securityboulevard.com

FBI Seizes Two Websites Linked to Pro-Iranian Group Handala

Jeffrey Burt
Published date: 2026-03-19 00:00:00

None

The FBI this week seized the two websites belong to pro-Iranian hacktivist organization that claimed responsibility for the <a href="https://securityboulevard.com/2026/03/iranian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war/" target="_blank" rel="noopener">data-wiping attack</a> on U.S. medical tech company Stryker and is among the most actives of the myriad threat groups that mobilized when the U.S. and Israeli air strikes on Iran began more than two weeks ago.The two domains – one Handala used as a data leak site and another to target people with possible links to Israeli defense contractors – now feature seizure announcements from the FBI about the seizures. Neither the agency nor the Justice Department (DOJ) has released statements about the move.That said, announcements themselves say the sites were seized pursuant to a U.S. Federal Court warrant, adding that “law enforcement authorities determined this site was used to conduct, facilitate, or support malicious cyber activities on behalf, of or in coordination with, a foreign state actor. These activities may include unauthorized network intrusions, infrastructure targeting, or other violations of United States law.”According to reports, the Handala group on its official Telegram channel confirmed that websites were seized and taken offline, adding that the action was a “desperate attempt to silence our voice.”“This act of digital aggression only serves to highlight the fear and anxiety our actions have instilled in the hearts of those who oppress and deceive,” the hackers wrote, <a href="https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/" target="_blank" rel="noopener">according to TechCrunch</a>. “Although they attempt to erase the evidence and hide their crimes through censorship and intimidation, their actions only confirm the impact of our mission. The pursuit of justice cannot be stopped by taking down a website, the movement for truth will persist and grow stronger.”The news site also noted that Handala’s X site also was suspended.<h3>A Widening Cyberthreat Surface</h3>This comes amid a surge of cyberthreats in retaliation for the bombings of Tehran and other places in the country, and as Iran – through kinetic warfare and through cyberspace – also targeted other countries in the Middle East deemed to be aligned with the United States.CloudSEK security intelligence analysts said that <a href="https://www.cloudsek.com/blog/ai-the-iran-us-conflict-and-the-threat-to-us-critical-infrastructure" target="_blank" rel="noopener">within hours of the start of the bombing</a> by the United States and Israel, more than <a href="https://securityboulevard.com/2026/03/pro-iranian-hacktivists-join-nation-state-groups-in-targeting-u-s-israel-others/" target="_blank" rel="noopener">60 pro-Iranian hacktivists gangs</a> mobilized to join nation-state threat groups run by Iran’s Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS).Akamai researchers wrote that in the <a href="https://securityboulevard.com/2026/03/cyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran/" target="_blank" rel="noopener">first two weeks of the war</a>, they saw a <a href="https://www.akamai.com/blog/security/fortify-network-security-emerging-geopolitical-cyberthreats" target="_blank" rel="noopener">245% jump</a> in attempts by threat actors to attack critical institutions and businesses around the world.<h3>Multiple Targets</h3>Handala, which has been active since 2023 and has targeted Israeli organizations with data-wiping and other attacks, has become among the most active of the threat actors. Flashpoint, which has been tracking the activity in both the kinetic fighting and the battle in cyberspace, noted the group has taken credit for attacks, such as a data-wipe and exfiltration operation against the Hebrew University of Jerusalem – saying it erased more than 48 TB of data and exfiltrated 23 TB of confidential information – and claiming to have leaked 100,000 personal emails from the former head of Mossad’s research organization.However, it was last week’s attack on Stryker – which has headquarters in Portage, Michigan, but about 56,000 employees around that world and generated more than $25 billion in net sales last year – that stands out. Handala said it was able to erase the data from about 80,000 corporate and personal devices – including computers, servers, and mobile devices – in which the attackers were able to get into the network by compromising a Windows domain administrator account and using a command in Microsoft Intune to force a factory reset on them. No malware was neededSince the attack, <a href="https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117" target="_blank" rel="noopener">Microsoft</a> and <a href="https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization?utm_source=IranHardening202603&utm_medium=GovDelivery" target="_blank" rel="noopener">CISA</a> has published steps organizations should take strengthen Intune management controls. In addition, Stryker has been giving <a href="https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html" target="_blank" rel="noopener">updates about its efforts</a> to restore and better protect its devices.<h3>Pressure Is On Defenders</h3>Brian Bell, CEO of <a href="https://fusionauth.io/" target="_blank" rel="noopener">FusionAuth</a>, which makes authentication and user management software, said that the attack on Stryker showed that authentication and authorization are not the same thing and that companies going forward will need to make adjustments to protect themselves.“Attackers didn’t need to break in,” Bell said about the Stryker incident. “They walked through the front door with compromised credentials. The missing safeguard is contextual: organizations need systems that can recognize when a privileged action is anomalous and require additional verification at that moment, not just at login. … The FBI’s seizure of Handala’s infrastructure is welcome, but the next group will find a new front door. The architectural fix has to happen on the defender’s side.”<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/fbi-seizes-two-websites-linked-to-pro-iranian-group-handala/" data-a2a-title="FBI Seizes Two Websites Linked to Pro-Iranian Group Handala"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-seizes-two-websites-linked-to-pro-iranian-group-handala%2F&linkname=FBI%20Seizes%20Two%20Websites%20Linked%20to%20Pro-Iranian%20Group%20Handala" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-seizes-two-websites-linked-to-pro-iranian-group-handala%2F&linkname=FBI%20Seizes%20Two%20Websites%20Linked%20to%20Pro-Iranian%20Group%20Handala" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-seizes-two-websites-linked-to-pro-iranian-group-handala%2F&linkname=FBI%20Seizes%20Two%20Websites%20Linked%20to%20Pro-Iranian%20Group%20Handala" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-seizes-two-websites-linked-to-pro-iranian-group-handala%2F&linkname=FBI%20Seizes%20Two%20Websites%20Linked%20to%20Pro-Iranian%20Group%20Handala" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-seizes-two-websites-linked-to-pro-iranian-group-handala%2F&linkname=FBI%20Seizes%20Two%20Websites%20Linked%20to%20Pro-Iranian%20Group%20Handala" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

Dormant Accounts Leave Manufacturing Orgs Open to Attack

Teri Robinson
Published date: 2026-03-19 00:00:00

None

Workers who have been <a href="https://securityboulevard.com/2024/02/mitigating-the-identity-risks-of-ex-employees-accounts/" target="_blank" rel="noopener">laid off or fired from their jobs</a> often complain mightily that companies treat them like common criminals, with security escorting them out of the building in some sort of corporate perp walk. And then solicit one of their work buddies to pack up their personal stuff and ship it to them, as if they might walk out with the good silver. You would think that level of caution would apply to deprovisioning access, especially in manufacturing, where organizations onboard temporary workers, contractors and third-party system integrators at breakneck speed during Spring production ramp-ups. It seems at the very least incongruous that 48% of manufacturing organizations don’t revoke employee access within 24 hours after they depart or change roles, according to new research by Pathmark. “If those privileges are not revoked immediately when projects conclude, or permissions are granted too broadly, they create long-lived entry points and widespread access that adversaries can exploit,” says Darren Guccione, CEO and co-founder at Keeper Security. Perhaps the problems has intensified because a full 74% “lack fully automated user provisioning and de-provisioning,” the <a href="https://pathlock.com/blog/access-governance-and-security-risks-in-manufacturing/" target="_blank" rel="noopener">Pathmark report</a> notes. What makes these dormant accounts particularly dangerous is that they don’t typically trigger behavioral alerts, which means they become an easy entry point for nefarious acts like credential stuffing, password spraying and phishing. Nearly half (46%) of security incidents that were reported were linked or thought to be linked to a yawning governance gap that has it genesis in, you guessed it, digital transformation. Stale credentials, Guccione says, “remain one of the most predictable and dangerous weaknesses in enterprise security.” Attackers understand that organizations are effectively leaving trusted identities active, he says, “and routinely look for dormant accounts that will allow them to blend in as legitimate users to avoid triggering traditional security alerts.” The findings “highlight a structural identity problem in manufacturing: Attackers increasingly log in rather than break in, and dormant or overprivileged accounts give them a frictionless path,” says James Maude, field CTO at BeyondTrust. “During seasonal rampups, access is created quickly but rarely removed with the same urgency, leaving behind a shadow layer of identities that don’t trigger behavioral alerts,” which Maude says, “expands the blast radius for everything from credential stuffing to insider misuse.” While just over half (53%) have some automation and rules in place to regularly conduct user access reviews, around one third (36%) are just getting started on identifying and remediating access risk and mostly depending on manual processes, as do 30%, who are at the same point when it comes to user account provisioning, modifying and de-provisioning. And it gets worse. About half (51%) do not use automated elevated access management with 14% admitting they have minimal or no governance when it comes to privileged access. They also note that those workers with the broadest permissions—third-party consultants and internal IT admins—are the most difficult to manage. Does make you wonder why three in five skipped comprehensive SoD risk simulations altogether before they deployed new roles as they migrated their organizations to the cloud. “With 74% of manufacturers lacking fully automated provisioning, 61% skipping SoD simulations before cloud migrations, and dormant accounts evading behavioral alerts entirely, the attack surface isn’t a gap—it’s a design flaw,” says Surya Kollimarla, director, identity security products at ColorTokens. Guccione says that “identity governance must be treated as a security priority, not just a compliance process” with access being “automated, time-bound and continuously verified, privileged access must follow the principle of least privilege and standing administrative rights should be eliminated wherever possible.” Security teams, Maude says, “should focus on shrinking standing privilege, ideally taking a just-in-time approach for privilege and access, especially for contractors and integrators.” By reducing privilege in a system, “you reduce the impact of inevitable mistakes,” he explains. Kollimarla urged security teams “to seriously evaluate two foundational shifts.” They must “go passwordless by design, not by patch.” Just layering passwordless capabilities on top of password-based infrastructure “don’t eliminate the attack surface—they obscure it,” he says. But “true passwordless architecture, integrated with automated SoD enforcement across your existing ERP and IAM systems, removes the credential risk at the source.” Security teams should also “authenticate based on context, not just identity,” Kollimarla says. Risk-based authentication that continuously evaluates the user, device, and application at the moment of access is the only model that raises the security bar without adding friction — because friction doesn’t get tolerated, it gets bypassed.” Perhaps then and only then will dormant accounts be perp walked out the door. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/dormant-accounts-leave-manufacturing-orgs-open-to-attack/" data-a2a-title="Dormant Accounts Leave Manufacturing Orgs Open to Attack "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdormant-accounts-leave-manufacturing-orgs-open-to-attack%2F&linkname=Dormant%20Accounts%20Leave%20Manufacturing%20Orgs%20Open%20to%20Attack%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdormant-accounts-leave-manufacturing-orgs-open-to-attack%2F&linkname=Dormant%20Accounts%20Leave%20Manufacturing%20Orgs%20Open%20to%20Attack%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdormant-accounts-leave-manufacturing-orgs-open-to-attack%2F&linkname=Dormant%20Accounts%20Leave%20Manufacturing%20Orgs%20Open%20to%20Attack%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdormant-accounts-leave-manufacturing-orgs-open-to-attack%2F&linkname=Dormant%20Accounts%20Leave%20Manufacturing%20Orgs%20Open%20to%20Attack%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdormant-accounts-leave-manufacturing-orgs-open-to-attack%2F&linkname=Dormant%20Accounts%20Leave%20Manufacturing%20Orgs%20Open%20to%20Attack%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

FBI Data Purchases Ignite New Clash Over Privacy and Surveillance

James Maguire
Published date: 2026-03-19 00:00:00

None

<div>Lawmakers pressed the FBI this week after Director Kash Patel confirmed the agency is purchasing information that can track Americans’ movements, reopening a contentious debate over privacy and the limits of government surveillance.</div><div>The acknowledgment came during a Senate Intelligence Committee hearing, where Patel said the bureau buys data from private vendors as part of its investigative toolkit. The information, typically compiled by data brokers, can include detailed records of individuals’ location histories, usually sourced from mobile apps and digital advertising tracking.</div><div>Patel characterized the practice as lawful and effective, telling senators the FBI relies on data it believes is obtained in compliance with federal law. He indicated that such information has contributed to investigations, supporting the agency’s position that commercially available data is a legitimate resource.</div><div>The response drew immediate rebuke from Senator Ron Wyden, D-Oregon, who challenged the legality and implications of the practice. Wyden argued that acquiring sensitive location data without a warrant undermines constitutional protections, particularly the Fourth Amendment, which protects individuals against “unreasonable searches and seizures” by the government, ensuring the right to privacy. He pointed to the growing role of AI in analyzing vast datasets, warning that new technologies could expand the scope of surveillance beyond what lawmakers previously anticipated.</div><div><h3>Data Sources Law Sparks Debate</h3></div><div>The debate revolves around a gap in how privacy laws apply to modern data markets. Law enforcement agencies must obtain a warrant to access location data directly from telecom providers, a requirement established by the Supreme Court in 2018. However, third party companies that collect and sell consumer data operate under a different framework, allowing agencies to purchase similar information without judicial approval.</div><div>This distinction has become a focus for lawmakers attempting to update surveillance rules. Wyden, along with Senator Mike Lee, R-Utah, recently introduced the Government Surveillance Reform Act, which would require federal agencies to secure a warrant before buying Americans’ personal data. The proposal has a parallel effort in the House, led by Representatives Zoe Lofgren, D-California, and Warren Davidson, R-Ohio, reflecting bipartisan concern over the issue.</div><div>Supporters of the legislation argue that the current system allows agencies to sidestep established privacy protections. They claim that purchasing data from brokers achieves the same result as obtaining it directly from telecom providers, but without the legal safeguards intended to protect citizens.</div><div>Privacy advocates argue that this marketplace for personal data operates with limited transparency, leaving consumers largely unaware of how their data is distributed.</div><div>However, some officials defend the practice as necessary for modern investigations. Senate Intelligence Committee Chair Tom Cotton, R-Arkansas, said the key factor is that the data is available for purchase on the open market. If private entities can legally obtain it, he argued, law enforcement should not be restricted from using it to pursue criminal activity.</div><div>The FBI maintains that purchasing such data does not require a warrant because it is not compelled from a provider. That legal interpretation remains largely untested in court, leaving uncertainty about how judges may ultimately view the practice.</div>As lawmakers argue about new restrictions, the outcome could create near-term guardrails about how privacy is protected in the digital economy. But given that this issue is a complex mix of technology, law, and public policy, a full resolution is not likely anytime soon.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/fbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance/" data-a2a-title="FBI Data Purchases Ignite New Clash Over Privacy and Surveillance"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance%2F&linkname=FBI%20Data%20Purchases%20Ignite%20New%20Clash%20Over%20Privacy%20and%20Surveillance" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance%2F&linkname=FBI%20Data%20Purchases%20Ignite%20New%20Clash%20Over%20Privacy%20and%20Surveillance" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance%2F&linkname=FBI%20Data%20Purchases%20Ignite%20New%20Clash%20Over%20Privacy%20and%20Surveillance" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance%2F&linkname=FBI%20Data%20Purchases%20Ignite%20New%20Clash%20Over%20Privacy%20and%20Surveillance" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-data-purchases-ignite-new-clash-over-privacy-and-surveillance%2F&linkname=FBI%20Data%20Purchases%20Ignite%20New%20Clash%20Over%20Privacy%20and%20Surveillance" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

