CSNA 2.0 and the Post-Quantum Future of Encryption
Quantum computers pose a grave threat to today’s encryption. Powerful quantum devices could break many widely used algorithms (like RSA and ECC) by solving their
Quantum computers pose a grave threat to today’s encryption. Powerful quantum devices could break many widely used algorithms (like RSA and ECC) by solving their
Post-Quantum Cryptography and the Future of Secure Code Signing Imagine a future where quantum computers can break the encryption that keeps our digital world secure.
In a time when digital transformation has become a foundational pillar of business success, the silent cornerstone enabling trust, security, and resilience is cryptography. Every
What Time is it? In a previous post we mentioned the importance of using cryptographic timestamping to avoid issues related to expiring and, in some
Over the past few years container adoption has grown rapidly. With it has grown the need to sign container images to help prevent supply chain attacks. The standards and tools to sign images have evolved over the years, and can still be a bit tricky to navigate for those new to container signing. This post will provide a brief background on some of the tools and standards, the pros and cons of each, and some best practices to follow when signing in your environment.
The widely used NPM package ua-parser-js was compromised by attackers, with attackers publishing three malicious versions containing credential-stealing and cryptomining malware. Although the community detected
Enterprises have a wide array of resources to protect: file shares, email servers, production systems, databases, source code repositories, DevOps tools, and more. If key-based authentication is enforced for all of these different resources, and the keys are secured in a centrally-managed KMS or HSM, the enterprise can easily enforce granular controls, monitor access to resources, audit key usage, and restrict access as required. Learn more in this post.
Garantir is pleased to announce new automated certificate management capabilities in the GaraTrust product. The GaraTrust approach enables the enterprise to centrally secure all private keys and streamline the certificate orchestration process.
Managing access to files and documents that have been downloaded and stored on end-user workstations is difficult. Check out this blog post to learn how to overcome this challenge.
Security controls like MFA and device authentication can be applied at the transport layer, which eliminates the need to modify web applications or the servers that host enterprise resources like email, files, data, and so on. Learn more about this new approach in this post.
Bring-your-own-device (BYOD) policies are becoming the new norm and, in combination with several recent events, the risk of a data breach via a stolen device or an insider threat is a cause for concern. Learn how to mitigate these risks in this post.
Device authentication is a core component of a zero trust architecture and should always be enforced in addition to strong user authentication. Learn more about implementing device authentication in this post.