Latest news with #ActiveDirectory
Yahoo
a day ago
- Business
- Yahoo
Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities
SILVER SPRING, Md., June 3, 2025 /PRNewswire/ -- Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and Azure – while extending that same access model to third-party clouds, SaaS tools, and partner environments. Modern infrastructure rarely lives in one place. While Microsoft technologies remain core to many enterprises, workloads routinely connect across trust boundaries – from on-prem infrastructure to Azure, AWS, Google Cloud, and external APIs. As infrastructure shifts to the cloud, identity and access management across all these resources becomes increasingly fragmented and complex, especially for non-human entities such as applications, scripts, AI agents, and services. With this launch, Aembit enables a unified approach to secure workload access management across the Microsoft ecosystem and beyond, reducing operational complexity while improving visibility, automation, and risk posture. "Security teams require consistent enforcement across all environments – not different tools and rules for every platform," said Kevin Sapp, co-founder and CTO of Aembit. "We built this integration to help enterprises modernize without compromise, providing policy-driven access across all Microsoft workloads, whether they run on-prem or in the cloud." With this launch, Aembit delivers: Consistent access control for non-human identities: Teams can now centrally define and enforce access policies for applications, agents, and services across Windows Server, Active Directory, Microsoft Entra ID, and Azure. They can extend the same model to non-Microsoft resources such as AWS, GCP, or SaaS services. Accelerated cloud migrations without added risk: As workloads move from on-prem to Azure, Aembit ensures their access remains secure, secretless, and aligned with zero trust principles. Elimination of static credentials: By replacing long-lived secrets with short-lived, identity-based access, Aembit helps reduce attack surface and developer overhead. Unified visibility for audit and compliance: All workload access is logged and attributed, making it easier to investigate incidents and meet compliance requirements across hybrid Microsoft environments. These features build on Aembit's mission to proactively secure access for the growing number of non-human identities operating across modern IT environments. Aembit replaces static credentials with just-in-time, identity-based access – helping builders move faster while giving security teams confidence in how workloads connect across hybrid environments. Aembit is now available in the Azure Marketplace, making it easier for organizations to integrate workload IAM into their Microsoft-based infrastructure with familiar procurement workflows. About Aembit Aembit is the leading provider of workload identity and access management solutions, designed to secure non-human identities like applications, AI agents, and service accounts across on-premises, SaaS, cloud, and partner environments. Aembit's no-code platform enables organizations to enforce access policies in real time, ensuring the security and integrity of critical infrastructure. Users can visit and follow us on LinkedIn. Contact Apurva DavéAembitinfo@ Photo - - View original content to download multimedia: SOURCE Aembit Sign in to access your portfolio
Techday NZ
7 days ago
- Business
- Techday NZ
Radiant Logic launches AI tool for identity visibility
Radiant Logic has launched the full suite of its Identity Observability feature for the RadiantOne platform, offering real-time monitoring and risk management capabilities for identity and access management ecosystems. The latest release from Radiant Logic aims to provide organisations with enhanced visibility into their identity management systems and processes, which can help identify, prioritise, and address security risks before they are exploited. The RadiantOne platform now incorporates features such as continuous real-time discovery and observability across identity systems, a unified graph-based model of identity data from sources including Active Directory, LDAP, on-premise applications, Entra Identity, and SaaS platforms, and dynamic risk scoring using heuristics and pattern recognition. The platform also includes an AI Data Assistant (AIDA) that analyses intricate identity relationships, recommends corrective measures, and facilitates collaboration between line managers and resource owners to resolve identity issues. Additional features include dashboards that provide real-time monitoring of identity hygiene, comprehensive reporting, and maturity assessments designed to support policy enforcement and compliance requirements. According to Radiant Logic, the platform is designed to fit into existing enterprise environments as a SaaS or self-managed solution, supporting security initiatives such as Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Zero Trust models. Dr. John Pritchard, Chief Executive Officer at Radiant Logic, commented on the release, "Identity sprawl, hybrid complexity and unmanaged access create blind spots that leave organisations vulnerable to cyber threats. With the RadiantOne platform, we're illuminating every human and non-human identity across the environment—giving security and IAM teams complete visibility into who has access to what, whether it's legitimate and how to mitigate risks, before attackers find the gaps." The platform's enhancements are aligned with guidance from research and advisory firms' recommendations, such as those from Gartner. In its 2025 Guidance for Comprehensive IAM Architecture Strategy, Gartner recommends that organisations "Invest in a centralised identity and access data platform that integrates discovery tools across all IAM layers to aggregate, correlate and reconcile identity and access data. Implement emerging artificial intelligence (AI)-driven identity and access intelligence solutions to enhance observability and automation to quickly remedy vulnerabilities or facilitate a response to identity threats." Industry stakeholders outside Radiant Logic have also commented on the significance of providing robust visibility across identity data. John Horn, Head of the Cybersecurity Practice at Datos Insights, said, "Security defences at many firms operate with incomplete views of identity data and risk across their organisation. A robust identity fabric, centred upon rich, AI-enabled identity visibility for every aspect of the business, is the new operational foundation." "Radiant Logic's Identity Observability is an exciting capability that enables enterprise-wide views of identity data and risk, combined with automated resolutions to many common security problems. As we enter the age of Agentic AI and greater cyber risk, powerful identity observability and remediation will become central capabilities for the business." Early adopters of RadiantOne's new features have reported benefits in managing identity vulnerabilities and improving oversight. A Head of IAM in the insurance sector stated, "It's truly one of the few solutions that delivers so many valuable features right out of the box. This product's real-time data visibility and intuitive interface make it an outstanding tool for monitoring identity vulnerabilities and quickly understanding the health of our company's access management." A Head of Cybersecurity in the transportation industry shared a similar sentiment, saying, "With real-time data visibility and centralised reporting, this tool makes monitoring identity and access management effortless huge improvement over our previous solutions." The RadiantOne platform's combination of real-time monitoring, unified visualisation, and AI-driven remediation is designed to support organisations in addressing the increasing complexities and threats related to identity and access management across hybrid and multi-cloud environments.