How empowered is your secrets scanning system

None
Published date: 2026-03-19 00:00:00

None

<h2>Are Your Secrets Scanning Systems Truly Empowered for Complete Cybersecurity Protection?</h2>Where digital are increasingly complex, organizations must evaluate whether their secrets scanning systems are fully equipped to meet cybersecurity demands. With cyber threats become more sophisticated, unique challenges arise for cybersecurity teams, especially in managing Non-Human Identities (NHIs) and ensuring secrets security management. So how do organizations proactively manage these identities and ensure robust security across various sectors like financial services, healthcare, and beyond?<h3>Understanding Secrets Scanning: More Than Just Detective Work</h3>Secrets scanning systems are critical in sensitive data. At their core, they detect and manage secrets—encrypted passwords, tokens, or keys—that serve as a form of machine identity. However, secrets scanning is not merely a reactive process; it should empower an organization to anticipate threats and address vulnerabilities before they are exploited. The real empowerment lies in understanding the lifecycle of Non-Human Identities and applying a comprehensive approach to securing these elements.<h3>Empowerment Through a Lifecycle Perspective</h3>Managing NHIs effectively involves a holistic approach that covers all stages of their lifecycle. From discovery and classification to threat detection and remediation, each phase offers insights into how NHIs can be better protected. This is not something that point solutions like basic secret scanners can achieve. By adopting a lifecycle perspective, organizations gain valuable insights into ownership, permissions, and usage patterns, enhancing their ability to detect potential vulnerabilities.<ul> <li>Discovery and Classification: The first step is identifying all machine identities in use and classifying them based on their importance and access levels. This strategy helps in prioritizing the security efforts.</li> <li>Threat Detection: Continuous monitoring of NHIs allows for timely detection of unusual patterns or potential security breaches.</li> <li>Remediation: Once a threat is detected, swift action is necessary to mitigate risks. Automating this process ensures that security teams can respond quickly and effectively.</li> </ul><h3>Bridging the Security and R&D Divide</h3>One of the critical issues in managing NHIs is the disconnect between security teams and R&D departments. Security teams must work closely with R&D to ensure that machine identities are integrated into security frameworks seamlessly. This alignment is crucial for creating secure cloud environments that protect sensitive data across multiple platforms. More information on refining these integrations can be found in the article on <a href="https://entro.security/blog/entro-wiz-integration/">Entro Wiz Integration</a>.<h3>Ensuring Compliance and Efficiency</h3>In addition to reducing security risks, effective NHI management also aids in regulatory compliance. By offering policy enforcement and audit trails, organizations can ensure they meet necessary regulatory requirements with ease. Moreover, such systems enhance organizational efficiency by automating secrets management, thereby freeing up security teams to focus on strategic initiatives. For insights into optimizing these processes, explore how <a href="https://entro.security/blog/secrets-security-in-hybrid-cloud-environments/">hybrid cloud environments</a> contribute to robust NHI and secrets management.<h3>Enhanced Visibility with Centralized Control</h3>Having a centralized view for access management and governance is a critical component of empowered secrets scanning systems. A centralized platform allows for comprehensive visibility, enabling organizations to track and manage all machine identities efficiently. This framework not only offers enhanced control over machine identities but also leads to cost savings by automating processes like secrets rotation and decommissioning of obsolete NHIs.<h3>Empowerment Across Industries</h3>While the theoretical framework is similar across industries, the application varies significantly. For example, in financial services sector, where data sensitivity is paramount, empowered secrets scanning systems can mean the difference between a minor security incident and a major data breach. In healthcare, ensuring that patient data remains secure is a legal requirement. For DevOps and SOC teams, on the other hand, the focus might be on integrating these security measures into their agile and fast-paced environments. The challenges might vary, but the need for an empowered approach remains constant. The consulting and program management techniques can provide insights into customized solutions across different sectors.In conclusion, the empowerment of secrets scanning systems hinges on not just detection and management but a comprehensive approach to Non-Human Identity management. By bridging the gap between security and development teams and adopting a lifecycle perspective, organizations can ensure robust protection against evolving cyber threats. While we continue to explore these concepts, further strategies for achieving such empowerment will be unveiled.<h2>Mastering the Complexity of Cybersecurity with Effective Non-Human Identity Management</h2>Have you ever wondered what lies beyond the basic capabilities of secrets scanning systems when it comes to protecting sensitive data? Organizations often encounter complexities when dealing with Non-Human Identities (NHIs) and secrets security management. The urgency to address these challenges cuts across industries like financial services, healthcare, and DevOps. By enriching the understanding of NHIs and their lifecycle management, organizations can craft a robust fortress against potential cyber threats.<h3>Decoding NHI</h3>A Non-Human Identity encompasses more than just machine identifiers such as encrypted passwords, tokens, or keys. These elements collectively form digital credentials that can access critical systems and data. Mismanagement or oversight can lead to a significant security breach. Unfortunately, the challenge isn’t just about losing a credential; it’s about ensuring these NHIs are created, managed, and retired.<ul> <li>Strategic Importance: Addressing NHIs is crucial for maintaining the integrity and trust associated with digital transactions across industries.</li> <li>Holistic Approach: NHI management needs methods encompassing discovery, classification, threat detection, and response mechanisms to be dynamic and efficient.</li> </ul>For an insightful dive into agentic approaches within AI, see how <a href="https://entro.security/blog/agentic-ai-owasp-research/">agentic strategies are being developed</a>.<h3>Unraveling the Misalignment: Security and R&D</h3>Misalignment between security operations and research & development teams often results in vulnerabilities. These gaps can be bridged by fostering collaboration and ensuring mutual understanding, particularly with R&D teams introduce new technologies and innovations that alter security. This collaborative stance compels both sectors to consider security implications from the onset.<ul> <li>Transformative Integration: Integrating security protocols in R&D processes can lead to enhanced risk management and efficient operational structures.</li> <li>Continuous Dialogue: Establishing communication channels specifically focused on security can minimize roadblocks and promote proactive problem-solving.</li> </ul><h3>Support for Industry-Specific Challenges</h3>Though the framework for NHI management might remain consistent across different sectors, its application must be crafted according to industry specifics.In financial services sector, maintaining rigorous controls transforms small weaknesses into fortified systems that resist targeted attacks, whereas, in healthcare, the lion’s share of security efforts is focused on data integrity—ensuring patient confidentiality and regulatory compliance.The unique requirements for DevOps teams involve prioritizing speed and innovation, which necessitates an agility-centric approach to security. This demands integration of tools and processes that complement rapid application development cycles. Similarly, SOC teams benefit by adopting diagnostic tools that integrate seamlessly with their incident response strategies.<h3>Enhancing Control with Centralized Management</h3>Centralization of NHI management unfolds numerous benefits:<ul> <li>Comprehensive Oversight: Centralized systems ensure enhanced visibility into all NHIs, simplifying the tracking and allocation of permissions and usage patterns.</li> <li>Resource Efficiency: Automation processes like secrets rotation and NHIs decommissioning minimize the operational burden on IT departments.</li> <li>Risk Mitigation: By quickly adapting to the changing cybersecurity environment, central control systems dampen the impact of potential threats.</li> </ul>For insights into advanced security strategies, explore <a href="https://entro.security/blog/keeping-security-in-stride-why-we-built-entros-third-pillar-for-agentic-ai/">this comprehensive guide</a> on why structured frameworks help maintain stride.<h3>Expanding the Conversation</h3>The dialogue on NHI management should be inclusive of emerging technologies and future directions.– Artificial Intelligence’s Influence: AI offers innovations in predictive analytics and automation, heralding new capabilities within secrets scanning systems. – Interdisciplinary Collaboration: Diverse teams consisting of IT, compliance, and industry-specific experts must collaborate to develop resilient security strategies. For more information on how scanning configurations are evolving, visit <a href="https://dev.housing.arizona.edu/what-is-scanning-configuration" rel="noopener">this resource</a>.Through a proactive and informed approach to Non-Human Identities and secrets management, organizations can safeguard their environments effectively. By addressing systemic vulnerabilities and promoting efficient collaborations, cybersecurity can turn uncertainties into improved stability and resilience, helping organizations not just to survive, but to thrive.The post <a href="https://entro.security/how-empowered-is-your-secrets-scanning-system/">How empowered is your secrets scanning system</a> appeared first on <a href="https://entro.security/">Entro</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/how-empowered-is-your-secrets-scanning-system/" data-a2a-title="How empowered is your secrets scanning system"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-empowered-is-your-secrets-scanning-system%2F&linkname=How%20empowered%20is%20your%20secrets%20scanning%20system" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-empowered-is-your-secrets-scanning-system%2F&linkname=How%20empowered%20is%20your%20secrets%20scanning%20system" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-empowered-is-your-secrets-scanning-system%2F&linkname=How%20empowered%20is%20your%20secrets%20scanning%20system" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-empowered-is-your-secrets-scanning-system%2F&linkname=How%20empowered%20is%20your%20secrets%20scanning%20system" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-empowered-is-your-secrets-scanning-system%2F&linkname=How%20empowered%20is%20your%20secrets%20scanning%20system" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/how-empowered-is-your-secrets-scanning-system/">https://entro.security/how-empowered-is-your-secrets-scanning-system/</a>

securityboulevard.com

Mapping Your Defenses to What You Need, Not What You Inherited

None
Published date: 2026-03-19 00:00:00

None

<article class="blog-post" morss_own_score="10.0" morss_score="13.0"> <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" morss_own_score="5.0" morss_score="166.5"> There is a deceptive sense of security that comes with a crowded security architecture. We look at our environments and see a landscape filled with multiple vendor tools, SIEM dashboards pulsing with telemetry, and threat intelligence feeds. On paper, the organization looks hardened. The budget has been allocated, the tools have been deployed, and leadership feels a sense of safety. But there is a reality that many organizations are slow to embrace: Just because a tool and detection exist doesn’t mean you can defend against an attack. Attackers do not view your security by the number of products you own. They measure it by your blind spots and the many ways they can infiltrate your systems. While you are monitoring your “presence” at the front door, they are searching for the entry points where they can operate undetected. This is the difference between having a tool that exists and a detection that is relevant and can effectively disrupt an attack. <h3>Presence vs. Capability: The Strategic Divide</h3> Most organizations frame their security maturity around procurement. They ask, “Do we have endpoint protection?” or “Do we have cloud security?” These are inventory questions, not defensive ones. Having a tool present on a server is simply a baseline level of safety: it exists, but whether it is configured, operational, or effective is a different question entirely. Coverage mapping reframes this conversation. Instead of asking whether a tool exists, the question becomes whether your defenses can detect and disrupt how adversaries actually operate. This is not measured at the tool or technique level alone, but at the level of execution and how a specific procedure unfolds across identities, systems, and controls. Presence says, “We deployed the agent.” Coverage asks, “When an adversary executes a credential access procedure using PowerShell and legitimate system tools, do we detect it, and where does that detection fail?” <h3>Thinking in Adversary Behavior</h3> Modern attackers are not random, but they are not bound to a single playbook either. They operate through recurring patterns of behavior shaped by objectives, access, tooling, and opportunity. Frameworks like MITRE ATT&CK help defenders model and categorize those behaviors, but ATT&CK itself is not an attacker script. It is a structured knowledge base that documents tactics, techniques, and observed procedures drawn from real intrusions. Coverage mapping becomes valuable when it is used to measure defensive readiness against those observed behaviors. Rather than asking whether a control is deployed, you ask where it can detect, interrupt, or contain adversary activity across realistic attack paths. That often exposes uneven defensive depth: a team may be well covered against common malware patterns, yet far less prepared for abuse of legitimate tools, stolen credentials, remote administration pathways, or hands-on-keyboard activity that blends into normal operations. Adversaries exploit these asymmetries. They do not need to defeat every control; they look for the gaps between what is installed, what is configured, and what is actually producing reliable defensive outcomes. A tool may be present and running, yet still fail to generate meaningful visibility at the moment an attacker shifts tactics or moves through a trusted path. <h3>The Discipline of Measuring Gaps</h3> This process often reveals an uncomfortable reality: most security stacks are over-indexed on coverage volume rather than defensive effectiveness. Organizations frequently have overlapping controls concentrated in low-impact areas, while high-risk execution paths remain insufficiently defended. Coverage mapping is the discipline required to expose these imbalances. It enables teams to prioritize based on how adversaries actually succeed, rather than how tools are deployed. By identifying where defenses break down in practice, organizations can: <ul> <li>Refine your investment decisions by aligning spend to areas of highest adversary impact </li> <li>Reduce alert fatigue by eliminating redundant or low-fidelity detections </li> <li>Strengthen defensive depth across the adversary procedures that matter most. </li> </ul> <h3>From Reactive Security to Strategic Defense</h3> Reactive security operates on signals: alerts, indicators, and isolated detections that require constant triage. Effective defense, however, is measured by whether adversary procedures can be consistently detected, understood, and disrupted as it unfolds. Coverage mapping enables this shift. It connects telemetry to detection logic, detection logic to response, and response to observable defensive outcomes. Instead of asking whether tools are deployed, organizations can evaluate whether their controls hold up against how attacks are actually executed in their environment. Success is not defined by tool count or compliance alignment. It is defined by defensive performance against real-world adversary behavior at the point of execution. In practice, a focused, well-instrumented defense will outperform a fragmented stack that lacks effective detection into how attacks succeed. <h2>Practical Guide: Mapping Adversary Procedures (Using MITRE ATT&CK as Reference)</h2> Building your first coverage map is not about “mapping to ATT&CK.” It is about using ATT&CK as a reference model to understand how adversaries operate, then validating whether your defenses can detect and disrupt those attacks. The goal is not framework alignment. It is execution-level effectiveness in reducing attacker probability and residual risk. <h3>Define Relevant Adversary Scenarios</h3> Start with the threats that matter most to your organization. This should be informed by threat intelligence, industry patterns, and known attack patterns, not an abstract list of techniques. Rather than selecting isolated techniques, define relevant procedures in your environment based on assets that are most vulnerable. For example: <ul> <li>Credential access via misuse of native tools </li> <li>Lateral movement using remote services or valid accounts </li> <li>Data staging and exfiltration over trusted channels </li> </ul> ATT&CK can help categorize these behaviors, but the focus should remain on how they are executed in practice, not on achieving coverage across the matrix. <h3>Understand Your Defensive Environment</h3> Detection and disruption depend on how your environment is instrumented and controlled. Before mapping adversary behavior, you must understand where security controls actually intersect with the systems, identities, and infrastructure attackers use. This means inventorying where defensive controls operate across endpoints, identities, networks, and cloud services. The goal is not simply to confirm that tools are deployed, but to understand where they meaningfully influence attacker activity. Adversaries move through environments by abusing legitimate pathways—credentials, administrative tools, remote access channels, and trusted services. If your controls are not positioned along those paths, they cannot influence the outcome of an attack. Mapping your environment in this way ensures that defensive coverage reflects how systems are actually used and how attacks actually unfold, rather than how tools are listed in an inventory. <h3>Evaluate Detection and Response Coverage</h3> Assess how your current controls perform against these scenarios: <ul> <li>Where do you generate reliable detections? </li> <li>Where do detections lack context or fidelity? </li> <li>Where are you dependent on manual interpretation? </li> <li>Where do you have no visibility at all? </li> </ul> This is not a binary exercise. Coverage should be evaluated based on confidence, consistency, and timeliness of detection and response. Validation is critical. Simulating adversary behavior—through controlled testing or emulation—confirms whether detections function as expected and whether response actions are effective. Without validation, coverage remains theoretical. <h3>Prioritize and Close Execution Gaps</h3> Gaps often emerge not from missing tools, but from misaligned configurations, incomplete detection logic, or uncorrelated data sources. Addressing these gaps may involve: <ul> <li>Improving detection engineering within existing tools </li> <li>Enriching telemetry or enabling additional logging </li> <li>Tuning correlation and response workflows </li> </ul> The objective is not to expand tooling, but to increase defensive reliability across the execution paths adversaries use. <h2>Conclusion</h2> Tidal Cyber is the first true Threat-Led Defense platform built to flip the traditional defensive model by putting real adversary behavior at the center of your defense strategy. By mapping techniques, sub-techniques, and procedures to ATT&CK, we reveal exactly where you’re exposed and how attackers actually operate. It’s a level of precision you’ve never had before, empowering your security team to proactively reduce risk and optimize high-impact security investments. Threat-Led Defense is Tidal Cyber’s unique implementation of Threat-Informed Defense, enhanced with procedure-level granularity to make CTI more relevant and actionable. </article><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/mapping-your-defenses-to-what-you-need-not-what-you-inherited/" data-a2a-title="Mapping Your Defenses to What You Need, Not What You Inherited"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmapping-your-defenses-to-what-you-need-not-what-you-inherited%2F&linkname=Mapping%20Your%20Defenses%20to%20What%20You%20Need%2C%20Not%20What%20You%20Inherited" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmapping-your-defenses-to-what-you-need-not-what-you-inherited%2F&linkname=Mapping%20Your%20Defenses%20to%20What%20You%20Need%2C%20Not%20What%20You%20Inherited" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmapping-your-defenses-to-what-you-need-not-what-you-inherited%2F&linkname=Mapping%20Your%20Defenses%20to%20What%20You%20Need%2C%20Not%20What%20You%20Inherited" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmapping-your-defenses-to-what-you-need-not-what-you-inherited%2F&linkname=Mapping%20Your%20Defenses%20to%20What%20You%20Need%2C%20Not%20What%20You%20Inherited" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmapping-your-defenses-to-what-you-need-not-what-you-inherited%2F&linkname=Mapping%20Your%20Defenses%20to%20What%20You%20Need%2C%20Not%20What%20You%20Inherited" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.tidalcyber.com/blog">Tidal Cyber Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Tidal Cyber">Tidal Cyber</a>. Read the original post at: <a href="https://www.tidalcyber.com/blog/mapping-your-defenses-to-what-you-need-not-what-you-inherited">https://www.tidalcyber.com/blog/mapping-your-defenses-to-what-you-need-not-what-you-inherited</a>

