Security Boulevard

The post Where’s the SOAR Magic Quadrant? appeared first on AI Security Automation.

The post Where’s the SOAR Magic Quadrant? appeared first on Security Boulevard.

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Chess Position’ appeared first on Security Boulevard.

 Tom Sheehan (Hurricane Labs Director of Cybersecurity Consulting and Compliance) attended the inaugural Horizon3 Global Partner summit last week.  This event brought together the brightest minds and boldest innovators in cybersecurity for a day of education, collaboration, and vision. Held in Frisco Texas, the event spotlighted Horizon3.ai’s evolving impact on security, showcasing a community [...]

The post Driving the Future of Cybersecurity: Highlights from the Horizon3 Global Partner Summit appeared first on Hurricane Labs.

The post Driving the Future of Cybersecurity: Highlights from the Horizon3 Global Partner Summit appeared first on Security Boulevard.

Author/Presenter: Brandon Pinzon

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – Looking For Smoke Signals In Financial Statements, For Cyber appeared first on Security Boulevard.

Frankfurt, Apr.30, 2025, CyberNewswire –  Link11, DOSarrest, and Reblaze have combined their strengths into a single, integrated platform with a new brand identity. The result: a consistent user experience, maximum efficiency, and seamless security.

As a European provider, Link11 … (more…)

The post News alert: Link11 integrates DOSarrest, Reblaze to deliver advanced, integrated security platform first appeared on The Last Watchdog.

The post News alert: Link11 integrates DOSarrest, Reblaze to deliver advanced, integrated security platform appeared first on Security Boulevard.

An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets to threat actors.

The post Revived CryptoJS library is a crypto stealer in disguise appeared first on Security Boulevard.

You've been at HYPR for six years. Why is now the right time for this expanded role and for HYPR's next chapter?

Doug: Timing is everything. It's the one thing you can't manufacture in this industry. You’re either too early, too late, or you catch the market exactly when it's ready. Right now, the timing for HYPR Affirm couldn't be better.

The post Meet Doug McLaughlin: HYPR’s New SVP of Worldwide Sales appeared first on Security Boulevard.

Traditional approaches to cloud access rely on static, permanent permissions that are often overprivileged. Learn how just-in-time access completely changes the game.

The access challenge in modern cloud environments

As cloud adoption accelerates, organizations are grappling with a fundamental security challenge: How do you grant people the access they need — such as on-call developers needing to debug problems, site reliability engineers (SREs) needing to repair issues with infrastructure, or DevOps engineers needing to provision or architect resources — without opening the door to overprivileged accounts and breach risks?

Traditional approaches rely heavily on static, permanent permissions. Human users often receive more access than necessary simply because it’s hard to predict specifically which permissions they’ll need. These permissions rarely get revoked, leaving organizations exposed.

This is where Tenable Cloud Security changes the game. As a powerful cloud-native application protection platform (CNAPP) solution, Tenable Cloud Security doesn't just identify access-related risk — it actively helps you solve it.

In this blog, we explore how you can address the excessive permissions challenge using the just-in-time (JIT) access capability in Tenable Cloud Security.

Just-in-time access: The elegant solution to human identity risk

JIT access enables organizations to dramatically reduce their exposure from compromised identities by providing a substitute for permanent access. Instead of being granted standing access, which may be exploited if and when an identity is compromised, users are provided with the eligibility to request temporary access based on a defined business need.

Here’s how it works:

1. All (or at the very least sensitive) standing access is removed.
2. Users are assigned eligibility profiles for specific resources or roles.
3. Users request access and are optionally required to provide a reason when access is needed.
4. If required, the request can be approved by an assigned approver or simply be automatically granted, which still has a huge security benefit compared to a standing permission.
   • For highly sensitive cases where more than one person needs to confirm access, several approval levels can be enforced if necessary.
5. Access is granted for a limited time (measured in hours), then automatically revoked.

JIT access dramatically reduces the attack surface tied to human identities, ensuring that elevated privileges are used only when necessary and only for as long as needed.