Business Wire
28-05-2025
- Business
- Business Wire
Netwrix Enables Over 39,000 Managed Service Providers to Leverage Its 1Secure™ SaaS Platform Through Pax8 Marketplace
FRISCO, Texas--(BUSINESS WIRE)--Netwrix, a cybersecurity provider focused on data and identity threats, has made its DSPM solution, Netwrix 1Secure DSPM for MSPs, available on the biggest marketplace for MSPs in the world, the Pax8 Marketplace. The solution is delivered through Netwrix 1Secure, its easy-to-use and fast-to-deploy SaaS security platform. Netwrix's inclusion in the Pax8 Marketplace enables MSPs to grow their businesses by providing instant access to Netwrix's portfolio of data and identity security products. According to Pax8 research, small and medium-sized businesses who work with Pax8 partners consume 2.5X more Microsoft services than those using other platforms. Netwrix 1Secure enables MSPs to maximize the value of their Microsoft investments. It adds to their portfolio Netwrix's capabilities to eliminate data exposure and protect Microsoft data sources, including Active Directory, Entra ID, Windows File Server, SharePoint Online, Exchange Online, SQL Server, Teams, and OneDrive. Netwrix 1Secure also helps secure usage of Microsoft365 Copilot. Netwrix 1Secure DSPM for MSPs is a solution that reduces the risk of data breaches by equipping security teams with DSPM capabilities that allow organizations with multi-cloud and hybrid environments to discover, classify, and protect sensitive data. The solution helps assess and prioritize risks to sensitive data, prevent data loss, and detect policy violations and suspicious behavior. 'Providing the Netwrix DSPM solution through the Pax8 marketplace is another step toward strengthening our relationship with the MSP community," says Britt Norwood, Chief Revenue Officer at Netwrix. "We are committed to delivering our solutions through MSPs and will continue to provide the tools, resources, and support they need to grow their business and deliver value to their customers.' 'We're happy to welcome Netwrix to the Pax8 Marketplace and provide MSPs with security solutions like Netwrix 1Secure DSPM for MSPs to protect against data breaches and to safeguard clients' sensitive information," said Oguo Atuanya, Corporate Vice President of Vendor Experience at Pax8. 'As the leading cloud Marketplace, at Pax8 our aim is to open access to products and services like those from Netwrix that will allow MSPs to serve their clients and to support in their business success.' About Pax8 Pax8 is the technology marketplace of the future, linking partners, vendors, and small-to-midsized businesses (SMBs) through AI-powered insights and comprehensive product support. With a global partner ecosystem of nearly 40,000 managed service providers, Pax8 empowers SMBs worldwide by providing software and services that unlock their growth potential and enhance their security. Committed to innovating cloud commerce at scale, Pax8 drives customer acquisition and solution consumption across its entire ecosystem. About Netwrix Netwrix is reinventing data security based on the premise that data security and identity security cannot work in isolation. The Netwrix 1Secure platform provides security teams with clear visibility into who has access to sensitive information, enabling them to safeguard those identities, strengthen data protection, and stay ahead of evolving threats. Netwrix offers a comprehensive set of solutions that protect identities and data for over 13,500 organizations globally. Netwrix AI and flexible deployment options make it easier, faster, and more economical than ever for security teams to investigate and remediate threats. Netwrix: Data security that starts with identity. For more information, visit
STV News
12-05-2025
- Business
- STV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a 'wake-up' call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Numerous products have been taken offline as a result of the hack. / Credit: PA Reports emerged claiming that a hacking group known as Scattered Spider was behind the attack. The group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: 'Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities – often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly.' Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: 'Active Directory is a Microsoft product, which allows you to log in once and access all the systems. 'There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. Empty shelves inside a Marks & Spencer days after the attack. / Credit: PA 'They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network.' Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can 'cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working 'day and night' to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: 'We have paused online orders. Products remain available to browse online and stores are open.' Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: 'Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves.' Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery. Get all the latest news from around the country Follow STV News Scan the QR code on your mobile device for all the latest news from around the country
ITV News
12-05-2025
- Business
- ITV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a "wake-up" call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Reports emerged claiming that a hacking group known as Scattered Spider was behind the group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: "Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities - often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly." Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: "Active Directory is a Microsoft product, which allows you to log in once and access all the systems. "There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. "They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network." Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can "cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working "day and night" to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: "We have paused online orders. Products remain available to browse online and stores are open." Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: "Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves." Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery.
