Author: Jane Devry

Every day, artificial intelligence (AI) is becoming more and more a part of our modern IT systems – fueling innovation across industries. But, for AI to succeed there is one thing that is essential – high availability or HA (ok, more than one – but today this is our focus). That’s because, without resilient infrastructure to ensure continuous uptime, performance, and reliability, AI models and applications can falter. This is where HA clustering steps in, giving organizations the reliable foundation they need to manage and optimize AI-driven systems effectively. 

Supporting Critical AI Workloads with HA

The growing reliance on AI technologies places incredible pressure on IT systems to perform at their peak, 24/7/365. AI databases – whether powering complex machine learning training or real-time inference – need infrastructure that guarantees seamless operations and eliminates downtime.

HA clustering is a key part of this ecosystem. By enabling failover and ensuring redundancy, it delivers the reliability that AI workloads require. If one node goes down, the workload is immediately transferred to another, ensuring business continuity. This kind of resilience is crucial as organizations scale their AI deployments and rely on more complex models to support decision-making.

“As organizations ramp up AI adoption, they face growing demands on their IT infrastructure,” I often explain to CIOs. “HA clustering ensures that AI workloads remain available, performant, and resilient even when unexpected disruptions occur.”

Cross-Cloud Resilience for AI Applications

With AI workloads frequently spanning hybrid and multi-cloud environments, ensuring high availability across diverse platforms is essential. Whether data resides on-premises or across multiple cloud providers, the ideal HA clustering solution should simplify the challenge of managing workloads in a distributed environment.

HA solutions equip organizations with the tools to keep AI databases running smoothly, no matter where they’re located. With seamless failover and efficient resource allocation across platforms, IT teams can concentrate on advancing AI innovations instead of dealing with downtime or latency issues.

“Multi-cloud and hybrid environments are where AI workloads thrive, but ensuring high availability across them can be a challenge,” I tell our clients. “With the right HA clustering, businesses can maintain the resilience they need to support AI applications, wherever they are deployed.”

Ensuring Security for AI Environments

AI environments often involve massive datasets and interconnected systems, which makes securing them a top priority. While HA clustering is primarily focused on resilience, it also plays a role in safeguarding critical infrastructure by isolating and mitigating risks.

For example, HA clusters can be configured to automatically reroute workloads away from compromised nodes, minimizing exposure and protecting AI applications from prolonged disruption. Combined with robust security tools, “Smart” HA clustering helps create a secure and reliable environment for AI systems to operate.

The Backbone of a Resilient AI Future

We all know that it is inevitable that AI will reshape how businesses operate, innovate, and compete. But, for AI to deliver on this promise, organizations must prioritize it – especially the infrastructure that powers it. HA clustering is the backbone that is necessary for truly resilient IT environments. With HA clustering, we can ensure AI workloads remain accessible, secure, and optimized at all times, under virtually any condition. 

For IT leaders, the message could not be any clearer… AI applications are only as good as the HA solutions that keep them running and performant. Ensuring a reliable, highly available database backbone needs to be a key consideration for any AI undertaking.

______

About Don Boxley

Don Boxley Jr is a DH2i Co-founder and CEO. He has more than 20 years in management positions for leading technology companies. Boxley earned his MBA from the Johnson School of Management, Cornell University.

 

The post AI Workloads and High Availability Clustering – Building Resilient IT Environments appeared first on Cybersecurity Insiders.

Introduction to Password Security

Password security has seen dramatic shifts driven by the escalation of cyber threats and advancements in technology. Initially, simple passwords sufficed, but as cyberattacks evolved in complexity so did the need for robust password strategies. The rise of credential stuffing, brute force, and dictionary attacks necessitated a rethink in password management practices.

Historically, password policies emphasized complexity—combinations of letters, numbers, and symbols thought to fortify security. These policies often mandated frequent changes, assuming this would mitigate breach risks. However, research revealed such practices often resulted in predictable and weak passwords, like “Password1!,” which did little to deter sophisticated cybercriminals.

This shift in strategies is embodied in the National Institute of Standards and Technology’s (NIST) Special Publication 800-63B, which moves away from complexity and frequency of changes. Instead, it emphasizes password length and uniqueness, aligning with practical user management and reflecting a balance between security and usability.

Moreover, the adoption of NIST’s latest recommendations aligns password policies with real-world use cases and threat scenarios. It acknowledges that security is not just about creating barriers to unauthorized access but about building sustainable practices that enhance an organization’s cybersecurity posture while supporting operational efficiency.

NIST Password Guidelines

The latest iteration of NIST’s password guidelines in SP 800-63B introduces key recommendations designed to enhance password security while improving usability:

•Length Over Complexity

NIST emphasizes that passwords should prioritize length over complexity. A longer passphrase, which can include any characters including all Unicode characters, is more secure and easier for users to remember. The minimum recommended length is eight characters for standard users, with longer passphrases encouraged.

•No Requirement for Character Complexity

NIST no longer mandates the use of specific mixtures of character types (uppercase, lowercase, numbers, symbols). This change is to prevent the creation of predictable passwords that meet complexity requirements but are easy to guess.

•Discouragement of Frequent Password Changes

NIST advises against mandatory periodic password changes, previously a staple of security policies, unless there is evidence of a breach or similar security threat. This guideline is aimed at reducing password fatigue and discouraging the creation of predictable passwords.

•Screening Against Dynamic Blacklists

To improve password security, NIST recommends ongoing screening of new passwords against blacklists of known compromised passwords. This helps ensure that users do not choose passwords that have already been exposed in breaches.

•Use of Password Managers

NIST supports the use of reputable password managers to help users generate, store, and manage complex passwords efficiently. This recommendation is twofold: it decreases the likelihood of password reuse across accounts and facilitates the use of longer, more complex passwords by allowing users to copy and paste them as needed. This approach reduces the burden on memory and enhances security by making it easier to use unique passwords for different accounts.

Rationale Behind the Current Guidelines

The updates to NIST’s password guidelines are based on extensive research into user behavior and password policy effectiveness. Studies have consistently shown that traditional complexity requirements often led to predictable, easily guessed passwords. For instance, the inclusion of mandatory alphanumeric and symbol combinations typically resulted in patterns like “Password1!,” which did not enhance security

Further, the frequent mandate to change passwords often resulted in minor variations of previous passwords, adding little security benefit while increasing user frustration. Notably, research, including findings from Google and the Verizon DBIR, highlights the widespread issue of password reuse across personal and professional accounts, significantly heightening security risks.

These insights prompted NIST to shift their focus from complexity and frequent changes to longer passphrases that are both easier to remember and harder to guess, thereby improving realworld security and reducing the cognitive load on users. This approach acknowledges the limitations of human memory and the practical aspects of password use, aiming to foster more secure and manageable password practices.

Benefits of Following NIST Guidelines

Adopting NIST’s revised password guidelines offers several benefits:

•Enhanced Security

By focusing on length and discouraging complex but common password formulas, policies based on these guidelines are more likely to withstand typical password attacks like brute force and dictionary attacks.

•Improved Usability

Simpler guidelines that prioritize memorable passphrases over arbitrary complexity help reduce user frustration and lower the chances of security shortcuts, such as writing down passwords.

•Reduced Operational Burden

Eliminating routine password changes reduces the administrative overhead associated with managing user accounts and handling issues related to password resets and account lockouts.

Incorporating NIST’s guidelines helps organizations align with proven best practices that not only enhance security but also improve the user experience and administrative efficiency. Advanced solutions that integrate seamlessly with systems like Active Directory provide tools for real-time monitoring of password integrity and compliance with these guidelines. This approach not only adheres to NIST’s standards but also empowers organizations to proactively manage their cybersecurity risks.

Best Practices For NIST Compliant Password Security

In an era where cyber threats are increasingly sophisticated and pervasive, it is imperative for organizations to reassess and fortify their password security strategies. As the first line of defense against unauthorized access, effective password management is fundamental to safeguarding sensitive information and maintaining business continuity. This section outlines essential practices derived from NIST guidelines that are designed to fortify your security posture significantly. By adopting these practices, organizations can ensure robust protection against both current and emerging threats, creating a resilient and adaptable security environment.

