the Global Customer Identity and Access Management Software Market is expected to increase significantly from 2022 to 2028, according to MarketQuest.biz most recent study document. The research study includes market share analysis in terms of quantity and sales. The research examines the market, which is divided into five distinct areas. The study also examines the influence of COVID on the Customer Identity and Access Management Software market regionally and globally.

Statistics and data on market dynamics can be found in the overview section. It also examines the overall operation of the Customer Identity and Access Management Software market, along with its size and scope. The study is written in an easy-to-understand format to enable systematic evaluation of complex and scattered market data.

DOWNLOAD A FREE SAMPLE REPORT: https://www.marketquest.biz/sample-request/74236

The file contains critical information such as product offerings as well as data on market vendors and distributors. The dossier also includes a brief assessment of the end person’s industries, as well as demand estimates.

The global Customer Identity and Access Management Software market study is segmented into Types:

According to the study, the major players in the market are:

• Okta
• Azure Active Directory
• Ping identity
• OneLogin
• Adaptive
• Selling power
• Ripple
• CA Identity Suite
• Auth0
• Avatier
• Bitium
• AWS
• IBM
• Beyond Trust
• Janrain
• Hashi Corp.
• silverfort
• ForgeRock
• IdentityNow

Geographically, the following regions, as well as the national/local markets listed below, are being thoroughly investigated:

• North America (United States, Canada and Mexico)
• Europe (Germany, France, UK, Russia, Italy and Rest of Europe)
• Asia-Pacific (China, Japan, Korea, India, Southeast Asia and Australia)
• South America (Brazil, Argentina, Colombia and rest of South America)
• Middle East and Africa (Saudi Arabia, United Arab Emirates, Egypt, South Africa and Rest of Middle East and Africa)

The following categories are used to categorize the market based on application:

ACCESS THE FULL REPORT: https://www.marketquest.biz/report/74236/global-customer-identity-and-access-management-software-market-2021-by-company-regions-type-and-application-forecast-to-2026

Frequently Asked Questions:

What are the major factors driving the expansion of the Customer Identity and Access Management Software market?

Between 2022 and 2028, how much will the Customer Identity and Access Management Software market be worth?

Which region will generate the highest revenue for the global Customer Identity and Access Management Software market?

What are the key players doing to take advantage of the expanding Customer Identity and Access Management Software market?

Report customization:

This report can be customized to meet customer requirements. Please contact our sales team (sales@marketquest.biz), who will ensure that you get a report tailored to your needs. You can also get in touch with our executives at +1-201-465-4211 to share your research needs.

Contact us
mark the stone
Business Development Manager
Call: +1-201-465-4211
E-mail: sales@marketquest.biz

Discover Tiger technology. It provides a multi-cloud hybrid file namespace for Windows servers and enables space-saving file tiering from on-premises servers to cheaper file and object stores with ancillary benefits of backup, archive, file synchronization, business continuity and DR.

Tiger Technology is a 50-person storage company based in Sofia, Bulgaria, with offices in the US and UK. It was launched in 2003 by founder and CEO Alexander Lefterov. He saw that Windows Server data sharing could be improved, both for SANs and files, by manipulating metadata. The company’s MetaSan software product evolved into Tiger Store, which enables on-premises file sharing. Tiger Pool combines multiple volumes into a single pool, and Tiger Spaces enables file sharing between workgroup members.

Then a Tiger Bridge product was developed as a cloud storage gateway and tiering product. Before we get to that, let’s note that there are two rack-level hardware products, the Tiger Box Appliance and the Tiger Server Metadata Controller. Both come with Tiger Store and can have Pool, Spaces and Bridge software added.

Tiger Bridge is a Windows Server kernel-level file system filter driver. It monitors a set of on-premises files and can move files with low access rates to cheaper storage to save primary storage capacity. Files are selectively moved based on configurable policies and their metadata remains on-premises in so-called stub files.

When a user or application needs to access them, they are retrieved from their destination storage transparently to the requesting entity. Tiger Bridge implements a single namespace on the source Windows server and destination storage, using an NTFS over HTTPS/SSL extension that adheres to Active Directory ACLs for access control.

Destination systems can be on-premises NAS filing cabinets, tape libraries and object stores (S3), Fujifilm Object Archive, and hot, cold, and archive object stores in clouds AWS, Azure , Google and IBM. Wasabi OEM cloud storage provider Tiger Bridge and Tiger Bridge also support Seagate Lyve Cloud and are compatible with Veeam Backup and Replication.

File data is replicated to destination systems and policies can be set so that active files are replicated whenever changes are made. This provides a cross-site file synchronization mechanism for file sharing scenarios and also for disaster recovery. A failed source file server can be restored to a remote site using replicated files. The file folder system can be set up almost instantly, using metadata, and then the file data is pushed in the background to the new server. All files directly accessible before being played are pulled to the head of the queue and played at the same time.

