Category: Interview

Virtual Private Networks (VPNs) have long been the standard technology for remote access, multi-site connectivity, and third-party access. However, recent trends in cloud adoption and remote work have exposed significant weaknesses in VPN security. This article examines the transition from VPNs to Zero Trust Network Access (ZTNA) and its implications for cybersecurity, drawing insights from the 2024 Zscaler VPN Risk Report and an in-depth interview with Deepen Desai, Chief Security Officer and SVP Security Engineering & Research at Zscaler.

The Decline of VPNs: A Vulnerable Legacy

VPNs have been the cornerstone of remote access for decades, allowing users to connect securely to corporate networks from anywhere in the world. They provide essential functionalities such as remote connectivity, multi-site connectivity, and third-party access.

“More than 70% of the use cases for VPNs are around remote access,” Desai noted. “In cases of mergers and acquisitions, companies often set up site-to-site VPNs, which can inherit security issues from the other side. Third-party access, although less common, poses even greater risks.”

However, as Desai pointed out in the interview, these legacy architectures are increasingly proving to be liabilities. According to the report, a whopping 56% of organizations experienced VPN-related cyberattacks in the past year, an 11% increase from the previous year. And more than half of enterprises breached via VPN vulnerabilities (54%) experienced lateral movement by threat actors.

“The legacy architecture of VPNs, which grants broad network access once credentials are verified, significantly increases the risk of lateral movement by attackers within the network,” says Deepen Desai. “This means that once an attacker gains access through a compromised VPN, they can move laterally across the network, accessing and exfiltrating sensitive data with relative ease.”

Critical Vulnerabilities: If You’re Reachable, You’re Breachable

One of the primary issues with VPNs is their susceptibility to zero-day vulnerabilities. Recent high-profile exploits, such as CVE-2023-46805 and CVE-2024-21887, have exposed critical weaknesses in VPN products. The recent Ivanti VPN attacks, for example, exploited zero-day vulnerabilities in Ivanti Connect Secure appliances, allowing threat actors to implant web shells and harvest credentials. These breaches enabled attackers to bypass authentication, execute commands with elevated privileges, move laterally within networks and maintain root-level persistence, even after device resets. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives for federal agencies to disconnect affected devices, highlighting the severity of these vulnerabilities. Forensic analysis revealed that attackers could even evade detection by modifying internal integrity checks, creating a false sense of security among users.

In general, VPNs are vulnerable to zero-day vulnerabilities and other attacks, in part, because they are externally exposed, internet-facing devices with public IP addresses. This means that attackers can easily scan for and exploit these vulnerabilities in exposed VPNs. As a result, VPNs exposure substantially increase the enterprise attack surface, while exposing enterprise servers and networks to the internet — all of which increases the chances of attacks like ransomware.

Ransomware and Other Threats

Ransomware actors are particularly adept at exploiting VPN vulnerabilities. Deepen explained that ransomware groups often target VPNs to gain initial access to a network, move laterally, and deploy their ransomware payloads. The 2024 VPN Risk Report identifies ransomware (56%), malware infections (35%), and DDoS attacks (30%) as the top threats exploiting VPN vulnerabilities. These statistics underscore the breadth of risks that organizations face due to the inherent weaknesses of traditional VPN architectures.

“In the last twelve months, we’ve seen more threat actors going after zero-day vulnerability exploits in some of the popular VPN providers,” Desai emphasized. “The zero-day vulnerabilities have become a prominent issue, with several CISA advisories also confirming this trend.”

The Shift to Zero Trust Network Access

As the limitations and vulnerabilities of VPNs become increasingly apparent, more organizations are turning to Zero Trust Network Access (ZTNA) as a more secure and robust technology. Zero Trust is built on the principle of “never trust, always verify,” meaning that no user or device is trusted by default, whether inside or outside the network. Every access request is authenticated, authorized, and encrypted.

“Zero Trust is fundamentally different from VPNs in that it does not inherently trust any user or device,” Desai points out. “Every access request is scrutinized, authenticated, and authorized, which drastically reduces the attack surface.”

The 2024 VPN Risk Report reveals that 78% of organizations plan to implement Zero Trust strategies within the next 12 months, with 62% recognizing that VPNs are fundamentally anti-zero trust. This dramatic shift is driven by the need for a security framework that can effectively address the dynamic and evolving threat landscape and overcome the risks associated with legacy VPN technology.

Principles of Zero Trust

Zero Trust is a comprehensive security strategy built on several key principles:

1.Never Trust, Always Verify: Every access request, regardless of its origin, is subject to strict verification processes. This principle ensures that only authorized users and devices can access network resources.

2.Least Privilege Access: Users are granted only the minimum level of access necessary to perform their tasks. This minimizes the potential damage that could be caused by a compromised account.

3.Assume Breach: Zero Trust systems are designed with the assumption that breaches will inevitably occur. This approach focuses on limiting the blast radius of any potential attack by ensuring that even if an attacker gains access, their ability to move laterally within the network is severely restricted.

Granular Access Control

One of the most significant advantages of Zero Trust Network Access solutions over VPNs is the ability to provide smart, granular access control. Zero Trust also ensures that users connect directly to applications rather than the network, further reducing the risk of lateral movement and minimizing the potential impact of a breach. This level of control is crucial in today’s complex digital environments, where traditional perimeter-based security models are no longer sufficient.

Scalability and Performance

Unlike VPNs, which often struggle to scale and maintain performance under the load of a fully remote workforce, Zero Trust architectures are designed to be inherently scalable. Desai highlighted that during the COVID-19 pandemic, many organizations found their VPNs unable to handle the sudden shift to 100% remote work. With remote and hybrid work becoming the norm, Zero Trust solutions, in contrast, can scale seamlessly to support a distributed workforce without the performance bottlenecks associated with VPNs.

Zscaler’s Approach to Zero Trust

Zscaler’s Zero Trust Exchange platform is a prime example of how Zero Trust can be effectively implemented to protect modern enterprises and provide secure, direct connections between users and applications, eliminating the need for traditional network-based access. Desai outlined Zscaler’s phased approach to implementing Zero Trust, which involves four key stages:

1.Reduce Attack Surface: The first step in the Zero Trust journey is to reduce the external attack surface by making applications invisible to the internet. Zscaler achieves this by hiding applications behind the Zero Trust Exchange, ensuring that they are not directly accessible from the internet and can’t be discovered by probing missions. This significantly reduces the risk of external attacks.

2.Prevent Compromise: The next step is to prevent initial compromises by applying consistent security policies across all user environments. Whether users are remote, in the office, or traveling, the same set of security controls and policies should always follow them. Zscaler provides advanced threat protection and full TLS inspection to detect and block threats before they can cause harm.

3.Prevent Lateral Movement: To prevent attackers from moving laterally within the network, Zscaler employs granular user-to-application segmentation. This ensures that users are never placed on the same network as the applications they access. By doing so, Zscaler eliminates the risk of lateral movement, as there are no network paths for attackers to exploit.