Password Policy Development And Updating

1.Review and Enhance Password Policies

Conduct a thorough review of your existing password policies and align them with NIST’s latest guidelines. Focus on adopting practices that enhance password strength without compromising usability.

2.Encourage Strong, UserFriendly Passphrases

According to NIST guidelines, the key to strong passwords lies in their length and uniqueness, rather than complex and hard-to-remember combinations of characters. To comply with these standards, encourage the use of passphrases—sequences of words or other easily remembered strings of characters—which are both longer and easier to recall for users than traditional passwords. A best practice is to guide users to choose passphrases that are meaningful to them but hard to guess for others, avoiding common phrases, famous quotations, or sequences from widely accessible sources.

Implementation of Advanced Security Solutions

1.Leverage Password Managers

Password managers play a crucial role in maintaining robust password security by generating and storing complex passwords for users. These tools create a unique, strong password for each account, which users do not need to memorize. NIST supports the use of password managers, as they significantly reduce the risk of password reuse across multiple sites, a common vulnerability in personal and organizational security.

2.Integrate Security into Access Management Systems

Integrating NIST password guidelines into existing identity and access management systems such as Active Directory (AD) is crucial for maintaining consistent and enforceable security policies across an organization. Active Directory, used by organizations worldwide to manage network resources and services, is often targeted by cybercriminals due to its ubiquity. While AD provides a robust framework, it alone may not fully comply with the latest NIST guidelines without additional enhancements.

Advanced password automation solutions, like Enzoic for Active Directory, offer seamless integration and are essential for bringing AD into compliance with NIST standards. The solution provides features such as real-time password screening and compliance checks without disrupting existing user workflows, ensuring uniform application of password security measures across all user accounts. 

Enzoic actively checks if passwords are compromised at creation and continuously monitors them, updating checks against a daily-refreshed blacklist and automatically taking remediation steps when vulnerabilities are found. This ensures that compromised credentials are quickly addressed, significantly reducing security risks.

For organizations aiming to meet NIST requirements, solutions like Enzoic’s plugin make it possible to enforce a NIST-approved password policy effectively. With simple configurations such as a single checkbox to apply all NIST password policy options and a dashboard that alerts IT teams to any settings changes, these tools enhance security while improving the user experience within the Active Directory environment.

3.Activate Real-Time Password Screening 

Screening passwords against known compromised credentials is crucial to maintaining the integrity of passwords. Utilizing dynamic blacklists that update in near real-time allows for the reflection of the latest data breaches and leaks, providing a robust defense against the rapidly changing landscape of exposed credentials. Real-time screening technology automates this process, checking new or changed passwords against continuously updated databases of compromised credentials to prevent the accidental use of already exposed passwords, thereby maintaining robust security standards and ensuring compliance with NIST guidelines.

4.Customize Password Screening with CompanySpecific Blacklists

In addition to using dynamic blacklists, organizations should enhance their password screening processes with context-specific terms, such as company names, product names, and industry-specific jargon that are likely to be used in passwords. 

This list of highly predictable passwords can then be incorporated into the screening process, providing another layer of personalized security that anticipates potential attacker strategies. This targeted approach helps prevent the use of predictable passwords that attackers might exploit, thus fortifying the organization’s defenses against targeted attacks.

It’s also crucial to screen passwords not only against exact matches on blacklists but also for ‘fuzzy’ variations. Humans are highly predictable, and attackers know the typical patterns people use to satisfy complexity requirements. For example, a user might change ‘baseball’ to ‘Baseball1990!’ to meet complexity demands, mistakenly thinking this variation is secure. Advanced screening technology includes the capability to detect these common variations, further enhancing password security.

5.Implement Advanced Encryption for Password Storage

Secure password storage by employing advanced encryption methods like bcrypt, scrypt, or Argon2. These hashing functions incorporate salt and key stretching techniques to safeguard passwords stored in databases, rendering them useless to attackers even in the event of a data breach.

Ongoing Security Monitoring and Response

 

 

1.Implement Multi-Factor Authentication (MFA)

Adopt MFA to add an additional layer of security by requiring two or more verification methods, which significantly decreases the risk of unauthorized access. NIST recommends the use of MFA, as it complements strong password practices, providing an additional barrier against the exploitation of stolen or weak passwords. While MFA is an excellent compensating control, it should not be a replacement for securing passwords directly. As outlined in Microsoft’s 2023 Digital Defense Report, MFA is only successful at stopping 76% of targeted attacks, leaving a significant vulnerability.

2.Implement Continuous Password Monitoring

Continuous monitoring of passwords against breach databases is vital for maintaining secure credentials. With the vast array of credentials available on the dark web, it’s crucial that monitoring is not just periodic but ongoing. 

Password security automation can provide continuous monitoring by checking passwords at least once every 24 hours against the latest breach databases, ensuring that any compromised passwords are quickly identified. This monitoring is essential for meeting the NIST guideline that mandates changing passwords following a compromise. Such proactive monitoring can significantly mitigate the risk of a data breach, maintaining the integrity of user credentials at all times.

Ensure the solution offers real-time password monitoring and screening, which checks passwords against updated threat intelligence as they are set or changed. This should include the capability to intercept passwords at the moment of creation or reset, comparing them against an extensive database of exposed credentials. The ideal solution sends only hashed parts of passwords to maintain privacy and security, using efficient algorithms to reduce latency in checks.

3.Automate Remediation for Compromised Credentials

When compromised credentials are detected, the speed of response is crucial to minimize potential damage. Advanced password security platforms enable organizations to customize the remediation actions taken. These actions might include alerting the user, forcing a password reset, or temporarily disabling the account and flagging the issue for IT team intervention.

This level of automation ensures that compromised credentials are dealt with promptly, reducing the window of vulnerability and risk of data breaches. This flexibility allows organizations to balance security needs with user convenience, ensuring that security measures do not unduly hinder productivity.

Workforce Education and Empowerment

1.Educate Employees on Secure Password Practices

Regularly educate your employees about the importance of secure password practices and highlight the specific steps they can take to protect both their personal and professional information.

2.Embrace User-Centric Password Policies

Many organizations find that switching from frequent password changes to more user-centric models is remarkably smooth and requires no adjustment period. 

This transition is not just a technological update but also a positive shift in organizational culture and user behavior.

User-centric password policies focus on creating a more intuitive and user-friendly security environment. Instead of imposing frequent password changes that can be cumbersome and frustrating for users, these policies advocate for more memorable and secure password practices. According to NIST’s guidelines, encouraging the use of longer, more complex passwords (that do not require regular changes unless there is evidence of compromise) can significantly enhance both security and user satisfaction.

Implementing this change can be seamless, with minimal disruption to user workflows. A direct shift can be made wherein users no longer need to reset their passwords periodically. Most users will likely not notice the change, yet they will benefit from the elimination of periodic resets. This approach not only enhances user convenience but also improves overall security compliance by reducing the likelihood of predictable password patterns and password fatigue.

By taking these steps, organizations can ensure they are not only compliant with the highest standards of password security but are also equipped to defend against the evolving landscape of cyber threats. Review, update, and fortify—your proactive steps today will define your security posture tomorrow.

“After deploying Enzoic for Active Directory, Hylan was able to follow NIST standards, and eliminate all compromised passwords from our Active Directory environment. The installation process took only one hour across our eight domain controllers. This project allowed us to improve enterprise security and reduce helpdesk resources dedicated to passwords by 90%” -NZOIC CUSTOMER: Ramon Diaz Director of IT Hyla

Key Benefits of Automating Password Policies

Password security automation brings a host of benefits that enhance the overall security framework, ensure compliance, and streamline operations:

Real-Time Protection – Automating the screening of passwords against updated blacklists and other security rules means that new and reset passwords are immediately checked for vulnerabilities. This reduces the window of opportunity for attackers to exploit weak or compromised credentials

Consistency and Compliance – Automated enforcement of password policies ensures that all users consistently follow the same security guidelines across an organization. This uniformity helps maintain high security standards and simplifies compliance with industry regulations.

