The Analyst Brief

This week Simon and David return to Okta - to uncover more about details on their recent breach. They also discuss their recent Q3 results and are Microsoft their only competitor? They also discuss a recent complex attack involving customers of Booking.com - and cover push payment fraud, ATO, complex supply chains and protecting trust boundaries.

After a couple of weeks off, Simon and David return for an hour long special. They review the recent Security and Risk Management event in Washington DC hosted by Forrester where the topic of identity and cyber convergence appeared. They comment on the recent Okta breach and what that means for the world of complex software supply chain attacks and the rise of identity security, ITDR and identit security posture management. They also review the London version of the Ping Identity Youniverse series of events.

This week Simon and David were in sunny Carlsbad, San Diego for the latest Authenticate conference hosted by the FIDO Alliance. In this episode they review the main topics of the event, taking a look at passkey deployment maturity, KPIs, biometrics, threat models, adoption patterns as well as orthogonal topics such as machine identity, crypto agility, IDV + converged identity assurance.

This week Simon and David take a deep dive look at a recent cyber security advisory that was released by the NSA and CISA recently. This top 10 list covers a range of issues from default credentials, excessive permissions, a lack of networking monitoring and segmentation as well a lack of MFA and poor credential management. Simon and David apply their identity lens to the top 10 and what it may mean for your organisation.

This week Simon and David return to discuss a recent cyber attack against the hospitality chain MGM resorts - that leveraged social engineering, credential theft and more. Are attacks against complex digital entities now standard practice? They also return for part II of the ForgeRock and Ping Identity integration and discuss a recent article by David and a market choice poll by The Cyber Hut.

After the summer recess, Simon and David return for another Week in Identity catch-up. This week...heavily influenced by some recent acquisition activity...they discuss Tenable buying CNAPP/CIEM provider Ermetic, a rewind to Cisco buying ITDR vendor Oort and a detailed discussion on the uncertainties surrounding Thoma Bravo adding ForgeRock to their stable. They also discuss the further rise of Identity Security and a recent release by Okta's Defensive Cyber Operations team on a recent attack.

This week the US Security and Exchanges Commission announced rules requiring organisations to handle cyber breach notifications, risk management and expert cyber personnel in a different way. Simon and David delve into the implications of this. Why have organisations been reluctant to notify on breaches historically? A lack of detection? A lack of incident response playbooks? A lack of expert personnel? What is the end goal of such regulation? What will success look like in the short and long terms? Clearly a move towards a more risk based approach is the ideal outcome but why has the market failed for cyber security? What are the three V's of threats?

This week Simon and David discuss the recent acquisition of Oort by Cisco, which finds them discussing the entire ITDR space - who is the buying persona and what problems will it solve? As always technology isn't always the answer and we mustn't forget the human element. They answer an audience question focused on Microsoft - and will they start to dominate the IAM space? They also remember the passing of hacking pioneer Kevin Mitnick.

This week there is a special guest on the podcast. Eric Olden CEO at Strata joins Simon for a discussion. They cover a broad and meandering set of topics focused on Eric's journey to being a multi-company founder (his first startup was at age 23..), contributing to the SAML specification and how he is now focused on identity orchestration at Strata. What is orchestration? Why is it needed and how the rise of the hybrid cloud landscape is here to stay. They deep dive into IDQL, identity integration recipes and how the rise of the AI co-pilot may save us all.

This week Simon and David took a meandering look at the last weeks most eye catching events in the world of identity. They had a quick recap of Infosec 2023 held at the eXcel in London, where the topic of data level encryption, data origin authentication and integrity caught Simon's eye. They discussed a recent vulnerability found in deployments on OIDC in the Microsoft world as uncovered by Descope called NOAuth - which essentially was caused by poor verificaiton of OIDC id token claims. They finished off by discussing the world of generative AI and how that is impacting the world of fraud, content, biometrics, misinformation and more...