4.Prevent Data Loss: Finally, Zscaler’s Data Loss Prevention (DLP) solutions ensure that sensitive data does not leave the organization. By performing inline DLP policy controls and full TLS inspection, Zscaler can detect and block attempts to exfiltrate sensitive information.

Implementing Zero Trust: Best Practices

Transitioning from VPN to Zero Trust requires careful planning and execution. Desai recommends a phased approach, starting with the most critical applications and high-risk users. Here are some best practices he recommends for implementing Zero Trust:

1. Identify Mission-Critical Applications: Begin by securing the applications that are most critical to your organization. These ‘crown jewel’ applications should be the first to be protected by Zero Trust principles.

2. Focus on High-Risk Users: High-risk users, such as those who frequently fail phishing simulations or have access to sensitive information, should be given priority in the Zero Trust implementation process. Implement strict access controls and continuous monitoring for these users.

3. Apply Zero Trust Principles Consistently: Ensure that Zero Trust policies are consistently applied across all environments, whether users are remote, in-office, or mobile. This uniformity is crucial for maintaining a robust security posture.

4. Educate and Train Users: Finally, user education is a critical component of any security strategy. Ensure that users understand the principles of Zero Trust and the importance of adhering to security policies.

“Zero Trust is a journey, rather than a starting place,  particularly for large organizations with diverse IT environments,” Desai acknowledges. “However, a phased approach, starting with mission-critical applications and high-risk users or use cases, like VPN replacement, can help manage this complexity and ensure a smoother transition.”

The Future of Secure Access

The evolution from traditional VPNs to Zero Trust Network Access marks a significant shift in the cybersecurity landscape. As organizations face increasingly sophisticated cyber threats, the limitations of VPNs have become evident. Zero Trust offers a comprehensive approach to security by meticulously verifying access requests, enforcing least privilege principles, providing granular access control, and continuously monitoring user activity while mitigating long-term costs and increasing ROI.

By adopting Zero Trust, organizations can enhance their security posture and protect sensitive data. As Deepen Desai summarized, “Organizations must move away from remote access VPN solutions, especially for crown jewel applications, to reduce risk and enhance security. Zero Trust is not a single technology but a strategy that requires comprehensive implementation across all user environments.”

The post The Evolution of Secure Access: The Shift from VPNs to Zero Trust Network Access appeared first on Cybersecurity Insiders.

As organizations pivot toward more distributed and fragmented models of work, cybersecurity measures must adapt to keep pace with the evolving threat landscape and expanding attack surface.

In an in-depth interview with Chris Hines, VP of Strategy and Global Marketing at Axis Security, a recent acquisition by HPE, we explored the evolution of unified SASE as the next step in adaptive, integrated security solutions that address today’s complex challenges.

The Evolving Landscape of Remote and Hybrid Work

The COVID-19 pandemic, coupled with technological progress, has reshaped modern work environments. As organizations grapple with the change toward fragmented and dynamic work environments, the threat landscape and attack surface have expanded alongside, emphasizing the need for nimble and adaptive cybersecurity solutions that can address risks that originate both internally and externally: from malicious admins, end users, devices and threat actors aiming to exploit any weakness.

In this rapidly evolving landscape, traditional security architectures are no longer sufficient. Secure Access Service Edge (SASE) has emerged as a strategic imperative for businesses aiming to cope with new challenges and thrive in this new world. Notably, unified SASE offers an effective, streamlined approach to achieving robust security and efficient networking. This article explores the core aspects of unified SASE, why it’s essential for modern cybersecurity and how to get started on the SASE journey.

From Siloed Solutions to Unified Platforms

Historically, cybersecurity technologies such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) were implemented to address distinct challenges. But as both IT environments and cybersecurity threats grow in complexity, there’s a clear shift towards integrated solutions.

Chris Hines underscores this transition, highlighting the complexity, cost and security challenges businesses face when managing multiple solutions, especially in a remote and hybrid work era. Moreover, vulnerabilities and user experience issues associated with traditional remote access technologies such as VPNs further exacerbate these challenges.

“There are three key factors driving the need for SASE adoption today: ineffective legacy security, unnecessarily complex networks, and obsolete solutions,” notes Chris Hines.

Enter Unified SASE

Introduced by Gartner in 2019, Secure Access Service Edge (SASE) emerged as a groundbreaking concept. It blends networking and security functionalities into a holistic policy-based platform, facilitating seamless collaboration between networking and security teams. Gartner predicts that “by 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.”

Unified SASE converges the functions of network and security into a single, cloud-native platform, significantly reducing the complexities and inefficiencies associated with disjointed point solutions. It is based on two core technology sets:

  1. WAN Edge Services (SD-WAN): Software-Defined Wide Area Networking offers robust, flexible network connectivity. It automates the routing of network traffic to improve application performance and deliver a better user experience.
  2. Security Service Edge: Includes Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Digital Experience Monitoring (DEM). This provides a comprehensive security layer by governing user access, filtering web content, managing cloud application use, and monitoring end-user experience.

Benefits of Unified SASE

By integrating WAN Edge Services and Security Service Edge into a single-vendor solution, unified SASE offers numerous advantages:

  • Enhanced Security Posture: Universal security policies paired with centralized access controls heighten threat detection and response capabilities.
  • Operational Efficiency: Merging networking and security functionalities minimizes complexities, promoting cross-functional collaboration.
  • Improved User and Admin Experience: With automatic routing of traffic and enforcement of Zero Trust policies, both user and administrator experiences are optimized without compromise to security.
  • Cost-Efficiency: A unified model inherently reduces capital and operational expenses, scaling seamlessly with evolving business requirements.

How to Begin Your Unified SASE Journey

Though implementing a unified SASE framework may seem daunting, with the right strategy and a reliable partner, you can make the transition to SASE smoothly and securely without disrupting existing operations.

Here are five key steps Chris Hines outlines that successful SASE implementations follow:

Step 1: Establish SASE Goals and Requirements

Determine your organization’s specific goals, needs, and criteria for a SASE framework. Evaluate your existing network and security infrastructure to identify any gaps, challenges, and available resources.

Step 2: Choose a Single-Vendor SASE Solution

Compare and assess different SASE vendors based on factors such as capabilities, coverage, performance metrics, scalability, reliability, customer support, and cost structure. Choose a well-architected, single-vendor SASE solution that is integrated, unified and easy to use.

Step 3: Formulate Your SASE Implementation Strategy

Collaborate with your chosen SASE provider to outline your network topology, security policies, user groups, app profiles, and connectivity options based on best practices. This step should be a joint effort with your SASE provider to ensure success.

Step 4: Initiate SASE Deployment in Phases

Start SASE implementation by deploying essential elements like agents, connectors, SD-WAN devices, or private PoPs via a central management dashboard. Migrate users, devices, physical locations, and applications to your new SASE architecture in a phased or batched manner. SASE’s flexibility allows it to work alongside existing solutions, offering you the pace of deployment that suits your team’s readiness.

