How to Fight Against Shadow Admin? When it comes to privileged accounts, traceability is essential, but it is sometimes compromised by the use of shadow admin. This traceability, as well as real-time or a posteriori control of the administration actions allowed by the PAM (Privileged Access Management) should however be exhaustive to effectively protect the information system…. Read More >>
The new security perimeter for organizations Slowly but surely, we are experiencing a radical change in the world of networks and access security. To illustrate this in a caricatured way, we are moving from a situation when an organization’s network was inside its walls and the Internet outside, to a situation where everything is based on the Internet, which is shared by all organizations’ networks. The networks of companies are now permanently installed in the Internet network via cloud infrastructures that go beyond the physical boundaries… Read More >>
Identity theft: how to protect against it within companies? Identity theft, which affects individuals in both personal and professional situations, is a threat whose impact is growing as the digital age expands in our lives. Although identity theft was not born with information technology, it is indeed the IT that has contributed to its expansion: on the one hand, more and more administrative procedures are carried out online, and on the other hand, our personal exchanges and confidential data are often poorly protected. Nevertheless, there are ways to protect… Read More >>
Behavioral biometrics: A new authentication factor which needs to develop Still marginal today, behavioral biometrics is already revolutionizing paradigms and authentication methods. By strengthening the security of information systems and making authentication more comfortable for users, this new factor is essential in the dynamic context created by today’s technological evolution and society. Indeed, the traditional password is becoming increasingly obsolete and used alone, it does not guarantee a sufficient level of security. Multi-factor authentication responds to this issue, with a trend towards the use of factors inherent to the user… Read More >>
What are the regulations for OVI and OES? The multiplication of attacks and threats to organizations’ information systems has prompted the French government and the European Union to implement recommendations and rules for private companies and public administrations. The requirement level of these rules and recommendations varies according to the importance of the target organization. They are optional for organizations considered as non-sensitive, but, at different levels, mandatory for OVI (Operators of Vital Importance) and OES (Operators of Essential Services). Limiting the cyber risk of OVI and OES… Read More >>
Secure Access Service Edge: A Paradigm Shift The network and network security world is experiencing, like any other technology, its digital revolution. The traditional vision of “inside the firewall” and “outside the firewall” has been shattered: Internet has become the network of the extended enterprise. Secure Access Service Edge: Trends Leading to a Paradigm Shift Moving from a “network-centric” architecture to a “user-centric” and “application-centric” architecture. On the one hand, the cloud and the decentralization of servers and applications in disparate clouds; on the other hand, the… Read More >>
Making the administration workstation incorruptible with a hardened thin client terminal The terminal allowing administrators to access the administration network is a key element for the global security of organizations’ information systems. A possible corruption of this terminal is a major risk for companies. The use of a hardened thin client terminal communicating with administration virtual desktops allows you to take advantage of the specific and secure architecture of a hardened thin client terminal while benefiting from the functionalities of Privileged Access Management (PAM) solutions thanks to virtualization. Prerequisites for using… Read More >>
Least privilege: a key principle for the security of the Information System The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>
VPN vs ZTNA Since the democratization of Internet at the end of the 1990s, the VPN (Virtual Private Network) has been used by companies to provide their employees with private and secure remote access to their information systems. Nowadays deployed in many organizations, the VPN still presents some risks to the integrity of information systems. To overcome this issue, ZTNA (Zero Trust Network Access) solutions, which are much more secure, are gradually replacing the VPN within organizations. VPN: connecting two networks of trust… Read More >>
Continuous Authentication : When Behavioral Analysis Guarantees Your Identity Many authentication methods exist nowadays. The most well-known of them is by using the login/password pair. For a better secured access to the information system, many organizations have implemented a multi-factor authentication (MFA), especially for IS administrators. But once authenticated, what guarantees that it is the same person behind the screen, mouse or keyboard? Continuous authentication : what is it ? Continuous authentication is a permanent authentication based on the user’s behavior on the workstation. Via the Machine Learning, a… Read More >>