Follow Security with Josh on WordPress.com

Gartner’s ITDR Magic Quadrant- Why?

Gartner: you either love them or hate them, but you can’t deny their impact on the cybersecurity industry. Known for influential reports and rankings, Gartner is a household name in the tech world with some of the top analysts and researchers in infosec. Their annual Magic Quadrant reports have become the gold standard for evaluating vendors and technologies across various industries, including cybersecurity.


Are you prepared to stay ahead of the curve when it comes to protecting your organization from identity-related threats? Look no further than Gartner’s ITDR Magic Quadrant, a comprehensive report that evaluates the top vendors in this emerging market. From real-time monitoring to automated threat response, the report identifies the key features and capabilities necessary to effectively detect and respond to identity-related threats. Identity threat detection and response (ITDR) is an emerging market in the cybersecurity industry. It involves detecting and responding to identity-related threats such as compromised credentials, stolen identities, and unauthorized access.
Gartner’s ITDR Magic Quadrant is a report that evaluates vendors in the ITDR market based on their ability to execute and completeness of vision. To do so, vendors are ranked on the intersection of two criteria: ability to execute and completeness of vision. Ability to execute is a measure of the vendor’s ability to deliver products and services that meet customers’ requirements and deliver value. Completeness of vision is a measure of the vendor’s ability to anticipate and respond to future market trends.


In the 2021 ITDR Magic Quadrant, Gartner identified 11 vendors that met its criteria for inclusion. The vendors were evaluated based on their ability to provide features such as real-time monitoring, automated threat response, and integration with other security tools. The vendors were also evaluated based on their ability to provide visibility into user behavior, track and respond to incidents, and support regulatory compliance.


The vendors that were identified as Leaders in the ITDR Magic Quadrant were Microsoft, Okta, and SecureAuth. Microsoft was recognized for its ability to integrate with its existing Azure Active Directory service and provide a unified view of identity-related risks across multiple systems. Okta was recognized for its ability to provide seamless integration with other security tools and its focus on user experience. SecureAuth was recognized for its ability to provide advanced analytics capabilities that help identify and respond to identity-related threats.


Other vendors that were recognized in the ITDR Magic Quadrant included CyberArk, Exabeam, ForgeRock, IBM, ManageEngine, Ping Identity, Rapid7, and RSA. These vendors were recognized for their ability to provide different capabilities such as privileged access management, user behavior analytics, and access governance.


As the ITDR market continues to evolve, I look forward to seeing what new innovations we’ll see in this segment. As we know from Verizon’s DBIR report, compromised credentials are the #1 cause of a data breach. Staying one step ahead of these threats is paramount.

The Near-Term Issues with Passwordless Authentication

When you hear people talk about ‘passwordless authentication, they’re typically referring to methods of accessing an account or system without entering a password- at least initially. Some examples of this include biometric authentication (using fingerprints or facial recognition), one-time passcodes sent via text or email, and security keys.

While passwordless can offer some advantages, such as increased convenience, there are also several potential disadvantages to consider:

  1. Dependence on other technologies: Passwordless authentication methods often rely on other technologies, such as biometric scanners or a smartphone, to work. This means that if someone is away from these tools, the user may not be able to access their account or system.
  2. Vulnerability to cyber threats: Some passwordless authentication methods, such as one-time passcodes sent via text or email, can potentially be intercepted by hackers. This means that a hacker who is able to obtain the passcode may be able to gain access to the user’s account. Most tools offering passwordless will have likely accounted for this before implementing, but I expect that there will be some security snafus with early adopters.  
  3. Limited accessibility: These methods can pose accessibility challenges for those with certain disabilities or conditions.
  4. Inconvenience: With passwordless authentication, the user does not have direct control over their authentication method. For example, if a security key is lost or stolen, the user may not be able to access their account until they obtain a new key. The possibility for technical issues with newer or more complex authentication methods also arises.
  5. Passwordless authentication methods typically use a password as a backup. This introduces the same risks as using a password as the primary form of authentication.

While passwordless is great for convenient authentication , it is important to remember that they introduce more variables for failure- which impacts business continuity and increases helpdesk calls. Don’t fall for marketing hype- keeping passwords as a backup authentication method also presents a level of risk equal or greater to using them as primary authentication.

How Security for Organizations Overlaps with the Security of your Employees

Information security is a critical concern for both corporations and individuals alike. At its core, the goal of information security is to protect sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction. While the scale and complexity of information security may differ between corporations and individuals, the principles and strategies used to protect information are largely the same.

For corporations, information security is essential to protect sensitive business information such as financial data, intellectual property, and customer information. A data breach or cyber attack can have devastating consequences, including financial losses, damage to the company’s reputation, and loss of customer trust. To prevent such incidents, corporations must implement a comprehensive information security program that includes technical, physical, and administrative controls.

