Sign up to save your podcasts
Or
Share Identity is the New Perimeter โ How Attackers Bypass MFA in 2026
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Identity is the New Perimeter โ How Attackers Bypass MFA in 2026
Identity has officially replaced email as the #1 threat vector โ and attackers already know you have MFA. In this episode, Andres and Mike break down why the old network perimeter is dead, what modern identity attacks look like in the wild, and the concrete steps every organization should take to defend themselves in 2026.
What we cover:
๐ด Identity is the New Perimeter Credentials, sessions, and tokens are the crown jewels now. Your firewall no longer defines your security boundary โ your identity layer does.
๐๏ธ IGA โ Identity Governance & Administration Not a product, a framework. How organizations manage user identities, roles, permissions, and compliance across every user, device, and workload.
โ๏ธ Modern Identity Attacks
- Push Fatigue โ bots flooding MFA requests timed for nights and weekends
- Token Theft โ bypasses MFA entirely by stealing your session
- OAuth Abuse โ using legitimate workflows to gain persistent app access
- Session Hijacking โ stealing cookies and replaying tokens
- Privilege Escalation โ enumerating users, targeting admin accounts
๐ MFA Evolution Phishing-resistant MFA, BLE proximity auth (your phone must be physically near the device), passwordless with biometrics, and Cisco Duo + Persona for social-engineering-proof identity resets.
๐ก๏ธ How to Defend Require phishing-resistant MFA, implement device trust, continuously verify after initial access, monitor Identity Behavior Analytics signals (impossible travel, unusual token usage, suspicious admin activity), and isolate privileged workflows.
Resources:
- Verizon DBIR: verizon.com/business/resources/reports/dbir
- CrowdStrike Global Threat Report: crowdstrike.com/global-threat-report
- Cisco Duo: duo.com
- Persona: withpersona.com
๐๏ธ Next episode: Season 3, Episode 3 โ Ransomware ๐ All episodes + show notes: securityin45.com
View all episodes
By Mike Veedock and Andres SarmientoIdentity has officially replaced email as the #1 threat vector โ and attackers already know you have MFA. In this episode, Andres and Mike break down why the old network perimeter is dead, what modern identity attacks look like in the wild, and the concrete steps every organization should take to defend themselves in 2026.
What we cover:
๐ด Identity is the New Perimeter Credentials, sessions, and tokens are the crown jewels now. Your firewall no longer defines your security boundary โ your identity layer does.
๐๏ธ IGA โ Identity Governance & Administration Not a product, a framework. How organizations manage user identities, roles, permissions, and compliance across every user, device, and workload.
โ๏ธ Modern Identity Attacks
- Push Fatigue โ bots flooding MFA requests timed for nights and weekends
- Token Theft โ bypasses MFA entirely by stealing your session
- OAuth Abuse โ using legitimate workflows to gain persistent app access
- Session Hijacking โ stealing cookies and replaying tokens
- Privilege Escalation โ enumerating users, targeting admin accounts
๐ MFA Evolution Phishing-resistant MFA, BLE proximity auth (your phone must be physically near the device), passwordless with biometrics, and Cisco Duo + Persona for social-engineering-proof identity resets.
๐ก๏ธ How to Defend Require phishing-resistant MFA, implement device trust, continuously verify after initial access, monitor Identity Behavior Analytics signals (impossible travel, unusual token usage, suspicious admin activity), and isolate privileged workflows.
Resources:
- Verizon DBIR: verizon.com/business/resources/reports/dbir
- CrowdStrike Global Threat Report: crowdstrike.com/global-threat-report
- Cisco Duo: duo.com
- Persona: withpersona.com
๐๏ธ Next episode: Season 3, Episode 3 โ Ransomware ๐ All episodes + show notes: securityin45.com