Lefterov says that while Tiger Bridge can be used for cloud migration, its main purpose is to enable on-premises file-based workloads to extend to the cloud, using its elastic and affordable capacity, without modify workflow procedures.

Tiger Tech has a list of thousands of clients, many of them in the media and entertainment market. It provides Tiger Bridge as a way for them to integrate the scalable capability and relatively low cost of the cloud into their on-premises workflows with little or no change.

A specific version of the software, Surveillance Bridge, was designed to store video files in the cloud with their stubs on the video server for quick search and identification.

Bridge software is available through subscription and term contracts.

Competetion

Tiger Technology’s competitors include Komprise, which eschews stub file technology, preferring its own dynamic linking software, and providing a layered analytical software package. Another contender is Data Dynamics and its file virtualization software StorageX, and we should also include Rubrik with its unstructured Igneous Data-Management-as-a-Service acquisition.

Finally, let’s mention Cohesity DataPlatform and its SmartFiles prioritization technology. They are four strong contenders, so Lefterov’s Tiger needs a powerful software roar to progress against them.

IRVINE, Calif.–(BUSINESS WIRE)–YouAttest, an identity governance and administration (IGA) innovator for streamlined access reviews, today announced support for Microsoft Azure Active Directory.

YouAttest offers a cloud-based tool that enables businesses to perform compliance and security access reviews in a fraction of the time and at significantly lower costs.

“YouAttest provides world-class, cloud-based IGA audit tools, and with new support for Azure AD, this is huge news for the security compliance community,” said Stacey Cameron. , CEO and Co-Founder, QoS Consulting, Washington, DC “YouAttest is going to be a must have for Azure AD deployments and complementary to environments that have multiple identity stores.

Azure AD is the leading cloud directory on the market today – used across industries: financial services, government, healthcare, and international commerce. Stored identities fall under numerous US and international compliance measures such as: SOX, SOC2, HIPAA/HITRUST, ISO 27001, GLB and CMMC. Using the YouAttest console, the enterprise customer can automate the access review process and allow multiple reviewers to certify, revoke, or further delegate the review of user identity and rights within their organization. Azure AD company directory.

“YouAttest has helped our customers achieve a better access review process that deploys in minutes and saves time and money,” said Garret Grajek, CEO of YouAttest. “Now, with support for Azure Active Directory, we look forward to building relationships with a wide range of stakeholders who are implementing Azure Active Directory for their identity access management.

Grajek is an IT security innovator who holds 13 security-focused patents. He has taken companies such as SecureAuth from start-up to a successful business with hundreds of satisfied customers. Grajek was Director of Identity at Cylance, which was acquired by BlackBerry.

About YouAttest

YouAttest identity compliance solution is easy to use, cost effective and easy to deploy. By using YouAttest, companies can improve both their compliance process and their IT security. YouAttest is a cloud-based IGA product that is licensed for $2 per user per month and can be contacted at sales@youattest.com, (877) 452-0496. Free trials available, sign up here.

More than 40 billion records were exposed worldwide as a result of data breaches in 2021, according to research by Cyber ​​Exposure company Tenable.

According to research, at least 40,417,167,937 records were exposed globally in 2021, as calculated by Tenable’s Security Response Team analysis of 1,825 disclosed data breach incidents publicly between November 2020 and October 2021.

This is a significant increase (nearly 78%) over records exposed during the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed.

This figure could also be significantly higher.

Of the 1,825 breaches analyzed, 236 occurred in APAC, with at least 3,463,489,341 records exposed, representing 8.6% of the global tally.

The analysis was detailed in Tenable’s 2021 Threat Landscape Retrospective (TLR) report and includes an overview of the attack path and vulnerabilities favored by threat actors, as well as insights that will help organizations prepare for face the challenges ahead in 2022.

“By understanding threat actor behavior, organizations can effectively prioritize security efforts to disrupt attack paths and protect critical systems and assets. Analysis of events for this report revealed that many are easily mitigated by patching legacy vulnerabilities and fixing misconfigurations to help limit attack paths,” Tenable said.

Ransomware had a huge impact on organizations in 2021. It was responsible for approximately 38% of all breaches globally and 31% of breaches in APAC.

In Asia Pacific, 10% of breaches were due to insecure cloud databases, which is higher than the global average (6%).

Additionally, unpatched SSL VPNs continued to provide an ideal entry point for attackers to perform cyber espionage, exfiltrate sensitive and proprietary information, and encrypt networks, according to the report.