Enhanced Detection and Response – Automated systems can quickly identify and respond to security issues without waiting for manual intervention. For instance, if a password is found on a blacklist, the system can automatically prompt the user to change it, thus minimizing potential security risks.

Operational Efficiency and Cost Savings – Automation significantly reduces the manual effort required to enforce password policies and monitor compliance. By automating routine tasks such as password resets, organizations can allocate resources more effectively, potentially leading to cost savings in IT operations. It lowers administrative costs by reducing the number of password reset calls and automating remediation, further enhancing operational efficiency.

Improved User Experience – By eliminating complex password composition rules and reducing the frequency of mandatory password resets, automation greatly enhances user satisfaction. This leads to smoother interaction with IT systems and encourages better compliance with security practices, making security management both user-friendly and effective.

The broader impact of automating NIST-compliant password policies is substantial, offering both operational advantages and significant enhancements to an organization’s cybersecurity posture. By reducing administrative overhead, improving user satisfaction, and strengthening defenses, policy automation not only supports compliance but also drives better security practices that protect organizations against emerging cyber threats. 

As organizations continue to face a landscape marked by sophisticated cyberattacks, adopting and implementing NIST’s password guidelines with the support of automated password security tools can provide a critical edge in maintaining robust, effective defenses.

CONCLUSION 

Fortify Your Cybersecurity with Proactive Password Security Management

As we wrap up this CISO guide on NIST-compliant password security, it’s evident that robust password policies are crucial for safeguarding digital assets against sophisticated cyber threats. Adopting NIST guidelines enhances security and usability by prioritizing password length and uniqueness over complexity, which increases user compliance and reduces administrative burdens.

The integration of advanced security solutions like real-time monitoring, dynamic blacklisting, and seamless Active Directory integration ensures practical enforceability of these policies. Furthermore, a culture of continuous improvement—supported by regular audits, user education, and phased practice updates—helps organizations stay ahead of emerging threats and create a resilient and adaptable security environment.

Commit to these best practices today to safeguard your digital assets tomorrow, ensuring your cybersecurity measures evolve with the threat landscape.

 

 

 

The post Ciso Guide To Password Security – How to Implement and Automate Key Elements of NIST 800-63B appeared first on Cybersecurity Insiders.

The January 16th release of what is believed to be the Biden administration’s final executive order is showcasing some of the strongest language yet focused on driving greater progress towards enhancing software supply chain security, Post Quantum Cryptography (PQC) adoption, and cryptographic posture management. The executive order sets stringent standards and promotes advanced security practices not only for government agencies, but the private sector as well. 

With recent successful supply chain attacks targeting trusted vendors and their government customers (see the US Treasury-Beyond trust breach), the integrity of our software supply-chain has once again been thrust into focus. This latest executive order will help to establish a common standard for submitting machine readable software attestations and supporting artifacts like software and cryptographic bill of materials. 

On the topic of PQC, there will be a concerted effort to expand awareness around PQC-ready products by providing a list of product categories that support PQC. Subsequently, agencies will be required to include a requirement for products that support PQC preparedness and adoption in future solicitations. Lastly, agencies will be required to start adopting new PQC standards after identifying network security products and services that are actively employed within their systems. There will also be direct outreach from the U.S. government to its allies and partners to encourage similar action within their technology environments. 

Finally, within the area of cryptographic posture management, the executive order focuses on requiring Federal Civilian Executive Branch (FCEB) agencies to adopt best practices around protecting the root of trust for systems –specifically, key generation, usage, and overall lifecycle management. The foundational components of a root of trust revolve around hardware security modules (HSMs), trusted execution environments (TEEs), Trusted Platform Modules (TPMs), and entropy sources, to name a few. All of which have been incorporated into modern secure computing solutions from major hardware providers like Intel with its confidential computing platform and Marvell with its next generation Liquid-Security HSM adapters. 

By including such solutions into ongoing zero trust and technology modernization projects, the FCEB and its industry partners will raise the cost of supply-chain attacks and simultaneously increase integrity and security of its supply chain ecosystem. 

As the Biden administration concludes its term, this executive order sets a robust framework for future cybersecurity initiatives. By establishing common standards for software attestations, promoting PQC readiness, and enforcing best practices in cryptographic posture management, the order aims to fortify the integrity and security of the nation’s software supply chain. It should serve as a signal of what is to come with the new Trump administration. With a keen focus on further protecting U.S. intellectual property and sovereignty from emerging supply-based and quantum attacks. 

As we move forward, it is crucial for government agencies and the private sector alike to actively engage in implementing these directives. Together,  we can enhance our collective cybersecurity posture and protect our digital infrastructure from emerging threats. Let us commit to adopting these best practices and innovations, ensuring a safer and more secure future for all.

 

The post Securing the Future: Biden’s Final Push for Software Supply Chain and Quantum Cryptography appeared first on Cybersecurity Insiders.

Cyber risk continues to increase with rapid development of technology

The just-released Allianz Risk Barometer, an annual business risk ranking compiled by Allianz Commercial incorporating the views of 3,778 risk management experts in 106 countries and territories including CEOs, risk managers, brokers and insurance experts, cites cyber incidents (38% of overall responses) as the most important risk globally for the fourth year in a row – and by a higher margin than ever (7% points). 

Cyber incidents such as ransomware attacks, data breaches and IT outages is the top global risk for 2025, marking its fourth consecutive year at the top. Ten years ago, it ranked only #8 globally with just 12% of responses, compared with 38% in 2025. 

For many companies, cyber risk, exacerbated by the rapid development of artificial intelligence (AI), is the big risk overriding everything else. It is likely to remain a top risk for organizations going forward, given the growing reliance on technology – the CrowdStrike incident in summer 2024 once again underlined how dependent we all are on secure and reliable IT systems. 

Concern is widening worldwide as well. Cyber is the top risk across North and South America, in Europe and Africa, and comes out on top in 20 countries in both developed and emerging economies. As well as being the top risk in countries such as Australia, France, Germany, India, Italy, Portugal and the UK, cyber is also the new top risk year-on-year in Brazil, Colombia, Philippines, Morocco and South Africa.

Cyber also ranks as the top risk for large, mid-sized and smaller companies and is now ranked #1 by respondents in industries ranging from aviation to chemicals to entertainment. Financial services, media, professional services such as legal, technology, and the telecommunications sectors also cite cyber as their risk of most concern.

The past year has seen continuing ransomware attacks, which are increasingly targeting sensitive data to increase the financial leverage on companies. Ransomware continues to be the top cause of cyber insurance loss, during the first six months of 2024, it accounted for 58% of the value of large cyber claims (>€1mn). 

A data breach is the cyber exposure companies fear most. The growing significance of data breach losses among cyber insurance claims is driven by a number of notable trends. A rise in ransomware attacks including data exfiltration is a consequence of changing attacker tactics and the growing interdependencies between organizations sharing ever more volumes of personal records. 

Cyber is likely to remain a top risk for organizations going forward, given the growing reliance on technology, and as AI is incorporated into a growing number of products and services. Advancements in technology, enhanced connectivity, faster network speeds, and the rise of remote work and digital commerce will continue to elevate cyber risks, such as data breaches and ransomware attacks. 

AI will further amplify and accelerate these threats, but it also holds the potential to enhance cyber security measures, offering a dual-edged sword in the digital landscape. 

Companies have little choice but to adopt AI due to its rapid advancement. Those who hesitate risk falling behind competitors and missing valuable opportunities. While technology development used to be gradual, today’s fast-paced AI landscape, coupled with regulatory and legal lag, demands swift adoption. This is the new normal. 

The jury still appears out as to whether the benefits of AI comprehensively outweigh the risks – when asked about the impact AI is having on their industry, 50% of respondents said they believed it brings more benefits than risks, while 35% said it was “neither a positive nor a negative” and 15% said that there were more risks than benefits. 