Step 5: Unlock the Full Potential of SASE

As the deployment progresses, utilize the tools and dashboards provided by your SASE provider to gain operational insights and real-time visibility. This will allow you to fine-tune your SASE implementation and even discover new areas where SASE could add more value to your business.

By following these steps, you’ll be well on your way to leveraging the full potential of unified SASE, thereby strengthening your security posture and improving network performance.

Conclusion – Two Paths to Unified SASE

If you’re in the market for a powerful, single-vendor SASE solution that delivers both enhanced security and reliable connectivity from any location, you should consider the newly expanded offerings from HPE Aruba Networking, enhanced by its recent acquisition of Axis Security.

Already a leader in SD-WAN, the addition of Security Service Edge (SSE) to HPE Aruba Networking capabilities now provides the foundation for an even more comprehensive, unified approach to SASE suitable for today’s dispersed and dynamic business environments.

The acquisition of Axis Security amplifies HPE’s commitment to integrated network and security solutions. Axis Security’s expertise in Zero Trust Network Access (ZTNA) further enriches HPE Aruba Networking’s SASE capabilities through Adaptive Trust, adding advanced, granular access controls, superior threat detection, and real-time adaptive responses.

IT teams can now implement WAN and cloud security measures directly at the network edge through HPE Aruba Networking EdgeConnect SD-WAN, while also benefiting from Axis Security’s advanced ZTNA functionalities. This ensures that robust Zero Trust security controls can be extended to all users and devices, regardless of location.

Choosing a unified SASE solution from a single vendor can accelerate this digital transformation. The only remaining question is: How will you begin your SASE journey?

Two Entry Points for Your SASE Strategy

  1. Initiating with SSE and ZTNA: The recent Axis Security acquisition fortifies HPE Aruba Networking’s already robust security If ZTNA is your starting point, consider replacing your VPN with ZTNA from HPE Aruba Networking to enable additional layers of security for your private applications, whether they reside in a data center, the cloud, or in between.
  2. Starting with SD-WAN: If you prefer to begin your SASE journey by focusing on SD-WAN and completing your secure edge portfolio, then the full array of options powered by HPE Aruba Networking EdgeConnect SD-WAN is available.

According to a 2023 Ponemon Institute report, about 46% of organizations are expected to have a SASE architecture in place within a year. SASE is not just a fleeting tech trend; it’s a strategic imperative for any enterprise looking to thrive in the digital age. Adopting a unified SASE framework not only improves your organization’s security posture but also enhances operational efficiency and cost-effectiveness for the future.

For more information and to take a test drive of HPE Aruba Networking unified SASE, visit https://www.arubanetworks.com/connect-and-protect/.

The post Unlocking the Full Potential of Unified SASE: An Interview with HPE’s Chris Hines appeared first on Cybersecurity Insiders.

Access control is at the heart of IT security, evolving over the years to adapt to the rising challenges and demands of an ever-complex digital landscape. One company at the forefront of this evolution is PlainID. In a recent conversation with Gal Helemski, co-founder and CTO/CPO of PlainID, we discussed the evolution of access control, the role of policy-based access control, and how the current cybersecurity landscape is shaping up.

The Evolution of Access Control

Access control’s story is one of constant change. From rudimentary methods that revolved around physical barriers to more complex role-based systems and beyond, it has always been about ensuring that the right people have the right access at the right time.

In the early days, Identity and Access Management (IAM) systems primarily centered on defining, managing, and authenticating identities. However, as Helemski mentioned, the IAM journey didn’t end there. “The identity journey is not completed. It’s not enough just to manage the identity. And to have the identity authenticated in a very well and secured manner.” Comparing the situation to giving someone a key to a house, she inquired, “Can they go everywhere they want in that house? Can they open the fridge, take whatever they want? No, they can’t. And that’s authorization.”

This gap in authorization management and control was the driver behind the founding of PlainID. The company’s vision was clear – address the missing link in the IAM journey.

Policy-Based Access Control (PBAC) vs. Role-Based Access Control (RBAC)

The shift from role-based access control (RBAC) to policy-based access control (PBAC) is significant. While RBAC focuses on the identity context, PBAC provides a holistic view, considering both the identity and the assets it accesses in the business context. Helemski elaborated, “Policies consider both what we know about the identity and what the identity is trying to access, and on top of that, any condition like environmental factors, time of day, and risk metrics which are currently in play.”

This comprehensive approach allows for dynamic, context-rich decisions about access, providing a much-needed solution to the limitations and complexities of traditional role-based systems. The policies governing policy-based access are flexible and can be defined or adjusted based on various attributes, including user attributes, resource attributes, and environmental conditions.

Flexibility & Scalability

One of the strengths of PBAC is its inherent flexibility. Whether it’s a change in job roles, introduction of new services, or organizational restructuring, PBAC can easily adapt without requiring a massive overhaul. This adaptive nature ensures that PBAC systems are scalable, catering to both small startups and vast multinational corporations.

Integration and Real-time Evaluation

Modern PBAC systems are designed to integrate seamlessly with other enterprise systems, such as HR or CRM platforms. This integration ensures that any change in a user’s status, like a job change or department transfer, can be immediately reflected in their access permissions. Real-time policy evaluation ensures that users have the right access at the right time, enhancing security without compromising on user experience.

Granularity and Context Awareness

PBAC excels in its ability to make context-aware decisions. Whether it’s distinguishing between access requests made from a secure office network versus a public Wi-Fi, or between regular working hours and unusual late-night requests, PBAC considers it all. This granularity ensures that access decisions are not just binary but are based on the comprehensive context surrounding the request.

Simplifying the Complex

While PBAC can handle complex policy definitions, it actually simplifies access management. Traditional systems might require defining and managing thousands of roles, leading to ‘role explosion’. In contrast, PBAC, with its dynamic policies, reduces the need for such extensive role definitions, making management more straightforward and more efficient.

Continuous Compliance and Audit

In an era where regulatory requirements are stringent, PBAC shines in ensuring compliance. Its detailed logging capabilities provide clear insights into who accessed what, when, and based on which policy. Such detailed audit trails not only help in regulatory compliance but also in internal reviews and investigations.

Insider Threats and Access Control

One of the considerable advantages of a policy-based approach is its nuanced understanding of risk. By considering the dynamic context of an access request, PBAC systems can respond to high-risk situations effectively. Helemski explained, “If the identity is trying to access from the office itself at 10:00 AM, that’s a low-risk access. But if they’re trying to access from a different country at 8:00 PM, that’s a high-risk access.”

Such a dynamic and granular approach is invaluable in managing insider threats, ensuring that risk metrics are continually updated and relevant.

PlainID and Zero Trust

The Zero Trust model posits that trust needs to be re-established at every point, from network access right down to data access. While many companies focus on network-based Zero Trust, PlainID believes in extending the model. “PlainID enables you to make those decisions dynamically and granularly. It does not end at the network. It continues all the way through applications, APIs, services, data and so on,” Helemski said, emphasizing the need for a comprehensive Zero Trust approach.