Individuals also have a significant amount of sensitive information that needs protection, such as personal financial data, medical records, and online identities. With the increasing amount of personal information shared online and stored in the cloud, the risk of this information being compromised is greater than ever. As a result, individuals must also take steps to protect their information and maintain their online security.

One of the key parallels between corporate and individual information security is the importance of strong passwords. Strong passwords are one of the most effective ways to protect against unauthorized access and are a fundamental element of both corporate and individual information security. For corporations, this means implementing policies and procedures that require employees to use strong passwords and change them regularly. For individuals, it means choosing unique and complex passwords for all online accounts and changing them regularly. Something they both may benefit from is using a password manager, such as LastPass.

Another parallel is the importance of regular backups and disaster recovery planning. For corporations, regular backups and disaster recovery plans ensure that important business data is protected and can be quickly restored in the event of a data loss. Individuals can also back up their photos, project, and other files by storing or backing these items up in the cloud with services such as Google Photos or iCloud.

While the scale and complexity of information security may differ between corporations and individuals, the principles and strategies used to protect information are largely the same. Strong passwords, regular backups, and disaster recovery planning are just a few of the parallels between corporate and individual information security. By understanding and implementing these parallels, corporations and individuals can better protect their sensitive information and minimize the risk of data breaches and cyber attacks.

The Security Compliance Frameworks to Know for Finance

Financial institutions handle sensitive financial and personal data on a daily basis, making them prime targets for cyberattacks. In order to protect their customers and maintain trust, it is crucial that these institutions implement strong cybersecurity measures and adhere to relevant compliance standards. Likewise, vendors, consultants, and MSSPs working with these organizations should know as well in order to understand where their offerings fit. In this blog post, I’ll outline some of the key compliance standards that the financial organizations I’ve worked with have had to adhere to.

  1. Payment Card Industry Data Security Standard (PCI DSS)

This is especially relevant since it covers a wide footprint. PCI DSS is a set of requirements designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. This standard applies to any organization that handles payment card data, including financial institutions.

PCI DSS covers a wide range of security controls, including network architecture, software design, and operational procedures. It requires that financial institutions implement measures such as firewalls, secure passwords, and encryption to protect against data breaches.

  1. Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is a U.S. law that requires financial institutions to protect the confidentiality, integrity, and availability of customer information. This includes implementing measures to prevent unauthorized access, use, or disclosure of customer data.

GLBA requires financial institutions to have a written information security plan (WISP) in place that outlines the measures they have taken to protect customer data. This plan should include risk assessments, employee training programs, and physical security measures such as locked cabinets and restricted access to sensitive areas.

  1. The Health Insurance Portability and Accountability Act (HIPAA)

This is one that people rarely associate with finance, but it all depends on the data the organization works with. HIPAA is a U.S. law that regulates the handling of protected health information (PHI) by healthcare organizations and their business associates. Financial institutions that handle PHI, such as those that offer healthcare financing or administer employee health benefits, are subject to HIPAA requirements.

HIPAA requires financial institutions to implement physical, technical, and administrative safeguards to protect PHI. This includes measures such as access controls, encryption, and employee training programs. It is important for financial institutions to have a thorough understanding of HIPAA requirements and ensure that they are in compliance.

  1. The Family Educational Rights and Privacy Act (FERPA)

This is another one that people don’t typically correlate with finance on first glance. FERPA is a U.S. law that protects the privacy of student education records. Financial institutions that handle student education records, such as those that offer student loans or administer financial aid, are subject to FERPA requirements.

FERPA requires financial institutions to implement measures to protect the confidentiality, integrity, and availability of student education records. This includes implementing access controls, employee training programs, and secure storage and transmission of records.

  1. The General Data Protection Regulation (GDPR)

GDPR is a European Union law that regulates the handling of personal data by organizations. It applies to any organization that processes the personal data of EU citizens, regardless of where the organization is located, which makes it relevant for US companies with international customers

GDPR requires financial institutions to implement measures to protect the privacy and security of personal data, including measures such as access controls, encryption, and employee training programs. It also requires that financial institutions obtain consent from individuals before processing their personal data and that they provide individuals with the right to access and control their personal data.

  1. The California Consumer Privacy Act (CCPA)

The CCPA is a privacy law in California that went into effect fairly recently (January 1, 2020). It grants California consumers the right to request that a business disclose what personal information it has collected about them, and to request that the business delete any of their personal information. The law applies to businesses that collect personal information about consumers who reside in California and that meet certain criteria, such as having annual gross revenues in excess of $25 million.

