Author: bacohido

Paris, France, July 27, 2023 – CrowdSec, the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report, a comprehensive community-driven data report fueled by the collective efforts of its thousands of users.

Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.  The CrowdSec Majority Report consolidates valuable insights from CrowdSec’s open source network, providing data on some of the top emerging cybersecurity threats and trends worldwide, details from which CrowdSec will be discussing while at Black Hat USA 2023.

The CrowdSec Majority Report leverages the strength of CrowdSec’s extensive user base, comprising individuals, organizations, and cybersecurity experts dedicated to fortifying their defenses against emerging threats. By harnessing the insights collected by this community, the CrowdSec Majority Report shows that:

•IPv6 represents 20% of reported malicious IPs. With such rapid high adoption, it was inevitable that IPv6 eventually started registering on cybersecurity radars. For October 2022–June 2023, the CrowdSec network detected increased new threats linked to IPv6 addresses.

•Only 5% of reported IPs are flagged as VPN or proxy users. VPN’s rise to popularity over the past few years sounded the alarm for many organizations. However, contrary to popular belief, data collected by the CrowdSec network indicates that VPNs and proxies play a far less significant role in cybercriminal activities.

•The number of compromised assets is not the most accurate method of evaluating an Autonomous System (AS). The size of operators varies greatly, creating a discrepancy when comparing big operators to small. Though big operators inevitably receive a greater number of reports related to malicious IPs, smaller operators with fewer affiliated IPs — therefore receiving fewer reports — may be hosting riskier services.

•Malevolent Duration (MD) is a more accurate metric for evaluating AS.  This refers to the number of days for which users report a malicious IP to the operator. The average MD of all the IPs in the same AS indicates the operator’s due diligence when it comes to identifying and dealing with compromised assets.

•Third-party reports of infected machines play a significant role. The ability to quickly deal with infected machines reported by third parties within a network, as well as proactively identifying infected machines based on behavioral patterns, significantly impacts how long a machine stays infected.

•Low MD translates to a lower risk for a business to inherit a machine that has been flagged as malevolent. By extension, this also minimizes the risk of a legitimate business asset being preemptively blocked by partners, prospects, or potential customers.

The CrowdSec Majority Report serves as an example of the valuable insights that the CrowdSec community is able to provide in an ever-changing threat landscape. The continuous input from the CrowdSec community enables rapid detection and response to emerging threats, providing users with a proactive defense against cyber attacks. By pooling together their collective knowledge, CrowdSec users protect one another, establishing a united front against malicious actors.

Humeau

“The Majority Report serves as a testimony to the power of crowdsourced data” said Philippe Humeau, CrowdSec CEO and co-founder. “We created this report to provide the industry with much-needed threat intelligence in detecting malicious behavior and preventing imminent cyberattacks. In the Majority Report, you will find evidence of the effectiveness of the CrowdSec network in spotting and blocking malicious IPs before they get a chance to breach your system.”

Download the CrowdSec Majority Report here or visit CrowdSec.net. You can also visit CrowdSec at Black Hat USA 2023 at Booth 2850 to learn more about how CrowdSec is shaping the future of proactive and collaborative cybersecurity or join CrowdSec CEO Philippe Humeau at the Omdia Analyst Summit on 8 August, where he will be investigating the Acronym Soup of Cybersecurity.

About CrowdSec: CrowdSec is an open source and collaborative cybersecurity company that provides real-time threat detection and response capabilities. Its unique approach to cybersecurity leverages the power of the community to protect against threats, making it an ideal solution for organizations of all sizes. For more information, please visit www.crowdsec.net.

Seattle, Wash., July 26, 2023 — Protect AI, the artificial intelligence (AI) and machine learning (ML) security company, today announced it has closed a $35M Series A round of funding.

The round was led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures. To date, the company has raised a total of $48.5M to help organizations protect ML systems and AI applications from unique security vulnerabilities, data breaches and emerging threats.

Protect AI will use the new financing to scale sales and marketing, go to market activities, R&D, and customer success initiatives. The company also announced that Richard Seewald, Founder and Managing Partner at Evolution Equity Partners has joined the Protect AI Board of Directors. He brings more than three decades of investment, operational and entrepreneurial experience in cybersecurity, enterprise software and data analytics to the Board.

