Category: News Alerts

Cary, NC, Sept. 27, 2024, CyberNewswire — INE, a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report, including “Fastest Implementation” and “Most Implementable,” which highlight INE’s superior performance relative to competitors.

“Best hands-on and real world scenario based curriculum,” raves small business user Satvik V. in a recent 5-star review. ”Their dedication towards improving the curriculum and providing the best learning experience is the best thing and I would rate 10/10.”

G2 calculates rankings using a proprietary algorithm sourced from verified reviews of actual product users and is a trusted review source for thousands of organizations around the world. Its recognition of INE’s strong performance in enterprise, small business, and global impact for technical training showcases the depth and breadth of INE’s online learning library.

“At INE, we are driven not just by our achievements, but by our mission to equip professionals and enterprises with the skills necessary to navigate the evolving cybersecurity landscape,” said Dara Warn, CEO of INE. “Our commitment goes beyond winning awards; it’s about forging a pathway that prepares our clients to face future challenges head-on. By consistently updating and expanding our training modules, we ensure that every course reflects the latest in technology and security practices. This approach helps us empower organizations across the globe to build a resilient, well-prepared workforce capable of turning potential threats into opportunities for growth and innovation.”

INE’s G2 Fall 2024 Report highlights include:

•Fastest Implementation: Online Course Providers

•Most Implementable: Online Course Providers

•Leader: Europe, Asia, and Asia Pacific Online Course Providers

•High Performer: India, Asia Technical Skills Development

•Small Business High Performer: Asia Pacific Online Course Providers

•Small Business Leader: Online Course Providers

•Enterprise Leader: Online Course Providers

•Momentum Leader: Online Course Providers

•Leader: Online Course Providers

•Small Business High Performer: Technical Skills Development

•High Performer: Technical Skills Development

“The flexibility to learn at one’s own pace, coupled with the ability to access a vast library of resources anytime, anywhere, makes INE an ideal platform for both students and professionals looking to advance their skills or transition into new tech roles,” writes Oussama E., another small business user.

This fall, the prestigious SC Awards recognized INE Security, INE’s cybersecurity-specific training, as the Best IT Security-Related Training Program. This designation further underscores INE Security’s role as a frontrunner in cybersecurity training for businesses, providing the tools and knowledge essential for tackling today’s complex cyber threats.

Earlier this year, the Global InfoSec Awards presented INE Security with 4 awards at RSAC 2024, including:

•Best Product – Cybersecurity Education for Enterprises

•Most Innovative – Cybersecurity Education for SMBs

•Publisher’s Choice – Cybersecurity Training

•Cutting Edge – Cybersecurity Training Videos

Combined, these accolades highlight INE’s leadership in delivering innovative and effective networking and cybersecurity education across various market segments, including enterprises and small to medium-sized businesses.

About INE: INE is the premier provider of online technical training for the IT industry. Harnessing the world’s most powerful hands-on lab platform, cutting-edge technology, global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide, and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity, cloud, networking, and data science. INE is committed to delivering the most advanced technical training on the planet, while also lowering the barriers worldwide for those looking to enter and excel in an IT career. 

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE earns accolades based on strong curriculum reviews from business leaders first appeared on The Last Watchdog.

Silver Spring, MD, Sept. 19, 2024, CyberNewsWire — Aembit, the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report, a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts.

The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reality of increased NHI-focused breaches.

As non-human identities (NHIs) rapidly proliferate in modern IT environments, driven by the shift from monolithic to distributed architectures, widespread cloud adoption, and increasing automation, the report reveals a chasm between non-human and user identity security practices, with most organizations acknowledging their efforts to secure non-human identities are either lagging or struggling to keep pace.

The survey of IT and security professionals also shows that careless habits, such as storing long-term credentials directly in code, relying on spreadsheets for manual input, and sharing sensitive information via collaboration tools, are still prevalent. Additionally, many organizations face difficulty in securing NHIs in complex, multi-cloud environments, with concerns about inconsistent access management and unclear ownership of security processes.