“Threat groups, especially ransomware, are increasingly exploiting vulnerabilities and misconfigurations in Active Directory,” he added.

Additionally, ransomware groups have favored physical disruption of the supply chain as a tactic to extort payments, while cyber espionage campaigns have exploited the software supply chain to gain access to sensitive data, according to the research. .

While healthcare and education were the most targeted industries globally, the tech industry and governments were APAC’s top targets for breaches.

“Throughout 2021, CERT-In published advisories on how unpatched vulnerabilities in Microsoft Active Directory and web browsers were leading causes of cyberattacks such as ransomware among Indian organizations. Tenable’s research correlates with these trends, as ransomware groups in APAC have exploited known, unpatched vulnerabilities to carry out attacks. The report provides security leaders in India with insight into why outdated cybersecurity strategies need to change with the evolving threat landscape,” said Satnam Narang, Research Engineer at Tenable.

“In 2022, the increased reliance on digital systems combined with the use of digital currencies will financially motivate attackers to ply their trade. It is important for security managers to understand how threat actors performed in 2021, in order to that they can formulate effective and proactive cybersecurity strategies in 2022 to raise the barrier of entry,” Narang added.

Staying on top of patches is hard enough given the sheer volume of disclosed vulnerabilities, but in 2021 it was even harder due to incomplete patches, poor vendor communications, and patch bypasses. In 2021, 21,957 common vulnerabilities and exposures (CVEs) were reported, representing a 19.6% increase from the 18,358 reported in 2020 and a 241% increase from the 6,447 disclosed in 2016. From 2016 to 2021, the number of CVEs increased at an average annual percentage growth rate of 28.3%.

Published on

January 23, 2022

Product homepage

Free try

introduction

Corporate email signatures have always been a bummer in services like Microsoft Exchange and Google… Of course, Exchange admins can use transport rules to add HTML text to the bottom of emails outgoing, but they are still somewhat basic, a nightmare to set up and manage. , and you’ll probably have to rely on knowledge of HTML and CSS. And yes, users can create their own signatures, but how do organizations ensure consistency?

To the surprise of many, Microsoft hasn’t developed any serious solutions for email signatures, leaving the doors wide open for organizations like Letsignit, a French company determined to become a world leader in email marketing signatures. It even has the support of Microsoft (Microsoft France participated in the development) as well as large investment funds, and is currently developing internationally.

Letsignit makes sure all employee email signatures are fully aligned with corporate identity, automatically and easily. Additionally, it can turn email into a communications opportunity by providing organizations with a way to distribute banner marketing in a controlled and targeted manner.

Although relatively new to the game, one could easily assume that Letsignit had decades of experience with email signatures, given how mature their solution is! So, let’s dig.

Requirements and installation

Letsignit was designed for Office 365 Exchange Online and Google’s G Suite. Since Exchange (and recently Exchange Online, to be more precise) is by far the most popular email platform for organizations, that’s what I’ll be using for this product review.

Letsignit relies on two or three Azure enterprise applications to work, depending on how we configure it.

Initial setup is done through simple and intuitive Letsignit wizards that administrators can access once an organization has signed up for the service.

First, we run the Office 365/G Suite integrations wizard, which invites us to authorize the Letsignit Authentication corporate application, allowing Letsignit to access our users’ profiles:

Once done, the next step is to deploy the Letsignit Outlook add-in to our Office 365 tenant. This add-in automatically applies signatures to user emails and allows users to manage some of their details (if allowed by admins) and signatures when they have more than one.

One of the many benefits of these add-ins is that administrators don’t have to go through the hassle of packaging an MSI file, deploying it to users’ workstations, updating it, etc. . Once deployed to the tenant and assigned to users, it is automatically added to those users’ Outlook clients (Windows or Mac), and it’s ready to go!

From the Microsoft App Store, we can easily add the add-in to our tenant:

For simplicity, in my case, I’m going to roll it out to all users (the whole organization):

Once done, the add-in should be available to users within a few hours. But before we can use it, we still have a few steps to follow.

Creating email signatures and making them available to users is done through the Letsignit admin portal. To do this and personalize signatures with user details, Letsignit needs to have visibility into our users and their attributes. This can be done via a CSV import containing all the required details, or we can synchronize our Azure Active Directory with a database managed by Letsignit, which is much easier from a manageability point of view. This synchronization is updated frequently (every 3 hours), and it is unidirectional only.

Synchronization is done through another enterprise application called Letsignit Directory, which gives Letsignit read access to our directory data:

The sync engine allows administrators to choose which users they want to sync based on their domain or specific groups:

Once everything is set up, we can see when the last sync took place, and manually trigger a sync if needed:

In Letsignit we can manage three different types of user attributes:

• Default attributes are the default attributes of our directory, which are automatically synchronized with Letsignit;
• Custom attributes are custom attributes from our directory (if configured);
• Letsignit attributes are attributes we can create in Letsignit that are independent of our directory.