securityboulevard.com

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

None
Published date: 2026-03-19 00:00:00

None

Austin, TX, USA, March 19th, 2026, CyberNewswireNew Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more.<a target="_blank" rel="nofollow noopener" href="https://spycloud.com/">SpyCloud</a>, the leader in identity threat protection, today released its annual <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/resource/report/spycloud-annual-identity-exposure-report-2026/?utm_medium=pr&utm_source=cybernewswire&utm_term=press-release&utm_campaign=2026-exposure-report">2026 Identity Exposure Report</a>, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure.Last year, SpyCloud saw a 23% increase in its recaptured identity datalake, which now totals 65.7B distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to traditional username and password combinations and personally identifiable information (PII).<blockquote>“We’re witnessing a structural shift in how identity is exploited,” said <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/team/trevor-hilligoss/">Trevor Hilligoss, Chief Intelligence Officer at SpyCloud</a>. “Attackers are no longer just targeting credentials. They’re stealing authenticated access, including API keys, session tokens and automation credentials, and using this access to move faster, stay persistent, and scale attacks across cloud and enterprise environments.”</blockquote>Key Findings from the 2026 Identity Exposure Report:Non-Human Identities Are Now a Core Attack SurfaceSpyCloud recaptured 18.1 million exposed API keys and tokens in 2025, spanning payment platforms, cloud infrastructure providers, developer ecosystems, collaboration tools, and AI services.The report also identified 6.2 million credentials or authentication cookies tied to AI tools, reflecting rapid enterprise adoption of AI platforms and the associated expansion of machine-based access paths.Unlike human credentials, these NHIs often lack MFA enforcement, rotate infrequently, and operate with broad permissions. When exposed, they can provide attackers with persistent access to production systems, software supply chains, and cloud infrastructure.Phishing is an Enterprise ThreatSpyCloud recaptured 28.6 million phished identity records in 2025. Notably, nearly half of those identities were corporate users, reinforcing that phishing remains a persistent enterprise threat.This trend aligns with <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/newsroom/phishing-has-surged-400-percent-year-over-year/">SpyCloud research</a> showing that successful phishing attacks have surged 400% YoY. The result is a clear warning to enterprises: their workforce is now 3x more likely to be targeted with phishing attacks than infostealer malware.Modern phishing datasets increasingly contain more than credentials. Many include session cookies, authentication tokens, and MFA workflow data, allowing attackers to assume authenticated sessions without triggering traditional alerts. With an influx of bad actors leveraging AI to craft more realistic lures and automate campaigns, this problem is not going away anytime soon, and enterprise security teams must go beyond employee training for a more true preventative approach.Session Theft and MFA Bypass Continue at ScaleSpyCloud recaptured 8.6 billion stolen cookies and session artifacts exposed through malware infections, demonstrating continued attacker focus on session hijacking techniques that bypass traditional authentication safeguards. In parallel, SpyCloud analysis of underground combolists found that 51% of records overlapped with previously observed infostealer logs, indicating that criminals are increasingly repackaging malware-exfiltrated data rather than relying solely on fresh breach disclosures.Public reporting throughout the past year has documented multiple MFA bypass campaigns leveraging adversary-in-the-middle (AitM) phishing kits and session replay techniques, including activity targeting Microsoft 365 environments through stolen authentication tokens.On March 4, 2026, Europol announced, in partnership with Microsoft and other private organizations, that it had executed a coordinated seizure of Tycoon 2FA – a major phishing-as-a-service infrastructure and service that enabled widespread MFA bypass through AitM techniques – and disrupted its operational capabilities significantly. <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/blog/tycoon-2fa-takedown-inside-the-global-phishing-infrastructure-disruption/">SpyCloud supported the global disruption effort</a> by contributing victim identity intelligence and operational analysis drawn from criminal underground sources. The recent operation highlights the industrialization of phishing and the growing value of session artifacts in attacker workflows. Malware Continues to Exfiltrate Identity DataDespite the <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/newsroom/phishing-is-the-leading-cause-of-ransomware-attacks-in-2025/">rise of phishing</a>, infostealer malware remains a significant contributor to identity exposure, enabling attackers to harvest credentials, cookies, and authentication tokens from infected devices. SpyCloud recaptured over 642.4 million exposed credentials from 13.2 million infostealer malware infections in 2025. That’s an average of 50 exposed user credentials per malware infection – further expanding the amount of entry points available to bad actors. A notable portion of infections occurred on endpoints with EDR or antivirus tools installed, reinforcing that endpoint controls alone are not sufficient to prevent identity theft.Credential Exposure Remains High, with Weak Password HygieneSpyCloud recaptured 5.3 billion credential pairs – stolen credentials consisting of usernames or email addresses and passwords.Among exposed corporate credentials, 80% contained plaintext passwords, significantly lowering the barrier to immediate account takeover attacks. Once again, predictable patterns tied to pop culture, sports, and short numeric strings continue to be used broadly. Top trendy passwords include:<ul> <li>67 / sixseven: 140.4M</li> <li>sweet / cookie / candy / cake / pie: 5.7M</li> <li>chiefs / kansas city chiefs: 5M</li> <li>2025: 4.1M</li> <li>apple / banana / orange / strawberry / fruit: 2.6M</li> </ul>Password reuse remains widespread, and the report also identified 1.1 million password manager master passwords circulating in underground sources, raising concerns about vault-level compromise when master credentials are weak.The Expanding Identity Exposure SurfaceThe 2026 report highlights a central shift in identity threats and underscores the need for continuous identity threat protection across both human and machine identities. Attackers are combining breach data, phishing captures, malware logs, session tokens, and machine credentials to construct composite identity profiles that fuel everything from session hijacking and ransomware to supply chain compromise.As organizations accelerate cloud adoption and embed AI tools across workflows, machine identities are becoming deeply integrated into critical systems. The theft of these credentials and authentication tokens can create downstream ripple effects far beyond a single compromised account.<blockquote>“The challenge isn’t just stopping phishing or malware,” Hilligoss added. “It’s understanding how exposed identities connect across systems, vendors, and automation workflows.” </blockquote><blockquote>He continues, “SpyCloud has recaptured nearly one trillion stolen identity assets in our 10 years of disrupting cybercrime. It’s the basis of our insights on the evolution of identity sprawl and the ways in which bad actors aim to weaponize data against individuals and businesses. But there is good news for defenders. When organizations continuously monitor exposure and build in automated remediation workflows – we’ve seen how that can significantly shrink the attacker’s window of opportunity, and that’s a win worth fighting for.”</blockquote>Full report and in-depth analysis available <a target="_blank" rel="nofollow noopener" href="https://spycloud.com/resource/report/spycloud-annual-identity-exposure-report-2026/?utm_medium=pr&utm_source=cybernewswire&utm_term=press-release&utm_campaign=2026-exposure-report">here</a>.About SpyCloud<a target="_blank" rel="nofollow noopener" href="https://spycloud.com/">SpyCloud</a> transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now. To learn more and see insights on your company’s exposed data, users can visit <a target="_blank" rel="nofollow noopener" href="http://spycloud.com">spycloud.com</a>.<h5>Contact</h5>Katie Hanusik REQ on behalf of SpyCloud <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c0b3b0b9a3acafb5a480b2a5b1eea3af">[email protected]</a> <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/spyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft/" data-a2a-title="SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fspyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft%2F&linkname=SpyCloud%E2%80%99s%202026%20Identity%20Exposure%20Report%20Reveals%20Explosion%20of%20Non-Human%20Identity%20Theft" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fspyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft%2F&linkname=SpyCloud%E2%80%99s%202026%20Identity%20Exposure%20Report%20Reveals%20Explosion%20of%20Non-Human%20Identity%20Theft" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fspyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft%2F&linkname=SpyCloud%E2%80%99s%202026%20Identity%20Exposure%20Report%20Reveals%20Explosion%20of%20Non-Human%20Identity%20Theft" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fspyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft%2F&linkname=SpyCloud%E2%80%99s%202026%20Identity%20Exposure%20Report%20Reveals%20Explosion%20of%20Non-Human%20Identity%20Theft" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fspyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft%2F&linkname=SpyCloud%E2%80%99s%202026%20Identity%20Exposure%20Report%20Reveals%20Explosion%20of%20Non-Human%20Identity%20Theft" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

None
Published date: 2026-03-19 00:00:00

None

<div data-elementor-type="wp-post" data-elementor-id="10723" class="elementor elementor-10723" data-elementor-post-type="post"> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4b3a23b e-con-full e-flex e-con e-parent" data-id="4b3a23b" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-c3745e6 elementor-widget elementor-widget-heading" data-id="c3745e6" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Key Takeaways</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-d61cfc8 e-con-full e-flex e-con e-parent" data-id="d61cfc8" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1cc3550 elementor-widget elementor-widget-text-editor" data-id="1cc3550" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <ul> <li>CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA</li> <li>Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution</li> <li>NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is available addressing multiple COMMGR2 vulnerabilities</li> <li>No evidence of active exploitation in the wild; specific affected versions and patches detailed in vendor advisory</li> </ul></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-7922e98 e-con-full e-flex e-con e-parent" data-id="7922e98" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-32cc4f0 elementor-widget elementor-widget-heading" data-id="32cc4f0" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">CVE-2026-3630: What Happened?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-7b5767d e-con-full e-flex e-con e-parent" data-id="7b5767d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-af4318e elementor-widget elementor-widget-text-editor" data-id="af4318e" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> CVE-2026-3630 represents a critical out-of-bounds write vulnerability in Delta Electronics COMMGR2, an industrial communication and engineering support component. NVD lists CWE-787 (Out-of-bounds Write), sourced from the CNA. As a result, the vulnerability enables remote attackers to execute arbitrary code without authentication or user interaction. The CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N indicates this is a network-accessible flaw with low attack complexity. It requires no privileges or user interaction. As a result, it earns a Critical 9.8 rating. Successful attacks could lead to full compromise of data privacy, integrity, and availability on affected systems. In response, Delta Electronics has released a Product Cybersecurity Advisory (Delta-PCSA-2026-00005) addressing this vulnerability alongside CVE-2026-3631, indicating joint disclosure of multiple COMMGR2 security issues. </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-fbe0a75 e-con-full e-flex e-con e-parent" data-id="fbe0a75" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9271f5c elementor-widget elementor-widget-heading" data-id="9271f5c" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Who’s Affected?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-6b89f6a e-con-full e-flex e-con e-parent" data-id="6b89f6a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-998466b elementor-widget elementor-widget-text-editor" data-id="998466b" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> The vulnerability affects Delta Electronics COMMGR2 software, which is commonly deployed in industrial automation environments, including manufacturing, building automation, energy, and logistics sectors. In particular, COMMGR2 typically runs on engineering workstations and servers that support Delta’s industrial control systems and automation equipment. Organizations using Delta automation products should consult the vendor’s Product Cybersecurity Advisory Delta-PCSA-2026-00005 for specific affected version ranges and patch information. Given the network-accessible nature of this vulnerability, systems with COMMGR2 exposed to network traffic represent the highest risk exposure. Industrial environments where COMMGR2 is installed on operator or engineering workstations may face particular risk, as successful exploitation could potentially enable attackers to pivot into operational technology (OT) networks or manipulate industrial control configurations. </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-60e74a5 e-con-full e-flex e-con e-parent" data-id="60e74a5" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9fec738 elementor-widget elementor-widget-heading" data-id="9fec738" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Want to Learn More?</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-40b423a e-con-full e-flex e-con e-parent" data-id="40b423a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-c1ba1ef elementor-widget elementor-widget-text-editor" data-id="c1ba1ef" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> Contact us at <a href="https://www.praetorian.com/contact/">Praetorian</a> to learn how our offensive security team can help you assess your exposure to CVE-2026-3630 and other emerging threats. </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-c3d038d e-con-full e-flex e-con e-parent" data-id="c3d038d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-2f1ae9b elementor-widget elementor-widget-heading" data-id="2f1ae9b" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">References</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4741609 e-con-full e-flex e-con e-parent" data-id="4741609" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-7aa6937 elementor-widget elementor-widget-text-editor" data-id="7aa6937" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-3630" rel="noopener noreferrer">NVD — CVE-2026-3630</a></li> <li><a href="https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-05" rel="noopener noreferrer">CISA Advisory</a></li> <li><a href="https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07" rel="noopener noreferrer">CISA Advisory</a></li> </ul></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-3d477fe e-con-full e-flex e-con e-parent" data-id="3d477fe" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1158cf6 elementor-widget elementor-widget-heading" data-id="1158cf6" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Disclaimer</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-2742f51 e-con-full e-flex e-con e-parent" data-id="2742f51" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-05026e7 elementor-widget elementor-widget-text-editor" data-id="05026e7" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> The information presented reflects our best understanding as of the publication date based on publicly available advisories, NVD data, and vendor disclosures. Details may evolve as new information becomes available. We will update this post if material changes occur. Praetorian makes no guarantees regarding the completeness or accuracy of third-party disclosures referenced herein. </div> </div> </div>The post <a href="https://www.praetorian.com/blog/cve-2026-3630/">CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution</a> appeared first on <a href="https://www.praetorian.com/">Praetorian</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/cve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution/" data-a2a-title="CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcve-2026-3630-critical-buffer-overflow-in-delta-electronics-commgr2-enables-remote-code-execution%2F&linkname=CVE-2026-3630%3A%20Critical%20Buffer%20Overflow%20in%20Delta%20Electronics%20COMMGR2%20Enables%20Remote%20Code%20Execution" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.praetorian.com/blog/">Offensive Security Blog: Latest Trends in Hacking | Praetorian</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by n8n-publisher">n8n-publisher</a>. Read the original post at: <a href="https://www.praetorian.com/blog/cve-2026-3630/">https://www.praetorian.com/blog/cve-2026-3630/</a>

securityboulevard.com

Identity-Centric Security Strategies for Hybrid Workforces

Oluwakorede Akinsete
Published date: 2026-03-19 00:00:00

None

The shift to hybrid work arrangements has revolutionized the cybersecurity perimeter. Currently, roughly half of all employees who are remotely accessible are working from both their offices and homes, using different devices. In this fluid environment, experts are unanimous that identity, and not the network, is the new perimeter. In fact, as one <a href="http://idsalliance.org/webinar/identity-is-the-only-perimeter/" target="_blank" rel="noopener">Identity Defined Security Alliance</a> (IDSA) webinar presentation stated, with the risks associated with working remotely, “identity is no longer the new perimeter, but is now the only perimeter that matters.” This is because the reality is that more than <a href="https://www.idsalliance.org/webinar/identity-is-the-only-perimeter/" target="_blank" rel="noopener">80% of all breaches</a> are the result of stolen or hijacked credentials, which means that one single identity can compromise the entire network. In other words, identity-based security is no longer optional. It is the foundation on which the entire network needs to be built. Workforce identity security needs to be the keystone of the entire network. This article aims to discuss the many ways in which identity-based security can be implemented. <h3 aria-level="1">The Hybrid Reality: New Perimeter, New Threats </h3>Hybrid work has effectively broken the traditional network moat. Users and workers can log in from the kitchen table, the corner of the coffee shop and their personal devices. They can carry sensitive company data with them wherever they go. This has opened the door wide for attackers. <a href="https://www.ibm.com/think/insights/reactive-to-resilient-how-proactive-identity-threat-defense-shifts-cybersecurity-mindset" target="_blank" rel="noopener">IBM</a> states that attackers “are using identities to walk through the front door” since the use of credentials has become the primary entry point for attackers. <a href="http://permiso.io/identity-threat-detection-and-response-itdr">Studies</a> continue to prove that 80% of all cyberattacks in the modern era involve the exploitation of account credentials. <a href="https://www.idsalliance.org/blog/workforce-identity-security-best-practices-the-essential-role-of-unified-identity-protection">A</a> <a href="https://www.idsalliance.org/blog/workforce-identity-security-best-practices-the-essential-role-of-unified-identity-protection" target="_blank" rel="noopener">study states that in 2023</a>, “84% of data breaches involved compromised credentials, costing organizations an average of $4.24 million each.” Playing old security tricks, such as VPNs and firewalls, will do nothing if an attacker has legitimate credentials. This is where the concept of ‘zero-trust’ came about. According to Microsoft, ‘zero-trust’ means that you don’t trust anyone or anything. “We verify who the user is, and at the same time, we are keeping a constant eye on the security of our network, our data and our applications, no matter if they are in the office, working from home, or on the go.” Every single attempt to get access is verified. It is not verified based on the location of the user. It is verified based on who the user is. It is verified based on the state of the device. It is verified based on the risk present. In a hybrid environment, workforce identity security assumes that any login attempt could be an attack. <h3 aria-level="1">Core Principles of Identity-Centric Security </h3>An identity-centric approach flips this old model on its head; we don’t just protect a network and trust that only the right people get in. We make identity our central point of control. So the first thing we want to do is implement a<a href="https://securityboulevard.com/2026/02/empowering-a-global-saas-workforce-from-identity-security-to-financial-access/" target="_blank" rel="noopener"> strong identity and access management (IAM) solution</a>. It involves implementing single sign-on (SSO) with modern federation (SAML, OAuth2/OIDC) and directory sync (SCIM) to verify user identities. This means that even if a password is compromised, MFA or passwordless FIDO ensures that attackers cannot get in. Least privilege and governance are just as important. Every person should have only the access they need to perform their jobs. This requires automating the joiner-mover-leaver process, where access rights are granted and revoked in real-time, as well as periodic checks on access rights. The IDSA identifies one of the weak links in the chain: Breaches often result from identities being fragmented across many isolated accounts and permissions. An attacker needs only one weak point to get into the whole resource. A strict identity security policy can bring all the fragmented identities together by using IAM and SSO systems. Therefore, it can eliminate orphaned identities as well as the problem of privilege creep. Another critical aspect that needs to be considered is the security of non-human identities. Cyberattackers usually target non-human identities to carry out lateral movements. Therefore, as one expert points out, a single compromised non-human identity can provide the attackers with the key to the entire environment. A firm should extend its workforce identity security across all identities under its management. This includes rotating service credentials, certificate management (PKI) and automated processes and devices with the same level of vigilance as users — monitoring and least privilege applied universally. The bottom line is that a robust identity security model is all about continuous verification of all users and devices, MFA and authentication, least privilege and sealing identity gaps throughout the hybrid environment. This is all about a zero-trust approach — no one inside the corporate network is trusted; you have to verify who they are and what they are authorized to do.<h3 aria-level="1">Practical Strategies and Best Practices </h3>Security professionals can help ensure workforce identity security with the following best practices, which flow a bit more smoothly: <ul><li aria-setsize="-1" data-leveltext="●" data-font="Arial" data-listid="1" data-list-defn-props='{"134224900":false,"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Arial","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridMultilevel"}' data-aria-posinset="0" data-aria-level="1">Centralize and Simplify Logins: Implement IAM with SSO and federation for both cloud and on prem apps. This can greatly reduce password fatigue, simplify policy enforcement and allow you to enforce policies such as MFA more easily. One single login with Okta or Azure AD with MFA can replace dozens of individual user logins. Centralization can also make it easier to manage deprovisioning and policy standardization. Just remember, the central SSO service is now a high-value target and must itself be highly secure. </li></ul><ul><li aria-setsize="-1" data-leveltext="●" data-font="Arial" data-listid="1" data-list-defn-props='{"134224900":false,"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Arial","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridMultilevel"}' data-aria-posinset="1" data-aria-level="1">Enforce Multi-Factor and Adaptive Authentication: Ensure at least two factors for all users, with special consideration for administrators. Implement adaptive MFA, which can request an additional authentication factor based on the riskiness of the login attempt. Phishing-resistant MFA, such as FIDO2 with hardware keys or biometrics, is especially strong. Studies have shown that moving toward passwordless or phishing-resistant MFA can significantly reduce account-takeover attacks. Another type of continuous authentication can quietly reauthenticate users based on behavioral factors such as suspicious behavior. </li></ul><ul><li aria-setsize="-1" data-leveltext="●" data-font="Arial" data-listid="1" data-list-defn-props='{"134224900":false,"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Arial","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridMultilevel"}' data-aria-posinset="2" data-aria-level="1">Implement Identity Governance: Implement the tools and processes required to manage the identity and access life cycle. Automate provisioning and deprovisioning (via SCIM or HR workflows), ensuring users’ access is always in sync with their roles. Inactive accounts should be periodically disabled. The IDSA states, “account sprawl, or the lack of identity and access management, is a significant and growing risk to an organization.” Account sprawl can result in unknown risks, and the longer it is left unaddressed, the more serious the risks become. To address account sprawl, you can retire unused accounts and consolidate duplicate identities. Implementing a privileged access management (PAM) solution can vault and manage administrator credentials and limit the time for which an administrator is privileged. </li></ul><ul><li aria-setsize="-1" data-leveltext="●" data-font="Arial" data-listid="1" data-list-defn-props='{"134224900":false,"335551671":0,"335552541":1,"335559685":720,"335559991":360,"469769226":"Arial","469769242":[8226],"469777803":"left","469777804":"●","469777815":"hybridMultilevel"}' data-aria-posinset="3" data-aria-level="1">Monitor and Respond to Identity Threats: Use identity threat detection and response (ITDR) products or processes to monitor identities for suspicious behavior. This can include monitoring for unusual login activity, brute-force attacks, phishing attempts and lateral movement between accounts. Attack path analysis can be used to understand how a low-privilege account breach can be escalated. IBM suggests a mix of monitoring with AI and automation to score identities for risk and contain attacks — for example — if credentials have been found on the dark web or a login has been attempted. </li></ul><h3 aria-level="1">Technology Enablers </h3>Technology tools are the foundation of a good identity security strategy. Here are some of the commonly used technology tools: <ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="1" data-aria-level="1">Cloud Identity Providers: Microsoft Entra (Azure AD), Okta, Ping Identity and Google Identity are some of the commonly used cloud-based IAM solutions with features such as SSO, MFA and Conditional Access. Identity-as-a-service (IDaaS) solutions such as these support SAML, OAuth2 and OIDC for integration with thousands of SaaS applications. For instance, administrators can enforce device compliance for access to email and CRM applications. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="2" data-aria-level="1">Zero Trust Network Access (ZTNA): ZTNA solutions, such as SASE, connect users to applications rather than providing access to the entire network, and access to applications and resources is determined by identity and device rather than the network location. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="3" data-aria-level="1">Privileged Access Management and Identity Governance & Administration (IGA): CyberArk, BeyondTrust, SailPoint and Saviynt are some of the PAM and IGA solutions commonly used for identity security. These solutions help organizations discover all identities and enforce policies such as JML workflows. They also enable organizations to lock down superuser accounts with just-in-time provisioning and session monitoring. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="4" data-aria-level="1">Multi-Factor and Passwordless Technologies:<a href="https://www.ibm.com/think/insights/reactive-to-resilient-how-proactive-identity-threat-defense-shifts-cybersecurity-mindset" target="_blank" rel="noopener"> MFA</a> for the entire workforce is necessary. New passwordless technologies, such as FIDO2 tokens and platform biometrics, are less vulnerable to credential theft. Companies are increasingly using passkeys and identity wallets to improve security and user experience. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="5" data-aria-level="1">Identity Analytics and Deception: Advanced identity analytics platforms incorporate ML to model normal user behavior. Some companies are using deception technologies, which include fake identity credentials or ‘honey accounts’, which are designed to alert the company if the wrong person finds the fake identity. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}' data-aria-posinset="6" data-aria-level="1">Cross-Domain Identity Solutions: Identity verification is not just about passwords. Some companies are using global eID and credential-issuing solutions such as Entrust or Thales that allow employees to present digital identity cards or mobile credentials in all situations, linking real-world identity to digital identity. </li></ul>A solid foundation of identity technologies enables the security team to adopt the identity-centric model. However, it is also important to note that no single technology is the answer. It is also necessary to develop policies to support the identity-centric model, such as access reviews and incident response and to ensure that all stakeholders are trained on the identity-centric model. <h3 aria-level="1">Identity as the New Security Perimeter in the Hybrid Era </h3>Identity is the lifeblood of security in the modern world. With hybrid work and cloud-based collaboration, an identity-centric approach is no longer a choice; it’s a requirement. When security is prioritized within an organization’s workforce identity, security and agility are maximized. According to an expert, “The future of cybersecurity is identity-centric.” If you are holding on too tightly to outdated notions of security perimeters, you are doing yourself a great disservice. <a href="https://securityboulevard.com/2025/06/identitys-new-frontier-ai-machines-and-the-future-of-digital-trust/" target="_blank" rel="noopener">According to Security Boulevard</a>, “The age of identity-centric security has arrived. Those who cling to perimeter-based security models will find themselves increasingly vulnerable in a world where identity is everything.” The benefits of an identity-centric approach are clear. Businesses that focus on identity verification and security are seeing a clear ROI in reduced fraud and breach attempts. When working in a hybrid environment, an<a href="http://entrust.com/solutions/industries/enterprise/" target="_blank" rel="noopener"> identity security approach</a> is no longer a technical nicety; it’s a business requirement. Security professionals who are identity-centric will not only keep their businesses safe from current threats but will also ensure that they are ready for future threats in this ever-changing world of cyber threats and security. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/identity-centric-security-strategies-for-hybrid-workforces/" data-a2a-title="Identity-Centric Security Strategies for Hybrid Workforces "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fidentity-centric-security-strategies-for-hybrid-workforces%2F&linkname=Identity-Centric%C2%A0Security%C2%A0Strategies%C2%A0for%20Hybrid%20Workforces%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fidentity-centric-security-strategies-for-hybrid-workforces%2F&linkname=Identity-Centric%C2%A0Security%C2%A0Strategies%C2%A0for%20Hybrid%20Workforces%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fidentity-centric-security-strategies-for-hybrid-workforces%2F&linkname=Identity-Centric%C2%A0Security%C2%A0Strategies%C2%A0for%20Hybrid%20Workforces%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fidentity-centric-security-strategies-for-hybrid-workforces%2F&linkname=Identity-Centric%C2%A0Security%C2%A0Strategies%C2%A0for%20Hybrid%20Workforces%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fidentity-centric-security-strategies-for-hybrid-workforces%2F&linkname=Identity-Centric%C2%A0Security%C2%A0Strategies%C2%A0for%20Hybrid%20Workforces%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Storagereview.com