Seewald

“Despite the sheer magnitude of the AI/ML security challenge, none of the industry’s largest cybersecurity vendors currently offer a solution to this problem,” said Richard Seewald, Founder and Managing Partner at Evolution Equity Partners. “Protect AI’s founders have built and managed the largest AI/ML businesses in the world for AWS and Oracle, and have assembled one of the most accomplished teams I’ve seen in a startup. The company has the vision, technology and expertise to capture a lion’s share of this new market category.”

Even the most advanced companies in the world don’t keep a detailed inventory of every asset and element used in their ML systems. This is due to the explosive growth in supply chain assets such as foundational models and external, third-party training data sets, and because traditional security tools lack visibility into the dynamic nature of ML systems and data workflows.

In addition, most organizations lack the skills and resources to detect the threats and vulnerabilities in the ML Supply chain. This blindspot creates unique AI security challenges and exposes organizations to risks that span regulatory compliance, PII leakages, data manipulation, model poisoning, infrastructure protection, and reputational risk.

Protect AI has built a platform called AI Radar that helps organizations build safer AI by providing AI developers, ML engineers, and AppSec professionals a way to see, know, and manage an ML environment. AI Radar enables customers to quickly identify and remediate risks, and maintain a strong security posture for ML systems and AI applications.

Swanson

“AI applications are being deployed at an extraordinary and unprecedented rate across all industries and business functions, with virtually no visibility and oversight into the assets being used in their ML systems. Protect AI provides new and innovative solutions, like AI Radar, that enable organizations to build, deploy, and manage safer AI by monitoring, detecting and remediating security vulnerabilities and threats in real-time,” said Ian Swanson, co-founder and CEO of Protect AI. “This new funding will provide the resources to help us scale Protect AI and capitalize on the significant market opportunity in front of us. We are pleased to welcome Richard to our board, and both Evolution Equity Partners and Salesforce Ventures as new investors.”

How AI Radar Works

AI Radar empowers organizations to deploy safer AI by assessing the security of their ML supply chain and quickly identifying and mitigating risks. It offers AI developers, ML engineers, and AppSec professionals the ability to “See, Know, and Manage” their ML with the following capabilities:

Real-Time Visibility: AI Radar’s visualization layer provides real-time insights into an ML system’s attack surface, encompassing ML operations tools, platforms, models, data, services, cloud infrastructure, and other supply chain assets.

Immutable ML Bill of Materials: Automatically generates and updates a secure, dynamic ML Bill of Materials (MLBOM) that tracks all components and dependencies in the ML system. This ensures complete visibility and auditability in the AI/ML supply chain.

Unlike traditional software bill of materials (SBOM), the MLBOM includes immutable time-stamped records of AI/ML environments, capturing any policy violations with clear information as to what, when and who made changes.

Pipeline and Model Security: Implements continuous integrated security checks to proactively safeguard ML environments from data and secrets leakages, and vulnerabilities that could lead to data poisoning, and other AI security risks.

AI Radar utilizes Protect AI’s integrated model scanning tools for LLMs and other ML inference workloads to automatically detect security policy violations, model vulnerabilities, and malicious code injection attacks. It also integrates with third-party AppSec and CI/CD orchestration tools, and model robustness frameworks.

Carter

“eGroup has provided security leadership for digital transformation in nearly every industry for over twenty years. As we help customers prepare for the next phase of their digital transformation journey enabled by AI, we are excited to see Protect AI develop the platform that helps keep an organization’s models, data, and code safe and secure,” said Mike Carter, CEO of eGroup | Enabling Technologies. “Helping businesses scale and adopt AI swiftly and safely with Protect AI’s offerings ensures customers of all sizes can take advantage of the benefits of AI without introducing new risks to their operations, technology stacks, and reputation.”

About Evolution Equity Partners: Evolution Equity Partners, headquartered in New York City, partners with rapidly growing cybersecurity software companies that safeguard our digital world. The firm was founded by investor and technology entrepreneurs Richard Seewald and Dennis Smith, who manage and lead the firm, and its partners have been involved as founders, investors and as senior operating executives in leading software companies around the world. Evolution has invested in over fifty cybersecurity companies building a growing portfolio of market leaders. Learn more at www.evolutionequity.com and follow us on LinkedIn and Twitter.