With AI, a balance needs to be found between risk and reward. Take cyber risk. AI is being used by criminals and nation states to cause disruption or spread misinformation. But it can also help mitigate risks and build resilience. AI can help improve processes and productivity, but it also impacts employees and raises questions in areas like ethics, privacy and cyber security.

While the application of AI can help prevent or mitigate risk, there can be unintended consequences. One mitigation action can create new problems or even be counterproductive to the original goal. This is a major challenge going forward. Businesses will need to manage these risks and risk prevention measures holistically. It’s essential to ensure that an AI-driven solution doesn’t inadvertently increase other risks. 

 

The post Allianz Risk Barometer Cites “Cyber Risk” as Most Important Business Risk Globally appeared first on Cybersecurity Insiders.

On January 16th, President Joe Biden signed a comprehensive executive order to strengthen U.S. cybersecurity. The order mandates secure development practices for federal software vendors, launches an AI program within the Pentagon to enhance cyber defense with a pilot in the energy sector, and improves security standards for cloud platforms and IoT devices. The order also directs federal agencies to address quantum computing-related cybersecurity risks and lowers the threshold for sanctioning foreign entities involved in cyberattacks, enabling swift action against threats to U.S. infrastructure. 

 Experts from the cybersecurity community have commented on the latest executive order and shared their thoughts on its potential impacts on the wider security landscape.  

Nick Mistry, SVP and CISO, Lineaje

“The latest executive order (EO) builds on the EO14028 and focuses on third-party software supply chains – a critical step toward securing government services against growing threats. By focusing on third-party risks—often exploited in recent attacks linked to foreign state actors—the EO mandates stricter risk management and requires software providers to attest to secure development practices.

A key provision incorporates these attestations into the Federal Acquisition Rule (FAR), adding much-needed enforcement. However, its success hinges on implementation. Will government agencies conduct meaningful risk assessments, or will this become a checkbox exercise offering little real security?

To ensure the EO delivers on its potential several areas must be addressed including the following:

  • The government must establish clear and enforceable standards for verifying attestations.
  • Agencies need to conduct in-depth risk assessments, going beyond surface-level evaluations.
  • Continuous monitoring should be integrated to address emerging vulnerabilities across the software lifecycle.

While challenges remain, this EO prioritizes transparency, accountability, and stronger defenses across the supply chain. If executed effectively, it can significantly reduce vulnerabilities and enhance trust in the software ecosystem.”

Keith Palumbo, CEO & Co-founder, Auguria 

“The Biden Administration’s new executive order on cybersecurity is definitely ambitious. But its success depends on overcoming significant challenges in implementation, collaboration, and scalability. This executive order could kick off a much-needed shift toward breaking down some of the silos in cybersecurity, but the devil, as always, will be in the implementation details. Effective collaboration, transparency, and clear guidelines will be essential to avoid bureaucratic inertia and make sure these measures translate into actual, measurable security outcomes. 

It’s absolutely crucial to have a “global” view of what’s attacking the government. Attackers thrive in the gaps left between silos. However, successful implementation will not just require close cooperation but also a solid technical foundation to deliver. That’s why it’s reassuring to see a governmental focus on supporting increased research and development of AI-powered cybersecurity tools. It’s an area adversaries are also aggressively pursuing.”

Clyde Williamson, Senior Product Security Architect, Protegrity  

“In 2025 and beyond, data security must be at the forefront of any administration’s agenda—not only for citizens and customers, but for the trust we hold with international allies. Regardless of who’s in office, it’s clear we need a unified approach to data privacy and security that transcends partisan lines. With exponential advancements in GenAI and data analytics, we can no longer rely on outdated, piecemeal regulations. 

Regulations must require data de-identification and encryption as a baseline, stripping sensitive information of its ransom value. Such techniques render stolen data practically useless, diminishing its value to threat actors and significantly reducing the impact of breaches. This kind of proactive approach aligns with the growing awareness that breaches affect us all—not just corporations and agencies, but each individual whose information is left unprotected. 

Secondly, GenAI and large language models have created new layers of complexity in data security. For instance, the proprietary data used to train AI models can be a prime target for misuse, with potentially biased or incomplete algorithms raising serious ethical concerns. The new administration must address these GenAI challenges by setting standards for transparency and regular audits that ensure these tools don’t propagate unfair biases or increase data vulnerabilities. 

If 2025 is to be the turning point in data protection, it will be through policies that prioritize transparency and accountability, reinforce consumer trust, and ensure that data security measures keep pace with technological advances. A modernized, comprehensive national data security policy must be rooted in the spirit of safeguarding privacy—not merely checking off compliance boxes.”

Richard Bird, Chief Security Officer, Traceable AI

“President Biden has made cybersecurity a priority like no leader before him, but the recent US Treasury breach highlights a critical issue: executive orders often focus on trendy topics like AI while neglecting foundational security flaws. Outdated infrastructure mismanaged access controls, and unpatched systems remain pervasive vulnerabilities in both government and private sectors. These initiatives too often prioritize optics over impact, lacking the accountability and investment needed to address systemic weaknesses. To improve security, we must prioritize practical measures over performative agendas, confronting uncomfortable truths about our readiness and commitment to the basics.

The question facing the Trump administration is whether the inflow of money, attention, and direct participation by technology leaders with vested financial interests in consumer-facing products, solutions, and revenue will lead to walking away from cybersecurity mandates and demands. Will the CEOs of companies with terrible track records in protecting their own data and the privacy and security of their own customers be the advisors for our government’s positions on protecting national critical infrastructure, AI competitiveness, and the responsible use and development of the support network needed for these functions? If the answer to those questions is yes, then the entry of the Trump administration will make the Biden administration’s efforts on cybersecurity a historical footnote.”

Ilona Cohen, Chief Legal and Policy Officer, HackerOne

“Cybersecurity and defending our nation’s critical infrastructure against threats has always been a nonpartisan issue. That’s why the Biden and first Trump administrations maintained executive orders on cybersecurity issued by their predecessors. We are particularly encouraged by the order’s recognition of the potential for artificial intelligence to enhance cybersecurity and its focus on management of vulnerabilities involving AI systems and software. We encourage the Trump administration to advance the order’s provisions, particularly those aimed at staying ahead of China on security by using AI.”

 

The post Breaking Down Biden’s Latest Executive Order: Expert Analysis and Perspectives appeared first on Cybersecurity Insiders.

Quorum Cyber Expands Its Incident Response Capabilities By Adding Digital Forensics, Business Restoration, and Ransom Negotiations To Its Service Catalogue

Edinburgh, UK and Berkeley, California, US – January 9, 2025 – Quorum Cyber – headquartered in the U.K., with offices across North America – today announced the acquisition of Kivu Consulting Inc., a leading global cybersecurity firm specializing in Incident Response.

The strategic move bolsters Quorum Cyber’s rapid global expansion, as it comes just months after it acquired Difenda, a North American company specializing in Microsoft Security Managed Services.

Founded in 2009, Kivu Consulting Inc, or ‘Kivu’, is a trusted partner in the global insurance, legal, and government sectors. The company is a leader in digital forensics, cyber incident response, business restoration, and ransom negotiations. Since its inception, Kivu has helped define the market for response, managed, and advisory services to protect organizations against compromised data, theft of trade secrets, and unauthorized access to data. 

Kivu holds established relationships in over 40 insurance and legal panels across the U.S. and the U.K. This transformative acquisition not only rapidly expands Quorum Cyber’s presence within these industries but also provides a robust foundation to strengthen its alliances and cements its status as a premier global threat management firm, renowned for its exceptional incident response capabilities. 

In addition, acquiring Kivu enables Quorum Cyber to deliver its market-leading threat management services from three operations centers in the U.S., the U.K., and Canada to its customers worldwide. 

Federico Charosky, CEO and Founder of Quorum Cyber stated, “We are incredibly excited to welcome Kivu to Quorum Cyber. Kivu’s reputation for excellence and its strong history in incident response perfectly complement Quorum Cyber’s capabilities.” 

