嗯,用户让我用中文总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述。好的,我先看看用户提供的文章内容。 文章分为两个部分:一个是关于数据安全态势管理(DSPM)的访谈,另一个是关于新认证标准DBSC和DPoP的讨论。访谈部分提到DSPM如何帮助企业重新获得对敏感资产的可见性和控制,特别是在数据分散的情况下。同时,还比较了DSPM与其他技术如DLP、CSPM和DSP的区别,并探讨了它在零信任和云安全策略中的整合。此外,合规和监管压力对DSPM市场的影响也被提及。 第二部分讨论了Passkeys作为防止钓鱼和盗窃的解决方案,但同时也指出了信息窃取者仍然可以通过窃取OAuth密钥和刷新令牌来绕过这些措施。因此,新的标准DBSC和DPoP被引入,以解决这些问题,并探讨了它们的采用情况。 现在需要将这两个部分的内容浓缩到100字以内。首先,明确主题:数据安全态势管理和新认证标准。然后简要说明每个部分的核心内容:DSPM帮助企业应对数据分散带来的盲点,并整合到零信任策略中;DBSC和DPoP用于防止令牌盗窃,并探讨其采用情况。 组合起来:文章讨论了数据安全态势管理(DSPM)如何帮助企业在数据分散的情况下恢复对敏感资产的控制,并整合到零信任策略中;同时探讨了新认证标准DBSC和DPoP如何防止令牌盗窃及其采用情况。 检查字数:大约90字左右,符合要求。 </think> 文章讨论了数据安全态势管理(DSPM)如何帮助企业应对数据分散带来的盲点,并整合到零信任策略中;同时探讨了新认证标准DBSC和DPoP如何防止令牌盗窃及其采用情况。 2025-12-15 10:0:0 Author: sites.libsyn.com(查看原文) 阅读量:6 收藏
Dec 15, 2025
Interview Segment: Tony Kelly
Illuminating Data Blind Spots
As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we’ll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.
Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We’ll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare.
Segment Resources:
https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
Topic Segment: We've got passkeys, now what?
Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked.
After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced:
- DBSC (Device Bound Session Credentials) for browsers
- DPoP (Demonstrating Proof of Possession) for OAuth applications
We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted?
Segment Resources:
- FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication
News Segment
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-437
如有侵权请联系:admin#unsafe.sh