Below I left all the default settings with one exception. I blocked the job title so that users cannot change it themselves. This is a valuable feature for organizations that want only users to be able to update a subset of their information, or none at all.

We are now ready to start setting up and using our first email signature!

Configuring and using signatures

The configuration and assignment of signatures to users is done through the Letsignit administration portal. From the main dashboard, we can see at a glance how many signatures and campaigns we’ve assigned to users, how many clicks have generated links in signatures (we’ll cover this and campaigns in more detail later ), how many licenses we use, and more:

All signatures are designed in this portal which only administrators have access to, which means that users cannot design their own signatures. After all, that would defeat the purpose.

The designer is user-friendly, making it easy and intuitive to use, yet very powerful. We can start designing our first signature from one of the provided templates, start from scratch or even import HTML code. We may also have a different signature for a reply or forwarded email.

Once we have chosen a template and started creating our signature, the user fields will appear either with their name (like {Title} for example) if we are in in working mode, or with the current admin details when you are in preview mode.

Changing and formatting a field couldn’t be simpler via the menu offered when you highlight a block:

Almost anything can be personalized. In the following screenshots, I change the telephone prefix (T), and adjusting the padding between city and country so they are more spaced out:

We can also drag and drop user details and many other items from the left bar:

Finally, I’ll add some social media icons to the signature, as well as a Microsoft Teams widget so recipients can easily reach our users:

And here is my first signature, all done in just a few minutes!

The final step is to assign this signature to users. To do this, you can either individually select the user or users to whom you want to assign the signature, or use one or more groups:

We can also configure our signature priority, which will determine which signature is added to emails by default for users with multiple signatures assigned:

Once we save our changes, that’s it. Our first signature has now been assigned and is ready to be used!

Users don’t even have to do anything. As long as the add-in is deployed and a signature is assigned, roughly from the time an administrator activates that signature, it will be available to users. In my test, I opened a new email almost immediately after assigning the signature and making it active, and it appeared right away (without restarting Outlook)!

The signature was even immediately available in Outlook for the web (aka webmail/OWA) without further configuration!

From the user’s perspective, from the Outlook add-in, I can select which signature to assign to my email (if I have multiple signatures assigned to me) and update my information. Here we can see that I am not allowed to edit my job title since we previously blocked this field:

Another great feature of Letsignit is Campaigns. This allows organizations to increase the impact of their marketing campaigns by relaying them in email signatures. Instead of updating a signature to include a marketing banner, we can create a campaign with the banner and add it to a specific signature (or all of our signatures). You can even choose which users will be targeted by which campaign, and during which period!

Letsignit offers the possibility to collect Click on the information of recipients who have received emails with our signatures and/or campaigns. This way, organizations can analyze whether a particular campaign is generating the expected click-through rate, which campaign is the most effective, etc. For GDPR reasons, no recipient details are collected, only the sender, signature or campaign that contained the click, and the link itself:

For other clients, such as mobile devices, Letsignit offers a SMTP setting similar to other email signature providers, which allowed Letsignit signatures to be placed in all outgoing emails sent from any device. For Exchange Online, inbound and outbound connectors are created between the Office 365 tenant and the Letsignit Microsoft Azure service data center. The outgoing emails we choose are then routed through Letsignit to get a signature applied before being sent.

1. send connector: a dedicated send connector redirects emails coming from our Office 365 tenant (we can target specific users, domains, etc.) to go through Letsignit’s Microsoft Azure service data center;
2. Placement of signatures: once Letsignit receives the email, the signature is applied to the email;
3. Receive connector: a dedicated receive connector allows emails from Letsignit to return to the Office 365 tenant securely;
4. Email sent: Once the email returns to the sender’s Office 365 tenant, it is sent for delivery to the intended recipient.

Conclusion

Letsignit is a great solution for organizations looking for a simple yet powerful way to manage and deploy professional email signatures for their users. It has all the features one would expect, and more! Honestly, too much to cover in this review, unfortunately. Setting up Letsignit is quick and easy, creating signatures is surprisingly easy thanks to the fantastic designer, and managing signatures and campaigns could hardly be easier! All in all, a great product for any organization.

TechGenix.com rating 5/5

Post views:
42

---

Setting up a new Windows 11 PC is quite simple. Deceptively easy, in fact. After clicking through the dialogs and adjusting the few settings available as part of the out-of-the-box experience, you’ll find yourself on the Windows 11 desktop.

But your job is not done. Microsoft’s default settings aren’t necessarily set for you, and a default configuration comes with a handful of annoyances that you can quickly fix.