Charosky continued, “The integration of Kivu’s stellar incident response teams and U.S.-based SOC, together with Quorum Cyber’s existing U.K., U.S., and Canadian operations, enables us to provide unparalleled 24/7 security coverage. This transaction highlights our rapid growth among incident response and threat management providers globally, reinforcing our commitment to delivering exceptional cybersecurity solutions throughout North America, the U.K., and beyond.”

Shane Sims, Chief Executive Officer at Kivu, commented, “For the past 15 years, Kivu has leveraged its talent and forensic labs in the U.S. and U.K. to deliver threat intelligence-driven cybersecurity outcomes across every continent, serving organizations in all industries. Our success has been built on trusted partnerships with leaders in insurance, legal, technology, and government – all sharing the same goal of fighting cybercrime. Our acquisition by Quorum Cyber represents a strategic alignment with an organization and team that shares our mission, vision, and core values while immediately scaling our team, capabilities, and services in a big way. This is a natural next step for Kivu, and I am excited about what it means for our employees, clients, and trusted partners.”

Quorum Cyber’s back-to-back acquisitions of Kivu Consulting and Difenda underscore its aggressive growth strategy across North American and U.K. markets. Bolstered by ongoing support from investors, Charlesbank Capital Partners and Livingbridge, the two acquisitions equip Quorum Cyber with the resources to strategically expand its service offerings and customer reach. The integration of Kivu’s incident response expertise and connections, coupled with Difenda’s managed services capabilities, marks a significant step in Quorum Cyber’s mission of asserting its market presence globally.

Piper Sandler & Co. served as exclusive financial advisor to Kivu, and Mintz and Lowenstein Sandler served as legal advisors to Quorum Cyber.

About Quorum Cyber

Founded in Edinburgh in 2016, Quorum Cyber is one of the fastest-growing cyber security companies in the UK and North America with over 200 customers on four continents. Its mission is to help good people win and it does this by defending teams and organizations across the world and all industry sectors against the rising threat of cyber-attacks, enabling them to thrive in an increasingly hostile, unpredictable, and fast-changing digital landscape. Quorum Cyber is a Microsoft Solutions Partner for Security and a member of the Microsoft Intelligent Security Association (MISA). For more information, please visit www.quorumcyber.com or contact info@quorumcyber.com.

About Kivu

Kivu is a leading, global cyber security firm established in 2009 that offers a full suite of cybersecurity services specializing in forensic incident response and business restoration from cyberattacks, ransom negotiations, and 24×7 managed security operations. Kivu is a trusted partner to the insurance, legal, and government communities worldwide. For more information, visit www.kivuconsulting.com or contact info@kivuconsulting.com.

The post Quorum Cyber Continues Expansion in North America with Kivu Consulting Acquisition appeared first on Cybersecurity Insiders.

Imagine for a few minutes that you are the owner of an exclusive club where business VIPs gather to share information and relax. And then assume that you hired the best security detail – a “Bouncer” – to stand at the door and ensure you know exactly who comes and goes and keeps everyone safe inside. Maybe picture some combination of Daniel Craig, Lucy Liu and Duane Johnson – that’s your Bouncer. At first, you shower the Bouncer with praise and money for creating a secure environment that helps draw people. Now imagine that after a couple years, you take the Bouncer’s presence and influence for granted, and you stop praising and paying. In time, the Bouncer is willing to trade entry for cash “tips” and eventually stops caring altogether who comes in and what happens when they get there. Neglect has turned your guardian into a hidden monster at your door.

Network security is a lot like that. In a world obsessed with fending off cyber-monsters—phishing attacks, ransomware, and sophisticated malware—there’s one lurking danger that’s often overlooked: outdated network security hardware. If you’ve got a firewall or other IT equipment in your closet that’s past its prime, it might be doing more harm than good. With neglect, what was once the critical gatekeeper (a/k/a Bouncer) guarding your business can become the hidden monster in your closet. Forget the Hollywood-style breaches; the real nightmare scenario comes from an unmonitored, unpatched IT stack running outdated firmware.

Who’s Watching Your IT Closet?

How well do you know the IT Bouncer in your closet? Do you know who’s responsible for keeping it running at its prime? Are you using current technology that guards you against the latest attacks? For many businesses, the answer to these questions is a resounding “no.” That neglected piece of hardware sitting in the back of the closet may once have been state-of-the-art. But if it’s no longer supported by the manufacturer, it’s a sitting duck for attackers who will be scanning the dark web, shopping for serial numbers of vulnerable devices.

End-of-life (EOL) hardware doesn’t receive updates, patches, or security fixes. Attackers know exactly when a vendor stops supporting a device, and they actively exploit this knowledge. These out-of-date devices are often left connected to the internet, unwittingly providing a direct entry point for malicious actors.

The Weakest Link in the Chain

Every business depends on its network to function, but a network is as strong as its weakest link. Unmanaged, EOL hardware can become the Achilles’ heel of an otherwise robust IT security stack. Not having someone proactively paying attention to the security of your network can create a false sense of security – “but I have a Bouncer.”

Take a firewall, for instance. Its primary job is to protect your network by filtering traffic, identifying threats, and enforcing security policies. But when it’s no longer receiving firmware updates, it becomes increasingly ineffective. Over time, vulnerabilities pile up as cybercriminals develop zero-day exploits that target these known weaknesses.

It’s not just firewalls. Switches, routers, and other network devices can also pose a risk when they reach EOL. Dated or unmanaged hardware leaves gaps in your defenses, making it easier for attackers to infiltrate your network, steal data, or disrupt your operations. The quick fix? Evaluate a managed service provider. 

Why Businesses Hesitate

Despite these risks, many organizations delay upgrading their hardware. Why?

  • Cost Concerns: Upgrading network security hardware can seem expensive. Decision-makers often see it as a non-urgent expense, especially if the current system is still functioning.
  • Complexity: Replacing hardware can be daunting, requiring downtime, planning, and coordination between IT staff and vendors.
  • Out of Sight, Out of Mind: Many organizations don’t conduct regular IT audits, leaving outdated devices unnoticed in the back of a closet.

These reasons may feel valid in the short term, but the long-term consequences of inaction can be devastating. The primary objections/concerns that lead to neglect can be overcome by buying security as a service. 

The Real Cost of Ignoring EOL Hardware

What happens when you ignore outdated hardware? The potential fallout includes:

  1. Data Breaches: Attackers exploit vulnerabilities in EOL devices to steal sensitive customer or company data, leading to financial loss and reputational damage.
  2. Downtime: A successful attack can take your network offline, halting operations and costing you thousands—or even millions—in lost revenue.
  3. Non-Compliance: Many industries have strict regulations regarding data security. Running unsupported hardware may violate compliance standards, leading to fines or legal trouble.

How to Tackle the Problem

  1. Leverage Managed Services – If managing your IT stack in-house feels overwhelming, consider outsourcing to a managed service provider (MSP). MSPs can monitor your devices, ensure firmware is up-to-date, and proactively replace hardware before it becomes a liability. Spend your money on service-oriented outcomes, not just products.
  2. Implement Layered Security – Upgrading your firewall is a great first step, but no single device can protect your network entirely. A layered security approach—including intrusion detection systems, endpoint protection, and robust user authentication—provides a more comprehensive defense.
  3. Get a Comprehensive Audit – Start by knowing all the hardware in your IT environment. Find a service provider who has tools to identify IT assets that have reached or are approaching end-of-life status. Don’t just look at firewalls—include routers, switches, and even endpoint security devices.
  4. Develop a Replacement Plan – Once you’ve identified outdated hardware, work with your IT team or a trusted vendor to create a phased replacement plan. Prioritize devices that pose the greatest risk and allocate budget accordingly.
  5. Educate Your Team – Make sure everyone in your organization understands the importance of keeping IT hardware up to date. Cybersecurity isn’t just an IT responsibility—it’s a company-wide priority.

