We all heard the news. A data breach of online cheating website AshleyMadison.com resulted in 37 million credentials compromised. The stolen data included password hashes and credit card transaction details such as name and email address for each individual that signed up for the service. What’s more is that this data has been posted to the internet by the hackers.
Netskope’s cloud security service, the Netskope Active Platform, provides the ability to report on which users have had their corporate credentials compromised as part of a past data breach. Given the fact that research shows that most users rarely change their password, knowing that there are users on your network that have had their credentials compromised presents a risky situation where bad folks can use their credentials to facilitate a breach into your corporate systems. The Netskope platform helps mitigate risk not only by reporting which users have had their credentials compromised, but by also tying into SSO and Active Directory to provide an automated workflow to ensure that users are forced to change their password. Given the fact that the AshleyMadison.com breach resulted in compromised credentials, it is important to determine whether you have users whose credentials may have been misused to sign up for the service. The next step is obviously force them to change their password.
If this were your typical data breach, then my blog post would end here. Data breaches happen and Netskope can help mitigate your risk. Done. Unfortunately, it is not as simple as that for this situation. Netskope is presented with a catch-22. Do we help companies mitigate risk by reporting in our product that they have users that have had their corporate credentials compromised in the AshleyMadison.com data breach or do we hold off and not report this data given the sensitive situation? As a security vendor we believe it is our duty to do what we can to arm our customers with the tools to mitigate security risk. We will be moving forward and treating this data breach as any other when it comes to reporting the security risk. For those customers who prefer not to know who has been exposed, we will be recommending that our customers take advantage of the the privacy controls that are available in the Netskope Active Platform, enabling role-based access control, which limits who has access to view data such as breach details. The Netskope team believes this will deliver the best combination of risk mitigation and privacy.
The post Ashley Madison breach: A cloud security vendor’s role in reporting infidelity appeared first on Netskope.
About the Author
Bob heads up the product marketing efforts at Netskope, the leader in safe cloud enablement. Bob is a prolific speaker and product demonstrator, reaching live audiences in more than 45 countries over the past decade. His career spans more than 20 years in Silicon Valley where he has held product management and marketing leadership roles at various technology companies. Most recently he was the Chief Evangelist at Riverbed.Follow on Twitter More Content by Bob Gilbert