Recommendations for Organizations

For organizations seeking to enhance their security posture, Gal Helemski’s top three recommendations are:

  • Awareness of Visibility Gaps: Recognize that as digital space grows, there’s a pressing need to detect where digital identities are and their capabilities.
  • Provision of Tools: Equip application owners with the necessary tools to ensure consistent and secure authorization across the board.
  • Embrace the Zero Trust Program: Remember, Zero Trust is an ongoing journey. It’s essential to set clear foundations and objectives, gradually onboarding more applications to reduce overall risk.

Looking Ahead

As the digital landscape continues to evolve, the need for dynamic, context-aware access control mechanisms like PBAC becomes even more apparent. By focusing on policies rather than static roles, PBAC provides a forward-thinking approach to access control, ensuring that organizations remain secure in an ever-changing digital world.

For more information, visit https://www.plainid.com/

The post The Evolution of Access Control: A Deep Dive with PlainID’s Gal Helemski appeared first on Cybersecurity Insiders.

In cybersecurity, the arms race between defenders and attackers never ends. New technologies and strategies are constantly being developed, and the struggle between security measures and hacking techniques persists. In this never ending battle, Carl Froggett, the CIO of cybersecurity vendor Deep Instinct, provides an insightful glimpse into the changing landscape of cyber threats and innovative ways to tackle them.

A changing cyber threat landscape

According to Froggett, the fundamental issue that many organizations are still grappling with is the basic hygiene of technology. Whether it’s visibility of inventory, patching, or maintaining the hygiene of the IT environment, many are still struggling.

But threats are growing beyond these fundamental concerns. Malware, ransomware, and the evolution of threat actors have all increased in complexity. The speed of attacks has changed the game, requiring much faster detection and response times.

Moreover, the emergence of generative AI technologies like WormGPT has introduced new threats such as sophisticated phishing campaigns utilizing deep fake audio and video, posing additional challenges for organizations and security professionals alike.

From Signatures to Machine Learning – The Failure of Traditional Methods

The security industry’s evolution has certainly been a fascinating one. From the reliance on signatures during the ’80s and ’90s to the adoption of machine learning only a few years ago, the journey has been marked by continuous adaptation and an endless cat and mouse game between defenders and attackers. Signature based endpoint security, for example, worked well when threats were fewer and well defined, but the Internet boom and the proliferation and sophistication of threats necessitated a much more sophisticated approach.

Traditional protection techniques, such as endpoint detection and response (EDR), are increasingly failing to keep pace with these evolving threats. Even machine learning-based technologies that replaced older signature-based detection techniques are falling behind. A significant challenge lies in finding security solutions that evolve as rapidly as the threats they are designed to combat.

Carl emphasized the overwhelming volume of alerts and false positives that EDR generates, revealing the weaknesses in machine learning, limited endpoint visibility, and the reactive nature of EDR that focuses on blocking post-execution rather than preventing pre-execution.

Machine learning provided a much-needed leap in security capabilities. By replacing static signature based detection with dynamic models that could be trained and improved over time, it offered a more agile response to the evolving threat landscape. It was further augmented with crowdsourcing and intelligent sharing, and analytics in the cloud, offering significant advancements in threat detection and response.

However, machine learning on its own isn’t good enough – as evidenced by the rising success of attacks. Protection levels would drop off significantly without continuous Internet connectivity, showing that machine learning based technologies are heavily dependent on threat intelligence sharing and real-time updates. That is why the detect-analyze-respond model, although better than signatures, is starting to crumble under the sheer volume and complexity of modern cyber threats.

Ransomware: A Growing Threat

A glaring example of this failing model can be seen in the dramatic increase of ransomware attacks. According to Zscaler, there was a 40% increase in global ransomware attacks last year, with half of those targeting U.S institutions. Machine learning’s inadequacy is now becoming visible, with 25 new ransomware families identified using more sophisticated and faster techniques. The reliance on machine learning alone has created a lag that’s unable to keep pace with the rapid development of threats.

“We must recognize that blocking attacks post-execution is no longer enough. We need to be ahead of the attackers, not trailing behind them. A prevention-first approach, grounded in deep learning, doesn’t just block threats; it stops them before they can even enter the environment.” added Carl.

The Deep Learning Revolution

The next evolutionary step, according to Froggett, is deep learning. Unlike machine learning, which discards a significant amount of available data and requires human intervention to assign weights to specific features, deep learning uses 100% of the available data. It learns like humans, allowing for prediction and recognition of malware variants, akin to how we as humans recognize different breeds of dogs as dogs, even if we have never seen the specific breed before.

Deep learning’s comprehensive approach takes into account all features of a threat, right down to its ‘DNA,’ as Froggett described it. This holistic understanding means that mutations or changes in the surface characteristics of a threat do not confound the model, allowing for a higher success rate in detection and prevention. Deep learning’s ability to learn and predict without needing constant updates sets it apart as the next big leap in cybersecurity.

Deep Instinct utilizes these deep learning techniques for cybersecurity. Unlike traditional crowd-sourcing methods, their model functions as if it’s encountering a threat for the first time. This leads to an approach where everything is treated as a zero-day event, rendering judgments without relying on external databases.

One interesting aspect of this deep learning approach is that it isn’t as computationally intensive as one might think. Deep Instinct’s patented model, which operates in isolation without using customer data, is unique in its ability to render verdicts swiftly and efficiently. In contrast to other machine learning-based solutions, Deep Instinct’s solution is more efficient, lowering latency and reducing CPU and disk IOPS. The all-contained agent makes their system quicker to return verdicts, emphasizing speed and efficiency.

Deep Instinct focuses on preventing breaches before they occur, changing the game from slow detection and response to proactive prevention.

“The beauty of our solution is that it doesn’t merely detect threats; it anticipates them,” Froggett noted during our interview. Here’s how:

  1. Utilizing Deep Learning: Leveraging deep learning algorithms, the product can discern patterns and anomalies far beyond traditional methods.
  2. Adaptive Protection: Customized to the unique profile of each organization, it offers adaptable protection that evolves with the threat landscape.
  3. Unprecedented Accuracy: By employing state-of-the-art deep learning algorithms, the solution ensures higher accuracy in threat detection, minimizing false positives.

Advice for Security Professionals: Navigating the Challenging Terrain

Froggett’s advice for security professionals is grounded in practical wisdom. He emphasizes the need for basic IT hygiene such as asset management, inventory patching, and threat analysis. Furthermore, the necessity of proactive red teaming, penetration testing, and regular evaluation of all defense layers cannot be overstated.

The CIO also acknowledges the challenge of the “shift left” phenomenon, where central control in organizations is declining due to rapid innovation and decentralization. The solution lies in balancing business strategies with adjusted risk postures and focusing on closing the increasing vulnerabilities.