About Protect AI: Protect AI enables safer AI applications by providing organizations the ability to see, know and manage their ML environments. The company’s AI Radar platform provides visibility into the ML attack surface by creating a ML Bill of Materials (MLBOM), remediates security vulnerabilities and detects threats to prevent data and secrets leakages. Founded by AI leaders from Amazon and Oracle, Protect AI is funded by Acrew Capital, boldstart ventures, Evolution Equity Partners, Knollwood Capital, Pelion Ventures and Salesforce Ventures. The company is headquartered in Seattle, with offices in Dallas and Raleigh. For more information visit us on the web, and follow us on LinkedIn and Twitter. 

Resources: https://protectai.com/; https://mlsecops.com/

Deepening interoperability of AI-infused systems – in our buildings, transportation grids, communications systems and medical equipment — portend amazing breakthroughs for humankind.

Related: The coming of optical infrastructure

But first businesses must come to grips with the quickening convergence of their internal and external computing resources. And that’s no small task.

I had the chance to discuss this with Shinichi Yokohama, NTT Global CISO and John Petrie, Counselor to the NTT Global CISO, at RSA Conference 2023. It was a rare opportunity to get the perspective of senior executives responsible for protecting a Fortune 100 global enterprise.

We discussed how the boundaries between in-company and out-of-company IT infrastructure have become increasingly blurred making network security more challenging than ever. For a full drill, please view the accompanying videocast. Here are a few takeaways:

A converged ecosystem

Cloud migration and rapid software development were both on a rising curve when Covid 19 hit and the global economy suddenly shut down in 2020. As companies adjusted in the post pandemic operating environment, Internet-centric services rose to the fore.

This accelerated the convergence of on-premises and cloud-hosted IT infrastructure. Today, data storage and processing power are prominently  supplied by Amazon Web Services, Microsoft Azure and Google Public Cloud; and everything from software development to supply chain management happens on the fly across servers, endpoints and mobile devices interconnecting across cloud-hosted and on-premises datacenters.

Yokohama observed that once clearly defined network boundaries have all but disappeared, making network security a very difficult challenge. “From the security point of view, the definition of network security has become very blurred,” he told me.

Petrie explained how digital convergence is playing out at a deeper level via the increased cross-coupling of traditional IT operations and network security responsibilities. “From a technical perspective, what we’re seeing is the dissolution of the perimeter itself — it no longer exists,” Petrie says. “We must now start thinking about security as a converged ecosystem. We must protect the cloud, and, in some cases, we must protect on-prem systems that aren’t ever going to be in the cloud, as well. The big changes have happened in the convergence and the digitalization of the ecosystem, especially over the last three years.”

Towards zero-trust

So how should CISOs steer their organizations? Yokohama and Petrie emphasized the importance of moving toward a zero-trust framework. In today’s hyper interconnected operating environment, this comes down to                 parsing and combining multiple legacy and next-gen security technologies tailored to fit the unique needs of the organization.

“What we’ve seen is that most companies are now driving towards a zero-trust framework and they’re finding that you really can’t have a single solution; it has to be multiple solutions to get you there,” Petrie says.

Yokohama added that the first step CISOs must take is to thoughtfully establish a meaningful security architecture, one that addresses the organization’s distinctive needs and also takes into account operations and governance.

“Traditionally most corporations have had a perimeter-based security architecture, but in the era of cloud and mobile, etcetera, the enterprise needs to have a North Star,” Yokohama says. “Once the CISO has defined this security architecture North Star, then decisions can be made, piece by piece, about which technology solutions are needed . . . the architecture must come first, and then they can decide which product choices they would prefer.”

MSSPs’ larger role

The security tenets these senior security executives laid out for me clearly work for Fortune 100 corporations. Yet the argument can be made that in a post-Covid operating environment, these principles are just as valid for mid-market enterprises and even small- and medium-sized companies, as well.

After all, companies of all sizes and in all sectors are intensifying their reliance on cloud-hosted IT infrastructure and SaaS tools and services.

And this is where managed security service providers (MSSPs) enter the picture.

Demand for richer MSSP services was already gaining momentum prior to Covid 19; this demand spiked as the global pandemic spread across the planet. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

NTT Global is a longstanding player in the MSSP space; it maintains a large MSSP unit that coordinates protection of its myriad operating divisions, and it also contracts out MSSP services to its customers and partners.

“The mission is, first, ensure internal security, then, second, to leverage this knowledge to our external client service,” Yokohama says. “We’re happy to bring our knowledge and experience as a holistic solution to the client.”

