Identity Management and Information Security News for the Week of February 24; Opaque, Oort, SandboxAQ, and More

Information Security News

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of February 24. This curated list features identity management and information security vendors such as Opaque, Oort, SandboxAQ, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of February 24

Purdue’s CERIAS Welcomes Cybersecurity Leaders and Experts to 24th Annual Event

CERIAS, Purdue’s Center for Education and Research in Information Assurance and Security, is inviting its partners in industry, government and higher education to the West Lafayette campus to level-up their cybersecurity knowledge and strategies. The theme, “Using Past Lessons to Thwart Future Threat,” will set the tone for the center’s upcoming 24th-annual symposium, set for March 28-30. The theme’s “past lessons” refers, in part, to CERIAS’s 25th anniversary and its history of leading the cybersecurity field by identifying and building defenses against ever-evolving digital security threats.

Read on for more.

CCC and Opaque Systems Announce Inaugural Confidential Computing Summit

The Confidential Computing Consortium (CCC) and Opaque Systems this week announced the inaugural Confidential Computing Summit, to be held in San Francisco on June 29, 2023. In addition to the CCC, Platinum and premier sponsors of the inaugural event include Microsoft, VMware, Arm, Anjuna, Edgeless Systems and Fortanix. The Confidential Computing Summit will bring together a community of innovators, organizational executives, regulators, business leaders, managers, security experts, data scientists, data analysts, AI/machine learning practitioners, data privacy experts, and researchers. Customers, prospects and companies evaluating Confidential Computing will see the latest innovations from leading companies and hear from users that work with confidential data across industries, including but not limited, to financial services, insurance, healthcare, manufacturing, adtech, web3 and more.

Read on for more.

Senhasegura Named Leader for 2nd Consecutive Year by KuppingerCole

Senhasegura, a global provider of Privileged Access Management (PAM) solutions, this week announced it has been named a Leader in the 2023 KuppingerCole Leadership Compass for Privileged Access Management (PAM). Senhasegura was named an Overall Leader as well as a Product Leader and Innovation Leader out of 25 total vendors evaluated. 2022 was a year of tremendous growth and momentum for Senhasegura, highlighted by the Company’s $13 million Series A funding, the opening of their North American headquarters, and the expansion of their PAM offering with the launch of the MySafe Personal Password Manager.

Read on for more.

Oort Research: “40 Percent of Accounts Use Weak or No Form of MFA”

Oort, provider of identity-centric enterprise security, this week revealed the findings of its State of Identity Security Report, a comprehensive analysis of data from more than 500,000 identities. Oort’s research unveils the most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, and the most commonly used techniques attackers are utilizing to take over accounts. Oort reports that 40.26 percent of accounts in an average enterprise are using either weak second factors or none at all, leaving them vulnerable to targeting with simple techniques like phishing and social engineering. Additionally, the report finds that phishing-resistant second factors were used in only 1.82 percent of all logins. The lack of strong MFA adoption has implications not only for potential account takeover attacks, but also regulatory compliance, citing several compliance frameworks that have requirements for MFA.

Read on for more.

GSMA Release “Post-Quantum Telco Network Impact Assessment”

As part of the Post-Quantum Telco Network Taskforce, GSMA has published, with contributions from members IBM, Vodafone, and others, the Post-Quantum Telco Network Impact Assessment: an in-depth analysis of the quantum security threats facing the telecommunications industry and a detailed, step-by-step list of potential solutions to prepare for these threats. The report, which debuted ahead of GSMA’s annual Mobile World Congress in Barcelona, maps out a clear path for telco organizations to work across their ecosystems to protect data from cyber-criminals acting today to tap into the potential power of future quantum computers.

Read on for more.

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST in July 2022 for post-quantum cryptography has been broken. Researchers from the KTH Royal Institute of Technology, Stockholm, Sweden, used recursive training AI combined with side channel attacks. A side-channel attack exploits measurable information obtained from a device running the target implementation via channels such as timing or power consumption. The revolutionary aspect of the research was to apply deep learning analysis to side-channel differential analysis.

Read on for more.

Facebook and Twitter To Begin Charging for “Premium” Security

Meta announced on Feb. 19 it would be launching Meta Verified, a subscription service that offers additional verification, security and customer service features, for the price of $11.99 a month on the web and $14.99 on iOS. It is currently being tested in Australia and New Zealand. The process: users can sign up for the service, provide their government ID for screening and then if approved, they will get a blue badge and Meta will proactively monitor against fake accounts and provide direct customer support. These services seem to be targeting content creators, with a growing following, who may want the extra security. But the average user is still vulnerable to hacking and impersonation. Nearly one-fifth of U.S. teens and adults experienced their social media accounts getting hacked within the first three months of 2022, according to a survey conducted by Deloitte. Half of the respondents said they were concerned about online security breaches.

Read on for more.

Post-Quantum Cryptography Startup Sandbox AQ Raises $500M

Quantum computing software startup Sandbox AQ, which spun off from Alphabet Inc. last year, said today it has closed on a $500 million round of funding. Breyer Capital, T. Rowe Price funds and Salesforce Inc. founder Marc Benioff’s TIME Ventures all participated in the round, as did its Chairman Eric Schmidt, the former chief executive of Google LLC. Sandbox AQ, which is incorporated as SB Technology Inc., is led by CEO Jack Hidary, who previously led quantum computing research at Alphabet’s X lab. Its main focus is on building post-quantum cryptography software, which is a new approach to data encryption that’s designed to withstand attacks from quantum computers.

Read on for more.

Expert Insights Section

expert insight badgeWatch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

Why Insider Threats Are So Difficult to Detect in the Cloud

Just as in on-premises environments, insider threats in the cloud pose significant risks to your organization. Because insiders can move relatively unfettered within a cloud environment, credential theft by cyber-criminals and privilege misuse by insiders are among the leading organizational security weaknesses. It’s no wonder that “lateral movement” and “zero trust” have become such buzzwords. In cloud environments, if an attacker comprises an identity through phishing or social engineering, or an insider abuses their privileges, they can compromise workloads and move between workloads using well-known lateral movement techniques. So, while cloud environments provide operational flexibility, agility, and the ability to scale operations, they also pose some unique challenges for detecting lateral movement.

Read on for more.

Facebook Verified Security is a Broken Business Model

“It’s like offering an optional lock at the front door of a new house for security. They’re creating a modulate view of security to potentially have an upsell affect in their business model, which is very dangerous, because then it becomes the haves and have-nots of security.”

-Peter Tran, Chief Information Security Officer at InferSight

Mike Costello