Proactive Measures Save Money and Headaches

Upgrading network security hardware may seem like an expensive undertaking, but it’s far less costly than recovering from a data breach or dealing with regulatory penalties. Many service providers offer opex-based solutions as a monthly service, sparing you the often large and discouraging capex investments. Proactively replacing outdated devices keeps your network secure, your operations running smoothly, and your customers’ trust intact.

Plus, newer hardware often comes with advanced features that improve performance and scalability, providing additional business value. For example, modern firewalls may include AI-powered threat detection or integrated VPN capabilities, offering greater protection and functionality than older models.

The Risk Is Real—Don’t Wait to Act

If you’ve been ignoring the IT stack in your closet, now is the time to act. The risks of running EOL hardware far outweigh the inconvenience of replacing it. Hackers are constantly evolving their tactics, and outdated devices make their job easier.

Don’t let your business become a statistic. Schedule a hardware audit today and make a plan to stay ahead of EOL risks. Because when it comes to cybersecurity, prevention is always better than cure.

The monsters in your closet aren’t imaginary—they’re outdated network devices just waiting to be exploited. Protecting your organization starts with understanding the risks and taking proactive steps to address them. By replacing EOL hardware, you’re not just upgrading your network—you’re securing your future.

 

The post The Bouncer at the Door: Protecting Your Network from Within appeared first on Cybersecurity Insiders.

Executive Summary

While “platformization” has been a hot topic in 2024, it has also been a year in which security professionals have looked to advanced, highly specialized tools to help them solve thorny problems that not only persist but seem to grow more challenging by the day. Among these are acute alert fatigue, a steady erosion of network visibility, and a growing sophistication in cyberattacks.

Among the specialized tools security professionals are looking to are Network-based Threat Detection (NTD) solutions, such as Network-based Intrusion Detection Systems (NIDS) and Network-based Threat Detection and Response (NDR). To better understand the state of Network Threat Detection and whether today’s solutions and supporting technologies— like deep packet inspection— are meeting contemporary security challenges, Cybersecurity Insiders surveyed its 600,000-member information security community. The survey reveals that while NTD tools are widely deployed and positively viewed, they must evolve if they are going to help security professionals meet significant present-day and emerging challenges. 

Key findings:

ALERT ISSUES

  • Alert prioritization is the #1 overall operational challenge for security teams
  • Alert accuracy & actionability is cited as the greatest challenge with NIDS specifically

VISIBILITY CHALLENGES

  • No (or poor) global attack surface visibility is the #2 overall operational challenge
  • Encrypted traffic is the #1 network blind spot, which 55% report negatively impacts security 

DESIRED PRODUCT ENHANCEMENTS

  • AI integration: 71% consider AI integration extremely or very important for combatting   advanced threats
  • Automatic scoring & prioritization of threats named the #1 must-have for an effective network threat detection solution 

DEPLOYMENT PLANS & PREFERENCES

  • Majority (66%) plan to implement anomaly detection over the next 6 to 24 months; only 17% report     having an NTD solution now that uses anomaly detection
  • Majority (59%) prefer standalone NTD solutions (DPI sensor, NIDS, NDR, XDR) to NTD within multi-    function security platforms (e.g., SASE, SSE)

Experts from Enea, Arista Security, and Custocy discuss options and strategies for addressing the needs and concerns raised in this survey in a panel discussion. We invite you to watch the webinar “2024 State of Network Threat Detection” on November 14, 2024, or afterwards on-demand. 

Many thanks to Enea, Arista Security and Custocy for supporting this important research project, with special gratitude to Enea for their invaluable contribution to this report.

Holger Schulze

Founder, Cybersecurity Insiders

Even Split on Familiarity with & Opinion of NTD 

About half of respondents (44%) are very familiar with NTD tools and use them regularly, while a similar percentage (45%) are only somewhat familiar with them and use them only occasionally. The rest are only slightly familiar, or not familiar at all, with NTD tools. 

A similar breakdown applies to the perceived effectiveness of NTD solutions: half (50%) rate them as either extremely or very effective while 42% find them only moderately effective, and 8% find them slightly or not at all effective. While differences in domain specialization may affect awareness and usage, all security team team members would benefit from increased awareness of the vital role NTD plays in contemporary multilayered defensive systems. With regard to confidence levels, much progress can be made by focusing solution roadmaps on the important challenges identified in  this survey.

Alerts & Visibility Are Top Operational Challenges

When asked for their top three operational challenges, the difficulty prioritizing alerts emerged as a top challenge for 52% of respondents. Given the huge volume of alerts frontline security professionals typically face, distinguishing between critical and low-risk incidents can be a major (and highly frustrating) hurdle. 

This issue is compounded by a lack of visibility into the global attack surface (50%), which opens a crucial gap in defensive capabilities as organizations expand into cloud and hybrid environments, the number of edge locations multiply, and information, operational and communications technologies converge. Closely linked to challenges with visibility and alert prioritization, the number three challenge, cited by 49% of respondents, is speed of detection and response.

Alert Accuracy & Actionability #1 NIDS/IDS Issue

Echoing the top response for operational challenges, the most pressing need in the specific context of NIDS/IPS deployments is more accurate and actionable alerts (61%). As with effective prioritization of alerts, reducing false positives and alert noise can improve the efficiency and effectiveness of security teams, which would help address the burnout and turnover challenges cited on page 11.  

Another difficulty is limited visibility into cloud workloads, cited as the second greatest challenge by 52% of respondents. Technical performance challenges come in at number three (48%), followed by the loss of functionality for encrypted flows (42%) and limited protocol and application coverage (39%). These are all factors respondents cite in explaining why they prefer commercial rather than open source NIDS/IPS solutions (see page 18).

Visibility Challenges Drive Wider Sourcing for Traffic-Related Insights 

To address visibility gaps arising from evolving networks, security professionals are turning to an expanded pool of resources for gathering network traffic-related insights. Logically enough, a Network Intrusion Detection System (NIDS) is reported to be the most commonly used tool (67%). Deep Packet Inspection (DPI) (49%) and non-DPI packet sniffers (35%) also make a strong showing, which is to be expected given their long-time leading role in extracting traffic insights. 

What is new is relying on sources such as endpoint agents (58%), external intelligence feeds (41%), and device/host kernel applications (eBPF) (28%) to gather network traffic insights (with the latter especially common in cloud workloads). 

This reliance on non-network tools for network insights is a two-way street. For example, today advanced DPI can deliver unique insights into devices and users in addition to network flows. This diversification of resources used for cross-domain insights is a welcome development as important strategies such as zero trust and defense-in-depth rely heavily on broadly sourced contextual data  to be effective.

Encrypted Traffic Is the Most Significant Blind Spot 

Among specific visibility gaps, respondents rank encrypted traffic as number one (44%), followed closely by multi-cloud traffic (42%) and SaaS app traffic (39%). Cloud and SaaS app use poses a double challenge to visibility: the growth rate outpaces the ability to integrate the apps into monitoring tools and structural challenges make it difficult to extract insights from resources controlled by third parties. Ranked fourth is intra-cloud workload traffic (34%), which underscores the fact that this internal traffic often falls outside the purview of traditional security tools. 

Additional sources of concern are public internet traffic (31%) (a challenge due partly to the increase in remote work), IoT and IIoT traffic (28%), and OT/industrial control system traffic (14%), where specialized devices and protocols make visibility and threat detection more difficult. These environments are also often more sensitive to disruptions, making it harder to inspect traffic without impacting operational performance.

Encryption Has a Negative Impact on Security

Beyond the negative impact on visibility, encrypted traffic creates many challenges for security (and networking) teams. Ironically, though encryption was developed to strengthen security, respondents report that their number one challenge with its use is the negative impact it has on cybersecurity (55%). Trying to navigate the regulatory issues that govern encryption is the second most significant challenge for respondents (40%), while a close 39% circle back to the recurring theme of visibility impediments, with 37% also reporting that encryption has a negative impact on traffic steering. Additionally, 28% of respondents highlight performance degradation caused by decryption and inspection processes. This highlights a challenge with what could otherwise be a solution to visibility difficulties: decrypting and inspecting all traffic (within the limits of regulations). This strategy is commonly employed by SASE and SSE vendors, who recreate high-performing central gateways on cloud perimeters. 