It wasn’t too long ago that MSSPs mainly helped their customers monitor traffic logs as part of filtering for anything suspicious, Petrie says. Today, MSSPs increasingly help companies do much more sophisticated analysis, such as spotting known attack sequences or monitoring users’ behavior patterns to catch any anomalous activity, he says.

Innovative product usage

It’s notable that new technologies and richer services are only part of the equation when it comes to adequately securing digital convergence. An equally important variable is how humans users end up putting new tools and services to work, Yokohama argues. He emphasizes the importance of not just product innovation, but also inspired use of new technologies and emerging best practices.

For example, he pointed to how a disruptive AI tool, like ChatGPT, embodies a technology breakthrough that, at this moment, awaits a human usage breakthrough, with respect to network security. “Somehow, somebody has to work out how to use this new technology in a smart and secure way,” Yokohama observes. “When people say innovation, they’re typically referring to product innovation or product development. Going forward, I think how we use products smartly and in a secure way, in itself, also becomes an innovation.”

The mainstreaming of zero-trust frameworks, a rising role for MSSPs, smarter usage of new tech – these are all part of digital convergence that is still in an early phase of coalescing; hopefully we’ll arrive at a greater good.

“I am a super optimist, so I see a very promising opportunity,” Yokohama says. “ Security, as well as trust, are the foundation for a successful digital society and NTT wants to be a part of such journey.”

What’s to happen next? I’ll keep watch and keep reporting.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Gainesville, Fla., July 18, 2022 – Around 30,000 websites get hacked every day, with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security.

A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus. The additional result of these hacks include:

•51% had their information phished

•43% had credit card information stolen

•35% had their username and password stolen

•17% had their identity stolen or cloned

Additionally, the study found that a large majority of Americans (75%) harbor genuine concerns about visiting websites that do not look secure. Of those, more than half (58%) said their biggest security concerns when visiting a small business website is “insecure transactions” (where credit card info could get stolen), other concerns include:

•55% – It may be a fake website (website that poses as a real one)

•51% – Phishing Attacks (hackers targeting my email or social media accounts)

•47% – I’ll get a virus

•43% – Disinformation / Misinformation

•42% – Spyware

Web Hosts reveal security features they can’t live without. It may sound inflated to hear that the study found 34% of Americans have used web hosting services. But not when considering that there are more than a billion websites live on the web, with more than 250,000 new web sites created every day.

In fact, the study reveals that one of the most important factors when choosing a good web hosting service is Security/Privacy features (47%), second only to Price (51%). Additional factors include that servers are in-house and not managed by a third party (42%) and many favor server customization and root access (40%), all important to developing and managing a more secure website.

Web Hosting service users’ biggest security concerns are that their domain, or subdomains, will get a virus/worms (49%) or there will be additional cost for security services (45%), while other concerns include:

•2% – Someone will steal my clients’ data

•36% – Botnet-Building Attempts

•37% – DDoS Attacks

•37% – Web Server Misconfigurations

When asked about the security features they can’t live without, 62% of Web Hosting service users said either Data Protection (backups and recovery services) or Threat protection (DDoS, malware, and bot detection features), while another 52% said Encryption (SSH, SSL, WAF).

The Master Cybersecurity Guide for Web Hosts. “More than ever before, there is a vital need for businesses to fortify their security to protect data online. But it can be hard to identify which features and add-ons are actually worth the investment,” said Christina Lewis, editor and web hosting expert at HostingAdvice.

The Master Cybersecurity Guide was developed to help web hosts, designers and programmers understand which cybersecurity measures will best protect their websites and users against viruses, hackers, and breaches. Whether developing secure access, data protection and/or threat protection, implementing the best tools to safeguard your websites can be tedious, so it’s important to seek guidance to mitigate the risks of being attacked. 

Methodology: A national online survey of 1,055 U.S. consumers, ages 18 and over, was conducted by Propeller Insights on behalf of HostingAdvice in June of 2021. Survey responses were nationally representative of the U.S. population for age, gender, region, and ethnicity. The maximum margin of sampling error was +/- 3 percentage points with a 95% level of confidence.

ABOUT: HostingAdvice.com is a site created to provide users with the most dependable, trustworthy hosting advice found on the web. As “The Authority on Web Hosting,” HostingAdvice.com is home to unique content and resources in the hosting industry, including: blog articles, how-to guides, reviews and the world’s best beginner’s guide. Led by a team of real web experts who have a combined 50+ years of experience in web hosting, HostingAdvice.com has truly become the authority on all things hosting: hostingadvice.com.