Key findings of the survey include:

•IAM Maturity Gap: 88.5% of organizations admitted that their non-human IAM practices lag behind or are on par with their user IAM efforts.

•Low Confidence: Only 19.6% of respondents expressed strong confidence in their non-human IAM practices.

•Insecure Practices: 30.9% of respondents store long-term credentials in code and 23.7% share secrets through copying and pasting, such as via email or messaging apps.

•Outmoded Methods: 38.9% of respondents still use less-secure methods like secrets managers for non-human workload-to-workload authentication.

•Cloud Complexity: 35.6% of organizations struggle to manage non-human identity security across hybrid and multi-cloud environments.

•Blind Spots: 23.5% of organizations are not sure of the biggest threat to their non-human identities.

“Organizations are starting to recognize that non-human identities are more than just background tools. As businesses rapidly automate, NHIs play a critical role in digital ecosystems and often handle sensitive data,” said David Goldschlag, co-founder and CEO of Aembit. “But, as our survey shows, NHI security remains very much a work in progress. While awareness is growing, most organizations still have significant shortfalls in how they secure these identities and the vital connections between them. It’s time to elevate non-human IAM to the same level of importance as user IAM.”

The survey, which included responses from 110 professionals, from developers to identity architects to CISOs, also revealed a growing need for more holistic approaches to managing non-human identities. As businesses expand across cloud environments, managing workload identities has become increasingly complex, with many organizations struggling to keep up due to piecemeal or legacy approaches.

Those interested can read the full survey by downloading it here.

About Aembit: Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access with MFA-strength capabilities. For more information, users can visit https://aembit.io/ and follow us on LinkedIn.

Media contact: Apurva Davé, CMO, Aembit, info@aembit.io

The post News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’ first appeared on The Last Watchdog.

Cary, NC, Sept.18, 2024, CyberNewsWire — INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry.

The SC Awards, now in its 27th year, recognize the solutions, organizations, and individuals that have demonstrated outstanding achievement in advancing the security of information systems. This year’s awards were presented across 33 categories, celebrating both established industry leaders and emerging innovators.

INE Security stood out among a competitive field of entries, demonstrating its innovation in addressing the evolving cybersecurity landscape. The Best IT Security-Related Training Program award highlights INE Security’s efforts to deliver practical, effective solutions that safeguard against today’s complex threats.

“We are thrilled to receive the 2024 SC Excellence Award for Best IT Security-Related Training Program. This recognition highlights our relentless pursuit of excellence and innovation in cybersecurity training,” said Dara Warn, CEO of INE Security. “At INE Security, we are committed to empowering professionals and organizations with the skills they need to defend against the ever-evolving cybersecurity threats. This accolade not only reflects our commitment to the highest standards of training but also motivates us to continue advancing the field of cybersecurity education.”

The SC Awards are presented by SC Media, a trusted cybersecurity resource, and evaluated by a panel of independent industry experts. Winners are selected based on their contributions to innovation, their ability to address the cybersecurity industry’s critical challenges, and their demonstrated impact on protecting organizations.

“These award recipients represent the very best of what the cybersecurity community has to offer,” said Tom Spring, Editorial Director at SC Media. “Each winner has shown a commitment to advancing the industry with forward-thinking solutions and an ability to adapt to new challenges. Their contributions help drive progress in securing our digital environments.”

INE Security has been recognized among the best cybersecurity training platform in 2024 by numerous organizations including:

•G2 as an online course provider and technical training provider

•G2’s 2024 Best Software Awards for Education Products

•Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications

The SC Awards were evaluated by a distinguished panel of judges, including cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance community from sectors such as healthcare, financial services, education, and technology.

The full list of 2024 SC Awards winners: https://www.scmagazine.com/sc-awards

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

About CyberRisk Alliance: CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through their trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Their brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security’s cybersecurity training service earns 2024 SC Excellence Award first appeared on The Last Watchdog.

Boston, Mass., Sept. 18, 2024] — One Layer, the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform by energy provider Evergy, in a multi-year deal.