Fig. 1: Creating an eligibility to request just-in-time access to a cloud environment instead of standing permissions User experience: Where security meets usability

Tenable understands that even the best security solution won't succeed without adoption and cooperation from its target audience. That’s why JIT access in Tenable Cloud Security is designed with a seamless user experience in mind.

Access requests and approvals can be managed directly within messaging platforms, such as Slack or Microsoft Teams, which meet your teams where they are. Users and approvers stay in their native workflows while benefiting from a secure, auditable process.

Fig. 2: Filling out the access request form directly from Slack

Fig. 3, below, shows how the request, approval and access link are all grouped together on the same thread for a simplified, clean and simple experience.

Fig. 3: The request generated, approval granted and connection link to the cloud environment all in one thread in Slack

And speaking of audits, Tenable Cloud Security doesn’t just log access. It provides a clean, intuitive activity log interface for every session. Unlike the often fragmented logs from cloud providers, these are tailored for easy auditing, compliance review or incident response. So, if you want to apply more scrutiny and review what happened during sessions, or if you are compelled to do so in the event of an incident, it’s extremely easy to open up the session log and review it.

Fig. 4: The intuitive activity log for events generated in the cloud environment during the JIT access session; easy to review and filter to perform scrutiny / investigate incidents Expanding the reach: JIT access in Tenable Cloud Security now extends to SaaS applications

Based on customer feedback, Tenable extended JIT functionality to cover identity provider (IdP) group memberships. This is a big deal.

In many organizations, access to software as a service (SaaS) applications (such as secrets managers, observability tools, ticketing platforms, etc.) is governed through group memberships in identity providers like Okta or Microsoft Entra ID. With Tenable Cloud Security, you can now provide temporary group membership through the same JIT access model — effectively controlling and auditing access to SaaS apps with the same granularity and automation as cloud resources.

This means Tenable Cloud Security customers now have unified control over cloud infrastructure and SaaS access through a single solution.

Simplified procurement: JIT access is now included with Tenable Cloud Security

Perhaps the most exciting news: JIT access no longer requires a separate purchase. As of today, it’s included with Tenable Cloud Security.

Billing is simple. Just as Tenable Cloud Security charges based on the number of cloud resources, JIT access treats each eligible user as a billable resource. If you're a Tenable Cloud Security customer, you already have access to the full power of JIT — no separate contract, no additional platform. For example, if you have a team of five developers eligible to request elevated permissions, these would count as an additional five billable resources, no matter how many eligibilities they have.

Why JIT access makes Tenable Cloud Security the CNAPP of choice

Tenable Cloud Security doesn’t just identify problems. It solves them:

• It prioritizes identity risks with real-world context.
• It provides granular, real-time controls for both service and human identities.
• It offers native integration with your daily collaboration tools.
• It simplifies auditability and incident response.
• It extends protection beyond the cloud to the SaaS layer.
• It streamlines adoption with an intuitive UX and frictionless billing model.

Conclusion: Access management, reimagined

The best security tools blend into your workflow and quietly eliminate risk before it becomes a problem.

Tenable Cloud Security's JIT access capability is more than a feature — it's a philosophy shift. It reduces identity-based risk without sacrificing agility. It simplifies compliance without adding overhead. And it empowers teams to move fast, stay secure and maintain clarity over who has access to what, when and why.

If you're already a Tenable Cloud Security customer, there’s never been a better time to start using JIT access. And if you're evaluating CNAPPs, ask yourself: do they help you fix the problem, or just show you where it is?

With Tenable Cloud Security, the answer is clear.

Visit https://www.tenable.com/announcements/provide-access-just-in-time to learn more about how JIT access capabilities in Tenable Cloud Security can help you reduce your exposures.

The post The Future of Cloud Access Management: How Tenable Cloud Security Redefines Just-in-Time Access appeared first on Security Boulevard.

As April 2025 drew to a close, it left a string of high-profile data breaches in its wake, rattling major organizations. Yale New Haven Health saw 5.5 million patient records...

