News for today:
- [Token] Token for Salesforce. Token said that Salesforce customers, partners, and administrators should be using its biometric identity products to protect access to Salesforce and the data therein. Token directly addresses this new Salesforce security reality [stronger security requirements, including MFA for employee users and phishing resistant MFA for privileged users, including Salesforce admins] by combining biometric identity, phishing resistant FIDO2 and WebAuthn authentication, secure hardware, and wireless ease of use. Token products are designed to ensure that Salesforce access is granted only when the authorized physical human is present and biometrically verified. Token
- [Cobalt] Traditional pen testing can’t keep pace. New research from Cobalt finds that security leaders know that traditional pen testing can’t keep pace with modern threats. That’s a good thing, right? 53% of respondents said traditional offensive security approaches, such as manual penetration testing, provide a static view that is obsolete by the time reports are delivered. Cobalt
- [CrowdStrike] Risk-aware identity security moves. CrowdStrike joined both the OpenID Foundation and IDPro in support of continuous, risk-aware identity security. As AI agents and non-human identities (NHIs) operate with superhuman speed and access, legacy identity models built on static policies and standing privileges break down. Real-time security signals are needed to make dynamic access decisions as threat conditions change – not just authenticate once and trust indefinitely. By joining these groups and contributing to open standards, CrowdStrike is sharing real-time Falcon platform intelligence across identity providers, SaaS platforms, and security tools – providing the risk signals the industry needs for continuous, risk-aware identity enforcement. CrowdStrike
- [Semperis] Strategic technology alliance with Hack The Box. Semperis and Hack The Box announced a strategic technology alliance, combining identity security tech from one and cyber readiness elevation from the other. As hybrid environments, AI-driven transformation and operational complexity reshape enterprise security, identity has become one of the most important areas that defenders need to protect. Few organizations can detect, respond to, and remediate cyberattacks against Active Directory, Entra ID, Okta, and Ping Security before they cause disruptions. This alliance reflects growing industry demand for security strategies that combine technology investment with measurable workforce readiness. Semperis
- [Dragos] Acquisition of Phosphorus. Dragos announced the acquisition of Phosphorus, to extend its capabilities across other types of connected devices. Phosphorus offers the industry’s most comprehensive discovery and remediation platform for connected devices, which integrates with customers’ existing infrastructure without requiring disruptive architectural changes. The platform actively discovers and provides deep visibility into devices across OT and enterprise environments, delivering detailed risk context and continuous situational awareness across the extended device landscape. Phosphorus automates remediation workflows, including password rotations, firmware updates, certificate management, and configuration hardening, while helping organizations address compliance and reduce risk at scale. Dragos