Given the premise that “identity is the new perimeter”, we’re often asked about the role network attributes should play in restricting access to applications, servers and data. Can we, and should we, for example, deny access requests originating in high-risk countries or countries involved in conflict? The reality is that network context still matters. We can take into account the identity of the network and location our users are authenticating from. If a customer determines that there are no...

Quarter by quarter, for three years now, abuse of Remote Desktop Protocol (RDP) has been the most common root cause of all ransomware events. It’s no surprise why RDP makes for an attractive target: RDP is the primary vehicle for remote access to Windows servers and is used for administrative functions. It’s the most commonly listed method of remote access sold by initial access brokers. According to some 2019 research [pdf] by Sophos, an open RDP port gets its first connection request...

Does your organization still allow users to authenticate to Office 365 or other Microsoft services using only a username and password? If you do, you’re 53x more likely to be targeted in credential-based attacks . (No, not 53% more likely. It’s 53 times more likely). Many organizations (at least one in ten Microsoft customers, as of October 2021 ) still allow access to the M365 cloud using what Microsoft calls “Legacy Authentication”. In these requests, the client forwards the username and...