When you get to the Windows desktop, I recommend taking a few minutes to do these six things before going any further.

Use a Microsoft account for maximum security

On a system that you personally own and manage, you have two choices for setting up your primary user account: a Microsoft account or a local account.

(If your PC is in a managed enterprise environment, you’ll either have a domain account or sign in with Azure Active Directory. Either way, your admin is the boss, not you).

Old timers will probably prefer a local account because that’s what they’ve been using for decades. But it’s the wrong choice these days, at least if you care about security.

Using a Microsoft account gives you three benefits that you can’t get with a regular local account.

• You can enable 2-factor authentication and Windows Hello, which lets you log in using fingerprint or face recognition hardware.
• You can enable encryption for your system drive even using Windows 11 Home edition. (To make sure it’s on, go to Settings > Privacy & Security > Device Encryption.)
• You can recover your data if you forget your password by using Microsoft account recovery tools.

And, of course, if you have a Microsoft 365 Family or Personal subscription, you get access to Office apps and a terabyte of cloud storage.

You are not obligated to use the email address provided by Microsoft for anything other than this sole purpose. And if you create a new Microsoft account as part of Windows 11 setup, it’s not linked to any existing phone number or email address, meaning there’s no tracking.

For more details on the differences between each type of account, see “Windows 11 setup: which type of user account should you choose?” For step-by-step instructions on securing your Microsoft account, see “How to lock your Microsoft account and protect it from outside attacks.”

Clean up the shit

As was the case with its predecessor, Windows 11 makes money for Microsoft through shortcuts scattered throughout the Start menu of each new install, presumably in exchange for bounties paid by the owners of these third-party apps and services. Candy Crush and her ilk disappeared on my recent test systems, replaced by media streaming (Spotify, Disney+, Prime Video) and social media (TikTok, Instagram, and Facebook) options.

The good news is that these shortcuts are exactly that. They are not installed by default; they take up tiny amounts of disk space and each can be removed with two clicks directly from the Start menu.

Right-click the unwanted icon, click Uninstall. Confirm your choice in a dialog box. Repeat as needed.

Enable Windows Sandbox

It’s a killer feature if you have Windows 11 Pro, Enterprise, or Education. It allows you to instantly spin up a secure virtual machine without any complex configuration. The VM is completely isolated from your main system, so you can visit a suspicious website or test an unknown application without risk. When you’re done, close the sandbox and it disappears completely, removing all traces of your experience.

Although it uses the same virtualization features as Hyper-V, you don’t need to enable Hyper-V and it only uses a tiny amount of system resources.

To get started, click Search and type Windows Features to find the Turn Windows Features on or off dialog box. Scroll down the list and click the box to the left of Windows Sandbox feature. After restarting, you will find a Windows Sandbox shortcut in the Start menu.

Note that a Windows Sandbox session contains almost no Microsoft applications. He is completely stripped. You can use the Windows clipboard to paste a URL into Microsoft Edge or copy a program file to the sandbox for further exploration.

Add Folder Shortcuts to Start Menu

The Windows 11 Start menu is greatly simplified. It has a section for pinned icons at the top, and below that is a section for shortcuts to apps and documents you’ve used recently. At the bottom of the menu is your profile picture and a power button. That’s it.

Unless you dig into the Settings menu and do a few customizations, that is. Go to Settings > Personalization > Start > Folders, and you’ll find a menu that lets you add shortcuts to the bottom of the Start menu, giving you easy access to some common folders. These are the equivalent of the shortcuts that are in a column to the left of the Windows 10 Start menu.

You will also notice that I enabled dark mode for this system. It’s much easier on the eyes, especially if you’re working in a dark or dimly lit room. You’ll find this option in Settings > Personalization > Colors > Choose your mode.

Remove widgets and other unwanted items from the taskbar

Microsoft finds a new way to clutter the taskbar with each new release. Luckily, they also include the tools you need to declutter things. In Windows 11, the default taskbar configuration includes these four superfluous additions:

• A search button. (You don’t need a search box. Just press the Windows key and start typing to search.)
• The Task View button. (You don’t need it either. Use Windows key + Tab to go to the same place.)
• Widgets. (Ugh.)
• To discuss. (Microsoft continues to try to get people to use Teams even when they’re not at work.)

If you want any of those things, more power to you. But the rest of us can make all four shortcuts disappear by quickly going to Settings > Personalization > Taskbar. Slide these four switches to the left and restore the taskbar to its original purpose.

There are also some goodies at the bottom of this Settings page. Expand the Taskbar corner overflow section to control which icons appear by default on the right side of the taskbar. And if you have multiple monitors, be sure to click Taskbar Behaviors to browse options for how the taskbar works on a second monitor.