In any case, 11% report the formidable challenge of performing network threat detection on encrypted traffic alone, and 57% perform it on both encrypted and clear traffic.

Reducing Attack Surface Should Be Higher Priority

Another indicator of the importance security teams place on closing visibility gaps is the divergence between what security teams think executive priorities are for the security organization versus what security teams think they should be. 

Here, security professionals think executives consider meeting compliance requirements as the security organization’s number two priority. However, they believe minimizing the global attack surface should actually occupy that spot (with minimizing the global attack surface being dependent on network visibility).

Security Teams Feel Unprepared & Overwhelmed

The top organizational challenge cited by respondents is inadequate in-house skills and training, followed closely by staff burnout and turnover.

Given the high importance respondents placed on AI integration in network threat detection solutions (see page 13), it is likely staff have confidence that one of AI’s benefits will be to make them feel better equipped to meet ever more sophisticated attacks.  And successfully addressing the top operational challenges of alert fatigue and poor attack surface visibility – also likely with AI support – could certainly be expected to reduce staff burnout and turnover. 

Challenges with ML/AI-Based Network Threat Detection

Of those who use ML/AI, the number one challenge cited is model selection, followed by data acquisition and data cleansing and normalization. Regarding the 4th and 5th challenges, managing drift and model tuning, vendors are providing more tools to empower users to address these natural AI lifecycle evolutions on their own, though more than one third (35%) still provide only black box access to their ML/AI solutions.

 

Very High Confidence in AI’s Value

 

A striking 71% of respondents consider it very (38%) or extremely (33%) important for network threat detection to incorporate AI. Another 23% consider it moderately important, with only 6% considering it slightly important (4%) or not important (2%).  

Part of this confidence may be tied to AI’s ability to rapidly analyze large volumes of network traffic and detect subtle patterns or anomalies—especially within encrypted or highly complex traffic—that are indicative of sophisticated attacks (which, in turn, increasingly employ AI). 

However, given that the three top operational challenges for security teams are 1) the difficulty of prioritizing alerts, 2) no (or poor) visibility into the global attack surface, and 3) unsatisfactory speed of detection and response, it is logical to assume that security teams have faith that AI can be used to address a wide variety of challenges.

Automatic Threat Scoring & Prioritization  Most-Valued Capability

Respondents place automation and simplification at the top of their must-have capabilities for network threat detection solutions. 62% of respondents see automatic threat scoring and prioritization as a must-have, while 59% value correlation of relevant data, events, and alerts into single incidents. Close behind, 57% desire automated and/or guided response processes, and 53% want their solution to automatically add contextual data to alerts. 

Against this backdrop of a deep desire for automation, it is interesting to note that generative-AI (or GenAI) assistance, which involves a collaborative dialogue between the security analyst and the AI application, comes near the end of the must-haves. It is an indicator, perhaps, that full automation is now valued more highly than interactive assistance.

Reduction in Breaches Tops KPI List

Respondents consider the reduction in the number of breaches as the most useful KPI for judging threat detection effectiveness. In a network threat detection context, this does not mean blocking threats at the perimeter, but rather finding and stopping infiltrations before data is accessed and released, exfiltrated, or encrypted. And for this, one has to be aware of breaches in order to measure their reduction over time, hence high rankings of reducing time from detection to resolution (63%), increasing  true positive detections – i.e., not missing actual threats (54%), and reducing false positives (43%), which take valuable time away from finding and stopping legitimate threats.

Broad Expansion for Anomaly Detection

Network intrusion detection systems use two principal techniques for identifying breaches. One analyzes traffic for specific patterns, or signatures, of known threats, while the other looks for anomalous behaviors. The latter typically works by creating a baseline of what normal (safe) traffic looks like, and then uses statistical and/or machine learning to detect anomalies indicative of a breach or vulnerability.

Anomaly detection is used to a limited extent in conventional IDS/IPS but is a key pillar of NDR solutions. It offers a more effective method of catching advanced threats than signatures, as hackers rapidly adapt their techniques once an attack method is exposed and codified via a signature. 

Reflecting confidence in this capacity to catch advanced attacks, 83% of all organizations say they either currently use anomaly detection (17%) or plan to do so over the next 6-24 months (66%).  15% are uncertain of their organization’s intent to use it. Only 2% report no plans for using anomalybased network threat detection.   

IDS/IPS & Specialized NTD Tools Are Popular Choices

IDS/IPS is currently the most widely deployed network threat detection tool (43%). Two other specialized threat detection tools, SIEM/SOAR and NDR/XDR, are more widely deployed than broader platforms like Secure SD-WAN, SASE and SSE. 

Furthermore, per the second question below, only a minority (36%) consider integration into a broader, multi-functional security platform to be the most effective option for their organization, while 59% cite one of three types of specialized NTD solutions (DPI-based NTA sensor, NDR, or XDR). This may change as SASE and SSE adoption continues to grow, but it would not be surprising to see continued deployment of best-of-breed NTD solutions alongside such platforms.

Commercial NIDS Preferred over Open Source

Security professionals express a preference for commercial over open source solutions (41% vs 28%), though 16% use both. The top three reasons for the commercial preference are performance and scalability, customer support, and protocol coverage. It is important to note, however, that most commercial NIDS/IPS are built upon an open source NIDS/IPS foundation. For example, the Enea Qosmos Threat Detection SDK was developed in partnership with the Open Information Security Foundation (OISF, Suricata’s maker). It tightly integrates core functionalities from Suricata with Enea’s deep packet inspection engine, the Enea Qosmos ixEngine®, to help solution developers meet the unique performance demands of commercial-grade deployments.

Snort & Suricata Most Popular Open Source NTD Tools

Snort is cited as the most frequently used open source NIDS, followed closely by Suricata. The number three most commonly cited NIDS is Zeek. These tools have been around for a long time, and all continue to evolve and to play an important role in protecting networks worldwide. 

Created in 1998, Snort was originally developed as a packet sniffer and logger and evolved to support signature- and anomaly-based intrusion detection. First released in 2010, Suricata was originally developed as a signature-based NIDS/IPS, but over time has added some anomaly detection and network security monitoring capabilities. First deployed in 1995, Zeek is a network security monitoring tool but can be used to provide some NIDS functionality.

Methodology and Demographics

This 2024 Network Threat Detection Report is based on a comprehensive online survey of 327 cybersecurity professionals, conducted in September 2024, to gain deep insight into the latest trends, key challenges, and solutions for network threat detection.

The survey utilized a methodology ensuring a diverse representation of respondents, from technical executives to IT security practitioners, across various industries and organization sizes. This approach ensures a holistic and balanced view of the insider threat landscape, capturing insights from different organizational perspectives and experiences.

 

______________________________________

About Arista Networks Arista Networks is an industry leader in zero trust networking, delivering security and observability across wired, wireless, and cloud infrastructure. Arista AVA™, an AI decision support system, enables an integrated suite of security platforms for standards-based network access control, autonomous threat hunting, and identity-aware microsegmentation. Importantly, these zero trust platforms are built on network infrastructure powered by Arista EOS™ and NetDL™, avoiding network security overlays and thus reducing costs while accelerating zero trust maturity and lowering breach impact. Arista Networks has been recognized as a market leader by Gartner, Forrester, and KuppingerCole, among others. arista.com/security

______________________________________

About Enea We are a world-leading specialist in advanced telecom and cybersecurity software with a vision to make the world’s communications safer and more efficient. As the most widely deployed Deep Packet Inspection (DPI) technology in cybersecurity and networking solutions, the Enea Qosmos products classify traffic in real-time and provide granular information about network activities. Enea also offers IDS-based threat detection capabilities as an SDK, enabling easy and tight integration with cybersecurity solutions while remaining highly flexible and scalable. Enea is headquartered in Stockholm, Sweden and is listed on NASDAQ Stockholm. enea.com/dpi-tech

______________________________________

About Custocy Custocy is a French spin-off from IMS Networks, specialised in cybersecurity software. Based in Toulouse, in the Occitanie region, it has a Research and Development team of around fifteen PhDs and engineers who have been developing an artificial intelligence engine since 2019. This engine is integrated into a SaaS platform for Network Detection and Response. Custocy has established a high-level collaboration with the LAAS-CNRS laboratory. Custocy is a laureate of the i-NOV innovation competition as part of the French government’s France 2030 plan and Bpifrance. In May 2024, Custocy was named “Product of the Year” at the Paris Cyber Show. custocy.ai

______________________________________

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. For more information: email us info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The post State of Network Threat Detection 2024 Report appeared first on Cybersecurity Insiders.