Dell Precision 7875 Review: Threadripper PRO 9995WX Meets Dual RTX PRO 6000 Blackwell GPUs

Dylan Dougherty
Published date: 2026-03-18 16:29:04

Following our most recent review of the Dell Precision 7875 tower workstation, which explored its 96-core AMD Threadripper PRO foundation, expansive memory and storage support, and dual professional GPUs, this updated review focuses on the latest iteration of…

securityboulevard.com

Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification

None
Published date: 2026-03-18 00:00:00

None

<h2>From Identity Renaissance to the Age of Industrialization</h2>In last year’s State of Passwordless Identity Assurance report, we declared an Identity Renaissance—the turning point where enterprises recognized that passwords and shared secrets were fundamentally broken, and began rethinking their approach to digital identity. Security leaders began exploring phishing-resistant authentication, FIDO passkeys, and stronger identity assurance models.In 2026, that realization has evolved into a new challenge: execution at scale.We are now in what HYPR defines as the Age of Industrialization; a phase where the challenge is no longer identifying the right solutions, but operationalizing them at scale across the enterprise. As the report explains, industrialization is where innovation meets real-world complexity, legacy systems, fragmented ownership, and cross-functional dependencies.This shift explains why progress appears to have slowed. It hasn’t.Organizations are now doing the gritty work reminiscent of the Industrial Revolution: aligning identity across HR, IT, security, and help desks; integrating authentication with identity verification; and designing systems that scale securely across every identity touchpoint—from onboarding to account recovery.At the same time, the threat landscape is accelerating. AI-driven phishing, deepfakes, and impersonation attacks are industrializing identity-based threats faster than many organizations can respond.The result: a widening gap between what organizations know they need to do—and what they’ve actually deployed.<h2>The Passwordless Paradox: Why Adoption Has Stalled</h2><h3>Passwordless Authentication Is Now Widely Understood</h3>Over the past several years, passwordless authentication has emerged as one of the most effective strategies for preventing credential-based attacks. Technologies such as FIDO passkeys and phishing-resistant authentication eliminate the shared secrets that attackers commonly exploit. As awareness has grown, many security leaders now recognize passwordless as the future of enterprise identity security.The report shows a significant increase in understanding of phishing-resistant authentication, with: <ul> <li>64% of respondents correctly identifying FIDO passkeys as phishing-resistant (up from 40% in 2025)</li> <li>54% recognizing hardware security keys (up from 34%)</li> </ul><h3>Legacy Infrastructure Slows Passwordless Adoption</h3>Despite increasing awareness, passwordless adoption across enterprises remains uneven.<a href="https://www.hypr.com/resources/report-state-of-passwordless">The 2026 State of Passwordless Identity Assurance report</a> reveals:<ul> <li>76% of organizations still rely on legacy passwords</li> <li>43% have deployed passwordless authentication, yet the vast majority have deployed to less than 50% of their workforce</li> <li>One-third of enterprises have active passwordless pilot projects</li> <li>28% plan to deploy passkeys within the next two years</li> </ul>This gap between awareness and deployment is what we call the Passwordless Paradox.Organizations know that passwords are a major security vulnerability. Yet scaling passwordless authentication across complex enterprise environments often requires overcoming legacy infrastructure, operational complexity, and fragmented identity ownership.In many cases, passwordless remains confined to pilot programs or limited user groups rather than enterprise-wide deployments.<h2>The Reactive Security Problem</h2><h3>Security Spending Still Follows Breaches</h3>Another major trend highlighted in the report is the persistence of reactive cybersecurity investment.Rather than proactively modernizing identity security infrastructure, many organizations still increase spending only after a breach occurs. In fact, 59% of organizations increase security budgets only after experiencing a breach, reinforcing what the report describes as the “hindsight tax.”Security investments often follow a familiar cycle: breach → investigation → budget approval → deployment.And when organizations do respond, the investments are telling. Post-breach spending is most commonly directed towards identity verification (61%) and multi-factor authentication (57%).There’s a reason MFA and IDV dominate post-breach investments. Organizations know what gaps in their current security strategy they need to address. But they don’t feel the urgency of the inevitable attack until it hits them in the face. After an incident, organizations are forced to confront the hard truth, and prioritize investment in security the entire identity lifecycle:<ul> <li>MFA is deployed to strengthen authentication and reduce reliance on single-factor credential</li> <li>IDV is introduced to consistently validate the true identity of the user, especially in high-risk workflows like account recovery and help desk interactions</li> </ul><h3>Breaking the Reactive Security Cycle</h3>While these investments are directionally correct, they are often too late and too fragmented to prevent the initial breach. To reduce identity-based attacks, organizations must shift from reactive spending to proactive identity security strategies, including:<ul> <li>Expanding phishing-resistant passwordless authentication (FIDO passkeys) across the enterprise</li> <li>Embedding identity verification across the entire identity lifecycle, not just at onboarding </li> <li>Securing high-risk workflows such as help desk authentication, account recovery, and device enrollment</li> <li>Eliminating phishable factors and shared secrets entirely </li> </ul><a href="https://www.linkedin.com/in/carla-roncato/">Carla Roncato</a>, our newly-joined VP of Product and I will be discussing the implications of reactive security spending and identity security modernization in more detail during our upcoming <a href="https://www.linkedin.com/events/7436786055921672192?viewAsMember=true">LinkedIn Livestream. </a> Save Your Seat: <a href="https://www.linkedin.com/events/7436786055921672192?viewAsMember=true">Identity Security at Scale: Why Reactive Defense Isn’t Enough</a> <h2>Identity Verification Emerges as a New Enterprise Standard </h2><h3>Identity Verification Is Closing the Identity Assurance Gap </h3>While passwordless authentication continues to scale gradually, another technology is rapidly becoming a core component of modern identity security: <a href="https://www.hypr.com/solutions/identity-verification-audit">identity verification (IDV)</a>.The report shows that 65% of enterprises now use identity verification as part of their security framework.However, most organizations are still applying IDV selectively. In many environments, identity verification is deployed to less than 25% of the workforce, leaving significant gaps in identity assurance. <h3>Why Identity Verification Matters in the Age of AI</h3>Authentication and identity verification serve different purposes within the identity security framework.Authentication answers the question: Does this user have the correct credentials?Identity verification answers a more fundamental question: Is this person actually who they claim to be?As deepfakes, synthetic identities, and AI-driven impersonation attacks become more common, having both across the enterprise becomes critical. <h2>What Security Leaders Should Do Next </h2>The findings from the <a href="https://www.hypr.com/resources/report-state-of-passwordless">2026 State of Passwordless Identity Assurance report </a>highlight a pivotal moment for enterprise identity security.Security leaders should focus on three priorities moving forward. <ul> <li> Scale Passwordless Authentication Across the Enterprise: Passwordless technologies such as passkeys must move beyond pilot programs and become the standard method of authentication across organizations. </li> <li> Shift from Reactive to Proactive Identity Security: Organizations must stop treating identity security investments as a response to breaches and instead adopt proactive strategies that eliminate common attack vectors. </li> <li> Integrate Identity Verification into Identity Lifecycle Management: Identity verification should be embedded across critical identity events—from onboarding and authentication to account recovery and offboarding. </li> </ul><h2>The Future of Passwordless Identity Assurance</h2>The identity threat landscape is evolving rapidly. Passwords and shared secrets remain deeply embedded in enterprise environments, even as attackers increasingly exploit them through phishing, impersonation, and automated credential theft. At the same time, organizations are beginning to recognize that modern identity security requires more than authentication alone.Passwordless authentication and identity verification together form the foundation of a stronger identity assurance framework.The question for organizations today is no longer whether to modernize identity security—but how quickly they can scale these protections across the enterprise. Download the full <a href="https://www.hypr.com/resources/report-state-of-passwordless">2026 State of Passwordless Identity Assurance report</a> to explore the complete findings and learn how organizations are preparing for the next era of identity security. <a href="https://www.hypr.com/blog/saying-goodbye-to-windows-hello-for-business#UnderH1Newsletter" style="color: #1a1288;">Subscribe to our updates</a> to receive expert insights and learn how HYPR’s multi-factor verification and digital identity solutions can protect your business and customers.<a href="https://www.hypr.com/resources/report-state-of-passwordless"><img fetchpriority="high" decoding="async" src="https://www.hypr.com/hs-fs/hubfs/HYPR_Sopia_03.jpg?width=731&height=411&name=HYPR_Sopia_03.jpg" width="731" height="411" alt="HYPR_Sopia_03" style="height: auto; max-width: 100%; width: 731px; margin-left: auto; margin-right: auto; display: block;"></a> <img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=2670073&k=14&r=https%3A%2F%2Fwww.hypr.com%2Fblog%2Fthree-identity-security-trends-shaping-2026&bu=https%253A%252F%252Fwww.hypr.com%252Fblog&bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/three-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification/" data-a2a-title="Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthree-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification%2F&linkname=Three%20Identity%20Security%20Trends%20Shaping%202026%3A%20Passwordless%20Adoption%2C%20Reactive%20Security%2C%20and%20the%20Rise%20of%20Identity%20Verification" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthree-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification%2F&linkname=Three%20Identity%20Security%20Trends%20Shaping%202026%3A%20Passwordless%20Adoption%2C%20Reactive%20Security%2C%20and%20the%20Rise%20of%20Identity%20Verification" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthree-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification%2F&linkname=Three%20Identity%20Security%20Trends%20Shaping%202026%3A%20Passwordless%20Adoption%2C%20Reactive%20Security%2C%20and%20the%20Rise%20of%20Identity%20Verification" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthree-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification%2F&linkname=Three%20Identity%20Security%20Trends%20Shaping%202026%3A%20Passwordless%20Adoption%2C%20Reactive%20Security%2C%20and%20the%20Rise%20of%20Identity%20Verification" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthree-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification%2F&linkname=Three%20Identity%20Security%20Trends%20Shaping%202026%3A%20Passwordless%20Adoption%2C%20Reactive%20Security%2C%20and%20the%20Rise%20of%20Identity%20Verification" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.hypr.com/blog">HYPR Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Bojan Simic, CEO, HYPR">Bojan Simic, CEO, HYPR</a>. Read the original post at: <a href="https://www.hypr.com/blog/three-identity-security-trends-shaping-2026">https://www.hypr.com/blog/three-identity-security-trends-shaping-2026</a>

securityboulevard.com

Randall Munroe’s XKCD ‘SNEWS’

None
Published date: 2026-03-18 00:00:00

None

<figure class=" sqs-block-image-figure intrinsic "> <a class=" sqs-block-image-link " href="https://xkcd.com/3208/"></a> <img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png" data-image-dimensions="740x321" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=1000w" width="740" height="321" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/8f7b372d-f634-44f5-b2a4-6cfa5ce3face/snews.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"> <figcaption class="image-caption-wrapper"> via the comic artistry and dry wit of Randall Munroe, creator of XKCD </figcaption></figure><a href="https://www.infosecurity.us/blog/2026/3/18/randall-munroes-xkcd-snews">Permalink</a> <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/randall-munroes-xkcd-snews/" data-a2a-title="Randall Munroe’s XKCD ‘SNEWS’"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-snews%2F&linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98SNEWS%E2%80%99" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-snews%2F&linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98SNEWS%E2%80%99" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-snews%2F&linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98SNEWS%E2%80%99" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-snews%2F&linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98SNEWS%E2%80%99" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-snews%2F&linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98SNEWS%E2%80%99" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3208/">https://xkcd.com/3208/</a>