Configure OneDrive backup

You get at least 5 GB of free cloud storage in Microsoft’s OneDrive service when you sign in with a Microsoft account. This feature includes a parameter that can get confusing if you’re not careful.

If you click on the default options, Microsoft will redirect your Desktop, Documents, and Pictures folder to OneDrive, which effectively backs up anything you put in any of these folders. If you already have a solid backup strategy, you may want to disable this feature. If you like the idea of ​​having cloud-based backup, you might want to check out its settings.

To do this, open File Explorer, right-click the OneDrive shortcut in the folder pane on the left, and then click OneDrive > Manage OneDrive Backup. This takes you to the dialog shown here. (Note that the options will be disabled if you are using a system managed by your company using a domain or an Azure AD account.)

You can disable backup for each of the three folders with just one click. (The blue tick in the upper right corner means the folder is backed up and synced.)

by Dan Kobialka • 22 Dec. 2021

The Microsoft Intelligent Security Association (MISA), an ecosystem of MSSPs and independent software vendors (ISVs) that integrate their solutions with Microsoft’s security products, continues to grow.

Indeed, the newest member of MISA is the passwordless authentication company Beyond Identity. The company was nominated for MISA membership based on how its passwordless identity platform uses Microsoft’s Endpoint Manager device management capabilities.

Together, the Beyond Identity platform and Microsoft Endpoint Manager allow businesses to determine whether a device is managed and secure at the time of authentication, the companies noted. In this way, organizations can prevent account takeovers and implement a zero-trust compliant authentication strategy.

Beyond Identity announces Azure Active Directory SSO integration

In addition to joining MISA, Beyond Identity integrated its Secure Work product with Microsoft Azure Active Directory (AD) single sign-on (SSO). Now Secure Work can be used with Microsoft AD Federation Services and Azure AD SSO environments.

Secure Work protects organizations against password-based cyber attacks, Beyond Identity noted. It exploits asymmetric cryptography to bind a user’s identity to their device.

Additionally, Secure Work performs security posture checks on an organization’s devices, Beyond Identity said. It also enables IT and security teams to apply risk-based custom authentication policies with device-level security attributes using operating system query and combine attributes. Microsoft InTune and other mobile device management (MDM) and Endpoint Discovery and Response (EDR) tools.

Previously, Beyond Identity had formed a partnership with Atlas Identity, a UK-based identity and access management (IAM) solutions provider in November 2021. Atlas Identity will resell and provide managed services for Beyond Identity in the UK, the companies said.

In addition, Beyond Identity announced in May 2021 a partnership with Distology, a distributor specializing in IT security in the UK and EMEA. The partnership allows Distology to distribute Beyond Identity’s solutions through its network of IT resellers and MSSPs, the companies said.

To date, Beyond Identity has partnered with technology providers, system integrators, resellers, distributors, MSPs and MSSPs.

Microsoft Intelligent Security Association (MISA) vs AWS Cloud: MSSP relationships

Meanwhile, MISA – led by Maria Thomson – remains in expansion mode. As of August 2021, MISA had 67 MSSP members who supported 165 managed security services as of August 2021. Additionally, MISA reported that 176 ISVs provided 259 integrations as of July 2021.

Much similar to MISA, Amazon Web Services (AWS) introduced Level 1 MSSP Competency for AWS Partners in August 2021 as it tries to foster new partnerships with MSSPs and ISVs. AWS Partners can learn this skill to provide AWS security and monitoring as a fully managed service.

Written by Deborah Watson
Dec 17 2021 | FEDSCOOP

Deborah Watson is the Resident CISO at Proofpoint with over 20 years of security experience.

Federal agencies continue to evolve their IT infrastructure to include more cloud capacity, mobile devices and remote connections. But in the push to improve the hybrid IT environment, organizations may fall behind in their ability to mitigate security risks inside their networks, especially in understanding how employees and contractors access the data.

What agencies need is a way to see their security blind spots and see specific indicators of compromise that would help them distinguish between malicious and non-malicious insider threats.

This is why we are seeing more and more organizations adopting a people-centered approach to security that provides risk-based insights into the activity that takes place in the IT environment.

Changing the mindset around security

At Proofpoint, we are witnessing a change in the way actions classified as “insider threats” evolve. In the government sector in particular, executives tend to pay more attention to insider threats that can come from an attempted espionage or a disgruntled employee. Today, however, insider threats are increasingly coming from non-malicious sources as well.

What is commonly referred to as a “careless user” – that is, an employee who has taken an action that goes against the policy on the use of data, resulting in the accidental disclosure of the data. sensitive information – can occur more frequently because employees exfiltrate data to third parties. party apps and web services as a workaround to use tools they are familiar with that will help them do their jobs better.

