Optimizing App Performance in the Cloud networkcomputing.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from networkcomputing.com Daily Mail and Mail on Sunday newspapers.
The user’s private keys, which are stored locally in the secure secure enclave portion of the device’s memory, authenticate and authorize the user through Beyond’s cloud-based service.
Password management headaches and credential theft have long been one of the biggest challenges for organizations, and password layering with multi-factor authentication (MFA) and other protections has become the norm. But as the recent SolarWinds attack, believed to be outside of Russia, has shown, attackers can bypass MFA to capture or set credentials within their targets.
Jermoluk, CEO of Beyond Identity, says the global pandemic and the ensuing rush to send employees from home to work contributed to the decision to offer the startup’s core technology to organizations for free. Cyber-attacks have been on the rise last year, he notes, many of which targeted vulnerable and valuable credentials from home workers.
Startup Offers Free Version of its Passwordless Technology
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won t be easy.
A startup with the goal of eradicating passwords and led by Netscape founder Jim Clark and broadband network pioneer Tom Jermoluk today released a free version of its service that authenticates and authorizes users without the use of passwords.
The free version of Beyond Identity s service includes support from the company during business hours and deployment to an unlimited number of users or customers. Beyond s technology, based on X.509 for asymmetric key cryptography and TLS for encrypted communications, makes the endpoint device its own certificate authority.
SolarWinds Attack Underscores New Dimension in Cyber-Espionage Tactics
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials and ultimately the organizations most valuable and timely information.
Today Malwarebytes revealed that it, too, was compromised by the same attackers who infected SolarWinds Orion network management software to reach many of the targets in the campaign but via a different attack vector that gained privileged access to 365 and Azure. After an extensive investigation, we determined the attacker only gained acce