For SANS Critical Controls: Authentication Missing In Action

The article argues that authentication deserves its own explicit control within the SANS 20 Critical Security Controls, contending that current guidance gives authentication short shrift despite widespread credential theft and the growing importance of authentication in cloud environments; it cites examples such as Mandiant's findings about valid credential use in APT breaches and the Adobe password theft to justify stronger emphasis on authentication and multi-factor protections.