PDF converters are a ubiquitous example of how free web-based services are widely used as a workaround for working in an increasingly digital world. For example, if an agency doesn’t give a department access to their own SharePoint, maybe a user will be using their own storage, like Dropbox or OneDrive. Or maybe an employee wants to create a compelling presentation and uses free online graphic design tools, such as the increasingly popular Canva platform.

Unfortunately, employees don’t think about the risks of data exfiltration when using these services, which is why ignorance – not carelessness – is more often a factor in non-malicious data exfiltration.

Make data and people-centric security decisions

A modern insider threat management solution must look at analyzing user behavior and detecting anomalies to go beyond basic triggers. Using more advanced detection capabilities such as bandwidth usage and connection attempts can indicate when a security threat needs to be investigated.

Typically, when the leaders of an organization decide to implement an insider threat detection solution, they think of specific use cases. Individually, security officials may have had the idea that some things were wrong. Taking a data-driven approach to security decisions can help executives refine security policies based on the number of breaches that occur.

For example, an organization might want to prevent its employees from using USB devices. But instead of blocking all USB devices in the company, which increases the risk for employees of finding workarounds, they use a security tool to see how often USB devices are being used.

Data can show that three-quarters of employees never use a USB device, making it easy for the security team to block these users, and then focus on the remaining employees using USB devices. One solution we’ve seen in action is to implement a contextual survey tool for USB users to ask them to state why they are using the device and to collect more relevant data on user behavior.

In conjunction with a broader security platform, insider threat management tools can help an organization correlate data and activity moving across cloud environments for contextual visibility and to establish risk-based controls.

Building a better safety culture

A misconception that organizational leaders tend to believe is that security tools alone will mitigate threat risk. This is simply not the case. To effectively tackle insider threats, like any other security issue, organizations must address governance, processes, people, and culture.

Taking a risk-based approach to security requires collecting as much data as the security team needs to understand the context of a potential threat. But taken out of context, this approach to cybersecurity could be seen as an employee monitoring tool, rather than a safety monitoring tool. It is therefore increasingly important for leaders to communicate and socialize the need for a culture of safety within the organization.

Employees should also understand that the data required for a risk-based strategy is already collected in most cases for normal IT operations. The goal is to correlate this information into a single security platform, so security managers can better distinguish between malicious and non-malicious threats.

The organization identifies the criteria to be monitored by an insider threat management tool. For example, Active Directory logs, types of applications used, or other data points around a user’s activity related to data and context. The security tool then captures only the necessary metadata until an indicator shows a red flag.

So, for example, if someone logs into a financial app that’s listed as sensitive and the employee downloads data as part of their job, there’s no reason to worry. But then if the employee renames the file to something generic and sends it to their personal email address, that will throw the red flag for further investigation. If the tool’s configuration criteria would alert whenever sensitive data was uploaded, it would simply create a lot of noise, causing alert fatigue. Instead, the criteria should specify which actions are a risk – in this example, sending data using personal email.

Agency security teams need a tool to create a more informed picture of their security risks and implement adaptive security controls based on current situational intelligence. Modern security platforms, like Proofpoint’s, give security managers the information they need to make strategic policy and security decisions that best protect their data while allowing access to that information. to those who need it most.

Learn more about how Proofpoint can help you protect federal agencies and their staff from malicious attackers.

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn against actively exploiting a recently patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and perform a variety of malicious activities.

Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue is related to an unauthenticated remote code execution vulnerability affecting ServiceDesk Plus versions up to and including 11305 which, if not Fixed, “allows an attacker to download executable files and place web shells that allow post-exploitation activities, such as compromising administrator credentials, driving sideways, and exfiltrating hives registry and Active Directory files, ”CISA said.

“A misconfiguration of security in ServiceDesk Plus led to the vulnerability,” Zoho noted in an independent notice published on November 22. “This vulnerability can allow an adversary to execute arbitrary code and carry out any subsequent attack. Zoho fixed the same flaw in version 11306 and above on September 16, 2021.

CVE-2021-44077 is also the second flaw exploited by the same threat actor that previously exploited a security hole in Zoho’s self-service and single sign-on password management solution known as ManageEngine ADSelfService Plus (CVE-2021-40539) from compromising at least 11 organizations, according to a new report released by the threat intelligence team of Palo Alto Networks Unit 42.

“The threatening actor stretches[ed] its goal beyond ADSelfService Plus to other vulnerable software, ”said Unit 42 researchers Robert Falcone and Peter Renals. “Specifically, between October 25 and November 8, the actor turned his attention to several organizations running a different Zoho product known as ManageEngine ServiceDesk Plus. “

The attacks are said to be orchestrated by a “persistent and determined APT player” followed by Microsoft as “DEV-0322”, a cluster of emerging threats that the tech giant says operates from China and has already been observed in China. exploiting a zero-day flaw in the SolarWinds Serv-U managed file transfer service earlier this year. Unit 42 monitors the combined activity as “Tilted temple” campaign.