Evergy has innovatively embraced Ericsson’s private LTE technology to elevate operational performance. They recently completed their transition from pilot and testing to preparations for a comprehensive rollout for operational use. Evergy chose OneLayer’s solution to manage and secure devices in their facilities and across their electricity grid in the U.S. Evergy’s fast-growing private LTE cellular networks use thousands of devices today, including Internet of Things (IoT) sensors, smart meters, OT and other cellular devices. In the next few years, the number of devices is planned to scale to the tens of thousands.

“With this widespread rollout, we needed a way to manage the growing number of OT devices using our private cellular network,” says J.J. Stutler, Manager, Wireless Engineering & Operations at Evergy. “We required automation and delegation of various device onboarding steps to different Evergy teams, alongside complete visibility to all devices at all times. OneLayer did all of that, in addition to providing operations and security frameworks for our private LTE networks and connected devices. With OneLayer, Evergy is now better equipped to deliver reliable power to customers and fulfill the potential of its strategic sustainability transformation plan for its customers and stakeholders.”

The implementation of OneLayer’s platform is projected to result in substantial savings for Evergy in the areas of asset management, operations and network management.

OneLayer’s asset management capabilities enhance Evergy’s operational efficiency by automating device onboarding, provisioning, profiling, classifying and activation. OneLayer enables delegating onboarding steps to different teams, enabling Evergy to scale their network effectively by creating autonomy for different Evergy teams, alongside maintaining oversight of what devices are onboarded. Visibility and tracking of every individual device connected to the network – even non-cellular devices connected via cellular routers – enable Evergy to assess performance and uptime of devices and routers, conduct vendor comparisons at scale and adjust Quality of Service (QoS) dynamically for different groups of devices or situations.

As a player in critical national infrastructure, Evergy requires strict security. OneLayer provides Evergy with end-to-end zero-trust security that seamlessly extends Evergy’s existing security frameworks, established segmentation standards and regulatory requirements to the private LTE domain. OneLayer Bridge’s OT/IoT asset discovery and tracking, geofencing, anomaly detection and mitigation functionalities significantly reduce Evergy’s attack surface and enable swift remediation of any potential problems.

“OneLayer sees Evergy’s team as visionaries, professionals, mission-oriented, and focused on their business needs,” explains Dave Mor, OneLayer CEO. “OneLayer is here to support Evergy’s journey to success. Our maintenance of strong relationships with private LTE vendors, like Ericsson and CPE vendors ensures continuous support for upgraded products and enhanced capabilities. This approach allows Evergy to benefit not only from existing efficiencies but also to stay prepared for evolving challenges and opportunities in the private LTE landscape.”

About OneLayer: OneLayer brings complete visibility, asset management, and zero-trust security to all devices connected to private LTE and 5G networks. All activities are tracked to orchestrate and secure the environment. Through OneLayer’s solution, enterprises get complete asset management and operational intelligence capabilities to maximize operational excellence and zero-trust security to prevent cellular breaches. The platform enables enterprises to treat their private cellular network as another enterprise network without the need to be cellular experts. To learn more about OneLayer, please visit www.onelayer.com.

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets first appeared on The Last Watchdog.

Boston, MA, Sept. 16, 2024, CyberNewsWire — Entro Security, pioneer of the award-winning Non-Human Identity (NHI) and Secrets Management platform, today released its research report, “2025 State of Non-Human Identities and Secrets in Cybersecurity.”

The Entro Security Lab found that 97% of NHIs have excessive privileges increasing unauthorized access and broadening the attack surface, and 92% of organizations are exposing NHIs to third parties, also resulting in unauthorized access if third-party security practices are not aligned with organizational standards.

Surprisingly, 44% of tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, code commits and more. Such practices put sensitive information at serious risk of being intercepted and exposed–the root of all secrets and non-human identity breaches.

