🎯 FINAL POST FROM THE FLOOR: #BlackHatUSA 2025 Coverage!

Access Roulette: How to Stop Betting Your Security on Standing Privileges

This wraps up our on-location content from Las Vegas!

Next week we'll reconnect with our main event sponsors— BLACKCLOAK, Dropzone AI, Stellar Cyber, and Akamai Technologies—to bring you their post-event insights and feedback. Of course ThreatLocker's recap was already captured on the floor and published earlier today. Plus, watch for our closing reflection articles from me Marco Ciappelli and Sean Martin, CISSP!

Our final floor conversation comes thanks to our friends at Apono 🙏

Modern enterprises are gambling with security every day. Static permissions, manual approvals, and periodic audits create "privilege creep" that turns every over-privileged account into a potential breach waiting to happen.

At #BlackHat USA 2025, Ofir Stein from #Apono reveals how to break this dangerous cycle.

The stakes keep rising:
• Non-human identities (service accounts, #APIs, #AIagents) retain high-level privileges long after tasks complete
• Organizations discover risks during audits but lack scalable remediation
• #Business teams need rapid access while security teams battle expanding #attacksurfaces

Apono's Zero Standing Privilege model:
• Removes ALL permanent access by default
• Grants access dynamically based on business context
• Automatically revokes permissions when tasks complete
• Works for both human AND non-human identities
• Integrates with existing #identity providers—no rip and replace

Key capabilities:
• Context-based policy management aligned with business objectives
• Continuous discovery of identities, privileges
• Automated remediation of unnecessary privileges
• Real-time anomaly detection feeding #SOC workflows
• Scalable across centralized and decentralized environments

The result?
Engineers gain control over their access (building trust), security teams maintain tight governance, and organizations can finally stop betting their security on standing privileges.

📺 Watch the video: https://youtu.be/ciBsH84PVQU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/access-roulette-how-to-stop-betting-your-security-on-standing-privileges-a-brand-story-with-ofir-stein-cto-and-co-founder-of-apono-a-black-hat-usa-2025-conference-on-location-brand-story-HD5Uq_kf

📖 Read the blog: https://www.itspmagazine.com/their-stories/access-roulette-how-to-stop-betting-your-security-on-standing-privileges-a-brand-story-with-ofir-stein-cto-and-co-founder-of-apono-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about Apono: https://itspm.ag/apono-1034

✦ Catch more stories from Apono: https://www.itspmagazine.com/directory/apono

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #IdentityManagement #ZeroTrust #AccessControl #BlackHatUSA #BHUSA25 #PrivilegeManagement #IAM #SecurityAutomation #NonHumanIdentities

A new process injection technique called "PoolParty" was discovered, enabling undetected code execution on Windows systems by bypassing top EDR systems.

Learn more: https://thehackernews.com/2023/12/new-poolparty-process-injection.html.

#cybersecurity #hacking #infosec #mdr #edr #xdr #educateyourfrontline #attacksurfaces
https://thehackernews.com/2023/12/new-poolparty-process-injection.html

With increased cloud adoption, comes more cloud #vulnerabilities thanks to expanded #attacksurfaces. Mature security programs use offensive security testing to keep pace with modern adversaries targeting their #cloud environments.

According to the survey results found in our report with the Ponemon Institute, cloud vulnerabilities are considered one of the top 3 threats to enterprises, driving and justifying spend on #offensivesecurity testing.

Check out this recap from our industry-leading offensive security report for a #cloudsecurity temperature check. https://bfx.social/44SQiUS