Pittsburgh, PA – July 13, 2023 – Security Journey, a best-in-class application security education company, has today announced an acceleration of its secure coding training platform enhancements.

Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of up to 85%.

New and updated learning content is especially needed at a time when record-high numbers of software security flaws are being reported. CVEs (Common Vulnerabilities and Exposures) increased by 59% last year, but none of the top 50 U.S. undergraduate computer science programs mandate courses in application security. With calls for ‘secure by design’ coming from the very top of the Cybersecurity and Infrastructure Security Agency (CISA), establishing and continuously boosting secure coding knowledge gain amongst software development professionals is essential.

“At a time when vulnerabilities are at an all-time high, implementing engaging and effective secure coding training is critical,” said Joe Ferrara, CEO at Security Journey. “We’re excited to now offer more than 800 lessons with these latest enhancements.  Our training builds a security-first mindset across organizations and supports regulatory guidance from PCI (Payment Card Industry) Security Standards Council, CISA, the FDA (Food and Drug Administration), and many more organizations that understand the knowledge gaps in secure software development.”

Driving engagement with unique tournament features

To complement the new training content, the company has also launched robust tournament features that drive developer and non-developer learner engagement. All members of the SDLC can participate in AppSec tournaments to assess, apply, and demonstrate their knowledge of fundamental concepts.

Ferrara

Crucially, tournament administrators can filter and select from the entire training catalog to ensure that learning is role-based and tailored to the appropriate level and people.

The easy-to-use interface empowers admins to start a tournament in a matter of minutes with:

Lessons and assignments that can be auto-generated or selected manually

Customizable pre-written tournament notifications enabling admins to communicate easily with participants

Duration estimates indicating how quickly the tournament could be completed

Enhanced scoring including attempts, hints, success, and coding accuracy all driving points achieved

New training content and reporting capabilities

Here is a summary of some of the key new training content and enhancements.

•Additional Pre-built and Customizable Learning Paths – including multiple training formats to drive engagement.

•Lessons on Cryptography, Digital Signatures, and Google Cloud Platform

•Additional Languages and Technologies – C++, Rust, Go, C, Scala, Kotlin, Azure, Scala, Infrastructure as Code, and Embedded Software Systems, and more.

•Enhanced reporting – shows percentage knowledge increase across learners, levels, and lessons to help administrators understand training effectiveness including time spent on lessons.

For more details about all the new Security Journey features, please read more here.

About Security Journey: Security Journey helps enterprises reduce vulnerabilities through application security education for developers and everyone in the SDLC. Their programmatic approach provides a large library of video-based lessons with text summaries along with hands-on secure coding lessons in application sandboxes. All culminating in a collective security-first culture among development teams.?

HackEDU’s spring 2022 acquisition of Security Journey brought together two powerful companies to provide application security education for developers and the entire SDLC team. Over 450 companies around the world are teaching their teams how to build safer apps using Security Journey. Learn more and try our training at www.securityjourney.com.?

Media contact: Katie Fegan, Account Manager, Say Communications, T. +44 (0) 20 8971 6424

 # # #

London, July 13, 2023 — Beazley, the leading specialist insurer, today published its latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023.

The data shows how perceptions around cyber and technology risks, from ransomware and other cyber-attacks to the threats posed by AI, are changing the global business risk landscape.

The economic impact of cybercrime on business across the globe continues to reach new levels, with the cost predicted to reach US$10.5 trillion by 2025, a 300% increase since 2015¹. Yet, boardroom focus on cyber risk appears to be diminishing. The perceived threat of cyber risk to global business leaders peaked in 2021 (34%) and over the past two years, the risk perception has dropped (27%). In 2024, it is predicted to remain at 27% whilst business preparedness for this risk continues to decline.

Is business becoming dulled to the cyber security threat

As cyber fears decrease, the technological risk landscape has fragmented, with executives nearly as concerned about the perceived threat posed by disruptive new technologies, such as AI, as the risk of cybercrime. Failing to keep pace with technology and adapting to new innovations is an issue that 26% of global business leaders identified as their key technological concern, yet resilience to this threat is on the decline and more than a fifth (21%) of all businesses feel they cannot maintain the pace of change.