Conclusion: A New Era of Prevention

The current trajectory of cybersecurity shows that reliance on machine learning and traditional techniques alone is not enough. With the exponential growth in malware and ransomware, coupled with the increased sophistication of attacks using generative AI, a new approach is needed. Deep learning represents that revolutionary step.

The future of cybersecurity lies in suspending what we think we know and embracing new and adaptive methodologies such as deep learning, leading into a new era of prevention-first security.

 

The post The Evolution of Security: From Signatures to Deep Learning appeared first on Cybersecurity Insiders.

In an era marked by rapid technological advancement, data privacy experts like Ken Cox, president of private cloud provider Hostirian, are ringing alarm bells. Our recent conversation with Ken revealed a nuanced perspective on the capabilities of generative language models like ChatGPT and their implications for cybersecurity. This article dives into the crux of the discussion, including the risks these technologies pose, innovative threats emerging from AI, and the practical measures one could adopt for protection.

The Landscape of Risks

Ken Cox doesn’t paint OpenAI and ChatGPT as inherently malicious. In fact, he acknowledges that the creators have instilled a degree of ethical and moral guidelines into the system. However, the problem arises with the open-source versions of these large language models, which can be customized by anyone, for any purpose, ethical or otherwise.

Lowering Barriers to Entry for Bad Actors

The democratization of AI technologies has resulted in a new generation of “script kiddies,” only far more potent. These individuals can employ generative language models to create sophisticated attacks with minimal expertise. As Cox eloquently puts it, ChatGPT has “lowered the barrier to entry for bad players by a lot.”

The Current Threat Landscape

Cox indicated that the tools generated by AI are increasingly becoming capable. One example is the evolution of keylogging, which has now moved from capturing keystrokes at the system level to recreating what you’re typing by analyzing captured Wi-Fi signal patterns and even click sound waves, thanks to AI-assisted frequency mapping.

The Rise of Social Engineering 2.0

Perhaps the most harrowing example is the ability of these models to assist social engineering attacks at an unprecedented scale and sophistication. By ingesting rich data from social media profiles, attackers can easily impersonate people you know or entities you trust. This brings to light deeply rooted concerns about digital personas and even deep fakes, further exacerbating the battle between “good and bad” on the internet. Ken Cox believes that businesses must familiarize themselves with the current AI landscape, advocating for a more sophisticated level of AI literacy among organizations.

Authoritative Source of Authenticity

In the long term, Cox sees the need for an “authoritative source of authenticity,” and suggests that blockchain could offer a solution by establishing verifiable keys tied to individuals or businesses. Traditional measures like robust encryption and granular access controls still hold significant value in this new landscape, adds Cox.

From Pseudonymity to Full Exposure

Cox takes us back to the early days of the internet when user handles were pseudonymous and using real names was a taboo. This paradigm was shattered with the advent of Facebook in 2006, which encouraged people to be themselves online. The cultural shift led to the erosion of pure internet anonymity, transforming the internet into a space of variable anonymity levels.

The Case of Synonymous Blockchain Identities

With the emergence of blockchain technologies like Bitcoin, the modern internet landscape has become more nuanced. Cox describes this new form of identity as “synonymous.” While transactions within a blockchain can remain anonymous, the second a user’s wallet interacts with the real world—be it through a bank or a credit card—the anonymity cloak is lifted.

Future Directions in Identity Verification

Cox outlines his vision for the future of identity verification—blockchain-based personal keys. This approach would allow for pre-authenticated, encrypted communication channels between individuals, customized for each interaction. These personal keys could serve as a decentralized “secret word,” ensuring that communications are genuine.

Multi-Level Encryption Channels

Cox foresees a more intricate system where each entity you interact with has its unique encryption channel. Your bank, your family members, and your service providers will each have different keys to communicate with you, ensuring a multi-layered approach to security.

A Clarion Call for Trust Infrastructure

In his concluding thoughts, Cox underlines the dire need for a new paradigm of trust on the Internet. He believes that companies should focus more on building trust-based technologies to secure our digital future.

The conversation with Ken Cox serves as a vital check on the euphoria surrounding biometrics and other seemingly foolproof identity verification methods. It brings forth a pressing need for multi-layered, decentralized identity verification systems, and perhaps most importantly, a complete rethinking of how trust is established online. As we hurtle toward a future teeming with technological advances, Cox’s insights remind us that innovation must walk hand-in-hand with ethical considerations and security measures to build a safer, more reliable digital world.

Image by Freepik

The post The Double-Edged Sword of AI – How Artificial Intelligence is Shaping the Future of Privacy and Personal Identity appeared first on Cybersecurity Insiders.

The cybersecurity landscape has undergone a dramatic transformation over the past few years, influenced by shifting threat vectors, technological advances, and changing market dynamics. For venture capital firms like Evolution Equity Partners, navigating these complexities is more crucial than ever. I recently had the opportunity to explore these topics with Richard Seewald, the Founder and Managing Partner at Evolution Equity Partners, a VC firm that has been successfully investing in cybersecurity companies for the last 25 years.

Big Picture Shifts in Valuations and Investments

Richard outlines how Evolution Equity Partners has been investing throughout all stages of the business cycle, including critical moments like the post-9/11 era, the 2008 financial crisis, and the post-COVID-19 scenario. These times were marked by significant shifts in investor confidence, interest rates, economic growth, and supply-demand imbalances. However, the opportunities and growth drivers around cybersecurity have remained persistent.

Seewald recalls that in the year 2000, the overall total addressable market for cybersecurity was around $5 billion. After the 2008 crisis, it rocketed to $50 billion. “We are on target to be at $250 billion as we reach the middle part of this decade,” he adds. To put it in perspective, a McKinsey report suggests that cybersecurity could be a $2 trillion market by the end of the decade. “It’s exactly at this point in the cycle that best-of-breed cybersecurity companies are built that are addressing next-generation attacks,” Richard emphasized.

When we look at recent history, we see that the emergence of companies like Crowdstrike, Okta, and Palo Alto Networks coincided with economic downturns, aligning with Seewald’s observations and confirming that periods of economic instability often act as a catalyst for innovation in the cybersecurity space.

Investment Opportunities in Cybersecurity Segments

When asked about the most attractive investment segments within cybersecurity, Richard took us through the firm’s experience in Machine Learning (ML) and Artificial Intelligence (AI). Evolution Equity made its first AI/ML investment in a company called Cognitive Security back in 2012, which later got acquired by Cisco. Richard further observes that machine learning and AI have evolved from just detection to response capabilities.

“One of the areas that we think is particularly compelling in the machine learning space today is protecting the developer environment,” Richard notes. In this context, he mentions an investment in Protect AI, helping organizations deliver secure and compliant ML models and AI applications. The focus is on protecting the AI and ML algorithms, applications, and models as the vulnerability and attack surface to hackers has significantly increased. This is a particularly salient observation as ML and AI are now being deployed across all major industry sectors including healthcare, finance, and more.