Each of these standards has its own specific requirements and guidelines that financial institutions must follow, and failure to do so can result in significant fines and legal consequences. It is essential for financial institutions to take the necessary steps to ensure that they are in compliance with all relevant cybersecurity compliance standards in order to protect their customers’ information and maintain the integrity of their business and customer’s data.

The Seven Biggest Risk Factors for CISOs in 2023

As we enter 2023, the threat landscape for cybersecurity continues to evolve at an alarming rate. From sophisticated ransomware attacks to devastating data breaches, it’s more important than ever to stay informed about the most significant cybersecurity threats on the horizon. In this blog post, we’ll take a deep dive into the top cybersecurity threats that you need to be aware of in 2023. From AI-powered malware to the proliferation of connected devices, these threats represent some of the most significant challenges that businesses and individuals will face in the coming year. Stay vigilant, stay informed, and take action to protect yourself and your organization from these looming threats.

  1. Artificial intelligence (AI) and machine learning (ML) threats: AI and ML technologies are becoming increasingly sophisticated, and this is giving rise to a new generation of cyber threats. For example, hackers may use AI and ML to automate the development and deployment of malware, or to launch highly targeted phishing attacks. These types of attacks can be difficult to detect and can have serious consequences, as they may allow hackers to gain access to an organization’s most sensitive data. To protect against these threats, organizations need to ensure that they have robust security measures in place, such as antivirus software and firewalls, and they need to be vigilant about identifying and addressing potential vulnerabilities.
  2. Internet of Things (IoT) vulnerabilities: The proliferation of IoT devices is creating new security vulnerabilities as these devices often have limited security measures and are frequently connected to the internet. Hackers may be able to exploit these vulnerabilities to gain access to networks and steal sensitive data. To protect against these types of attacks, organizations need to ensure that they have robust security measures in place for their IoT devices, such as strong passwords and secure communication protocols. They also need to be vigilant about identifying and addressing potential vulnerabilities, and they should consider implementing network segmentation to limit the impact of any successful attacks.
  3. Ransomware attacks: Ransomware attacks, in which hackers encrypt a victim’s data and demand a ransom in exchange for the decryption key, continue to be a major concern. These attacks can be highly disruptive and costly, and they are becoming more sophisticated as hackers use tactics such as double extortion to increase their effectiveness. To protect against ransomware attacks, organizations need to ensure that they have robust backup and recovery processes in place, and they should consider implementing measures such as network segmentation and access controls to limit the impact of any successful attacks.
  4. Supply chain attacks: Supply chain attacks, in which hackers target the supply chain of an organization in order to compromise its systems, are becoming more common. These attacks can be difficult to detect and can have serious consequences, as they may allow hackers to gain access to an organization’s most sensitive data. To protect against supply chain attacks, organizations need to be vigilant about identifying and addressing potential vulnerabilities in their supply chain, and they should consider implementing measures such as network segmentation and access controls to limit the impact of any successful attacks.
  5. Cryptojacking: Cryptojacking, in which hackers use a victim’s computer or device to mine cryptocurrency without the victim’s knowledge, is also a growing concern. This type of attack can be difficult to detect and can have a significant impact on the performance of the victim’s device. To protect against cryptojacking, organizations need to ensure that they have robust security measures in place, such as antivirus software and firewalls, and they should be vigilant about identifying and addressing potential vulnerabilities.
  6. Social engineering attacks: Social engineering attacks, in which hackers use psychological tactics to trick victims into divulging sensitive information or taking actions that compromise their security, are also on the rise. These attacks can be highly effective and can be launched through a variety of channels, such as email, phone calls, or social media. To protect against social engineering attacks, organizations need to educate their employees about the dangers of these attacks and how to recognize and prevent them. This may include implementing security awareness training programs and implementing policies that outline acceptable use of email, phone calls, and social media. I personally enjoy KnowBe4 for the easiest way to facilitate this sort of training;
  7. Dark Web Data Exposure: The dark web is a part of the internet that is not indexed by search engines and can only be accessed using special software, such as the TOR browser. It is a haven for illegal activities and is often associated with the sale of illegal goods, hacking services, and the trade of personal data. If your personal data is exposed on the dark web, it can be used for identity theft and other types of cybercrime. To prevent your data from being exposed on the dark web, it is important to use strong, unique passwords for all of your online accounts and to enable two-factor authentication whenever possible. However, even when we follow secure practices, our information can be exposed in a data breach. For these instances, it’s essential to have a strong dark web monitoring solution.

In conclusion, the cybersecurity threat landscape for 2023 is shaping up to be a challenging one. By staying informed about the latest threats and taking a proactive approach to security, you can help to mitigate the risks and keep your data safe. So let’s stay one step ahead of the hackers and make 2023 a year of secure computing for all!