Leaders are also turning their attention to other concerns such as the risk of theft of their intellectual property (IP) with 24% of business leaders ranking it as their top risk in 2023, more than double what it was in 2021 (11%). IP theft has also become the cyber and technology risk for which businesses across the world feel least prepared, with more than one in four businesses (26%) reporting they feel ill-equipped to mitigate this risk.

Small business is highly exposed to cyber risk

Despite overall concern around cybercrime tracking downwards, small and medium sized businesses (SMEs) are increasingly aware of their limited ability to mitigate cybercrime threats and Beazley’s data suggests they feel more exposed than ever. Companies with an annual revenue of US$250,000 to US$999,999 report feeling less prepared to deal with cyber risks in 2023 (76%) than they did in 2022 (70%). The report outlines how cyber hacking groups are becoming more specialised and diversified, with some groups now using SME’s security systems as a training ground for new hackers to learn their trade.

Paul Bantick, Group Head of Cyber Risks, Beazley said: “Business leaders are finding it a struggle to keep up with the constantly evolving cyber threat. But worryingly they appear less concerned by cyber risk than a couple of years ago. This could be because they have been lulled into a false sense of security as the war in Ukraine led to a temporary reduction in the ransomware threat level when a number of cyber gangs splintered, but this situation is only temporary and should not be viewed as the new normal.

Bantick

“As the MOVEit hack has proved, the bad actors are always looking for new ways to attack with tactics ranging from third party supplier attacks to more sophisticated social engineering and phishing attack techniques. Businesses of all sizes and across all industries cannot afford to take their eye off the ball, just at a moment when cyber criminals are starting to look to make up for profits lost over the past 18 months.

“The emergence of AI and other tech innovations as well as the increase in concerns over IP theft are now front of mind for many business leaders globally. These threats are fast evolving and unfamiliar, with many companies being caught on the back-foot when dealing with the risk. For the insurance industry, working with clients to help them tackle these challenges is vital to ensuring businesses operate in as safe an environment as possible. We need to continue to work with our clients to explain how they can improve their resilience to cyber and technology risks and encourage them to adopt a defence in depth risk mitigation strategy.”

About the Risk & Resilience research

During January and February 2023, Beazley commissioned research company Opinion Matters to survey the opinions of over 2,000 business leaders and insurance buyers of businesses based in the UK, US, Canada and Singapore with international operations. Survey participants were asked about their views on insurers and insurance, as well as on four categories of risk:

•Cyber & Technology – including the threat of disruption, failure to keep pace with changing technology, cyber risk and IP risk.

•Environmental – including climate change and associated catastrophic risks, environmental damage, greenhouse gas emission, pandemic, food insecurity and energy transition risk.

•Business – including supply chain instability, business interruption, boardroom risk, crime, reputational and employer risk and failure to comply with ESG regulations and reporting requirements.

•Geopolitical – including strikes and civil disruption, changes in legislation and regulation, economic uncertainty, inflation and war & terror.

Of the firms surveyed, there was an equal split of respondents across company sizes of: US$250,000 – US$1 million, US$1,000,001 – US$10 million, US$10,000,001 – US$100 million, US$100,000,001 – US$1 billion, more than US$1 billion.

With a minimum of 50 respondents per country per industry sector, respondents represented businesses operating in:

•Healthcare & Life Sciences

•Manufacturing, Retail, Wholesale and Food & Beverage

•Commercial Property, Real Estate and Construction

•Hospitality, Entertainment and Leisure (including Gaming)

•Financial Institutions and Professional Services

•Energy and Utilities (including Mining), Marine and Warehousing

•Public Sector and Education

•Tech, Media and Telecoms

•Transportation, Logistics, Cargo and Aviation

Previous editions of the survey were undertaken between January & February 2021, as well during January 2022. Opinion Matters abides by and employs members of the Market Research Society and follows the MRS code of conduct which is based on the ESOMAR principles.

About Beazley. Beazley plc (BEZ.L) is the parent company of specialist insurance businesses with operations in Europe, United States, Canada, Latin America and Asia. Beazley manages seven Lloyd’s syndicates and, in 2022, underwrote gross premiums worldwide of $5,268.7m. All Lloyd’s syndicates are rated A by A.M. Best.

Beazley’s underwriters in the United States focus on writing a range of specialist insurance products. In the admitted market, coverage is provided by Beazley Insurance Company, Inc., an A.M. Best A rated carrier licensed in all 50 states. In the surplus lines market, coverage is provided by the Beazley syndicates at Lloyd’s.

