Contact Us

A Look Back at Blackhat, Defcon, & Gartner IAM Summit

Cybersecurity experts are going passwordless
30 Aug 2022

August has been a busy month for the Keytos team. After three weeks of back-to-back security conferences, we have had the pleasure of speaking with hundreds of cybersecurity expert and wanted to share with you the main themes we heard.

It is a Hybrid Cloud World

One of the main themes we heard during these conferences was how most organizations manage: on-premises, and at least one cloud provider with most having footprint in at least two cloud providers. This distribution of infrastructure creates the need to have tools that can centralize security across all providers with a single platform and can connect to other security tools.

Everyone Agrees Passwords Must Go, But Lack the Tools to Make It Happen

To announce the launch of EZCMS we added to our booth design “Truly Passwordless Authentication” this turned a lot of heads and would start a lot of conversations with the question “Can you really get rid of passwords?”. This question would start with a lot of skepticism but once they saw the user experience and that we can truly have a passwordless onboarding experience they wanted to try it out. Showing that if given the right tool people will transfer to passwordless, not only because it is more secure, but because studies have shown that is also a better user experience with up to 4x faster logins.

People are Tired of Managing SSH Keys

Another part of our booth that started a lot of conversations was our “Stop Using SSH Keys” suggestion. From people asking: “We use SSH Keys, what is wrong with SSH Keys?”, to people asking: “Can you help me get rid of SSH Keys?” SSH has become a huge vulnerability for organizations and due to the standalone design of Linux has made it a pain to manage. Currently, many organizations leave key management up to the engineering team, making it hard for security teams to enforce best practices and centralize identity lifecycle for these endpoints.

Agent Based Security Is Out

While in the previous paragraph I talked about how many organizations were looking at taking control of their SSH access, the first thing they would ask is that it does not require a highly privileged, agent. After the Solar Wind breach where attackers were able to compromise their customers through their agents, has caused many security experts to become skeptical when it comes to agents and are trying to clean up their infrastructure by removing as many agents as possible.

SSL Certificates Are Hard to Manage

During Blackhat I experience something that I had never experienced, a person got so excited about our tool that he said “I have been looking for something like this for years. Can I give you a hug?” and of course we hugged it out! Now you are probably wondering what tool was this, and the answer is EZMonitor, and contrary to what I thought when we designed this tool, the reason for this excitement wasn’t because of the security benefits EZMonitor has, but because we can find all the SSL certificates and notify you if one is expiring soon. Showing how SSL certificate usage has exponentially grown and new tools must be used to address this problem.

The Cybersecurity Community is The Best Community in the World

Ever since I started working as a cybersecurity professional, many friends outside the community do not understand the sense of community and how we go out of our way to help others. From being friendly to new members, to working on free open-source tools to help others secure their organization; this community always helps each other out, making it a pleasure to be part of this industry. With this in mind I want to end this post by reminding you that to give back to this amazing community we offer free identity consultations with our experts to help you secure your organization.

You Might Also Want to Read