Cybersecurity threats are becoming more sophisticated, posing significant risks to organizations of all sizes. With sensitive data and critical systems at stake, employee compliance with cybersecurity policies is crucial to mitigating these threats. One effective way to ensure compliance is through video-based training, a dynamic tool that engages employees and simplifies complex cybersecurity concepts.

The Role of Video-Based Training in Cybersecurity Compliance

Video-based training offers distinct advantages over traditional methods like manuals or slide presentations. Videos are engaging, accessible, and easy to update, making them an ideal medium for critical training.

Studies show that employees retain information better when it is presented through video. For example, a report by Forrester Research found that employees are 75% more likely to watch a video than read a document. Additionally, video training can cater to diverse learning styles, combining visuals, audio, and interactivity to ensure all employees understand essential cybersecurity practices. Tools like a video editor can further enhance the quality and customization of training content, ensuring it meets an organization’s specific needs.

Real-World Examples of Successful Video-Based Cybersecurity Training

A study by Proofpoint demonstrated that a northeastern U.S. college achieved a 90% reduction in successful phishing attacks after implementing interactive training and simulated phishing exercises.

Additionally, a global consumer goods company reported a significant decrease in phishing incident risk by automating their phishing awareness training, leading to improved employee recognition and response to phishing threats.

These cases highlight the effectiveness of video-based and interactive training methods in enhancing cybersecurity compliance

Key Benefits of Video Training for Cybersecurity Compliance

Enhanced Accessibility

Video-based training allows employees to learn at their own pace. Whether in the office or remote, on-demand access ensures no one is left behind.

Consistency in Messaging

With video training, every employee receives the same information, reducing the risk of inconsistencies that can arise with in-person sessions.

Tracking and Analytics

Video training platforms often include analytics tools to track progress. Organizations can monitor completion rates, quiz scores, and compliance metrics to identify areas that need improvement. To optimize storage and sharing, compressing videos can reduce file sizes without sacrificing quality, making the training videos more accessible.

How to Create Effective Cybersecurity Training Videos

Step 1: Identify Key Training Objectives

Start by pinpointing the most critical topics, such as phishing awareness, password hygiene, and proper data handling practices.

Step 2: Simplify Complex Topics

Break down technical jargon using animations, infographics, and real-world examples. For instance, use a simple animation to explain how malware spreads.

Step 3: Incorporate Scenarios and Role-Playing

Show employees real-life situations they might face, such as spotting a suspicious email or responding to a potential data breach.

Step 4: Add Interactive Elements

Interactive features like decision-making scenarios or clickable sections can boost engagement and help employees apply their knowledge.

Step 5: Ensure Accessibility

Make videos inclusive by adding subtitles, offering multilingual options, and ensuring compatibility with screen readers.

Step 6: Continuously Update Content

Cybersecurity threats evolve rapidly. Regularly updating videos ensures employees are prepared to handle the latest risks and comply with new regulations. A video editor can streamline the process of updating existing content, ensuring it stays relevant and impactful.

Measuring the Success of Video-Based Training

To gauge the effectiveness of video training, organizations can track key performance indicators (KPIs) such as:

  • Completion Rates: The percentage of employees who finish the training.
  • Assessment Scores: Results from quizzes or simulations embedded in the videos.
  • Compliance Metrics: Changes in the number of reported incidents or compliance violations.

Regular assessments and follow-ups can reinforce key concepts, while employee feedback helps refine the training material.

The Future of Cybersecurity Training with Video Technology

Emerging technologies are poised to transform video training. AI video generators can personalize training for employees, while virtual reality (VR) and augmented reality (AR) offer immersive experiences for hands-on learning. Microlearning modules, which deliver short and focused lessons, will cater to employees with limited time.

These advancements will make video training even more effective in combating increasingly sophisticated cybersecurity threats.

Take Away

Video-based training is a powerful tool for driving compliance with cybersecurity policies. Its engaging format, accessibility, and ability to simplify complex topics make it an invaluable asset for organizations. By adopting video training, businesses can build a culture of security awareness and better protect themselves against cyber threats.

Start implementing video-based training today to safeguard your organization’s future.

 

The post How Video-Based Training Drives Compliance in Cybersecurity Policies appeared first on Cybersecurity Insiders.

Infrastructure identity provider Teleport has introduced its latest update, Teleport 17, designed to simplify the management of access controls and permissions for both human and machine identities within large-scale, modern infrastructures. This release addresses the evolving needs of engineering, infrastructure, and security teams by prioritizing scalability, security, and resilience.

The expanding cloud attack surface continues to challenge organizations’ ability to protect their infrastructure. In 2024, nearly half of organizations reported cloud data breaches, with the primary causes being human errors and misconfigurations. A high-profile cyberattack in late 2024 further underscored these risks, as threat actors exploited misconfigurations in public websites to target AWS customers, exposing thousands of credentials.

Teleport 17 builds on the platform’s secretless architecture to mitigate these risks by rendering identity attacks ineffective and ensuring infrastructure resilience against human errors. Key features introduced in this update include:

•Integration with AWS IAM Identity Center: Teleport 17 facilitates federated authentication across AWS accounts, eliminating the need for static, long-lived credentials. Organizations managing multiple AWS instances can now implement least privilege access through just-in-time access controls and utilize Teleport’s access lists to streamline AWS console logins across accounts. Multi-cloud enterprises can extend these capabilities to Azure and Google Cloud Platform.

•Multi-region High Availability: To ensure uninterrupted operations, Teleport 17 introduces multi-region failover capabilities spanning nine availability zones with a 99.99% uptime guarantee. This feature supports global business continuity and mitigates the financial impact of downtime, a critical consideration in today’s interconnected business environment.

Enhanced Oversight and Control: Teleport 17 offers advanced tools for configuring and auditing role-based access controls (RBAC). Features include nested access lists for hierarchical permissions, notifications for changes to critical infrastructure access, and batch access review capabilities to simplify compliance audits.

“The scale and complexity of computing infrastructure creates overhead and risk,” stated Ev Kontsevoy, CEO of Teleport. “Managing access, identities, and policies across the thousands of diverse resources enterprises use is a daunting task. Traditional solutions often struggle to keep up, leading to inefficiencies and security vulnerabilities. Teleport 17 makes secure infrastructure access at scale a practical and achievable goal for large enterprises.”

Additional features in Teleport 17 include:

  • Workload Identities: Enabling trusted communication between cloud workloads and services.
  • Enhanced Cryptographic Security: Introduction of new cryptographic signature algorithms to strengthen identity protection.
  • Support for Hardware Private Keys: Expanded support for external hardware private keys, such as YubiKey, to secure communications even in scenarios involving compromised identities.
  • Deeper Integration with Industry Tools: Seamless integration with platforms like Okta, Terraform Cloud, and GitHub, allowing organizations to unify their access strategies while maintaining existing workflows.

“The larger the organization, the more challenging and expensive it becomes to secure infrastructure efficiently and at scale,” noted Alexander Klizhentas, CTO of Teleport. “Resiliency must be a top priority for engineering and infrastructure teams tasked with 24/7 operations. Teleport 17 equips organizations to ask, ‘What’s the worst-case scenario for our infrastructure?’ and to confidently meet their resiliency goals, making infrastructure more secure and reliable than ever.”

The post Teleport 17 Enhances Secure Infrastructure Access for Large Enterprises appeared first on Cybersecurity Insiders.