Beazley’s European insurance company, Beazley Insurance dac, is regulated by the Central Bank of Ireland and is A rated by A.M. Best and A+ by Fitch.

Beazley is a market leader in many of its chosen lines, which include professional indemnity, cyber, property, marine, reinsurance, accident and life, and political risks and contingency business. For more information please go to: beazley.com

Media contact: Craig Ingber, Account Manager, Omnia Paratus, T: 908-403-2191, craig@omniaparatus.com

# # #

Santa Clara, Calif. and Bangalore, India – July 13, 2023 — Large companies are typically using over 1100 SaaS applications to run their operations and the number of companies adopting this trend is rapidly growing 20% every year but this presents a number of risks.

Helping them manage their SaaS estates and mitigate risks, SaaS operations(SaaSOps) platform Zluri is today announcing a $20M funding round. The Series B funding round was led by Lightspeed, with participation from existing investors including MassMutual Ventures, Endiya Partners and Kalaari Capital. The company has now raised $32m in total venture funding since 2020.

The rapid expansion of SaaS products in large companies poses significant challenges for IT and security teams, making it increasingly difficult to manage and  orchestrate SaaS operations. Alongside this, the unstoppable wave of enterprise digital transformation, led by generative AI, swift cloud adoption, and the rise of distributed remote workforces, is ushering in a new era of complexity in SaaS operations.

“The Enterprise SaaS consumption trends have led to under utilized licenses, compromised security, ineffective governance and overall suboptimal management of SaaS stacks for IT and Security Teams,” commented Ritish Reddy, Co-Founder of Zluri. “We have fearlessly been building Zluri to scale for the needs of our community and have added a range of features to protect these companies and help them grow. Having launched and scaled our discovery engine in 2020 to help companies understand their SaaS stacks better, we have since launched an identity governance tool to manage access and now are launching the Zluri co-pilot to help enable faster workflows.”

Zluri’s comprehensive SaaSOps platform for IT teams helps companies discover, manage and optimize, secure and automate SaaS applications from a single dashboard. In addition to this, the Identity Governance tool will help teams streamline on/off boarding, access request management and offer access audits. The new Zluri CoPilot feature will help teams converse with their data and create workflows i.e making offboarding users much more efficient.

Reddy

Zluri works with over 250 customers globally which include prominent names such as Monday.com, Tipalti, Whoop, Catapult Sports, Razorpay, Smartnews, Amagi, Daxko, Traveloka etc.

With the new funding round,  Zluri will expand Generative AI capabilities in enterprise SaaSOps with Zluri’s CoPilot – an intelligent assistant to boost efficiency and productivity across enterprises using no-code workflows. Zluri has built a custom large language (LLM) model trained on billions of data points encompassing a wide range of attributes.

Zluri’s expansion plans include continuing to scale go-to-market teams in North America and Europe to reinforce their presence in strategic markets, and fostering closer collaboration with customers. By establishing a stronger global footprint, Zluri aims to provide exceptional support to its growing customer base while actively seeking opportunities to forge new partnerships and drive innovation in the realm of SaaS management and Identity governance.

Khare

“We are excited to partner with the Zluri team as they revolutionize SaaS management and identity governance for large enterprises and mid-market firms in the US and globally,” says  Dev Khare, Partner, Lightspeed. “They have demonstrated strong market traction, driven by an innovative architecture addressing the twin drivers of cybersecurity and pressure on IT to reduce cost.”

Since their Series A in January 2022, Zluri has doubled the overall team size,  made deep in-roads in the US market including setting up an office in California and launched new products expanding their offerings from a single product to multi-product for both enterprises and mid-market companies.

“ARC is a group of 16 unique companies with varying tech stacks. Zluri has enabled us to understand usage and uncover shadow IT so that we can understand which tools are being used per capability,” says Kyle Hitchcock – Head of IT, ARC Group. “They have also helped us cross reference our spends against usage which helps us determine which SaaS apps are giving the most business value. We are currently in the process of connecting our HR system to allow for automatic provisioning/deprovisioning of SaaS apps and licenses. It has been a great tool for us and we look forward to a long partnership working together” 

Zluri puts the IT team back in control of their new SaaS-ified landscape. Zluri has the most comprehensive application discovery engine in the industry and the largest library of over 800 in-depth direct integrations.

