August has been a busy month for the Keytos team. After three weeks of back-to-back security conferences, we have had the pleasure of speaking with hundreds of cybersecurity expert and wanted to share with you the main themes we heard.
One of the main themes we heard during these conferences was how most organizations manage: on-premises, and at least one cloud provider with most having footprint in at least two cloud providers. This distribution of infrastructure creates the need to have tools that can centralize security across all providers with a single platform and can connect to other security tools.
To announce the launch of EZCMS we added to our booth design “Truly Passwordless Authentication” this turned a lot of heads and would start a lot of conversations with the question “Can you really get rid of passwords?”. This question would start with a lot of skepticism but once they saw the user experience and that we can truly have a passwordless onboarding experience they wanted to try it out. Showing that if given the right tool people will transfer to passwordless, not only because it is more secure, but because studies have shown that is also a better user experience with up to 4x faster logins.
Another part of our booth that started a lot of conversations was our “Stop Using SSH Keys” suggestion. From people asking: “We use SSH Keys, what is wrong with SSH Keys?”, to people asking: “Can you help me get rid of SSH Keys?” SSH has become a huge vulnerability for organizations and due to the standalone design of Linux has made it a pain to manage. Currently, many organizations leave key management up to the engineering team, making it hard for security teams to enforce best practices and centralize identity lifecycle for these endpoints.
While in the previous paragraph I talked about how many organizations were looking at taking control of their SSH access, the first thing they would ask is that it does not require a highly privileged, agent. After the Solar Wind breach where attackers were able to compromise their customers through their agents, has caused many security experts to become skeptical when it comes to agents and are trying to clean up their infrastructure by removing as many agents as possible.
During Blackhat I experience something that I had never experienced, a person got so excited about our tool that he said “I have been looking for something like this for years. Can I give you a hug?” and of course we hugged it out! Now you are probably wondering what tool was this, and the answer is EZMonitor, and contrary to what I thought when we designed this tool, the reason for this excitement wasn’t because of the security benefits EZMonitor has, but because we can find all the SSL certificates and notify you if one is expiring soon. Showing how SSL certificate usage has exponentially grown and new tools must be used to address this problem.
Ever since I started working as a cybersecurity professional, many friends outside the community do not understand the sense of community and how we go out of our way to help others. From being friendly to new members, to working on free open-source tools to help others secure their organization; this community always helps each other out, making it a pleasure to be part of this industry. With this in mind I want to end this post by reminding you that to give back to this amazing community we offer free identity consultations with our experts to help you secure your organization.
