Cozy Bear specializes in targeting governments, diplomatic entities, non-governmental organizations (NGOs), and IT service providers, primarily in the U.S. and Europe. These state-sponsored groups aim to clandestinely gather strategic and sensitive information for Russia, maintaining prolonged access without raising suspicions.
Posts by Category:
- SOC 2
- Privileged Access Management
- Identity and Access Management
- Zero Trust
- ISO 27001
- Role-Based Access Control
- Dynamic Access Management
- Secure Access Service Edge
The CSA CCM is a cybersecurity control framework specifically designed for cloud computing. It outlines a comprehensive set of best practices and security controls across 17 domains that are designed to ensure that cloud environments are secure and resilient against an ever expanding threat landscape. The CCM framework is structured to provide clarity and actionable guidance for the implementation of security measures in a prescriptive and adaptable way for recognized compliance standards and
The way that people work continues to evolve, and as a result, so do the ways that they must authenticate into their organization’s resources and systems. Where once you simply had to be hardwired into the local office network, now you must expand your perimeter to include remote and hybrid workforces, on-prem and cloud environments, and take into account a growing list of factors that impact how and where people access critical company resources.
Adherents to the Zero Trust security model, live according to a policy of “never trust, always verify.” It requires all devices and users to be authenticated, authorized, and regularly validated before being granted access, regardless of whether they are inside or outside an organization's network. But the catch is that authentication and authorization don’t just happen at the first touch.
Identity and access management (IAM) is a collection of technologies, policies, and procedures designed to guarantee that only authorized individuals or machines can access the appropriate assets at the appropriate times. While it is an effective approach to enterprise security, IAM implementations are complex undertakings. If not done correctly, it can create security gaps that leave your organization at increased risk of a breach. Taking a measured approach will ensure your deployment is
Understanding the pillars of access control and following best practices for PAM gives you a roadmap to an implementation that is secure and comprehensive with no security gaps. This article contains nine essential privileged access management best practices recommended by our skilled and experienced identity and access management (IAM) experts.
In this article, we’ll explore the risks of credential stuffing attacks, common techniques used by attackers, signs that your accounts may be compromised, and credential stuffing prevention techniques you can use to reduce your risk.
Haystack analytics found that 81% of developers suffer from burnout. We’re at crisis-level numbers and it’s clear that developers need support. It will help improve their productivity and peace of mind, but more importantly, it is the right thing to do. How can you help your team perform and eliminate developer burnout? It’s a tricky goal to achieve, but we have some ideas that will guide you and your technical team to better, more achievable outcomes with less stress.
In this blog, we’ll offer a blueprint for how to implement Zero Trust security effectively to help your organization initiate and manage access management for all your users, devices, and resources.
K-Pop, it turns out, is kind of like a great laboratory of what happens when you prioritize your audience. In a weird way, K-Pop bands are doing what technology companies should be doing - innovating with technology and giving users better, easier, more usable access to the things they need.
Vendor Access Management (VAM) is the systematic control and oversight of vendor access to an organization's systems, applications, and data. It involves processes such as onboarding and offboarding vendors, utilizing solutions for Just-in-Time access, ensuring security, and streamlining workflows to minimize operational inefficiencies.
Fine-grained access control systems determine a user’s access rights—to infrastructure, data, or resources, for example—once past initial authentication. Unlike coarse-grained access control (CGAC), which relies on a single factor, such as role, to grant access, FGAC relies on multiple factors. For example, it may consider policies (policy-based access control, or PBAC), attributes (attribute-based access control, or RBAC), or a user’s behavior in a certain context (behavior-based access