Adding Value Beyond Capital: The Evolution Equity Approach

Evolution Equity Partners’ investment philosophy extends beyond capital infusion. Richard cited the example of AVG Technologies, a company where the team at Evolution Equity Partners was instrumental in growing revenue from $4 million to almost $400 million within a decade.

“The playbook that we developed over the last two decades in helping growth-stage businesses in the cybersecurity space has now become institutionalized,” says Richard. He mentions that the firm operates centers of excellence around cybersecurity growth, staffed by professionals who have been integral in building cybersecurity businesses over the last two decades. This involves specialized know-how in product-led growth, operating metrics, and focusing on ROI-driven growth versus “growth at all costs”.

The Shifting Geographical Dynamics

Seewald dives into a fascinating aspect of cybersecurity investments—the geographical dimension. Contrary to popular belief, the cybersecurity investment world isn’t as U.S.-centric as one might think. While 80–90% of cybersecurity companies are U.S.-based, followed by Israel and the U.K., Seewald believes that Europe presents a burgeoning opportunity for cybersecurity startups. “We’ve been one of the most active investors in European cybersecurity over the last decade,” he says, noting investments or acquisitions in almost every major European country.

European cybersecurity companies often set up their headquarters in the U.K. due to an ecosystem that facilitates opportunities for them across Europe, similar to how U.S. cyber ecosystems are concentrated on the East and West Coasts. Companies from countries with significant defense budgets, such as the UK France and Germany, are creating exciting opportunities in the cybersecurity space.

“I am positive we are going to see a billion-dollar machine learning and AI company based on revenue, not just valuation, come out of Europe in the cybersecurity space over the next couple of years,” Seewald predicts. “The quality of universities in Europe is fostering an environment ripe for this sort of innovation.”

Israel, according to Seewald, holds a special place in the global cybersecurity landscape. “Israel is just a unique ecosystem in part because of the flywheel that exists around the cybersecurity entities in the country that produce talent that is well connected, experienced, and technically savvy,” he explains. Evolution Equity Partners has been a key investor in Israel, with recent investments in cybersecurity startups in Tel Aviv.

The Future Outlook

Seewald emphasizes that now is the opportune moment to invest in cybersecurity. “Companies that are born today will be the champions of tomorrow,” he asserts. For instance, during the 2008 financial crisis, companies like CrowdStrike were born, which later turned into market leaders. Seewald encourages cybersecurity entrepreneurs not to be disheartened by current economic fluctuations or contraction in the market. “This is an area that’s mission-critical to our world today. It’s our infrastructure, our companies, our governments that need protection. It’s our way of life,” he says, underlining the sector’s critical importance. “We’re pretty positive about the opportunity in this category over the next couple of years,” Richard asserts.

As we wrapped up our discussion, it was evident that the evolving cybersecurity landscape presents both challenges and opportunities. Evolution Equity Partners, with its depth of experience, is well-positioned to capitalize on these opportunities, steering cybersecurity companies through market cycles to become next-generation cybersecurity leaders.

As the demand for cybersecurity solutions continues to grow—driven by an expanding attack surface, regulatory mandates and an evolving threat landscape—now is an attractive moment for investors to engage deeply with this critical and expanding market. This isn’t merely about hedging against risks or short-term gains; it’s about contributing to building a safer, more secure digital world and protecting our way of life for decades to come.

Venture firms like Evolution Equity Partners serve as key pillars in the cybersecurity ecosystem, enabling innovation, fostering growth, and facilitating market adaptation. Their experiences and strategies offer crucial insights into how the investment community views cybersecurity — as a dynamic, high-growth sector with tremendous potential, not just now, but in the decades to come.

And for those looking to start the next cybersecurity success story: “Don’t be discouraged by any of the headline reports,” Seewald advises, “The right time to be building a cybersecurity company is now.”

Learn more about Evolution Equity Partners here: https://evolutionequity.com/

 

Image By vecstock

The post Investing in Cybersecurity’s Future: A Conversation with Richard Seewald of Evolution Equity Partners appeared first on Cybersecurity Insiders.

In a recent interview, Federico Charosky, CEO of Quorum Cyber, shed light on some often-underappreciated yet crucial facets of insider risk in cybersecurity. Charosky emphasizes the necessity of nuanced definitions when discussing the topic of insider risk. He argues that the term frequently gets misinterpreted and misused, and organizations must discriminate between malicious and inadvertent insider threats. This distinction is not a semantic subtlety; it is fundamental to understanding the nature of the problem and its corresponding solutions. Malicious insiders act with harmful intent, while inadvertent insiders serve as unwitting vectors manipulated by external adversaries.

The Internal-External Threat Dichotomy

Adding a layer of complexity to insider risks, Charosky refers to the Microsoft Digital Breach report, which states that approximately 85% of attacks, irrespective of the assailant’s motives, involve an insider component. This data highlights the near-universal role of insiders in enabling a successful attack, whether knowingly or unwittingly.

The Role of Insider Identity

Identity compromise is pivotal in the success of cyberattacks. The attack chain frequently encompasses some form of identity manipulation, be it through coercion, deception, or the unsuspecting insider being maneuvered into facilitating the attack. This is why Charosky advocates for deconstructing the term ‘insider risk’ to better manage its various components, thereby allowing an organization to efficiently allocate its resources and tackle the most pressing vulnerabilities first. Oversimplifying insider risks into a monolithic issue leads to flawed strategic approaches.

Distinguishing ‘Insider Risk’ from ‘Insider Threat’

It is crucial to differentiate between ‘insider risk’ and ‘insider threat,’ terms often used interchangeably. While an insider risk signifies a potential vulnerability (e.g., an employee with excessive access permissions), an insider threat implies an individual taking malicious actions.

The Phishing Conundrum

Charosky also raised the question of whether phishing attacks should be categorized as insider risks. While the taxonomy may be open to interpretation, what’s important is how this understanding informs defensive or responsive tactics. The threat of phishing is tangible and represents just one avenue through which a legitimate identity can be exploited for malicious ends. Therefore, anti-phishing measures like secure email gateways and awareness training are indispensable but should not be viewed as a panacea for combating insider threats.

The Imperative for a Layered Defense

Charosky’s ultimate message is a call for a layered defense strategy. Sole reliance on employee awareness and action is a failing proposition. The onus should not be solely on insiders to fortify an organization’s cybersecurity. This philosophy aligns with the ‘defense in depth’ principle, advocating for a multi-faceted array of security measures to safeguard various organizational layers.

Insider risk is a multi-dimensional challenge requiring a nuanced understanding and a sophisticated strategy for mitigation. Federico Charosky’s insights serve as an urgent reminder that reducing the complexity of the issue is counterproductive. Whether aligning IAM protocols, adopting Zero Trust security models, or emphasizing the critical role of ongoing training and awareness programs, a comprehensive, multi-layered approach is indispensable for effectively mitigating insider risks.