securityboulevard.com

Threat Hunting and Incident Response Platform

None
Published date: 2026-03-18 00:00:00

None

<h3 class="wp-block-heading">Strengthening Security Operations Through Continuous Threat Detection and Rapid Response</h3><h1 class="wp-block-heading">The Growing Need for Proactive Security</h1>Modern organizations operate in highly dynamic digital environments that span cloud infrastructure, remote workforces, SaaS applications, and interconnected enterprise systems. While these technologies accelerate business growth, they also significantly expand the attack surface. Cyber adversaries are becoming more sophisticated, leveraging stealth techniques, automated tools, and multi-stage attack strategies that often evade traditional security defenses.In this evolving threat landscape, relying solely on reactive security measures is no longer sufficient. Security teams must adopt a proactive approach that continuously searches for hidden threats while ensuring that incidents are contained and remediated quickly. This is where a Threat Hunting and Incident Response Platform becomes critical to maintaining a strong security posture.<h1 class="wp-block-heading">Understanding Threat Hunting in Modern Security Operations</h1>Threat hunting is the proactive process of identifying malicious activities that bypass traditional detection systems. Instead of waiting for alerts triggered by predefined signatures or rules, security teams actively analyze network behavior, endpoint activity, user behavior patterns, and system anomalies to uncover potential threats.Modern threat hunting relies heavily on advanced analytics, machine learning, and behavioral detection models. By analyzing vast amounts of telemetry data across the enterprise, security platforms can identify suspicious patterns that indicate compromise attempts, lateral movement, credential abuse, or data exfiltration.However, manual threat hunting alone is resource-intensive and difficult to scale. Organizations require intelligent platforms capable of automating data correlation, anomaly detection, and investigative workflows while enabling security analysts to validate findings quickly.<h1 class="wp-block-heading">Threat Hunting Methodologies Used in Modern Security Operations</h1>Effective threat hunting is not a random process. It follows structured methodologies that allow security teams to systematically uncover hidden threats within enterprise environments.<h3 class="wp-block-heading">Hypothesis-Driven Hunting</h3>In this approach, security analysts begin with a hypothesis based on known attacker techniques, threat intelligence reports, or unusual system behaviors. For example, analysts may investigate abnormal authentication patterns or unusual data transfer activities that could indicate credential misuse or data exfiltration attempts.<h3 class="wp-block-heading">Indicator-Based Hunting</h3>Indicator-based hunting focuses on identifying known indicators of compromise (IOCs) such as malicious IP addresses, suspicious domains, or known malware signatures. Security teams use these indicators to search across enterprise telemetry to determine whether the organization has been exposed to a known threat.<h3 class="wp-block-heading">Behavior-Driven Hunting</h3>Advanced threat actors often use techniques that leave minimal signatures. Behavioral threat hunting focuses on identifying anomalies in user behavior, endpoint activity, and network traffic. By analyzing deviations from normal patterns, security teams can uncover stealthy attacks that traditional detection systems may miss.<figure class="wp-block-image size-full"><img fetchpriority="high" decoding="async" width="840" height="597" src="https://seceon.com/wp-content/uploads/2026/03/image-8.png" alt="" class="wp-image-30762" srcset="https://seceon.com/wp-content/uploads/2026/03/image-8.png 840w, https://seceon.com/wp-content/uploads/2026/03/image-8-300x213.png 300w, https://seceon.com/wp-content/uploads/2026/03/image-8-768x546.png 768w" sizes="(max-width: 840px) 100vw, 840px"></figure><h1 class="wp-block-heading">Why Incident Response Must Be Integrated with Threat Hunting</h1>Detecting threats is only the first step in cybersecurity defense. Once suspicious activity is identified, organizations must respond rapidly to contain the attack before it spreads across systems or compromises sensitive data.Incident response involves a structured set of processes designed to identify, analyze, contain, eradicate, and recover from security incidents. In modern environments where attacks unfold within minutes, manual response processes can significantly delay containment efforts.An integrated Threat Hunting and Incident Response Platform enables security teams to move seamlessly from detection to remediation. By combining threat intelligence, automated investigation capabilities, and response orchestration, such platforms significantly reduce the time required to contain security incidents.This integration ensures that security teams are not only detecting threats faster but also responding to them with precision and efficiency.<h1 class="wp-block-heading">Core Capabilities of an Effective Threat Hunting and Incident Response Platform</h1>A comprehensive platform designed for modern security operations should deliver multiple capabilities that work together to provide visibility, intelligence, and automated response.<h3 class="wp-block-heading">1. Continuous Behavioral Monitoring</h3>Advanced platforms continuously monitor network traffic, endpoint activity, user behavior, and application interactions to identify anomalies that may indicate malicious activity. Behavioral analytics helps detect sophisticated threats that do not match known signatures.<h3 class="wp-block-heading">2. Unified Data Correlation</h3>Security data often comes from multiple sources including firewalls, endpoints, cloud platforms, identity systems, and network devices. A robust platform correlates telemetry from these sources in real time to identify multi-stage attacks and complex threat patterns.<h3 class="wp-block-heading">3. Automated Threat Detection</h3>Machine learning models and advanced analytics can identify indicators of compromise, suspicious behaviors, and attack techniques. Automated detection reduces the burden on security teams while improving detection accuracy.<h3 class="wp-block-heading">4. Guided Threat Hunting</h3>Modern platforms provide built-in hunting frameworks that allow analysts to search for indicators of compromise across large datasets. These frameworks enable analysts to investigate suspicious activity efficiently without manually parsing massive logs.<h3 class="wp-block-heading">5. Rapid Incident Investigation</h3>Once a potential threat is detected, analysts require contextual visibility to understand the attack scope. Incident investigation capabilities provide timelines, attack chains, entity relationships, and behavioral insights that help security teams quickly determine the severity of an incident.<h3 class="wp-block-heading">6. Automated Response and Containment</h3>To minimize damage, platforms should support automated response actions such as isolating compromised endpoints, blocking malicious IP addresses, terminating suspicious processes, or revoking compromised credentials. Automation accelerates containment while reducing manual workload.<h3 class="wp-block-heading">7. Threat Intelligence Integration</h3>Integrating global threat intelligence helps security platforms identify known malicious indicators and emerging attack campaigns. This intelligence enhances detection accuracy and provides additional context for incident investigations.<h1 class="wp-block-heading">The Role of Automation in Accelerating Incident Response</h1>One of the major challenges faced by security teams today is the sheer volume of alerts generated by security tools. Manual investigation of every alert can significantly slow down response times.Automation plays a critical role in improving incident response efficiency by:• Automatically correlating events across multiple security systems • Prioritizing high-risk alerts using advanced analytics • Triggering predefined containment actions when malicious activity is confirmed • Reducing manual investigation time for security analystsBy automating repetitive tasks and orchestrating response workflows, security platforms enable security teams to focus on complex threat investigations rather than routine operational tasks.<h1 class="wp-block-heading">Operational Benefits for Security Teams</h1>Implementing a threat hunting and incident response platform provides several operational advantages for modern security teams.<h3 class="wp-block-heading">Reduced Detection Time</h3>By continuously analyzing behavioral data and correlating telemetry across systems, security platforms can identify threats much earlier in the attack lifecycle.<h3 class="wp-block-heading">Faster Incident Response</h3>Automated investigation workflows and response actions dramatically reduce the time required to contain threats, minimizing potential damage.<h3 class="wp-block-heading">Improved Analyst Efficiency</h3>Security teams often face alert fatigue due to overwhelming volumes of security notifications. Intelligent platforms prioritize high-risk alerts and automate repetitive tasks, allowing analysts to focus on strategic investigations.<h3 class="wp-block-heading">Comprehensive Visibility</h3>Unified monitoring across networks, endpoints, users, and cloud environments ensures that security teams have complete visibility into potential threats across the organization.<figure class="wp-block-image size-full"><img decoding="async" width="852" height="552" src="https://seceon.com/wp-content/uploads/2026/03/image-9.png" alt="" class="wp-image-30763" srcset="https://seceon.com/wp-content/uploads/2026/03/image-9.png 852w, https://seceon.com/wp-content/uploads/2026/03/image-9-300x194.png 300w, https://seceon.com/wp-content/uploads/2026/03/image-9-768x498.png 768w" sizes="(max-width: 852px) 100vw, 852px"></figure><h1 class="wp-block-heading">Security Metrics That Help SOC Teams Measure Detection and Response Performance</h1>Organizations investing in threat hunting and incident response capabilities must continuously measure operational performance to improve detection and response effectiveness. Security metrics provide valuable insights into how efficiently threats are being identified and contained.<h3 class="wp-block-heading">Mean Time to Detect (MTTD)</h3>This metric measures how quickly a security team can identify a potential threat after it enters the environment. Lower detection times indicate stronger monitoring and threat hunting capabilities.<h3 class="wp-block-heading">Mean Time to Respond (MTTR)</h3>MTTR measures the time required to contain and remediate a detected incident. Efficient response workflows and automation significantly reduce this metric.<h3 class="wp-block-heading">Alert Investigation Efficiency</h3>Security teams often handle thousands of alerts daily. Platforms that reduce false positives and provide contextual insights allow analysts to investigate alerts more effectively and prioritize high-risk threats.<h3 class="wp-block-heading">Threat Coverage Visibility</h3>Organizations should assess how well their security platform monitors endpoints, networks, cloud environments, and identity systems to ensure comprehensive threat coverage.<h1 class="wp-block-heading">Challenges Organizations Face Without a Unified Platform</h1>Many organizations rely on multiple disconnected security tools to manage threat detection and response. While each tool may provide specific capabilities, this fragmented approach creates several operational challenges.Security teams often struggle with limited visibility across environments, slow investigations due to manual data correlation, and delayed response times caused by fragmented workflows. Additionally, analysts may experience alert fatigue when multiple tools generate uncoordinated alerts.A unified platform that combines threat detection, threat hunting, and incident response capabilities eliminates these challenges by providing centralized visibility, automated correlation, and streamlined response processes.How Seceon Enhances Threat Hunting and Incident ResponseSeceon’s platform is designed to support modern security operations through intelligent automation, behavioral analytics, and unified threat visibility. By continuously analyzing security telemetry across the enterprise, the platform identifies suspicious behaviors and potential attack patterns in real time.Seceon enables proactive threat hunting through advanced analytics that surface hidden threats often missed by traditional security tools. Security teams can investigate incidents through contextual insights, attack timelines, and correlated event data that simplify complex investigations.By combining advanced analytics, automated threat detection, and integrated response capabilities, Seceon enables security teams to shift from reactive alert handling to proactive threat management. The platform continuously analyzes security telemetry across endpoints, networks, identities, and cloud environments to identify complex attack patterns that may otherwise remain undetected.In addition to detection and investigation, Seceon accelerates incident response by automating containment actions and remediation workflows. This integrated approach enables organizations to detect threats earlier, respond faster, and reduce the operational burden on security teams.<h1 class="wp-block-heading">The Future of Security Operations</h1>As cyber threats continue to evolve, organizations must shift from reactive defense strategies to proactive security operations. Threat hunting combined with automated incident response is becoming a foundational capability for modern security teams.Platforms that integrate continuous monitoring, intelligent detection, and automated response provide organizations with the agility needed to combat sophisticated threats. By empowering security teams with advanced analytics and automation, organizations can significantly strengthen their cybersecurity posture.A unified Threat Hunting and Incident Response Platform ensures that threats are not only detected quickly but also contained before they can impact critical systems and data. For organizations seeking to enhance their security operations, adopting such a platform is no longer optional-it is essential.<figure class="wp-block-image size-large"><a href="https://seceon.com/contact-us/"><img decoding="async" width="1024" height="301" src="https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-1024x301.jpg" alt="Footer-for-Blogs-3" class="wp-image-22913" srcset="https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-1024x301.jpg 1024w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-530x156.jpg 530w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-300x88.jpg 300w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-768x226.jpg 768w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1.jpg 1200w" sizes="(max-width: 1024px) 100vw, 1024px"></a></figure>The post <a href="https://seceon.com/threat-hunting-and-incident-response-platform/">Threat Hunting and Incident Response Platform</a> appeared first on <a href="https://seceon.com/">Seceon Inc</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/threat-hunting-and-incident-response-platform/" data-a2a-title="Threat Hunting and Incident Response Platform"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthreat-hunting-and-incident-response-platform%2F&linkname=Threat%20Hunting%20and%20Incident%20Response%20Platform" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthreat-hunting-and-incident-response-platform%2F&linkname=Threat%20Hunting%20and%20Incident%20Response%20Platform" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthreat-hunting-and-incident-response-platform%2F&linkname=Threat%20Hunting%20and%20Incident%20Response%20Platform" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthreat-hunting-and-incident-response-platform%2F&linkname=Threat%20Hunting%20and%20Incident%20Response%20Platform" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthreat-hunting-and-incident-response-platform%2F&linkname=Threat%20Hunting%20and%20Incident%20Response%20Platform" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://seceon.com/">Seceon Inc</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Anamika Pandey">Anamika Pandey</a>. Read the original post at: <a href="https://seceon.com/threat-hunting-and-incident-response-platform/">https://seceon.com/threat-hunting-and-incident-response-platform/</a>

securityboulevard.com

What Golden Dome Requires from Federal DevSecOps Teams

None
Published date: 2026-03-18 00:00:00

None

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/what-golden-dome-requires-from-federal-devsecops-teams" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_future_federal_cybersecurity.jpg" alt="Image of a digital screen with checkmarks and a central icon of a larger checkmark inside a hexagon" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div>The threat environment facing the United States is growing more complex and interconnected. <a href="https://www.federalregister.gov/documents/2025/02/03/2025-02182/the-iron-dome-for-america" style="text-decoration: none;">Executive Order 14186</a> identifies the threat of attack by ballistic, hypersonic, and cruise missiles, along with other advanced aerial attacks, as “the most catastrophic threat facing the United States.” In response, the U.S. is pursuing <a href="https://www.congress.gov/crs-product/IF13115" style="text-decoration: none;">Golden Dome for America</a>, a next-generation missile defense architecture intended to defend the homeland and critical infrastructure against foreign aerial attacks.<img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&k=14&r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fwhat-golden-dome-requires-from-federal-devsecops-teams&bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/what-golden-dome-requires-from-federal-devsecops-teams/" data-a2a-title="What Golden Dome Requires from Federal DevSecOps Teams"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwhat-golden-dome-requires-from-federal-devsecops-teams%2F&linkname=What%20Golden%20Dome%20Requires%20from%20Federal%20DevSecOps%20Teams" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwhat-golden-dome-requires-from-federal-devsecops-teams%2F&linkname=What%20Golden%20Dome%20Requires%20from%20Federal%20DevSecOps%20Teams" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwhat-golden-dome-requires-from-federal-devsecops-teams%2F&linkname=What%20Golden%20Dome%20Requires%20from%20Federal%20DevSecOps%20Teams" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwhat-golden-dome-requires-from-federal-devsecops-teams%2F&linkname=What%20Golden%20Dome%20Requires%20from%20Federal%20DevSecOps%20Teams" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwhat-golden-dome-requires-from-federal-devsecops-teams%2F&linkname=What%20Golden%20Dome%20Requires%20from%20Federal%20DevSecOps%20Teams" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Tom Tapley">Tom Tapley</a>. Read the original post at: <a href="https://www.sonatype.com/blog/what-golden-dome-requires-from-federal-devsecops-teams">https://www.sonatype.com/blog/what-golden-dome-requires-from-federal-devsecops-teams</a>

securityboulevard.com

Menlo Security Adds Platform to Secure AI Agents

Michael Vizard
Published date: 2026-03-18 00:00:00

None

Menlo Security today launched a platform to secure artificial intelligence (AI) agents running in a browser that accesses a cloud-based environment where they can securely access applications.The company already provides a similar platform through which end users are able to securely access applications without requiring IT teams to deploy and maintain a virtual private network (VPN). The <a href="https://www.menlosecurity.com/press-releases/the-next-billion-users-will-not-be-human-menlo-security-launches-industrys-first-browser-security-platform-to-govern-ai-agents">Browser Security Platform</a> leverages that core platform to provide a dedicated cloud computing environment through which AI agents securely access applications and services via a browser.That capability is enabled using a capability Menlo Security developed that converts a user interface developed for a legacy application into machine-readable data that an AI agent can invoke to perform a task. Additionally, that capability enforces a level of separation between instructions and data using tools to visually analyze prompts in a way that ensures an AI agent doesn’t mistake malicious data for a legitimate command.In addition to enforcing least privilege access control via the Menlo Secure Application Access (SAA) framework, the platform also collects telemetry and other forensic data from the document object model (DOM) and file component level of the browser to enable security teams to monitor session flows in real time.<a href="https://securityboulevard.com/wp-content/uploads/2026/03/Menlo.png"><img fetchpriority="high" decoding="async" class="wp-image-2089774 aligncenter" src="https://securityboulevard.com/wp-content/uploads/2026/03/Menlo-300x300.png" alt="" width="573" height="573" srcset="https://securityboulevard.com/wp-content/uploads/2026/03/Menlo-300x300.png 300w, https://securityboulevard.com/wp-content/uploads/2026/03/Menlo-150x150.png 150w, https://securityboulevard.com/wp-content/uploads/2026/03/Menlo.png 600w" sizes="(max-width: 573px) 100vw, 573px"></a>Menlo Security CISO Lionel Litty said that approach enables organizations to more securely deploy AI agents in a way that more granularly enforces security and governance policies. That’s critical because AI agents will access any and all data made available, with some autonomous AI agents having a unique set of permissions that will need to be closely monitored, he added.Cybersecurity teams will also need to constantly monitor AI agent activity in real time as new data is created and additional agents are deployed, noted Litty. The blast radius of any potential incident involving AI agents is going to be much wider given the speed at which AI agents can relentlessly access and process data, said Litty. The timeline during which a cybersecurity incident unfolds has now, in effect, been greatly compressed, he added.In fact, the guardrails that cybersecurity teams should put in place need to be a lot more hardened compared to what have historically been applied to end users because AI agents are now a rich target that adversaries will undoubtedly attack, noted Litty.It’s not clear at what pace cybersecurity teams are moving to secure AI agents. In many cases, AI agents are being deployed at rates that far exceed the ability of cybersecurity teams to track and secure. Eventually, however, it’s only a matter of time before business leaders ask cybersecurity teams to make sure any AI agents that have been deployed are actually secure. The only issue that remains to be seen is how many AI agents might have been deployed before cybersecurity teams are able to secure them.In the meantime, cybersecurity teams should prepare now for a security incident involving an AI agent that at this point is all but inevitable. The challenge now is not just preventing or, at the very least limiting the impact of that breach, but also determining how best to recover from it.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/menlo-security-adds-platform-to-secure-ai-agents/" data-a2a-title="Menlo Security Adds Platform to Secure AI Agents"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmenlo-security-adds-platform-to-secure-ai-agents%2F&linkname=Menlo%20Security%20Adds%20Platform%20to%20Secure%20AI%20Agents" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmenlo-security-adds-platform-to-secure-ai-agents%2F&linkname=Menlo%20Security%20Adds%20Platform%20to%20Secure%20AI%20Agents" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmenlo-security-adds-platform-to-secure-ai-agents%2F&linkname=Menlo%20Security%20Adds%20Platform%20to%20Secure%20AI%20Agents" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmenlo-security-adds-platform-to-secure-ai-agents%2F&linkname=Menlo%20Security%20Adds%20Platform%20to%20Secure%20AI%20Agents" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fmenlo-security-adds-platform-to-secure-ai-agents%2F&linkname=Menlo%20Security%20Adds%20Platform%20to%20Secure%20AI%20Agents" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits

None
Published date: 2026-03-18 00:00:00

None

For over a decade, the SOAR model has been straightforward: hire specialized architects, build playbooks for every alert type, and maintain them as the threat landscape evolves. It brought repeatability and speed to security operations. It was the right model for its time.But that time has passed.Today, most security teams find themselves trapped in a maintenance cycle that consumes more engineering resources every quarter without meaningfully improving investigation quality. The playbooks keep growing. The architects keep leaving. The integrations keep breaking. And the L1 analysts running the SOC at 2 AM still don’t get the investigative guidance they need.The limitation is structural, baked into the architecture itself. A better UI won’t fix it.<figure class="wp-block-image size-large"><img decoding="async" src="https://d3security.com/wp-content/uploads/2026/03/soar-ceiling-fig1-pain-cycle-web.jpg" alt=""></figure><h2 class="wp-block-heading">The Five Fractures in the Static Playbook Model</h2>Security leaders evaluating their next SOAR investment should be honest about what’s actually happening inside their SOC. The static playbook model is fracturing along five predictable lines.SOAR architect dependency is the most obvious. Every playbook requires a specialist to design, build, test, and maintain it. That role is scarce, expensive, and creates an acute staffing bottleneck. When the architect leaves, institutional knowledge walks out the door.Playbook sprawl is the second. A mature SOC may operate hundreds of playbooks, each requiring ongoing updates as threats, tools, and procedures change. This maintenance burden grows linearly and routinely outpaces the team’s capacity to manage it.Static logic in a dynamic threat landscape is the third. A phishing playbook runs the same investigation whether the target is an intern or the CFO, whether the payload is known malware or a novel zero-day. Context doesn’t reach the investigation because the investigation was designed without it.Silent integration failures are the fourth. When a vendor updates their API, dependent playbooks fail silently. Alerts queue, automation stops, and the break is often discovered hours or days later.And the L1 analyst gap is the fifth. Static playbooks are designed by experienced engineers but executed in environments staffed by junior analysts. When an analyst needs to deviate from prescribed steps, they often lack the investigative experience to proceed effectively.The playbook model creates a self-reinforcing maintenance cycle: build, maintain, break, detect, repair, repeat. Each turn of the cycle increases technical debt without improving investigation quality.<h2 class="wp-block-heading">Why AI Copilots and Multi-Agent Systems Don’t Fix This</h2>Across the SOAR market, vendors are responding with a remarkably uniform strategy: integrating general-purpose LLMs into their existing playbook platforms. Type a question, get an answer. Describe a workflow in plain English, get a draft playbook. Some vendors have gone further, introducing multi-agent architectures that coordinate specialized AI agents for investigation, remediation, and case management.These are genuine productivity improvements, and they shouldn’t be dismissed. Faster playbook authoring, more accessible data querying, and a lower technical barrier for less experienced team members are real benefits.The underlying operational model stays the same, though.An AI copilot still requires humans to design investigation logic. It helps you build the same static playbooks faster—it still can’t perform attack path discovery, autonomously trace lateral movement across your security stack, generate contextual playbooks tailored to the specific incident, fix broken integrations, or tell an L1 analyst what questions to ask. The ceiling remains.<figure class="wp-block-image size-large"><img decoding="async" src="https://d3security.com/wp-content/uploads/2026/03/soar-ceiling-fig4-tool-consolidation-e1772735323559.png" alt=""></figure><h2 class="wp-block-heading">Multi-Agent Complexity: The New Playbook Sprawl</h2>Multi-agent architectures deserve special scrutiny because they’re being marketed as the next evolution beyond static playbooks. The premise is appealing: instead of one monolithic system, coordinate a fleet of specialized agents that investigate, remediate, and manage cases independently.In practice, multi-agent systems introduce a distinct category of engineering burden that mirrors the playbook problem they claim to solve.Where a traditional deployment requires maintaining hundreds of static playbooks, a multi-agent platform requires maintaining a portfolio of specialized agents, each with its own prompt engineering, tool configurations, RAG knowledge bases, and autonomy boundaries. An investigation agent, a triage agent, a remediation agent, and a case management agent may each require independent tuning, testing, and updating. The operational burden shifts from workflow logic to agent configuration.<div class="wp-block-group is-layout-flow wp-block-group-is-layout-flow has-border-color has-secondary-background-color has-background wp-block-group-" style="border-color:#e2e8f0;border-width:1px;border-radius:12px;padding-top:28px;padding-right:32px;padding-bottom:28px;padding-left:32px"> <h3 class="wp-block-heading">The hidden costs of multi-agent SOAR:</h3> <ul class="wp-block-list"> <li>Agent sprawl replaces playbook sprawl, with each agent requiring its own prompt engineering, RAG pipelines, and tool configs</li> <li>Cascading failures across agent chains are harder to diagnose than a broken playbook step, because each agent’s reasoning is non-deterministic</li> <li>Threat landscape updates require per-agent prompt and RAG maintenance, creating a maintenance lifecycle for every agent</li> <li>A new staffing bottleneck emerges: someone who understands prompt engineering, LLM behavior, RAG design, agent orchestration, and cybersecurity operations — arguably scarcer than the SOAR architect role it replaces</li> <li>Non-deterministic outputs break traditional testing, regression validation, and compliance audit trails</li> <li>Model provider dependency means a version upgrade by a third-party AI provider can silently alter agent behavior across your entire system</li> </ul> </div>And here’s the risk that doesn’t get enough attention: unlike a playbook that fails explicitly when it encounters an unknown scenario, an agent powered by a general-purpose LLM may appear to handle a new threat confidently while producing incorrect or incomplete results. A silent failure mode that is arguably more dangerous than a playbook that simply stops.<h2 class="wp-block-heading">What Actually Changes the Model</h2>If the problem is structural, the fix has to be structural too.Autonomous triage inverts the SOAR model entirely. Instead of humans designing investigation logic in advance, a purpose-trained cybersecurity AI ingests each alert, analyzes its full context, and generates a bespoke investigation and response at runtime. The intelligence moves from the playbook author to the platform itself.On every incoming alert, an autonomous triage platform performs alert ingestion and context assembly across the full security stack, multi-dimensional attack path discovery with both vertical deep-dive into the alert’s origin tool and horizontal correlation across EDR, SIEM, cloud, identity, and network telemetry, contextual playbook generation tailored to the specific incident, and transparent reasoning where every step is described, editable, and auditable.The implications are structural: AI-driven triage eliminates the need for SOAR architects, removes the playbook maintenance lifecycle, delivers L2-level investigation results at L1 cost, runs context-sensitive investigation on every alert, and provides self-healing integrations that eliminate the silent-failure problem.The critical question is whether the AI architecture eliminates the maintenance burden entirely, or merely redistributes it into a form that’s newer, less understood, and potentially harder to manage.<h2 class="wp-block-heading">Questions Worth Asking in Your Next Evaluation</h2>If you’re evaluating SOAR platforms in 2026, there are a few questions that will quickly separate architectural approaches from cosmetic ones.How many SOAR architects do you currently employ to build and maintain playbooks, and what happens when key personnel leave? How many of your playbooks are stale or outdated right now? When an alert fires at 2 AM, does your platform investigate it autonomously, or does it wait for a human? Does your current platform deliver L2-level investigation results to L1 analysts? How many separate products do you operate for workflow automation, case management, and AI tooling? And if the market moves to AI-driven autonomous triage over the next two to three years, can your current platform make that transition, or will you need to replace it entirely?These aren’t rhetorical. They’re the questions that reveal whether your current approach is scaling with your threat landscape or falling further behind every quarter.<h2 class="wp-block-heading">See Autonomous Triage in Action</h2><a href="https://d3security.com/demo/">Request a live demonstration</a> of <a href="https://d3security.com/morpheus/">D3 Morpheus</a> using alert data representative of your environment, including attack path discovery, contextual playbook generation, and the analyst review experience.<figure class="wp-block-image aligncenter size-full"><a href="https://d3security.com/resources/the-soar-ceiling/"><img fetchpriority="high" decoding="async" width="600" height="338" src="https://d3security.com/wp-content/uploads/2026/03/D3_SOAR_Ceiling_Whitepaper-web.jpg" alt='Cover art for the whitepaper titled: "The SOAR Ceiling: Why Playbook Automation Has Reached Its Structural Limits"' class="wp-image-58120" srcset="https://d3security.com/wp-content/uploads/2026/03/D3_SOAR_Ceiling_Whitepaper-web.jpg 600w, https://d3security.com/wp-content/uploads/2026/03/D3_SOAR_Ceiling_Whitepaper-web-300x169.jpg 300w" sizes="(max-width: 600px) 100vw, 600px"></a></figure>Read the Full Resource: <a href="https://d3security.com/resources/the-soar-ceiling/">The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits</a>A comprehensive analysis of the five structural fractures in the static playbook model, why AI copilots and multi-agent architectures don’t solve them, and what autonomous triage means for the future of security operations.The post <a href="https://d3security.com/blog/the-soar-ceiling-playbook-automation-structural-limits/">The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits</a> appeared first on <a href="https://d3security.com/">D3 Security</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/the-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits/" data-a2a-title="The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits%2F&linkname=The%20SOAR%20Ceiling%3A%20Why%20Playbook%20Automation%20Has%20Hit%20Its%20Structural%20Limits" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits%2F&linkname=The%20SOAR%20Ceiling%3A%20Why%20Playbook%20Automation%20Has%20Hit%20Its%20Structural%20Limits" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits%2F&linkname=The%20SOAR%20Ceiling%3A%20Why%20Playbook%20Automation%20Has%20Hit%20Its%20Structural%20Limits" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits%2F&linkname=The%20SOAR%20Ceiling%3A%20Why%20Playbook%20Automation%20Has%20Hit%20Its%20Structural%20Limits" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits%2F&linkname=The%20SOAR%20Ceiling%3A%20Why%20Playbook%20Automation%20Has%20Hit%20Its%20Structural%20Limits" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://d3security.com/">D3 Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shriram Sharma">Shriram Sharma</a>. Read the original post at: <a href="https://d3security.com/blog/the-soar-ceiling-playbook-automation-structural-limits/">https://d3security.com/blog/the-soar-ceiling-playbook-automation-structural-limits/</a>

securityboulevard.com

Colorado Moves to Revise Its Landmark AI Law After Industry Pushback

None
Published date: 2026-03-18 00:00:00

None

Colorado lawmakers are preparing to revise one of the first comprehensive artificial intelligence laws in the United States, following months of tension between regulators, consumer advocates, and the technology industry.A newly released policy framework outlines how the state may adjust its 2024 AI law before enforcement begins later this year.At the center of the effort is a practical challenge: how to regulate AI systems that are already in use across hiring, housing, lending, and government services — without making them too difficult or costly to deploy.<div class="wp-block-image"> <figure class="aligncenter size-large is-resized"><img fetchpriority="high" decoding="async" width="1024" height="683" src="https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM-1024x683.png" alt="" class="wp-image-35309" style="aspect-ratio:1.4992888417882142;width:532px;height:auto" srcset="https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM-1024x683.png 1024w, https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM-300x200.png 300w, https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM-768x512.png 768w, https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM-750x500.png 750w, https://www.centraleyes.com/wp-content/uploads/2026/03/ChatGPT-Image-Mar-19-2026-01_16_46-AM.png 1536w" sizes="(max-width: 1024px) 100vw, 1024px"></figure> </div><h2 class="wp-block-heading">Why the Law Is Being Revisited</h2>When Colorado passed its AI law in 2024, it drew national attention for taking an early and comprehensive approach.The law focused on “high-risk” AI systems, such as:<ul class="wp-block-list"> <li>Job applications</li> <li>Access to housing</li> <li>Financial decisions</li> <li>Government services</li> </ul>It introduced requirements aimed at preventing algorithmic discrimination and increasing accountability.But soon after, companies raised concerns. The requirements were too broad, too complex, and could significantly increase the cost of using AI systems. In response, the state delayed enforcement and formed a working group to revise the approach.<h2 class="wp-block-heading">What the New Proposal Changes</h2>The updated framework reflects an attempt to find a middle ground. Instead of imposing strict, one-sided responsibility, the proposal introduces a more shared model of accountability.Developers would be required to:<ul class="wp-block-list"> <li>Disclose how their systems work</li> <li>Provide information about data sources and limitations</li> </ul>Organizations would be expected to:<ul class="wp-block-list"> <li>Inform individuals when AI is being used in decisions</li> <li>Use clear, plain language when doing so</li> </ul>This is a shift from the original structure, where responsibility was more concentrated in one place.<h2 class="wp-block-heading">A New Approach to Liability</h2>One of the most important changes involves liability.The original law raised concerns because it could place a large share of responsibility on a single party, even when multiple actors were involved in how an AI system was developed and used.The revised framework takes a different approach.Responsibility would now be assigned based on who did what:<ul class="wp-block-list"> <li>Developers would be accountable for how systems are built</li> <li>Deployers would be accountable for how they are used</li> </ul>This reflects a more realistic view of how AI operates in practice.<h2 class="wp-block-heading">The Ongoing Debate: Protection vs. Practicality</h2>Even with these revisions, the outcome is not certain. Some lawmakers have already indicated that the proposal is only a starting point, and further changes are likely as it moves through the legislative process.The broader tension remains.On one side:<ul class="wp-block-list"> <li>Consumer protection</li> <li>Preventing discrimination</li> <li>Increasing transparency</li> </ul>On the other:<ul class="wp-block-list"> <li>Cost of compliance</li> <li>Impact on innovation</li> <li>Practical ability to deploy AI systems</li> </ul>Colorado is now trying to balance both.<h2 class="wp-block-heading">What This Means in Practice</h2>For organizations, the takeaway is less about one specific law and more about direction. AI systems are increasingly being treated like other regulated business processes. That means expectations around:<ul class="wp-block-list"> <li>Disclosure</li> <li>Documentation</li> <li>Accountability</li> <li>Oversight</li> </ul>are becoming part of how these systems are evaluated. At the same time, regulators are still working out how to apply those expectations in a way that remains workable.The post <a href="https://www.centraleyes.com/colorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback/">Colorado Moves to Revise Its Landmark AI Law After Industry Pushback</a> appeared first on <a href="https://www.centraleyes.com/">Centraleyes</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/colorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback/" data-a2a-title="Colorado Moves to Revise Its Landmark AI Law After Industry Pushback"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcolorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback%2F&linkname=Colorado%20Moves%20to%20Revise%20Its%20Landmark%20AI%20Law%20After%20Industry%20Pushback" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcolorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback%2F&linkname=Colorado%20Moves%20to%20Revise%20Its%20Landmark%20AI%20Law%20After%20Industry%20Pushback" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcolorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback%2F&linkname=Colorado%20Moves%20to%20Revise%20Its%20Landmark%20AI%20Law%20After%20Industry%20Pushback" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcolorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback%2F&linkname=Colorado%20Moves%20to%20Revise%20Its%20Landmark%20AI%20Law%20After%20Industry%20Pushback" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcolorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback%2F&linkname=Colorado%20Moves%20to%20Revise%20Its%20Landmark%20AI%20Law%20After%20Industry%20Pushback" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.centraleyes.com/">Centraleyes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Rebecca Kappel">Rebecca Kappel</a>. Read the original post at: <a href="https://www.centraleyes.com/colorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback/">https://www.centraleyes.com/colorado-moves-to-revise-its-landmark-ai-law-after-industry-pushback/</a>

Nature.com

Stabilizing updates in differentially private stochastic gradient descent with buffered rejection

Sifan Deng, Kai Zhang, Weilin Zhang, Huiqin Jiang, Pei-Wei Tsai
Published date: 2026-03-18 00:00:00

Differentially private stochastic gradient descent is a standard algorithm for training deep models on sensitive data, but under tight privacy budgets it must add large noise to every step, which slows convergence and reduces accuracy. Selective update method…

<li>Hong, C., Chen, L., Liang, Y. & Zeng, Z. Stacked capsule graph autoencoders for geometry-aware 3D head pose estimation. Comput. Vis. Image Underst.208, 103224 (2021). Google Scholar </li><… [+7539 chars]

securityboulevard.com

Rethinking Cyber Awareness: From Blame to Belonging

Dirk Schrader
Published date: 2026-03-18 00:00:00

None

Every year, as Cybersecurity Awareness Month arrives, organizations dust off their campaigns, roll out phishing tests, and remind employees to think before they click. Yet despite the familiar rituals, the month ends, breaches still happen, credentials still get misused, and data still finds its way into the wrong hands. The problem isn’t effort. It’s the framing. For too long, cybersecurity awareness has been built on the assumption <a href="https://securityboulevard.com/2026/02/the-human-layer-of-security-why-people-are-still-the-weakest-link-in-2026/" target="_blank" rel="noopener">that people are the weakest link</a>: A risk to be mitigated, not a strength to be cultivated. That mindset has shaped policies, training programs, and even the language of security, creating a culture of fear, defensiveness, and disengagement. If organizations want to make security awareness stick, they need to move from blame to belonging; from a culture that corrects users to one that collaborates with them. <h3>The “Weakest Link” Fallacy </h3>When an employee falls for a phishing test or mishandles sensitive data, the instinct is to point fingers. It’s tempting to believe that human error is the root of most security incidents, and in a narrow sense, it often is. But that view misses the larger picture. People don’t operate in isolation; they operate within systems. When those systems are complex, inconsistent, or unintuitive, they set people up to fail. A confusing access policy, a poorly designed authentication process, or a lack of real-time feedback can all push users toward insecure behavior. As a result, year after year, IT professionals <a href="https://netwrix.com/en/resources/research/2025-hybrid-security-trends-report/" target="_blank" rel="noopener">cite</a> mistakes or negligence by business users as one of the biggest security challenges while protecting organizations. By treating people as the problem, organizations not only ignore these design flaws, but they also discourage honesty and learning. Employees hide mistakes for fear of reprimand. Teams become risk-averse and reactive. Security becomes something people see as somebody else’s problem, not something they own. <h3>From Rules to Relationships </h3>The truth is simple: Humans aren’t the weakest link; they’re the connective tissue of every security system. Security isn’t just a technical pursuit; it’s a social one. Every policy, control, and alert is an interaction between people and systems. And like any relationship, it thrives on clarity, trust, and mutual respect. Shifting from blame to belonging means reimagining awareness as an ongoing dialogue, one where users aren’t passive recipients of rules, but active participants in shaping how security works. Instead of asking employees to “comply,” organizations can invite them to “contribute.” Instead of punishing mistakes, IT teams can design systems that anticipate them and make recovery simple. <h3>The Role of Guardrails in Human-Centered Security </h3>To make this cultural shift possible, organizations need systems that support human judgment rather than trying to override it. That’s where the idea of security guardrails comes in. Guardrails are design patterns for safe decision-making. They allow flexibility while preventing catastrophic errors. In a well-designed environment, users can explore, collaborate, and move quickly, without the constant fear of breaking something. Here’s how that looks in practice: <ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1">Contextual security. Instead of applying blanket restrictions, policies adapt based on context: Who the user is, what they’re doing, where they’re working, and the level of risk involved. A system that understands context can allow exceptions safely, without creating chaos. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1">Real-time feedback and nudging. The best security interventions happen in the moment, not after the fact. Subtle prompts like “You’re about to share a sensitive file. Are you sure?” teach judgment without invoking fear. It’s security as a conversation, not a reprimand. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1">Forgiveness and recovery. Mistakes are inevitable. Systems should make it easy to undo a risky change, restore a deleted file, or escalate an issue before it turns into an incident. When recovery is easy, people are more willing to act transparently and responsibly. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1">Transparency and insight. Employees should be able to see their own security posture and understand how their actions contribute to overall resilience. When visibility flows both ways, it fosters accountability without surveillance. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="5" data-aria-level="1">Shared ownership. Security isn’t just the domain of IT or compliance. Business leaders, developers, and frontline employees all play a role. Guardrails reinforce shared responsibility by embedding good practices into everyday workflows, rather than tacking them on as afterthoughts. </li></ul>Guardrails replace rigidity with resilience. They make it possible for people to operate freely within a defined safety zone, learning, adapting, and improving along the way. <h3>Reframing the Role of Awareness </h3>If guardrails provide the framework for safer behavior, culture is what brings that framework to life. True awareness isn’t about memorizing rules or acing phishing quizzes. Instead, it’s about understanding risk, recognizing patterns, and making better decisions over time. That means moving from training to design. Awareness must be embedded into how people work. For instance, onboarding new employees should include guided experiences that demonstrate real-world scenarios, not abstract policies. Regular team retrospectives can explore security lessons from recent incidents. The most successful programs treat awareness as a two-way process. They ask for feedback, track engagement, and adapt based on real user behavior. They measure progress not by the number of training completions, but by reductions in recovery time, increases in early reporting, and the frequency of collaborative problem-solving. <h3>Technology as an Enabler of Culture </h3>Technology alone can’t build culture, but it can shape it. Modern security platforms increasingly reflect this thinking: Moving away from rigid enforcement toward intelligent guidance. They analyze patterns to spot risk early, offer contextual prompts to help users choose safer paths, and create feedback loops that make security feel less like a chore and more like part of the job. This alignment of human and technical layers is where real progress happens. When tools are designed to learn from people, and people are encouraged to learn from tools, security becomes self-sustaining. <h3>Building the Belonging Mindset </h3>Creating a security culture grounded in belonging isn’t about being softer on risk. Rather, it’s about being smarter about motivation. People protect what they feel connected to. To build that connection, leaders can start with three questions: <ol><li>Does our security language invite participation or demand obedience? Words matter. Replace directives with dialogue. Encourage teams to ask questions, challenge assumptions, and share ideas. </li><li>Do our systems make the secure path the easy path? If users constantly have to work around controls to get their jobs done, the system—not the user—is failing. </li><li>Do we celebrate learning as much as prevention? When someone reports a mistake early or helps identify a process flaw, that’s a win. Reward transparency. Normalize recovery. </li></ol><h3>From Awareness to Interaction </h3>Cybersecurity awareness shouldn’t be a once-a-year campaign forgotten when October is over. It should be an ongoing interaction between people and systems, reinforced by culture and supported by design. When we stop viewing humans as vulnerabilities and start viewing them as essential components of resilience, everything changes. The organizations that will lead in this new era won’t be the ones with the strictest rules or the longest policies. They’ll be the ones who design for how people actually think, work, and recover. In the end, technology can prevent falls, but only culture can keep the course. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/rethinking-cyber-awareness-from-blame-to-belonging/" data-a2a-title="Rethinking Cyber Awareness: From Blame to Belonging "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frethinking-cyber-awareness-from-blame-to-belonging%2F&linkname=Rethinking%20Cyber%20Awareness%3A%20From%20Blame%20to%20Belonging%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frethinking-cyber-awareness-from-blame-to-belonging%2F&linkname=Rethinking%20Cyber%20Awareness%3A%20From%20Blame%20to%20Belonging%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frethinking-cyber-awareness-from-blame-to-belonging%2F&linkname=Rethinking%20Cyber%20Awareness%3A%20From%20Blame%20to%20Belonging%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frethinking-cyber-awareness-from-blame-to-belonging%2F&linkname=Rethinking%20Cyber%20Awareness%3A%20From%20Blame%20to%20Belonging%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frethinking-cyber-awareness-from-blame-to-belonging%2F&linkname=Rethinking%20Cyber%20Awareness%3A%20From%20Blame%20to%20Belonging%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