The post Top Data Breaches in April 2025 That Made The Headlines appeared first on Strobes Security.

The post Top Data Breaches in April 2025 That Made The Headlines appeared first on Security Boulevard.

Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot.

The post Secrets leaks increase — and expand beyond the codebase appeared first on Security Boulevard.

Starting May 5, 2025, Microsoft enforces strict sender requirements. Emails from domains sending over 5,000 messages per day must pass SPF, DKIM, and DMARC checks.—or face the 550 5.7.15 Access Denied error.

The post Microsoft Sender Requirements Enforced — How to Avoid 550 5.7.15 Rejections appeared first on Security Boulevard.

Frankfurt am Main, Germany, 30th April 2025, CyberNewsWire

The post Link11 brings three brands together on one platform with new branding appeared first on Security Boulevard.

AI-powered monitoring provides a proactive, intelligent and scalable way to secure modern billing systems, especially for any company leveraging a billing platform for subscription pricing model. 

The post Enhancing Security and Compliance With AI-Powered Monitoring in Billing Systems  appeared first on Security Boulevard.

From OTAs to review aggregators to generative AI, new tools are bypassing first-party content. The result is a distorted customer journey and a growing gap in your visibility into user behavior, with clear implications for brand control and revenue.

The post The Great E-Scrape: How AI Summaries and Agentic Queries Are Sidelining Your Site appeared first on Security Boulevard.

Explore the implications of JPMorgan's open letter on SaaS security and how organizations can effectively and proactively address the evolving SaaS risks.

The post JPMorgan Just Made SaaS Security Impossible to Ignore | Grip appeared first on Security Boulevard.

San Francisco, Calif., Apr 29, 2025, CyberNewswire — SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company’s first public appearance on the global cybersecurity stage.

At the … (more…)

The post News alert: At RSAC 2025, SecAI unveils platform that fuses agentic AI, contextual threat intelligence first appeared on The Last Watchdog.

The post News alert: At RSAC 2025, SecAI unveils platform that fuses agentic AI, contextual threat intelligence appeared first on Security Boulevard.

Are Your Cloud Security Decisions Truly Yours? Amid the dialing twists and turns of cybersecurity, have you ever wondered whether the freedom to make decisions about your Non-Human Identities (NHIs) and Secrets Security Management is still in your grasp? Are you truly free in choosing the best secrets vault for your organization, or have unseen […]

The post Choosing the Best Secrets Vault—Are You Free? appeared first on Entro.

The post Choosing the Best Secrets Vault—Are You Free? appeared first on Security Boulevard.

Can Non-Human Identities Truly Empower Independent Security Systems? Non-Human Identities (NHIs) are becoming an unavoidable part of our cyber defenses. Managing their lifecycle has become an integral aspect of creating independent security systems. By embracing NHI lifecycle management, professionals can help reinforce their organization’s security architecture, reduce associated risks, and increase operational efficiency. Why is […]

The post Gaining Independence with NHI Lifecycle Management appeared first on Entro.

The post Gaining Independence with NHI Lifecycle Management appeared first on Security Boulevard.

Are Concerns Over Cloud Security Limiting Your Innovation? The rapid pace of digital transformation has propelled businesses towards adopting new technologies like cloud computing. However, as high-profile data breaches continue to make headlines, concerns about cloud security can discourage businesses from fully leveraging the benefits that cloud computing affords. But, what if assured cloud security […]

The post Innovative Measures in Cybersecurity for 2025 appeared first on Entro.

The post Innovative Measures in Cybersecurity for 2025 appeared first on Security Boulevard.

Why are Least Privilege Tactics Crucial in the Cybersecurity Landscape? The question that frequently arises among cybersecurity experts is, “How can we effectively mitigate these risks?” One noteworthy strategy adopted by professionals across various industries, including financial services, healthcare, and travel, is the use of least privilege tactics. This approach is particularly valuable for organizations […]

The post Feel Relieved with Effective Least Privilege Tactics appeared first on Entro.

The post Feel Relieved with Effective Least Privilege Tactics appeared first on Security Boulevard.