Author: Nikhil

Microsoft defines a Service Account as “A service account is a user account that’s created explicitly to provide a security context for services that are running on Windows Server operating systems. The security context determines the service’s ability to access local and network resources.” Yet, they can be compared to the (false) stereotype of the “quiet kid in the school.” They are rarely discussed in boardrooms, seldom included in transformation roadmaps, and almost never part of employee lifecycle conversations. Yet when breaches are investigated, these accounts often emerge as vectors.  Why service accounts sprawl (and become un-disableable)?  Service accounts are essential for automation. Modern tech environments depend on background processes such as application-to-application communication, API integrations, batch processing, monitoring tools, and patch management. These processes need…

2026 is finally here. The expected finalization of the Cyber Incident Reporting for Critical Infrastructure Act, 2022 rules is expected to happen in May this year. In John Cena’s words, “the time is now.” Provided there is no extension, enforcement expectations will ensure that the gap between “we usually handle incidents this way” and “this is how reporting is supposed to work” will no longer be theoretical. First off, critical infrastructure operators must notify CISA within 72 hours of experiencing a significant cyber incident. The time shrinks to 24 hours if a ransomware payment is made. This tight deadline ensures…

We have already talked about machine IDs. In this blog, we zoom out and focus on Non-Human IDs (NHIs). Both types of IDs share another similarity: there are just way too many of them. NHI secrets, including API keys, service accounts, and Kubernetes workers, now outnumber human identities by at least 45-to-1 in DevOps environments. outnumber human identities by at least 45-to-1 in DevOps environments. And how much is too much, considering that APIs, containers, service accounts, bots, IoT devices, AI agents, and automated pipelines all rely on digital identities to function? This is a nightmare situation, as governance practices have not evolved at the same pace, and managing them can be a problem. This widening gap between identity growth and identity…

Apart from AI, what is another new thing you can almost certainly find in modern network environments? It is machine IDs. Both share another similarity: careless use and misuse of both will result in absolute disasters. Why? Because, unlike human accounts, machine identities do not benefit from natural security checkpoints. Unlike people, machines cannot leave organizations, change roles, or trigger access reviews. A service account created years ago may still have full access rights, even if the service it supported has been partially redesigned or replaced. From a defense standpoint, this means that access is rarely reduced. Over time, machine identities accumulate privileges that far exceed their original purpose, creating a large and silent attack surface. …

What is common between octopi and agentic AI? Both can do multiple tasks simultaneously through tentacles that extend in various directions. However, can AI grow back an arm it lost to a predator, as octopi can? This uncomfortable question needs to be asked as the technology is gaining widespread acceptance, and being an emerging technology, has an uncertain threat landscape. One of the clear and present dangers is overprivileges. Because the AI needs to ingest and analyze data from a variety of sources for reasoning, there exists a very thin line between just enough and overprivileges, and both bring their own set of hazards with them. An underprivileged system will not be able to fulfill its duties, and overprivileging will expose organizations to operational, compliance, and reputational risks. One of the biggest reasons behind the privilege creep is how Agentic…

We don’t hate passwords enough. Not only are they required everywhere, but they also need to be complex and unique almost every time. Passkey vaults seemed to be a way out, but they have also turned out to be vulnerable; no wonder more secure alternatives like passkeys are finding increased preference. You do not need to remember zillions of unique passwords, and in case you are using a vault, worry about that vault’s security. But what if you were told that passkeys definitely reduce certain classes of risk dramatically, but do not eliminate identity risk, only shift it upstream? And even if they reduce risk, is there any way to measure it?  Passkeys authenticate through a cryptographic challenge-response tied to device origin and domain. This design directly targets the dominant identity threats of the…

How does it feel to literally lose your heart? Not in a metaphorical way, but in a literal way? Having a pacemaker is quite common these days. It can not only be hacked, but the bad actors can also put malware on it. Yes, it has not happened outside of laboratory, experiments, yet. There have also been massive recalls of pacemakers due to security concerns. This is not just one connected medical device; the danger has been flagged in JAMA in 2024. Now, the FDA has swung the hammer hard. FDA’s 2025 final premarket cybersecurity guidance reframes cybersecurity for connected medical devices (CMDs) as a foundational safety obligation that must be demonstrated before market entry, not as…

If you want total security, go to prison. There you’re fed, clothed, given medical care and so on. The only thing lacking… is freedom.  -Dwight D. Eisenhower Browsers are a classic example of “can’t live without, can’t live with.” While we can’t live without browsers like Edge, Safari, and Firefox, they are something the SecOps personnel can live without. Traditional browsers mostly lack features like built-in mechanisms for granular policy enforcement, data isolation, or compliance logging. The same browser used for personal browsing is used to access sensitive SaaS apps, internal tools, and third-party services, creating unavoidable shadow IT and data leakage risks. There are strategies like Remote Browser Isolation (RBI). But it may be the case of cure worse than disease, as it…

IT infrastructure has evolved over time from a 3-tier structure to a desegregated stack that still needs to scale for growth. This means more workloads, more clouds, more endpoints, and more users. Hyperautomation was the logical next step to ensure that automation, AI, and orchestration can finally keep pace with the complexity that humans alone cannot manage. However, as the idiom goes, no good deed goes unpunished. You see, hyperautomation expands the attack surface just as fast as it improves efficiency. Every automated workflow, API integration, script, and self-healing process becomes both a productivity multiplier and a potential security liability.…

The comparison of the Q4 2024 and Q3 2025 SPARK MatrixTM for the Web Application Firewall (WAF) market suggests that the market has changed from considering the importance of WAF as a control to the criteria by which it is evaluated. WAF is no longer assessed as a standalone security product. Rather, it is judged as part of a broader application security and delivery fabric, and that shift explains why some vendors remain leaders, some advance, and others lose relative ground. Akamai, Cloudflare, Radware, F5, Imperva, and Fastly remain as leaders in 2024 and 2025. This continued hold is not…