Entro Security Labs’ research reveals alarming trends in the handling of both human and NHIs, with significant misconfigurations and risks prevalent across organizations. Key findings include:

•For each human identity, there are an average of 92 non-human identities. An overwhelming number of non-human identities increases the complexity of identity management and the potential for security vulnerabilities

•91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches

•50% of organizations are onboarding new vaults without proper security approval which can introduce vulnerabilities and misconfigurations from the outset

•73% of vaults are misconfigured, also leading to unauthorized access and exposure of sensitive data and compromised systems

•60% of NHIs are being overused, with the same NHI being utilized by more than one application, increasing the risk of a single point of failure and widespread compromise if exposed

•62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure

•71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time

Additional findings are discussed in the report and reveal a critical need for organizations to reassess their NHIs and secrets management practices.

Data from this report has been collected using a mixed-methods approach, integrating quantitative data analysis with qualitative insights derived from industry observations. The quantitative component focuses on statistical analysis of security incidents and vulnerabilities, while the qualitative aspect provides context and interpretation of these findings within the broader cybersecurity landscape. The data sources include proprietary data from Entro’s cybersecurity infrastructure, secondary data from publicly available industry reports and survey data from IT and security professionals.

Entro’s complete research report on non-human identities is available on their website.

To learn more or schedule a demo, please visit https://entro.security/demo/.

About Entro Security: An award-winning pioneer platform, Entro Security provides Non-Human Identity Lifecycle Management, Secrets Security and Non-Human Identity Detection and Response. Unlike traditional methods that reactively scan for exposed secrets, Entro integrates seamlessly within an organization’s existing vaults, and secret creation and exposure locations, offering a single pane of glass to securely use and manage non-human identities and secrets at scale. Headquartered in Boston and backed by top cybersecurity VCs, Entro was named a Cool Vendor by Gartner, Venafi’s Most Promising Machine Identity startup and is a 2023 Globee Awards Winner for Startup Achievement of the Year. For more information, please visit https://www.entro.security. 

 Media contact: Hannah Sather, Senior Account Executive, Montner Tech PR, hsather@montner.com

The post News alert: Entro Security Labs report reveals pervasive exposures in ‘Non-Human Identities’ first appeared on The Last Watchdog.

Silver Spring, MD, Sept.12, 2024, CyberNewsWire –– Aembit, the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.

Aembit’s funding comes in the wake of continued high-profile non-human identity attacks on organizations such as Cloudflare, The New York Times, and Microsoft. Non-human identity (NHI) refers to the applications, scripts, and bots that businesses use to automate their operations, as well as the credentials used by NHIs to communicate to sensitive databases, applications, and infrastructure.

These incidents exposed secrets such as API keys, access tokens, and other non-human access credentials, which were used to penetrate enterprise environments. In a newly published survey of security professionals, Aembit found that most organizations still struggle with managing NHI credentials securely: Over 30% still storing credentials in code, and 23% using email and chat to share credentials. Over 60% of respondents are looking for a comprehensive solution across their entire organization.

Security professionals are recognizing the need for an access-focused approach that automates identity-driven, secretless, centrally enforced, and auditable access between distributed applications and SaaS services to sensitive resources in the cloud and on-premises.

Aembit has led the market in solving this emerging challenge by pioneering non-human IAM. It enables policy-based access management between workloads and the sensitive resources they access, moving beyond reactive visibility and governance to proactively shrink the attack surface of rapidly growing and highly distributed non-human identities. Aembit was recently lauded as a Top 2 finalist in the prestigious 2024 RSA Innovation Sandbox competition and is a finalist for Best Identity Management Solution at the 2024 SC Awards. Aembit continues to advance access management with capabilities such as MFA-strength conditional access, policy automation via infrastructure-as-code, and robust auditing for NHI access.

“Aembit is tackling one of the most pressing challenges in modern enterprise security,” said Mark Kraynak, founding partner at Acrew Capital. “The shift to cloud and SaaS, and AI has driven an order-of-magnitude expansion in non-human identities. With the proliferation of microservices and APIs across diverse environments, IAM has become the critical first line of defense for protecting sensitive data. Legacy access management approaches weren’t designed with this level of scale and automation in mind. We are thrilled to be partnering with Aembit to bring a new approach to the market.”

Co-Founders David Goldschlag and Kevin Sapp have spent their careers innovating across the identity landscape, most recently creating New Edge Labs (acquired by Netskope), one of the first user zero trust products on the market.