Enterprise AI Agent Governance: A Layered Approach (Build, Deployment and Runtime)

None
Published date: 2026-03-18 00:00:00

None

<img decoding="async" src="https://www.aryaka.com/wp-content/uploads/2026/03/Blog-Enterprise-AI-Agent-Governance-A-Layered-BANNER.jpg" class="mb-2" alt=" Enterprise AI Agent Governance: A Layered Approach (Build, Deployment and Runtime)" style="border-radius:16px;"><h2 class="f-size mt-4">Emerging Governance Challenges</h2>As organizations implement AI agents on a large scale, they are likely to encounter governance challenges. The current focus in AI security primarily centers on several key concerns: prompt injection, model misuse, and unsafe responses. These issues reflect the immediate risks that enterprises must address as they deploy AI agents, highlighting the need for robust safeguards and monitoring practices throughout the agent lifecycle.These are important issues, but they represent only one part of the problem.Three Layers of GovernanceIn reality, governing AI agents requires three distinct layers of control across the agent lifecycle:<ol class="pl-5"> <li class="pb-1">Build-time governance</li> <li class="pb-1">Deployment-time governance</li> <li class="pb-1">Runtime governance</li> </ol>Each layer addresses a different type of risk.Understanding this layered approach will become essential as organizations deploy hundreds or thousands of agents across departments, applications, and workflows.<h2 class="f-size mt-4">Layer 1: Build-Time Governance — Controlling How Agents Are Created</h2>Build-time governance applies during the development phase, when engineers design and implement an agent.This includes:<ul class="pl-5"> <li class="pb-1"> Writing agent logic</li> <li class="pb-1"> Integrating APIs and tools</li> <li class="pb-1"> Selecting models</li> <li class="pb-1"> Managing secrets</li> <li class="pb-1"> Building containers</li> <li class="pb-1"> Running CI/CD pipelines</li> </ul>At this stage, governance ensures the agent stack itself is constructed securely and correctly.Typical controls include:<ul class="pl-5"> <li class="pb-1">Code reviews</li> <li class="pb-1">Secure coding practices</li> <li class="pb-1">Dependency and container scanning</li> <li class="pb-1">Model allowlists</li> <li class="pb-1">Prompt template validation</li> <li class="pb-1">Secrets management</li> <li class="pb-1">CI/CD security gates</li> </ul>For example, imagine developers building an agent that can:<ul class="pl-5"> <li class="pb-1">Query Salesforce</li> <li class="pb-1">Summarize documents</li> <li class="pb-1">Send Slack messages</li> <li class="pb-1">Access internal billing APIs</li> </ul>Build-time governance ensures:• Only approved models are used • Secrets are not embedded in prompts or code • API integrations follow security policies • prompts do not expose sensitive internal instructions • the container image is signed and scannedBuild-time governance answers the question:Was the agent built safely?But once an agent stack exists, the next challenge begins.<h2 class="f-size mt-4">Layer 2: Deployment-Time Governance — Controlling Agent Configuration and Posture</h2>Modern agent frameworks make it possible to deploy many specialized agents from a single agent stack.The specialization happens through deployment configuration, not new code.For example, the same agent stack might be deployed as:<ul class="pl-5"> <li class="pb-1">HR assistant</li> <li class="pb-1">Finance reporting agent</li> <li class="pb-1">Customer support triage agent</li> <li class="pb-1">Sales copilot</li> <li class="pb-1">Engineering release assistant</li> </ul>The differences may come from configuration such as:<ul class="pl-5"> <li class="pb-1">system prompts</li> <li class="pb-1">enabled tools</li> <li class="pb-1">connected data sources</li> <li class="pb-1">vector databases</li> <li class="pb-1">memory scope</li> <li class="pb-1">model routing</li> <li class="pb-1">approval policies</li> <li class="pb-1">permissions and action limits</li> <li class="pb-1">logging and retention rules</li> </ul>This means configuration itself becomes a governance surface.Deployment-time governance ensures that each deployed agent instance is configured safely and aligned with its intended purpose.Key governance areas include:Ownership and accountability Who owns the deployed agent? Which team approved it?Purpose binding Is the agent restricted to its intended function?Tool permissions Which APIs or systems can the agent access?Knowledge access Which documents, vector stores, or databases are connected?Action permissions Which actions are autonomous vs requiring approval?Environment isolation Are tenant boundaries enforced?Operational controls Are cost limits, token limits, and rate limits configured?Auditability Are configuration changes tracked and versioned?Consider a finance assistant agent.If configuration governance is weak, that agent might accidentally gain access to:<ul class="pl-5"> <li class="pb-1">HR salary records</li> <li class="pb-1">customer databases</li> <li class="pb-1">external email capabilities</li> </ul>Even though the underlying code is secure, misconfiguration could create dangerous combinations of capabilities.Deployment-time governance therefore answers the question:Is this agent instance configured safely for its intended role?This is why many organizations are beginning to think about Agent Posture Management, similar to how cloud environments introduced Cloud Security Posture Management.But even when an agent is built correctly and deployed safely, another class of risk remains.<h2 class="f-size mt-4">Layer 3: Runtime Enforcement Governance — Controlling What Agents Actually Do</h2>The third layer governs the live operation of an agent.Once an agent begins interacting with users, models, tools, and enterprise systems, the risk landscape changes dramatically.At runtime, agents process:<ul class="pl-5"> <li class="pb-1">user prompts</li> <li class="pb-1">model responses</li> <li class="pb-1">tool requests</li> <li class="pb-1">tool results</li> <li class="pb-1">file uploads and downloads</li> <li class="pb-1">URLs and references</li> <li class="pb-1">conversation memory</li> <li class="pb-1">streaming outputs</li> </ul>Each interaction may introduce risk.Runtime governance must evaluate these transactions in real time.Examples of runtime enforcement include:Prompt injection detection Jailbreak detection Sensitive data leakage detection Content safety validation Code and intellectual property protection URL risk detection Tool-call validation Tool-Result validation File inspection and malware detectionFor example, a user might ask:“Generate a list of delayed payments and email the vendors.”A runtime governance system must evaluate:<ul class="pl-5"> <li class="pb-1">Is sensitive financial data being requested?</li> <li class="pb-1">Is the agent attempting to export restricted information?</li> <li class="pb-1">Is the email action allowed for this user and agent?</li> <li class="pb-1">Are attachments exposing confidential invoices?</li> </ul>This is where runtime enforcement platforms become essential.They inspect agent transactions across multiple inspection points such as:<ul class="pl-5"> <li class="pb-1">request headers</li> <li class="pb-1">response headers</li> <li class="pb-1">prompts</li> <li class="pb-1">model responses</li> <li class="pb-1">file uploads</li> <li class="pb-1">file downloads</li> <li class="pb-1">tool permissions</li> <li class="pb-1">tool requests</li> <li class="pb-1">tool actions</li> <li class="pb-1">tool results</li> <li class="pb-1">embedded URLs</li> </ul>By analyzing these signals, runtime governance systems can block, redact, alert, or log unsafe behavior.Runtime governance answers the third question:Is the agent behaving safely right now?<h2 class="f-size mt-4">Deployment Governance and Runtime Governance Are Equally Important</h2>It is tempting to assume that preventing misconfiguration alone is enough.But real-world agent behavior is dynamic.Even a perfectly configured agent can encounter:<ul class="pl-5"> <li class="pb-1">prompt injection attacks</li> <li class="pb-1">malicious user inputs</li> <li class="pb-1">unsafe model responses</li> <li class="pb-1">unexpected tool outputs</li> <li class="pb-1">data leakage risks</li> <li class="pb-1">chained agent interactions</li> </ul>Conversely, runtime enforcement alone is not enough either.If an agent is deployed with overly broad permissions or incorrect data access, runtime enforcement will constantly be forced to correct structural problems.The safest architecture therefore combines both layers.Deployment-time governance ensures agents are configured safely before activation.Runtime governance ensures agents behave safely during live operation.These two layers reinforce each other.<h2 class="f-size mt-4">A Simple Way to Think About Agent Governance</h2>Build-time governance asks:Was the agent built securely?Deployment-time governance asks:Was the agent configured safely?Runtime governance asks:Is the agent behaving safely during live operation?Enterprises that adopt this three-layer governance model will be far better positioned to scale AI agents safely.Because as AI agents become more autonomous and interconnected, governance must extend across the entire lifecycle.Not just development.Not just configuration.And not just runtime.But all three together.The post <a rel="nofollow" href="https://www.aryaka.com/blog/enterprise-ai-agent-governance-layered-approach/">Enterprise AI Agent Governance: A Layered Approach (Build, Deployment and Runtime)</a> appeared first on <a rel="nofollow" href="https://www.aryaka.com/">Aryaka</a>.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/enterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime/" data-a2a-title="Enterprise AI Agent Governance: A Layered Approach (Build, Deployment and Runtime)"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime%2F&linkname=Enterprise%20AI%20Agent%20Governance%3A%20A%20Layered%20Approach%20%28Build%2C%20Deployment%20and%20Runtime%29" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime%2F&linkname=Enterprise%20AI%20Agent%20Governance%3A%20A%20Layered%20Approach%20%28Build%2C%20Deployment%20and%20Runtime%29" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime%2F&linkname=Enterprise%20AI%20Agent%20Governance%3A%20A%20Layered%20Approach%20%28Build%2C%20Deployment%20and%20Runtime%29" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime%2F&linkname=Enterprise%20AI%20Agent%20Governance%3A%20A%20Layered%20Approach%20%28Build%2C%20Deployment%20and%20Runtime%29" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-ai-agent-governance-a-layered-approach-build-deployment-and-runtime%2F&linkname=Enterprise%20AI%20Agent%20Governance%3A%20A%20Layered%20Approach%20%28Build%2C%20Deployment%20and%20Runtime%29" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://www.aryaka.com">Aryaka</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Srini Addepalli">Srini Addepalli</a>. Read the original post at: <a href="https://www.aryaka.com/blog/enterprise-ai-agent-governance-layered-approach/">https://www.aryaka.com/blog/enterprise-ai-agent-governance-layered-approach/</a>

securityboulevard.com

Is All OAuth The Same For MCP?

Michael Levan
Published date: 2026-03-18 00:00:00

None

There’s a funny saying making the rounds right now: “The S in MCP stands for security.” Of course, there is no S in MCP and that’s kind of the point. Security in the Model Context Protocol ecosystem is still a work in progress, and if you’re <a href="https://securityboulevard.com/2026/03/introducing-the-mcp-security-gateway-the-next-generation-of-agentic-security/" target="_blank" rel="noopener">building with MCP today</a>, you need to understand where the gaps are and what your options look like. In this blog post, we will break down what we’re seeing in the field, the “gotchas” that come up, how to fix them, and how to think about OAuth implementations. <h3 aria-level="2">Two Protocols, One Big Security Hole </h3>First, let’s establish the two transport mechanisms for MCP servers: <ol><li>Standard input/output (stdio) </li><li>Streamable HTTP. </li></ol>When building an MCP Server, it’s essentially no different than installing a third-party package or module locally. If you look underneath the hood, the “tools” you’re calling are really just functions/methods within code that someone wrote, much like any other application stack. The key differentiator is how the tools are accessed. When you run a stdio MCP server, it’s like doing a pip install or go get; you’re pulling down code and running it on your machine. And because of that, aside from standard appsec practices, it’s genuinely difficult to lock down. How do you secure open code running locally on someone’s machine? There are ways to work around this. For example, with kagent, when you deploy an MCP server object in Kubernetes, you get a Kubernetes Service and that service effectively acts like a streamable HTTP endpoint that you can secure. That’s, however, just a “workaround”. When incorporating MCP Servers within your environment, streamable HTTP MCP servers are the goal. They give you an endpoint, and that endpoint gives you a tunnel between Point A (your MCP client or Agent) and Point B (the MCP server) that you can actually secure with your gateway solution that’s built specifically for AI traffic. You can set up prompt guarding, guardrails, and most importantly, authentication/authorization. <h3 aria-level="2">The Servers Aren’t Yours </h3>With the information from the previous section, the next big question is, what can you actually verify about the security posture of a given MCP server? Take the GitHub Copilot MCP server as an example. It follows great practices from an authentication perspective (supports OAuth and personal access tokens (PAT), but at the end of the day, that MCP server is sitting in the sky somewhere, and it’s a black box. You don’t have access to the underlying system and it’s not like you can pentest it to make sure it’s secure (unless you have written approval from GitHub, which for security reasons, you won’t get). So when you’re hitting third-party streamable HTTP MCP servers or building your own, the question that keeps coming up across every team, whether it’s DevOps, platform engineering, security, infrastructure, or data science, is the same: <ol><li>How do we secure access to MCP servers? </li><li>How can we lock down tools that can be used by various people and teams? </li><li>How can we ensure the AuthN/Z methods we use today (e.g – OIDC-based OAuth) will work at the MCP layer? </li></ol><h3 aria-level="2">Authentication and Authorization: The Core Challenge </h3>This is probably the single biggest question I’m encountering right now. From an authentication and authorization perspective, the concerns break down into: <ul><li aria-setsize="-1" data-leveltext="●" data-font="" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1">Who is logging in: Is it you? Is it an agent? Is there some type of token passthrough happening? </li></ul><ul><li aria-setsize="-1" data-leveltext="●" data-font="" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1">Is there an on-behalf-of (OBO) flow: Is something acting on your behalf? </li></ul><ul><li aria-setsize="-1" data-leveltext="●" data-font="" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1">What permissions exist? Once authenticated, what are you or the agent acting for you actually authorized to do? </li></ul>This is where various OAuth implementations can come into play based on what your environment looks like today. OAuth isn’t something that generates access tokens for you; instead, the framework. It defines how a client (whatever you’re using to access the MCP endpoint) can obtain access. Tokens are how it’s done, but the overall purpose is delegated authorization. <h3 aria-level="2">How OAuth Works </h3>OAuth is a framework that defines how clients (MCP Inspector, VS Code, app, etc.) can obtain delegated access via tokens. These tokens are then used for authorization (proving the client has access to the specific endpoint). Where token creation comes into play is based on how you’re using OAuth. There are several forms of OAuth including OIDC-based (very common), On-Behalf-Of (OBO), Elicitation (the November 2025 spec added URL mode elicitation, which can be used to kick off an OAuth flow to a third-party service), and token exchange (swap a token for a different one – different scope, audience, or subject). The protocol that you’ll primarily see used now is Client ID Metadata Documents (CIMD). The client hosts a public JSON document describing itself, and uses that URL as its “client_id”. The protocol previously used was Dynamic Client Registration, which programmatically registers clients with the authorization server at runtime. <a href="https://securityboulevard.com/wp-content/uploads/2026/03/Screenshot-2026-03-18-13.28.32.png"><img fetchpriority="high" decoding="async" class="alignnone size-full wp-image-2089727" src="https://securityboulevard.com/wp-content/uploads/2026/03/Screenshot-2026-03-18-13.28.32.png" alt="" width="758" height="621" srcset="https://securityboulevard.com/wp-content/uploads/2026/03/Screenshot-2026-03-18-13.28.32.png 758w, https://securityboulevard.com/wp-content/uploads/2026/03/Screenshot-2026-03-18-13.28.32-300x246.png 300w" sizes="(max-width: 758px) 100vw, 758px"></a>You may see a combination of these used based on what MCP Server you’re using. For example, as mentioned previously, the GitHub Copilot MCP Server allows for both OAuth and PAT-based auth. <h3 aria-level="2">The Client Compatibility Problem </h3>As you’re testing our OAuth, you may use different clients and notice the flow works in one, but not in the other. The client you use may not implement the full authentication spec. This is, in many people’s opinion, one of the most difficult pieces of MCP security to figure out right now. For example, VS Code was one of the first clients to ship CIMD support. You can open VS Code, hit Cmd+Shift+P, type in MCP, and run through the full OIDC-based OAuth flow. The question then becomes, “Will that same flow work across every client?” MCP Jam, Hoot, MCP Inspector, etc.? The answer is: it depends. From what we’ve seen so far, different clients implement different portions of the spec or may not be fully up to date yet (e.g – using DCR instead of CIMD). The important thing to keep in mind is if your OAuth flow works for one client and doesn’t work for another, it doesn’t mean the OAuth flow is broken. It could just be the client you’re using. Sidenote: As of right now, CIMD, based on the SE-91 spec, is the path forward. If you look it up, Auth0 has an excellent diagram showing the registration flow and how it all works under the hood. <h3 aria-level="2">The Redirect Flow Gotcha </h3>The last thing we will leave you with to keep in mind that we see in the field is the redirection flow. OIDC-based OAuth redirect flows work like this: you type in your credentials, a browser opens, you hit “Authorize,” it redirects back to your application, and you’re signed in. The question you need to ask is whether the client you’re using actually supports that flow because logging into a traditional application or endpoint is drastically different from a spec perspective than authenticating to an MCP server. They are totally different specs. Yes, you can do OIDC-based authentication. Yes, you can do token passthrough. Yes, you can do on-behalf-of. But the question remains: does your client have the ability to follow the spec you’re trying to use? For instance, OIDC support isn’t uniform across clients. Some clients may only speak plain OAuth 2.1 and can’t handle the OIDC layer (ID tokens, user info, the .well-known/openid-configuration endpoint). You don’t always know how a given client is handling these flows until you test it. <h3 aria-level="2">The Key Takeaway </h3>The most important thing we want to leave you with is this: Just because your OAuth flow doesn’t work in a particular client does not mean the OAuth flow itself is broken. It comes down to what parts of the spec are implemented within that client. Before you write off an authentication approach, test it across multiple clients. The flow might work perfectly, you might just be using a client that hasn’t caught up yet. MCP security is evolving fast. Stay close to the spec, test your flows thoroughly, and don’t assume that one client’s limitations reflect the state of the ecosystem as a whole. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/is-all-oauth-the-same-for-mcp/" data-a2a-title="Is All OAuth The Same For MCP?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fis-all-oauth-the-same-for-mcp%2F&linkname=Is%20All%20OAuth%20The%20Same%20For%20MCP%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fis-all-oauth-the-same-for-mcp%2F&linkname=Is%20All%20OAuth%20The%20Same%20For%20MCP%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fis-all-oauth-the-same-for-mcp%2F&linkname=Is%20All%20OAuth%20The%20Same%20For%20MCP%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fis-all-oauth-the-same-for-mcp%2F&linkname=Is%20All%20OAuth%20The%20Same%20For%20MCP%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fis-all-oauth-the-same-for-mcp%2F&linkname=Is%20All%20OAuth%20The%20Same%20For%20MCP%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

