Identity Management and Information Security News for the Week of October 13; Veza, Varonis, IOActive, and More

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Widget not in any sidebars

Identity Management and Information Security News for the Week of October 13

Veza Introduces Next-Gen IGA

This week, Veza, an identity security company, announced the launch of its Next-Gen IGA (Identity Governance and Administration) solution. The solution comprises the Veza Access Control Platform and new products for provisioning and deprovisioning, access reviews, access visibility, and access intelligence. By approaching governance with a focus on permissions and automation, Next-Gen IGA “reduces identity risks, decreases the costs of governance, and accelerates access to apps and data anywhere.”

Read on for more.

3Commas Hit with Second Security Breach in a Year

Trading platform 3Commas has once again come into the spotlight following the disclosure of a security breach on Sunday, affecting a number of user accounts. According to the release, the platform received reports from customers about unauthorized trades occurring shortly after their passwords had been reset. Following an internal investigation, 3Commas revealed in a blog post that there had been unauthorized access to customer account data. The breach is being touted as a limited one, with unauthorized trades being carried out predominantly on accounts of users who had not enabled two-factor authentication (2FA), 3Commas said. The breach on Sunday is reminiscent of an earlier incident in December, where a significant leak led to the API keys of approximately 100,000 3Commas customers being posted publicly by malevolent actors.

Read on for more.

THEFENCE Launches User Access Review Plus

This week, THEFENCE, an identity and access management solutions provider, launched User Access Review Plus, an end-to-end (E2E) access solution. Features include AI-powered real-time insights, post-review task management, seamless compliance adherence, and “an intuitive and user-friendly interface design that simplifies even the most intricate access management tasks.” Interested enterprises can schedule for a personalized demo with THEFENCE today.

Read on for more.

Semperis Expands Forest Druid Attack Path Analysis Tool to Guard Against Entra ID Attacks

Semperis, a cyber resilience solutions provider, this week announced the expansion of Forest Druid, its community-driven attack path management tool, to include support for Microsoft Entra ID (formerly Azure AD). Forest Druid enhancements include new settings to control data collection from on-prem and cloud identity systems and new controls to improve the defense perimeter relationship graph, a map of objects with privileged relationships to Tier 0 assets.

Read on for more.

Varonis Launches Data Center in Canada for Cloud-Native Security

Varonis, a data security solutions provider, announced this week its first local data center in Canada to support new customers as well as existing customers moving to Varonis’ SaaS offering. The new data center, located in Toronto, is the third to open in recent months and underscores the company’s commitment to bringing data security automation and innovation to customers worldwide. The Canada data center will help Varonis meet data residency requirements and demonstrate compliance with national data privacy laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws such as Quebec’s Law 25. In Canada, Varonis works with customers in sectors including finance, healthcare, state and local governments, education, and beyond to secure critical data, monitor for unusual activity, and comply with national and industry-specific privacy regulations.

Read on for more.

IOActive Names Gunter Ollmann as Chief Technology Officer

IOActive, a security services provider, announced this week that Gunter Ollmann joined the organization as Chief Technology Officer (CTO). Ollmann has spent his career building and leading global consulting and product solutions spanning the cybersecurity domain and being an expert security advisor to Global 1000 companies. Prior to IOActive, Ollmann served as Chief Security Officer for Microsoft’s Cloud & AI Security division and led AI-based product and strategy for the leading vendors in the XDR (Vectra AI) and autonomous SOC/SIEM (Devo) spaces, incubating and driving multiple commercial products and services while protecting the world’s largest cloud applications and infrastructure. He has been at the forefront of applying ML and AI to cybersecurity for over a decade, holds multiple cyberthreat detection and mitigation patents, and has guided the innovation and patent process of hundreds of core technologies.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share the best written and video resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Solutions Review Launches New Insight Jam Community for Enterprise Technology Professionals

We are excited to bring an entirely new distribution channel to Insight Jam, and provide our readers with guidance, best practices, and advice on top-of-mind topics in enterprise technology, and our PR and vendor partners the ability to measure their impact on the community.

Read on for more.

37 Cybersecurity Awareness Month Quotes from Industry Experts in 2023

As part of Cybersecurity Awareness Month, we called for the industry’s best and brightest to share their comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value. A number of thought leaders were presented with this prompt: What are some overlooked cybersecurity best practices people take for granted/easily forget? Things that might be obvious to experts but not to the average enterprise user. Or best practices that are so obvious when you say them out loud, but are often forgotten. Here’s how they responded, along with some general responses from other experts and thought leaders, for Cybersecurity Awareness Month.

Read on for more.

Enhancing Data Security: A Crucial Shift in the Generative AI Era

Don Arden of Fasoo examines how the popularity of Generative AI has pushed for a crucial shift in data security. Misuse of AI can lead to major privacy and security issues since the models collect and process vast amounts of data. As users access these tools to generate content, they enter data so the AI can learn and provide better responses in the future. This process is prone to data leakage and compromising confidentiality since you have little to no control over these hosted environments. Users could mishandle information by adding proprietary or regulated data to the prompts, resulting in a data breach, intellectual property theft, and other forms of abuse.

Read on for more.

A 5-Step Action Plan for DSPM

Karthik Krishnan of Concentric AI drums up a 5-step action plan to establish strong data security posture management (DSPM). October is Cybersecurity Awareness Month, and every year, most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed, and these best practices can no longer be the bare minimum.

Read on for more.