“Kevin and I founded Aembit with a vision to help enterprises secure access between non-human workloads, applications, and software resources with the same principles used today to secure human access,” said David Goldschlag, co-founder and CEO of Aembit. “Talking to hundreds of enterprises, and working closely with design partners, our approach centers on proactively securing access between non-human identities, while eliminating friction for developers and security teams.”

“By solving non-human IAM, Aembit is tackling an essential security challenge,” said Brad Jones, CISO at Snowflake and an Aembit customer. “Not only is their approach to non-human access innovative, but Aembit is a provider we can rely on.”

The Aembit Workload IAM Platform enforces secure access between non-human workloads and the services that authorize access to sensitive data and infrastructure. Aembit’s policy engine grants secretless access, just-in-time, based on the workload’s identity and posture.

Leveraging native identities and sophisticated automation, organizations use Aembit to eliminate storage of sensitive secrets within applications or vaults by moving to short-lived access tokens with a no-code auth approach. With Aembit, businesses proactively secure non-human access while eliminating the manual and fragmented work required today by security, engineering, and DevSecOps teams.

About Aembit: Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access with MFA-strength capabilities. For more information, users can visit https://aembit.io/ and follow us on LinkedIn.

Media contact: Apurva Davé, CMO, Aembit, info@aembit.io

The post News alert: Aembit raises $25M Series A funding for non-human Identity and Access Management first appeared on The Last Watchdog.

Palo Alto, Calif., Sept.11, 2024, CyberNewsWire — Opus Security, the leader in unified cloud-native remediation, today announced the launch of its Advanced Multi-Layered Prioritization Engine, designed to revolutionize how organizations manage, prioritize and remediate security vulnerabilities.

Leveraging AI-driven intelligence, deep contextual data and automated decision-making capabilities, this innovative engine helps organizations prioritize the most critical vulnerabilities, enhancing both security posture and operational efficiency.

Remediation breakthrough

Security teams are overwhelmed by the need to rapidly prioritize alerts from multiple tools across various attack surfaces. These may include redundant alerts or negligible findings and teams must decide which to address first without adequate information, context and ability to do so. Security teams struggle to identify and address the most critical issues, and developers have limited time and scope to devote to security fixes—especially when it isn’t clear what is important and what is negligible. Developers are often bombarded with alerts that are duplicates or irrelevant due to inefficient prioritization—wasting time and increasing friction and frustration.

Opus Security’s Advanced Multi-Layered Prioritization Engine is a transformative approach to vulnerability management. By integrating multiple layers of intelligence, contextual analysis and risk mitigation, the engine ensures that security teams can effectively prioritize and address the most critical vulnerabilities, reducing risk, enhancing operational efficiency and supporting overall business goals. The engine integrates traditional vulnerability severity scoring with dynamic exploitability analysis, detailed environmental context and an automated decision-making process to provide a robust method for ranking vulnerabilities.

A key component of this engine is the AI-Based Vulnerability Intelligence Layer, which goes beyond traditional severity scoring. This layer leverages over 700 real-time threat intelligence feeds to build a deep and nuanced understanding of each vulnerability’s risk. By incorporating intelligence from sources such as dark web forums, social media, open-source tools, exploit databases and active threat campaigns, the engine can flag high-risk issues with unparalleled accuracy. This intelligence-driven approach ensures that organizations are aware of vulnerabilities and their likelihood of exploitation in the wild, allowing for proactive and informed remediation efforts.

Using a five-layered framework, the engine first performs a Base Severity Assessment, aggregating severity scores from leading security tools and public databases to ensure that no critical vulnerabilities are overlooked. Next, the AI-Based Vulnerability Intelligence layer leverages real-time threat intelligence to flag high-risk issues based on their likelihood of exploitation.

The Contextual Impact layer then prioritizes vulnerabilities according to their relevance to specific business functions, protecting critical systems first, especially those that handle sensitive data. The engine is the first to enable real SSVC decision-making, fully baked into the product. This helps teams categorize vulnerabilities into specific response actions based on the affected environment’s severity, exploitability and criticality. Finally, the Risk Customization layer allows organizations to tailor prioritization according to their unique risk appetite and operational needs.