Quorum Cyber’s Threat-Centric Approach to MDR

Leveraging a potent combination of cutting-edge technology and human acumen, Quorum Cyber aims to furnish organizations with robust and scalable threat protection solutions, specializing in Managed Detection and Response (MDR) services. Founded in 2016 with an initial focus on Microsoft’s cybersecurity solutions, Quorum Cyber has developed a synergistic relationship with Microsoft, now utilizing Microsoft Sentinel to offer managed detection, threat hunting, and response services.

Through this collaboration, Federico Charosky has positioned Quorum Cyber at the forefront of Microsoft’s technological advancements, including becoming the company’s inaugural certified partner in the UK for managed Extended Detection and Response (XDR).

Quorum Cyber’s methodology starts with a threat-centric design philosophy. Rather than merely adhering to standardized best practices, the company zeroes in on the unique risks confronting each client. This tailored strategy enables Quorum Cyber to fine-tune its services to meet the specific needs of every organization.

This nuanced approach to managing insider threats integrates the latest technology with seasoned human expertise. Collaborating closely with Microsoft and emphasizing threat-centric solutions, the company harmonizes the capabilities of AI and human intuition, carving a promising path in the fast-evolving cybersecurity landscape.

For further details on Quorum Cyber’s approach and their partnership with Microsoft, visit the official website.

 

[Image by vecstock]

The post The Nuanced Landscape of Insider Threats: A Conversation with Federico Charosky of Quorum Cyber appeared first on Cybersecurity Insiders.

Security Operations Centers (SOCs) are the heart of cybersecurity, but managing the endless stream of alerts, conducting in-depth investigations, and timely response to incidents are challenges that overwhelm even the most robust SOCs.

The core of this problem is the human bottleneck – it is simply impossible to hire enough cybersecurity analysts to manage all the manual work required to investigate and respond to alerts coming from a multitude of security point products. It’s an industry-wide problem that’s become increasingly clear as security products find more and more threats, but SOCs are inundated with alerts they can’t handle and respond to fast enough.

In a recent interview, Orion Cassetto, Head of Marketing at Radiant Security, outlined an innovative solution that leverages AI to break through these barriers, streamlining operations and ushering in a new era of SOC automation.

AI Co-pilot – Intelligent SOC Automation

Enter Radiant Security’s AI-powered SOC Co-pilot. This sophisticated platform integrates AI into SOC workflows, achieving three crucial outcomes: vastly increased productivity, uncovering missed threats, and significantly faster response times.

Radiant’s AI Co-pilot essentially automates the entire process of security triage and investigation. It conducts an in-depth analysis of every alert and generates a custom response plan for each incident. Analysts can then decide how to respond based on three levels of automation, depending on the organizations’ situation and preferences: (1) manual with step-by-step instructions for the analyst, (2) interactive to automate steps, or (3) fully automated.

The Secret Sauce: AI’s Role

The power of AI Co-pilot comes from the sophisticated AI engine, trained on a rich dataset including inputs like the MITRE attack framework, customer data, and the systems’ output. This enables a dynamic Q&A process that replicates and automates the inquiry and deduction sequence a security analyst would typically perform manually.

But how does it compare with human analysts?

The system’s accuracy consistently reaches the high 90% range, a level of precision that surpasses most analysts. This exceptional performance highlights its superiority to human judgment, not only in terms of accuracy but also in capacity. While human analysts are limited by time constraints and cannot always conduct in-depth investigations for every alert, the system’s automation allows for thorough and detailed analysis every single time, 24×7. In this way, the system offers not only higher accuracy but also greater depth of investigation, making it a truly advanced solution.

“We take a use case-based approach to building this and training our AI. Over time we get better and better with each use case, and we cover more and more use cases so that the analysts can delegate the groundwork to the AI Copilot and focus on working on more important things,” explains Orion. “And that makes the SOC more capable of defending itself and preventing breaches.”

Unleashing the Power of AI in SOC

The Radiant Security SOC Co-pilot boosts analyst productivity through unlimited in-depth investigation, rapid response, and intelligent automation:

  • Automated Triage & Investigation: By using AI, Radiant can manage time-consuming tasks, ensuring no attacks slip through the cracks.
  • Detecting Real Attacks: Radiant deepens investigations to uncover real incidents, understand their root cause, and track attacks wherever they go.
  • Responding Rapidly: With intelligent automation, Radiant can create a response plan, automate or manually perform corrective actions, and allow one-click remediation.
  • Empowering Junior Analysts: Radiant acts as a co-pilot to enable entry-level analysts to become valuable contributors by automating triage, investigation, and offering step-by-step guidance.

“Our AI Copilot is not just a product; it’s a commitment to transforming SOC management. By automating the triage and investigation process, we are empowering SOCs to respond more efficiently and effectively,” adds Cassetto.

Radiant Security’s AI-powered SOC Co-pilot represents a significant leap in SOC management. Through intelligent automation, it directly targets and alleviates critical challenges, offering an efficient and robust solution to the ever-increasing complexities of cybersecurity.

The post AI-Powered SOC Automation: A New Era in Security Operations appeared first on Cybersecurity Insiders.

In the complex field of application security, the challenges surrounding open source software security require innovative solutions. In a recent interview with Varun Badhwar, Founder and CEO of Endor Labs, he provided detailed insights into these specific issues and how Endor Labs is positioning itself to tackle them head-on.

The Broken State of Application Security

Software developers currently spend more than half their time investigating an overwhelming number of security alerts and maintaining tools in CI/CD pipelines. Badhwar characterizes the problem:

“Application security is fundamentally broken today – engineering teams are constantly being asked to deploy numerous AppSec tools in the CI/CD pipeline, which creates substantial work for developers, slows down feature delivery, and adds friction.”

Endor Labs aims to mitigate this productivity tax by focusing on OSS security, with a goal to reduce 80% of vulnerability noise.

Open Source Security and Endor Labs’ Innovative Approach

Open source software (OSS) makes up a significant portion of modern application code, sometimes exceeding 90%. While fostering efficiency and collaboration, it also introduces vulnerabilities if not managed correctly.

Challenges in Open Source Security:

  1. Proliferation of OSS Components: With 80-90% of application code being borrowed from open source repositories, it’s essential to know what components are being used and how.
  2. False Positives: Traditional security tools generate an overwhelming number of false positives, creating a massive burden on developers.
  3. Incompleteness and Inaccuracy: Existing tools often lack insight into how open source code is being used, resulting in both noisy and incomplete risk assessments.
  4. Transitive Dependencies and Reputation Risks: Hidden vulnerabilities and dependencies are often overlooked, posing a latent threat to security.