Enterprise SSO User Provisioning

None
Published date: 2026-03-18 00:00:00

None

On one side is a business relying on manual processes to manage user identity and access control. A new hire means manual account creation across specific tools and databases. A shift in roles or termination also calls for manual changes in who currently has access to what tools or databases.On the other side is a business using an enterprise SSO user provisioning solution to create accounts for new hires, update access when roles change, or deactivate accounts when users leave.Question is: What do you stand to gain from either side? Here’s what you need to know to navigate each side confidently. <h2>What is Enterprise SSO User Provisioning</h2>Enterprise SSO (Single Sign-On) user provisioning is a system that automates user identity and access control management. Say your business uses multiple tools, like payroll, HR management, and email marketing solutions. Without SSO, every employee needs separate usernames and passwords.Manually creating and managing profiles for a team of 10 or less is possible. There’s little to no tooling cost and the system is relatively easy to manage mentally. However, scaling is not simple.Using manual systems beyond the 10-team mark increases future switching cost and increases the risk of errors and security issues. That’s why most businesses tend to switch to enterprise SSO when it is time to scale.With SSO, an employee logs in once and gets assigned tools or data they’re allowed to use.For instance, when you obtain a competitor’s <a href="https://brightdata.com/products/datasets/linkedin/company">company dataset</a>, you can break it down into finance, marketing, or product design subsets. Then, use SSO to ensure confidentiality. Once logged in, SSO handles session management. A user does not have to keep logging in repeatedly. But the system keeps an eye on what the user is accessing and can log them out in case they try to access restricted data.Beyond protecting confidentiality, here are other reasons businesses use enterprise SSO. <h2>Why Businesses Use Enterprise SSO Use Provisioning</h2>An enterprise SSO system does have other layers apart from the single sign-on and session management layer. There’s a user provisioning, directory service, role management, policy and security, and an audit and logging layer.With these layers in place, an enterprise SSO system: <h3>Centralizes and simplifies access control across all systems</h3>Enterprise SSO makes access control simple and easy to manage. This is because once a user creates a single account, their identity is connected to all tools, eliminating confusion across systems.The SSO layer lets a user move between apps without logging in again. This saves time and reduces login issues. The user provisioning layer manages what a user can access based on their role and updates records in case they switch roles or need access to certain tools outside their current allocation.When an employee changes departments or leaves the company, the system cuts their access to previous data or deletes their account. This keeps access organized and controlled.<h3>Automates employee identity lifecycle</h3>Rather than your IT team spending time on creating user accounts, assigning and updating permissions, and checking access logs, they can automate most of these processes.The directory service layer stores user details like job title, location, and department. The IT team can use these attributes to automate access. For instance, once an employee creates an account and the attribute reads, “Department = Sales,” the system should automatically assign them a group of pre-set tools and datasets.When the employee moves from sales to marketing or finance, the system automatically revokes their access to sales tools and gives them access to new tools through attribute scanning.To ensure the automation is working as configured, the policy and security layer enforces pre-set automation rules. It checks attributes every time a user logs in and decides what the user can access in real time.<h3>Provides complete audit trails for compliance and visibility</h3>An enterprise SSO user provisioning system can show a full history of user access and changes. This eliminates guesswork and reduces legal or compliance risks.The SSO layer logs every session across connected tools. Even if an employee switches between multiple apps, the system keeps a single continuous record of activity.The provisioning layer logs when accounts are created, updated, or deactivated. It can also track when permissions were changed, who changed them, and why. Changes in roles or departments are automatically recorded in the audit trail too. Other than access, there are policy logs. The policy and security layer enforces rules and records when policies change. If there’s a malicious login attempt, it also keeps a record. This helps <a href="https://ico.org.uk/for-organisations/law-enforcement/guide-to-le-processing/accountability-and-governance/logging/what-can-we-use-logs-for/">identify suspicious behavior and supports internal investigations</a>.<h3>Strengthens security through centralized policy enforcement</h3>Compared to a manual setup, enterprise SSO allows you to set security rules in one central place, ensuring consistent protection across tools and data systems.Your employees don’t need to remember different security settings for each app. The policy and security component manages rules like, “Users can only log in from trusted devices,” or “Sensitive systems must have MFA.” It applies these rules to every sub-system automatically. This reduces human error and oversight.Every time a user logs in, the SSO layer enforces secure access policies like MFA, session timeouts, or device checks. As the user moves from one app to another, the same set rules must be checked before they can proceed.Centralizing policy enforcement prevents accidental or unauthorized data access. The provisioning layer ensures this by updating access automatically based on the pre-defined rules. If an employee changes roles or resigns, the system removes old permissions immediately. <h3>Optimizes SaaS license usage, cutting costs</h3>With the help of the role and access management layer, you get to keep license distribution structured and predictable. This is because it ties licenses to roles, not individuals. Meaning, you can purchase a license for <a href="https://www.calero.com/blog/how-manage-software-licenses-and-reduce-saas-expenses">use within a department and get more when necessary</a>.When a new employee joins, the provisioning section automatically assigns them access to a certain license. When they shift roles or leaves, the system removes previous tool access instantly. This frees up licenses for use by someone else.If you are the admin, you can also check the audit and logging system to ascertain who has access to which tools. You can also review when licenses were assigned or removed. That’s how you identify underused or unused tools, cutting spending on the licenses.<h2>Closing Words</h2>Yes, manual access management does work, especially for small teams. A team of 10 or less, accessing few tools and datasets, and rarely shifting roles can stick to manual management. It is faster to kick start, cheap, and easy to control informally. Start simple, but structure access early. Use roles and other attributes to structure access and keep a clear record (logs) of any changes.When your team grows to a 10+ and you start using more tools, that’s the time to switch to an enterprise SSO user provisioning system. Waiting any longer increases migration costs and project disruption risks.<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/enterprise-sso-user-provisioning/" data-a2a-title="Enterprise SSO User Provisioning"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-sso-user-provisioning%2F&linkname=Enterprise%20SSO%20User%20Provisioning" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-sso-user-provisioning%2F&linkname=Enterprise%20SSO%20User%20Provisioning" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-sso-user-provisioning%2F&linkname=Enterprise%20SSO%20User%20Provisioning" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-sso-user-provisioning%2F&linkname=Enterprise%20SSO%20User%20Provisioning" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fenterprise-sso-user-provisioning%2F&linkname=Enterprise%20SSO%20User%20Provisioning" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>*** This is a Security Bloggers Network syndicated blog from <a href="https://ssojet.com/blog">SSOJet - Enterprise SSO &amp; Identity Solutions</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by SSOJet - Enterprise SSO & Identity Solutions">SSOJet - Enterprise SSO & Identity Solutions</a>. Read the original post at: <a href="https://ssojet.com/blog/enterprise-sso-user-provisioning">https://ssojet.com/blog/enterprise-sso-user-provisioning</a>

securityboulevard.com

Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran

Jeffrey Burt
Published date: 2026-03-18 00:00:00

None

In the first two weeks of the U.S. and Israeli bombing campaign against Iran, security researchers with Akamai saw a 245% spike in threat actors targeting critical businesses and institutions in North America, Europe, and parts of Asia-Pacific, another data point in the cyberthreats spreading from pro-Iranian actors.<a href="https://www.akamai.com/blog/security/fortify-network-security-emerging-geopolitical-cyberthreats" target="_blank" rel="noopener">In a report</a>, the researchers noted that geopolitically motivated hacktivist groups are using proxy services in Russia, China, and elsewhere to launch “billions of designed-for-abuse connection attempts,” banking and financial services organizations, ecommerce businesses, and video games accounting for 80% of the target destinations of the attempts.The financial services and e-commerce businesses combined made up more than half of the targets.“The conflict in the Middle East that started on February 28, 2026, has sent rippling effects across travel, hospitality, and energy sectors of the global economy,” they wrote. “Even more concerning is the significant increase in cybercrime emanating from nation-state actors and ideologically motivated hacktivists, who might operate from an entirely different part of the planet to orchestrate highly sophisticated attacks.”Akamai’s findings add to the growing list of findings from threat intelligence analysts that indicate the cybersecurity threats that cranked up soon after the first bombs on Tehran were dropped continue to expand against not only U.S. and Israeli targets, but also other countries in the Middle East and elsewhere seen as being friendly to the larger global powers.<h3>Businesses on Alert</h3>With no end of the war in sight, governments and businesses in these areas need to be prepared for the threat to rise, according to Sunil Gottumukkala, CEO of agentic AI security company Averlon.“Enterprises should assume this activity will persist and focus on preparedness,” Gottumukkala said. “That means staying on top of attack surface and exposure management to reduce exploitable vulnerabilities and ensure known weaknesses cannot be used to gain initial access. It also means strengthening identity security and monitoring for credential misuse, since many of these campaigns rely on stolen credentials.”<h3>Private Sector Under Threat</h3>In an emailed update, Flashpoint researchers wrote about hacktivists increasingly targeting private sector organizations, pointing to not only Handala’s data-wiper attack on U.S.-based medical tech company Stryker but also another group, Fatimion Cyber Team, targeting the Lebanese MTV channel with distributed denial-of-service (DDoS) attacks and a data breach, threatening to leak personal data of both MTV employees and officials with the Lebanese Ministry of Information if they don’t stop “anti-resistance” reporting.“The cyber activity tied to this conflict is becoming increasingly decentralized and destructive. Groups like Handala and Fatimion are targeting private-sector organizations with attacks designed to erase data, disrupt services, and introduce uncertainty for both businesses and the public,” said Kathryn Raines, cyber threat intelligence team lead for the national security solutions for Flashpoint. “At the same time, we’re seeing a greater use of legitimate administrative tools in these cyber operations, making it significantly harder for traditional security controls to detect.”That last point was made in a <a href="https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/" target="_blank" rel="noopener">report in BleepingComputer</a>, which cited an unnamed source that Handala – a hacktivist group with reported ties to the Iranian government that claimed to have erased data 200,000 hundreds of thousands of corporate devices and steal 50 TB of data – by using the wipe command on in Microsoft’s Intune cloud-based endpoint management solution to erase data from 80,000 devices during a three-hour window March 11. The attackers didn’t need to use malware; instead, they compromised an admin account and created a new global admin account.<h3>Cyber Warfare as the Great Equalizer</h3>Analysts with Palo Alto Networks’ Unit 42 threat intelligence group, which last week wrote about the <a href="https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/" target="_blank" rel="noopener">rising threat of wiper malware</a>, detailed in a report this week how Iran’s Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS) use cyber operations as a low-cost way of equalizing the battle with its better-armed enemies and noted that the “shift from custom-built wiper malware to native administrative abuse removes a critical detection guardrail that historically protected enterprise networks.”“Iranian cyber actors’ current tactical shift is driven less by a lack of malware development capabilities than by the strategic advantages of living-off-the-land (LotL) techniques,” they wrote. “Operations designed to cause disruption have undergone a change since 2023: Instead of relying heavily on bespoke tools, the methods now employed are part of a larger trend toward greater scale and improved evasion.”<h3>Worries About U.S. Readiness</h3>There is also concern about the United States government’s ability to protect the country against such cyberattacks. Matthew Ferren, an international affairs fellow in national security at the Council on Foreign Relations, a nonpartisan think tank, <a href="https://www.cfr.org/articles/trumps-cyber-strategy-falls-short-on-china-iran-and-the-threats-that-matter-most" target="_blank" rel="noopener">noted this week</a> about the “<a href="https://securityboulevard.com/2026/03/concepts-of-a-cyberplan/" target="_blank" rel="noopener">strikingly short</a>” – at four pages – <a href="https://securityboulevard.com/2026/03/trump-administration-lays-out-a-high-level-strategy-to-combat-cybercrime/" target="_blank" rel="noopener">national cybersecurity strategy</a> that was released earlier this month.Ferren wrote that the Trump Administration called it a high-level statement of intent that will be followed by actions, but added that “the brevity also reflects a fraying cyber apparatus that is, at best, still finding its footing and, at worst, suffering from institutional neglect.”“This strategy arrives at a precarious moment,” he wrote. “The United States faces longstanding and intensifying cyber threats – from <a href="https://securityboulevard.com/2025/02/chinese-cyber-spies-use-espionage-tools-for-ransomware-side-hustle/" target="_blank" rel="noopener">Chinese espionage</a> and <a href="https://securityboulevard.com/2024/02/china-sponsored-hackers-lie-in-wait-to-attack-u-s-infrastructure/" target="_blank" rel="noopener">pre-positioning</a> on critical infrastructure to ransomware campaigns that disrupt essential services – that demand sustained attention and investment. The president’s war of choice with Iran adds new urgency. Tehran-linked groups are already threatening cyberattacks on U.S. networks, and the White House’s ability to coordinate national cyber defenses will face an immediate test.”Still, “the administration’s surface-level treatment of these challenges casts doubt on how seriously the administration takes the cyber threat, and whether it has the capacity to address them,” Ferren wrote. “Key cyber leadership posts remain vacant, and the agencies responsible for implementation have been disrupted by budget cuts and personnel turnover.”<div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/cyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran/" data-a2a-title="Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20With%20Iran" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20With%20Iran" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20With%20Iran" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20With%20Iran" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20With%20Iran" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Technology

Related News

When Face ID Helps iPhone Security—And When to Turn It Off

Beyond passwords and firewalls: Why the age of AI agents demands a new security playbook

FBI Seizes Two Websites Linked to Pro-Iranian Group Handala

Dormant Accounts Leave Manufacturing Orgs Open to Attack

FBI Data Purchases Ignite New Clash Over Privacy and Surveillance

How empowered is your secrets scanning system

Mapping Your Defenses to What You Need, Not What You Inherited

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution

Identity-Centric Security Strategies for Hybrid Workforces

Dell Precision 7875 Review: Threadripper PRO 9995WX Meets Dual RTX PRO 6000 Blackwell GPUs

Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification

Randall Munroe’s XKCD ‘SNEWS’

Threat Hunting and Incident Response Platform

What Golden Dome Requires from Federal DevSecOps Teams

Menlo Security Adds Platform to Secure AI Agents

The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits

Colorado Moves to Revise Its Landmark AI Law After Industry Pushback

Stabilizing updates in differentially private stochastic gradient descent with buffered rejection

Rethinking Cyber Awareness: From Blame to Belonging

Enterprise AI Agent Governance: A Layered Approach (Build, Deployment and Runtime)

Is All OAuth The Same For MCP?

Enterprise SSO User Provisioning

Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran

NordVPN teams up with Internews to defend journalists and activists from digital threats

Most Popular

How empowered is your secrets scanning system

FBI Data Purchases Ignite New Clash Over Privacy and Surveillance

Dormant Accounts Leave Manufacturing Orgs Open to Attack

Identity-Centric Security Strategies for Hybrid Workforces

How can Agentic AI help your business stay ahead

Technology

Related News

Most Popular

Advertisements

Follow us

Recent Tweets