Post-exploitation activities following a successful compromise involve the actor downloading a new dropper (“msiexec.exe”) to the victimized systems, which then deploys the Chinese JSP web shell named “Godzilla” to establish the persistence in these machines, echoing similar tactics used against ADSelfService software.

Unit 42 identified that there are currently more than 4,700 instances of ServiceDesk Plus accessible on the Internet worldwide, of which 2,900 (or 62%) are in the United States, India, Russia, Great Britain and in Turkey are considered vulnerable to exploitation.

In the past three months, at least two organizations have been compromised using the ManageEngine ServiceDesk Plus flaw, a number that is expected to rise further as the APT Group ramps up its reconnaissance activities against technology, energy, transport, health, education, finance and industrial defense.

Zoho, for its part, has made available an Exploit Detection Tool to help customers identify if their on-premise installations have been compromised, in addition to recommending users to “upgrade to the latest version of ServiceDesk Plus. (12001) immediately “to mitigate any potential operational risk.

Microsoft hopes to improve the resiliency of its cloud services by extending a “failure mode” for Azure Active Directory to cover the web as well as desktop applications.

Azure Active Directory (AAD) is Microsoft’s cloud directory that manages authentication for Office 365 and can be linked to on-premises Active Directory. Additionally, developers can write applications that use the service. However, if something goes wrong, customers experience several failures, including being unable to access the Azure portal to manage other cloud services.

In December of last year, Microsoft updated its SLA (Service Level Agreement) for AAD to 99.99% uptime, down from 99.9%, but with a certain sleight of hand as it also removed the “administrative functions” of its definition of availability.

Now the company has given more details of its efforts, focusing on a backup authentication service that replicates authentication data during normal operations, and then if the primary service fails, goes into “crash mode” where he is able to verify requests and provide tokens to clients.

According to Microsoft, this has been working for Outlook Web Access and SharePoint Online since 2019, although we did note that during the September 2020 outage, Outlook and SharePoint were affected. The reason given at the time was that “a recent change in configuration impacted a primary storage layer,” an issue that was compounded by another issue caused by “a change put in place to mitigate the impact”. So it seems that the backup service was not sufficient in this case.

There is also a limitation that authentications are only processed by the backup service if the user has already accessed an “application or resource” in the past three days, described as the “storage window”. The company found this to be acceptable for most users who “access their most important apps from a consistent device on a daily basis,” but it’s easy to think of cases where users will be locked out, for example s ‘they buy a new device.

It’s better than nothing though, and Microsoft has been working to expand its applicability. Earlier this year, support for desktop and mobile apps was added, and next year more web apps, including Teams Online and the rest of Office 365, will be added as well. Applications from clients using Open ID Connect will follow shortly.

More questions than answers

In some ways, Microsoft’s latest post raises more questions than answers. A quick glance at the Azure status page shows “Azure Active Directory – Problems trying to authenticate”, although possibly limited to customers using Azure Active Directory external identities, with the root cause attributed to ” outgoing port depletion ”, although this is on the company’s architecture diagram is not clear.

In March of this year, there was an extended AAD outage caused by the erroneous deletion of a key used for cryptographic signing. Microsoft referred to the backup service at the time and said, “Unfortunately, it didn’t help in this case as it provided cover for the token issuance but did not provide cover for the. token validation as it depended on the affected metadata endpoint. “

It is therefore obvious that extending the backup service will not solve all the problems that may impact AAD even if it is beneficial.

In August of this year, analysts at Gartner reported that customers “remain concerned about the real impacts” of Azure reliability even though its performance is not bad in an absolute sense. Gartner considers some Azure regions to be less resilient than they should be, possibly due to capacity issues, but note that the pandemic has caused increased demand for all cloud providers.

Microsoft also has questions to answer regarding the Cosmos DB vulnerability described by Wiz security researchers earlier this month. The vulnerability has been fixed, but researchers have identified what look like extraordinary architectural errors, such as firewall rules designed to prevent an escalation of a breach, but “these firewall rules were configured locally on the container where we were currently running as root. So we just deleted the rules (by issuing iptables -F), paving the way for those banned IPs and even more interesting discoveries. “

It’s a good thing when Azure CTO Mark Russinovich appears to talk to us, along with colleagues, about Azure reliability improvements, and the extended AAD backup service is welcome even if it isn’t. always effective, but we would like to know more about these other pressing situations. ®