Additionally, Opus Security introduces Effortless Data Querying, allowing users to interact with the platform using natural language. This feature enables users to quickly refine vulnerability lists based on specific concerns and make precise, data-driven decisions by leveraging advanced AI-powered insights.

Driving operational excellence

The engine’s multi-layered approach ensures unprecedented precision in risk management by integrating real-time intelligence with detailed contextual analysis. This integration enables SSVC decision-making, allowing security teams to focus on vulnerabilities that truly matter, reducing the likelihood of overlooking critical vulnerabilities.

Opus aligns security decisions with business priorities by deeply understanding the organization’s structure, critical services and risk profiles, driving context-aware decision-making that protects critical assets and directly supports strategic goals.

“Opus’ new Advanced Multi-Layered Prioritization Engine is a game-changer in vulnerability remediation, simplifying, streamlining and optimizing the process considerably. The engine’s ability to prioritize the vulnerabilities that pose the greatest risk reduces overall security costs and helps security and developer teams avoid unnecessary remediation of low-risk issues,” said Meny Har, CEO of Opus Security. “Minimizing friction between development and security teams, driving smoother collaboration and ensuring that security measures do not impede the development process means that all teams can focus on what matters and fix what counts.”

About Opus Security: Opus Security is at the forefront of cloud-native vulnerability remediation, delivering solutions that streamline remediation across complex IT ecosystems. Opus Security provides unparalleled visibility and control over vulnerabilities by integrating existing security tools and enhancing them with advanced AI and contextual intelligence. The platform’s innovative features, including the new Advanced Multi-Layered Prioritization Engine, empower organizations to protect their most critical assets with confidence and precision. For more information about Opus Security and its solutions, visit https://www.opus.security/.

Media contact: Hannah Sather, Senior Account Executive, Montner Tech PR
hsather@montner.com

The post News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM first appeared on The Last Watchdog.

Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense, a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt, a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.

This cutting-edge innovation combines Post-Quantum Cryptography (PQC)* — designed to withstand the security threats posed by future quantum computing—with the trusted SSL technology that secures websites worldwide. As the demand for secure identity verification systems rises, SenseCrypt offers a comprehensive solution that tackles both privacy and security challenges.

Shifting the identity paradigm

At the core of SenseCrypt is a fundamental shift in the identity paradigm to the realm of cryptography. Instead of traditional methods that rely on storing and matching biometrics, SenseCrypt eID utilizes acts of encryption and decryption for registration and authentication, with no public/private keys stored anywhere.

This patented approach generates eIDs as encrypted raw bytes, known as SensePrints, which can be printed as QR Codes on various identification mediums including ID cards, documents, and birth certificates, or stored in NFC chips or databases. This unique feature allows for offline verification capability, making it adaptable to various environments.

Unlike other solutions available in the market, the QR codes generated do not contain any biometric data. This means that even in the event of compromised keys, no biometrics or personally identifiable information (PII) is at risk, significantly reducing the regulatory and compliance burdens associated with data breaches.

Unmatched accuracy

SenseCrypt has a verification accuracy that is unmatched in the industry, with a False Accept Rate (FAR) of 0 with a False Rejection Rate (FRR) of below one percent (<1%)**. For governments, ID providers, and security-focused organizations, even a FAR as low as one-in-a-million (1e-06) is unacceptable when performing millions of verifications daily.

