Yeah happens to other “vpn” solutions like zero trust solutions like zscalar. Logs says the user in Buffalo, IP is in Toronto. Same for users on the southern border, us location and Mexican ip.
Zscaler enrages me with their use of the term "zero trust" in marketing, because due to their MitM-ing of TLS, they become a single-point-of-interception for all your organisation's traffic. "100%-trust" would better describe it for me, as you have to have 100% trust of Zscaler and anyone who has admin access to your organisation's Zscaler account.
Per the article:
“Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”
You mean SSO? I think that's slightly disingenuous because it's still possible to be perfectly secure with username/password login. Sure, having SSO might prevent Barbra from accounting (who failed the last 3 phishing training sessions) from getting phished, but that's the company's problem, not the vendor's.
When a person leaves an organisation, it’s difficult to find all the various team accounts they have been added to in order to remove them. So you end up in a situation where people no longer in the organisation frequently still have access to anything non-SSO.
That’s a very obvious, legitimate security issue, why are you accusing people of being insincere about it?
>When a person leaves an organisation, it’s difficult to find all the various team accounts they have been added to in order to remove them.
Again, that's inconvenient but doable, just like phishing prevention.
>That’s a very obvious, legitimate security issue, why are you accusing people of being insincere about it?
I'm not denying it's a security issue, any more than I'm denying that phishing isn't a security issue. I even specifically mentioned the possibility of employees that fail phishing training. I'm objecting specifically to the "ransom" framing, which is a pejorative way to imply that companies have a duty to offer all security features for free.
reply