SearchSecurity: Multifactor authentication in the enterprise

Older than the Web itself, multifactor authentication is an IT security technology method that requires people to provide multiple forms of identification or information to confirm the legitimacy of their identity for an online transaction or in order to gain access to a corporate application. The goal of multifactor authentication use is to increase the difficulty with which an adversary can exploit the login process to freely roam around personal or corporate networks and compromise computers to steal confidential information, or worse.

This series began in October 2014 and continued over several articles:

And then I have specific reviews of some of the MFA tools:

A Better Way to Do Multifactor Authentication with Authentify xFA

xFA can add multifactor security to any web service with a few lines of code. We tested xFA on a small network in August 2014. It has cloud-based components to manage multifactor security, along with apps for iOS and Android.

Price: $19.95 per user per year

http://info.authentify.com/authentify-xfa-screencast

Fingerprint authenticators for iPhone 5 and Samsung Galaxy are expected for the near future.

Network World: Citrix Xen Mobile rates a spot on your MDM short list

xen phone security optionsWhen we reviewed six mobile device management products for Network World back in 2013, Citrix declined the opportunity to participate, but the company has changed its mind with the recent release of Xen Mobile v9.0 MDM. In our testing, we found that the software stacks up nicely against AirWatch and Good Technology, the two leaders from that review, and should be on any IT manager’s short list, particularly if you already use other Citrix connectivity products. (A view of its extensive security options can be seen on the right.)

You can read my review today in Network World here.

AT&T Blog: Network Security, The Moving Line of Defense

lock-and-key-icon-thumb355812The days of defending the perimeter are over. Look at what happened to a major retailer in late 2013 as an example. Someone posing as a trusted contractor was able to enter the retailer’s network and do all sorts of damage — to the tune of 40 million compromised customers. This attack occurred because the retailer wasn’t looking at insider threats carefully enough. Indeed, the perimeter has become more and more porous, and network defenses based on this traditional barrier are no longer enough to protect an organization’s business interests and objectives

You can read the post on AT&T Networking Exchange blog here.

Webinar: Best Practices for Protecting Sensitive Data from Insider Threats

Join me and Tina Stewart, the VP of Marketing for Vormetric, in an interesting webinar on 7/22 at 11 am PT. Insider threats have shifted to include both traditional insiders – individuals with access to critical data as part of their work, and privileged users — and the compromise of legitimate users’ credentials by sophisticated malware and advanced persistent threats (APTs). According to the latest Insider Threat Report from Vormetric, organizations are still wrestling with this growing problem, and struggling to find an appropriate security response.

We will talk about these issues and some of the ways that IT managers can mitigate these threats. Here is the link to view the webinar recording from Virtualization Review.

SearchSecurity: Things to watch out for when buying UTM products

I offer guidance to help enterprises find the unified threat management (UTM) product that best suits their organizational needs when they’re buying security. In this article, I discuss UTM functionality, features, pricing and more.

You can read the first of four parts of my article series in SearchSecurity here.

SearchSecurity: Cyberthreat intelligence market is getting crowded

UntitledWhen it comes to dealing with zero-day threats, time is of the essence. The quicker an IT security team can respond and repel an attack, the safer the organization. Many security teams rely on pattern matches and malware databases, but these methods have become less effective as custom viruses, created almost continuously, make algorithms obsolete. Crowdsourcing threat data so that a community can act quickly and repeal potential invasions is delivering results for more enterprises. (The illustration is a typical threat workflow from CyberSquared’s ThreatConnect.)

You can read my article for InfoSec Magazine here where I talk about the various community-based threat operations such as OTX, MAPP and Threat Radar.