About Zluri. Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance. Zluri empowers IT and Security teams to gain visibility into their SaaS landscape, unlock recurring savings, & securely govern access with provisioning and de-provisioning. Zluri’s technology is powered by a deep discovery engine, in-built iPaas and its evolving AI, enabling companies to easily navigate & control complex SaaS ecosystems. Trusted by over 250 global customers, Zluri is committed to delivering innovative, reliable, and scalable solutions that empower organizations to optimize their SaaS usage, ensure compliance, and enhance identity governance practices. For more information please visit https://www.zluri.com/.

About Lightspeed. Lightspeed is a global multi-stage venture capital firm focused on accelerating disruptive innovations and trends in the Enterprise, Consumer, and Health sectors. Since 2000, Lightspeed has backed entrepreneurs and helped build companies of tomorrow, including Snap, Hasura, OYO, Affirm, AppDynamics, Nutanix, Supabase, Darwinbox, Razorpay and Udaan. Lightspeed and its affiliates currently manage more than $18 Billion across the global Lightspeed platform, with investment professionals and advisors in India, Silicon Valley, Israel, China, Southeast Asia and Europe.

Media contact: Bilal Mahmood, Stockwood Strategy, Mob: +44 (0) 771 400 7257

# # #

Toronto, Canada,  July 12, 2023 – Asigra Inc., a leader in ultra-secure backup and recovery, is tackling the pressing data protection and security challenges faced by organizations utilizing the thousands of Software as a Service (SaaS) applications on the market today.

Because of the increasing adoption of SaaS and the potential data recovery challenges they bring, Asigra is highlighting five major data protection challenges threatening SaaS application data, as well as the need for comprehensive data protection measures to safeguard this information.

Understanding the risks associated with SaaS applications cannot be overstated as the vast majority of them do not offer enterprise-grade data protection or anything close it. While SaaS has revolutionized the way organizations operate by providing access to cutting-edge technologies and boosting cost-efficiency, they often lack a robust data backup/recovery solution.

Without an effective data protection strategy, businesses are vulnerable to data loss, breaches, and regulatory non-compliance. Therefore, it is crucial for organizations to recognize and address the challenges they face in order to protect their SaaS application data effectively.

Addressing this issue, Asigra has outlined the following five most significant challenges in SaaS application data protection and security faced by IT professionals:

•Incomplete Backups: Organizations often assume their SaaS providers fully back up their data, but this is not always the case. To mitigate this problem, organizations must clearly understand their SaaS provider’s backup policies and consider third-party backup solutions for more complete data protection.

•Lack of Backup Frequency: Traditional backup mechanisms may not run frequently enough to capture all changes and updates, leading to potential data loss during the recovery process. Implementing a backup strategy with high-frequency, incremental backups is crucial to minimize data loss.

•Complexity of Data Restoration: Restoring large amounts of data to a specific point in time or reverting to a particular version of data in a SaaS application can be complex and time-consuming. Organizations should have a clear, well-tested recovery plan and conduct regular restoration drills to ensure system and data integrity.

•Regulatory Compliance: Regulatory frameworks such as GDPR, CCPA, and HIPAA impose strict guidelines on data handling, including backup and recovery. Organizations must align their strategies with relevant regulations, considering data sovereignty, encryption standards, and user rights to data.

•SaaS Application Cyber Defense: Malware and ransomware attacks pose a significant threat to SaaS applications. Employing advanced threat detection mechanisms, regular system updates, and maintaining a robust backup and recovery strategy are essential to prevent and mitigate such attacks.

Simmons

“The increasing reliance on SaaS demands robust data backup and recovery strategies with integrated cybersecurity defenses,” said Eric Simmons, CEO of Asigra. “Organizations must understand these threats and implement proactive measures to protect their business-critical data. To that end, Asigra is dedicated to providing ultra-secure backup and recovery solutions that address the evolving challenges in this area of the digital landscape.”

About Asigra: Trusted since 1986, Asigra’s ultra-secure, award-winning backup technologies have been proudly developed in and supported from North America, providing organizations worldwide with the ability to quickly recover their data from anywhere through a global network of IT service providers. As the industry’s most secure backup and recovery solution for SaaS/Cloud applications, servers, virtual machines, endpoint devices, databases, applications, and IaaS based applications, Asigra protects sensitive data with anti-ransomware defense and recovery. The company has been recognized as a three-time Product of the Year Gold winner by TechTarget for Enterprise Backup and Recovery Software and is positioned well in leading market research. More information on Asigra can be found at www.asigra.com.

###