We recently started a new blog series featuring our CEO and co-founder Rom Carmel. In this series, we discuss real issues from the field. So, check out what Rom Carmel has to say about the three complaints he hears the most in access management.

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Over the next several weeks their thoughts will be posted here, so please read on and stay tuned! As we approach 2025, cybersecurity landscapes are set to evolve in unprecedented ways, with artificial intelligence (AI) taking center stage for both cyber defenders and threat actors alike.

Keeper is excited to announce two significant updates to our iOS app: support for USB-C plug-in hardware security keys and a new Two-Factor Authentication (2FA) frequency setting. These updates reflect our commitment to providing industry-leading security solutions while ensuring a seamless user experience. Continue reading to learn more about these updates and how you can try them out yourself.

As a former federal CISO who has spent decades designing and securing enterprise infrastructure, I’ve grown increasingly concerned as organizations continue to rely on legacy Privileged Access Management (PAM) solutions designed for a different era. These systems, once the gold standard in security, have become dangerous liabilities in today’s modern cloud-native world.

Your organization shouldn’t delay getting a password manager because using a password manager provides visibility into employee password habits, strengthens secure password practices, protects employees from spoofed websites and minimizes the risk of data breaches. A password manager is a solution that helps your employees store, manage and share their login credentials, passkeys, important documents and more.

The main difference between Remote Browser Isolation (RBI) and Virtual Desktop Infrastructure (VDI) is that RBI is limited to providing remote access only to your web browser, while VDI focuses on providing remote access to an entire virtual desktop. Both RBI and VDI protect you from cyber threats by creating separate, secure environments where you can browse the internet and use your device.

As organizations sell to more discerning buyers, scrutiny on security and compliance practices grows. It’s certainly warranted—the frequency of third-party breaches is on the rise. In our State of Trust Report, almost half of all organizations surveyed say that a vendor of theirs experienced a data breach since they started working together. ‍

We’re excited to share some big news: 1Password is officially joining the Rails Foundation!

BYOVD involves adversaries writing to disk and loading a legitimate, but vulnerable, driver to access the kernel of an operating system. This allows them to evade detection mechanisms and manipulate the system at a deep level, often bypassing protections like EDR. For the exploitation to succeed, attackers must first ensure the driver is brought on the target system. This is followed by the initiation of a privileged process to load the driver, setting the stage for further malicious activities.

Identity is the new battleground in today’s rapidly evolving cyber threat landscape. Microsoft Active Directory (AD), a cornerstone of enterprise identity management, is a frequent target for attackers. For organizations, protecting these critical environments without adding complexity is essential. Many organizations struggle to get full visibility into changes made within Active Directory.