Endor Labs’ Approach to Open Source Security

Endor Labs’ pioneering approach focuses on actual risks and utilization patterns within OSS. This empowers DevSecOps teams to prioritize risks, secure CI/CD pipelines, and meet compliance objectives like SBOMs. Their methodology includes:

  1. Intelligent Analysis: By understanding exactly how developers are using open source code, Endor Labs pinpoints the actual risks. 90% of code in modern applications is open source software, yet only 12% of that code is actually used within applications. Endor Labs replaces the existing breed of Software Composition Analysis (SCA) solutions that lack context on what parts of the code developers are actually using.
  2. Evidence-Driven Insights: Endor Labs employs an evidence-driven approach that assesses the true impact and risk of vulnerabilities based on how code is being used, rather than blanket evaluations.
  3. Eliminating Noise: By focusing on what matters, Endor Labs eliminates up to 80% of the noise associated with traditional tools, saving developers’ time.
  4. Tackling Hidden Risks: The solution addresses hidden dangers like vulnerabilities present in transitive dependencies, uncovering risks that might otherwise be missed. Endor Labs research reveals that 95% of vulnerabilities live in transitive dependencies, yet most organizations have no visibility into them.
  5. Holistic View of Risk: Endor Labs provides a comprehensive view of risk by evaluating not just the code but also the reputation and potential hazards associated with using specific open source components.
  6. Regulatory Compliance: With open source being labeled a national security issue, Endor Labs ensures that their approach aligns with regulatory requirements, including initiatives like Software Bill of Materials.

Endor Labs’ approach to open source and application security is not only revolutionary but necessary in today’s interconnected development lifecycle. By focusing on actual risks, reducing noise, and providing a comprehensive and intelligent analysis, they are shaping the future of how organizations manage and secure their applications and open source components.

Advice to Organizations and Developers

For organizations and developers, the future lies in consolidating the DevSecOps toolchain, simplifying tool deployments, and prioritizing the risks that matter. In the interview, Varun provided actionable guidance to both developers and organizations:

  1. Embrace Open Source While Ensuring Security: Utilize the benefits of open source software, but with a focus on security and compliance. Implement intelligent tools that understand how code is being used, thereby reducing noise and pinpointing real threats.
  2. Streamline Development Pipelines: Avoid overcomplication and duplication by consolidating the DevSecOps toolchain. Choose tools that simplify deployments, enforce consistent security policies, and enable building software that is “secure by default.”
  3. Foster Collaboration Between Teams: Work towards aligning engineering and security teams, viewing them as internal partners. Focus on real issues that matter most, creating a synergy that enhances overall productivity and security.
  4. Adhere to Regulatory Requirements: Stay abreast of regulatory standards such as Software Bill of Materials (SBOMs), recognizing the importance of transparency and compliance, especially as open source security continues to be a national concern.
  5. Adopt a ‘Trust but Verify’ Approach: Balance the use of open source with vigilant verification of its security. Encourage a development model that leverages OSS benefits without slowing down the development process, promoting a secure and innovative environment.

Endor Labs is at the forefront of reshaping how we approach application security. With a new $70 million round of funding and a clear mission to enable developers to be more productive without compromising on security, they are leading the way toward a more secure and efficient future in software development.

For more information on Endor Labs, visit https://www.endorlabs.com

The post Reducing the Productivity Tax in Open Source Software Security – A Deep Dive with Varun Badhwar of Endor Labs appeared first on Cybersecurity Insiders.

Adaptive Shield, a leader in SaaS security, has made headlines with the announcement of its groundbreaking Identity Threat Detection and Response (ITDR) solution at Black Hat USA 2023. This new addition to its SaaS Security Posture Management (SSPM) solution marks a bold stride towards comprehensively safeguarding the SaaS ecosystem.

In a recent interview with Maor Bin, Co-Founder and CEO of Adaptive Shield, we explored the security implications of the shift to SaaS and Adaptive Shield’s ITDR capabilities for addressing identity-related risks.

The Challenges: Mapping the SaaS Shift

The rise of SaaS applications has reshaped the security landscape, adding complexity and decentralizing control. Integration with various systems expands the attack surface and creates opportunities for breaches. Compliance in the flexible SaaS framework becomes more intricate, and the rapid pace of innovation can outstrip security considerations. The interactions between systems and the shared responsibility model between providers and customers add even more layers of complexity. These evolving factors profoundly redefine SaaS security, requiring an innovative and multi-dimensional approach to anticipate and respond to the challenges.

According to Maor, the broader industry trends are clear: “As on-prem is shifting to SaaS, there’s an immediate need for robust security measures that can adapt to the new environment.”

The shift towards SaaS applications represents a transformative change in how organizations operate, offering flexibility, scalability, and cost-efficiency. However, this shift also introduces new security challenges that require a multifaceted approach. Understanding the factors driving these challenges is the first step in devising effective strategies to address them, ensuring that the benefits of SaaS adoption are not overshadowed by potential risks.

Adaptive Shield’s Innovative Approach to SaaS Security

“When speaking with our enterprise customers, CISOs highlight SaaS Security as a top priority, and ITDR has quickly become a critically needed capability as part of SSPM,” Maor states, aligning the company’s focus with customer needs.

Designed to tackle various SaaS-related threats, Adaptive Shield’s ITDR detects and responds to identity-related security threats based on key Indicators of Compromise (IOCs) and User and Entity Behavior Analytics (UEBA). These threats include password-based attacks, IP behavior anomalies, unauthorized document access, and more. Adaptive Shield’s platform goes beyond mere detection and response, offering a comprehensive model for securing the SaaS Identity Fabric. This includes:

  • Misconfiguration Management: Identification of security drifts across all security controls and receive detailed remediation plans to ensure proper configuration.
  • Identity and Access Governance: Consolidated visibility and risk management of user accounts, permissions, and activities across all SaaS applications.
  • SaaS-to-SaaS Access and Discovery: Visibility into connected apps and assessment of the risk posed to the SaaS environment.
  • Device-to-SaaS Risk Management: Management of risks from SaaS users and their associated devices.

Adaptive Shield offers a complete package that includes Misconfiguration Management, SaaS-to-SaaS Access and Discovery, Identity & Access Governance, Device-to-SaaS Risk Management, and, of course, the newly announced Identity Threat Detection & Response (ITDR). This comprehensive approach ensures that organizations can effectively prevent, detect, and respond to threats, offering unparalleled protection for their SaaS platforms.

Strategic Investment by Blackstone

The ITDR launch follows Adaptive Shield’s strategic investment from Blackstone, one of its Fortune 500 customers. This investment emphasizes the industry focus on SaaS security and the critical need for innovative solutions like ITDR.

Adaptive Shield’s announcement of ITDR capabilities at Black Hat USA 2023 marks a crucial milestone in the field of SaaS security. By providing an integrated solution that understands and addresses the complexities of the SaaS environment, Adaptive Shield is setting new standards for cybersecurity.

For professionals and organizations seeking to fortify their SaaS platforms, Adaptive Shield’s ITDR capabilities present a compelling option that aligns with the evolving demands of modern cybersecurity.

For more information about ITDR or to request a demo, please visit Adaptive Shield’s official blog post on Identity Threat Detection and Response.

The post Adaptive Shield Unveils Identity Threat Detection and Response (ITDR): A New Era in SaaS Security appeared first on Cybersecurity Insiders.