you've listened to software vendors in the identity space lately, you will have noticed that "unified" has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!  However (there is always a however, right?) not every "unified" "identity" "security" "platform" is made equal. Some vendors call the combination of workforce IDaaS and customer IDaaS a unified identity solution, while others offer a glorified 2FA service – unified only in the mind of their marketers.  Your landscape matters!   So forget for a moment what the vendors claim, and think back to  your  organization and  your   identity security  landscape. Consider this new definition: "unified" is what has the ability to consolidate your identity challenges with a complete identity solution.  Here's an example: you're responsible for the identity infrastructure of a large hospital. Frontl...
Safeguard Personal and Corporate Identities with Identity Intelligence

Safeguard Personal and Corporate Identities with Identity Intelligence

Jul 19, 2024 Machine Learning / Corporate Security
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital. Once in the hands of cybercriminals, compromised credentials and accounts provide unauthorized access to corporations' sensitive information and an entry point to launch costly ransomware and other malware attacks. To properly mitigate threats stemming from compromised credentials and accounts, organizations need identity intelligence. Understanding the significance of identity intelligence and the benefits it delivers is foundational to maintaining a secure posture and minimizing risk.  There is a perception that security teams and threat analysts are already overloaded by too much data. ...
Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Apr 16, 2025 SaaS Security / Identity Management
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...
True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

Jul 10, 2024 Endpoint Security / Identity Security
It's the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The lateral movement uses compromised credentials for malicious access – a critical blind spot that existing XDR, network, and SIEM solutions fail to block.  Identity Threat Detection and Response (ITDR) has emerged in the last couple of years to close this gap. This article breaks down the top five ITDR capabilities and provides the key questions to ask your ITDR vendor. Only a definitive 'YES' to these questions can ensure that the solution you evaluate can indeed deliver its identity security promise.  Coverage For All Users, Resources, and Access Methods  Why is it important? Par...
Entra ID Data Protection: Essential or Overkill?

Entra ID Data Protection: Essential or Overkill?

May 06, 2025 SaaS Security / Identity Management
Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also makes it a prime target. Microsoft reports over 600 million attacks on Entra ID every day. These aren't just random attempts, but include coordinated, persistent, and increasingly automated campaigns designed to exploit even small vulnerabilities. Which brings us to the core question: Are Entra ID's native protections enough? Where do they fall short — and what steps should you take to close the gaps and ensure you're covered? Understanding Entra ID At its core, Microsoft Entra ID is your enterprise identity and access management system. It defines how users prove who they are, what resources...
How to Gain Control of AI Agents and Non-Human Identities

How to Gain Control of AI Agents and Non-Human Identities

Sep 22, 2025 AI Security / Cloud Security
We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't know who owns them. How are we supposed to secure them?" Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks around the clock. They're not new. But they're multiplying fast. And most weren't built with security in mind. Traditional identity tools assume intent, context, and ownership. Non-human identities have none of those. They don't log in and out. They don't get offboarded. And with the rise of autonomous agents, they're beginning to make their own decisions, often with broad permissions and little oversight. It's already creating new blind spots. But we're only at the beginning. In this post, we'll look at how non-human identity risk is evolving, where most organizations are still exposed, and...
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

Mar 19, 2025 SaaS Security / Threat Detection
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small. The question is, what can security teams do about it? Have no fear, because Identity Threat Detection and Response (ITDR) is here to save the day. It's essential to have the visibility and response mechanisms to stop attacks before they become breaches. Here's the super lineup that every team needs to stop SaaS identity threats. #1 Full coverage: cover every angle  Like Cap's shield, this defense should cover every angle. Traditional threat detection tools such as XDRs and EDRs fail to cover SaaS applications and leave organizations vulnerable. SaaS identity threat detection and re...
Moving Beyond Awareness: How Threat Hunting Builds Readiness

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Oct 14, 2025 Threat Hunting / Cloud Security
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love this month. Launched by CISA and the National Cybersecurity Alliance back in 2004, it's designed to make security a shared responsibility. It helps regular citizens, businesses, and public agencies build safer digital habits. And it works. It draws attention to risk in its many forms, sparks conversations that otherwise might not happen, and helps employees recognize their personal stake in and influence over the organization's security.  Security Awareness Month initiatives boost confidence, sharpen instincts, and keep security at the front of everyone's mind... until the winter holiday season decorations start to go up, that is. After th...
c
Expert Insights Articles Videos
Cybersecurity Resources