The foundational features of SensePrints include:

•Privacy-preserving and Non-biometric: No biometric data is stored

•Biometrically verifiable: Only the eID holder’s live face can decrypt the eID attributes

•Revocable and renewable: Multiple SensePrints can be generated from the same image and with the same metadata. While users cannot change their face, they can change their SensePrint

•Offline verifiable: SensePrints can be verified completely offline

•Incomparable and Unlinkable: No biometric data is stored, making it impossible to compare and link if two SensePrints belong to the same individual

•Group verification capable: A single SensePrint can verify multiple users

•Irreversible: The absence of biometrics prevents Hill Climbing or face regeneration attacks

•Non-repudiable: Each SensePrint is signed by the issuer, allowing verification via the issuer’s root certificate public key

Face PKI breakthrough

While SensePrint eID requires the holder’s live face to be present at every transaction, Face PKI allows verifiers to conduct transactions without ever seeing the holder’s face or processing any biometrics. This is achieved through the generation of Face Certificates for specific purposes, such as login, eKYC, and more. These certificates are standard X.509v3 certificates that use a face-derived public key, signed by a trusted issuer. A user can have any number of Face Certificates, each with a unique public key for specific purposes.

Face PKI not only enhances traditional security measures but also unlocks new potential use cases such as file and document signing, encryption/decryption, eKYC, passwordless login, proof of presence, secure communication, and multi-factor authentication (MFA).

Decentralized identity

SenseCrypt Face PKI supports various scenarios but relies on a central root of trust. For those preferring a decentralized model and identity wallets (Self-Sovereign Identity), the SenseCrypt DLT Protocol brings all the capabilities of Face PKI to the blockchain.

This innovative protocol enables issuers to verify wallet holders without transferring or storing any biometrics on the blockchain or inside wallets, ensuring user privacy through Zero Knowledge Face Proofs. Similarly, verifiers receive cryptographic proof that the wallet’s legitimate owner is making the Verifiable Presentation, not someone using a stolen wallet.

* With the NIST’s standardization of PQC published in August 2024, SenseCrypt Face PKI supports both FIPS 203 – ML-KEM Standard and FIPS 204 – ML-DSA Standard. https://www.whitehouse.gov/oncd/briefing-room/2024/08/13/fact-sheet-biden-harris-administration-continues-work-to-secure-a-post-quantum-cryptography-future/

** Measured on a proprietary identity dataset of >50 million

About Seventh Sense: Seventh Sense is a Singapore-based deep-tech company, tackling complex challenges at the intersection of machine learning and cryptography. Its mission is to deliver next-generation identity technology to governments and organizations, supporting both centralized and decentralized systems. The company’s stakeholders include government organizations and bodies from both Singapore and Australia. For more information, readers can please contact: Product Licenses: sales@seventhsense.ai; Careers: careers@seventhsense.ai; Investor Relations: ir@seventhsense.ai

Media contact: Shruti Singh, Communications Manager, Seventh Sense AI, shruti@seventhsense.ai

The post News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’ first appeared on The Last Watchdog.

Torrance, Calif., Sept. 4, 2024, CyberNewsWire — AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP.

This accomplishment builds on last year’s attainment of PCI DSS v3.2.1 (Payment Card Industry Data Security Standard) certification and marks a significant milestone in the company’s ongoing efforts to enhance security, further solidifying its leadership in the global market.

The Payment Card Industry Data Security Standard (PCI DSS) is an international information security standard established by the PCI Security Standards Council (PCI SSC), which includes major global card brands. PCI DSS certification is a critical requirement in the financial industry for preventing credit card fraud and data breaches. Companies that earn this certification are verified as capable of securely managing customers’ payment information.

AI SPERA’s newly acquired PCI DSS v4.0 certification represents the latest version of this standard, featuring enhanced security requirements that address emerging threats and technological advancements.

Key assessment areas include maintaining secure networks and systems, protecting cardholder data, managing vulnerabilities and malware threats, enforcing strong access control measures, conducting regular monitoring and testing, and managing information security policies. Criminal IP has been rated at the highest level across all these criteria.

The CTO of AI SPERA stated, “Achieving the highest level of PCI DSS v4.0 certification showcases our capabilities and commitment as a global security service provider. We will continue to prioritize protecting customer payment data while offering secure and trustworthy services.”

About AI SPERA: AI SPERA, renowned for its advanced solutions, has expanded internationally, with ‘Criminal IP’ as its flagship offering. Operating in more than 150 countries, ‘Criminal IP‘ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. Recently, AI SPERA’s ‘Criminal IP’ has entered the marketplace of major US data warehousing platforms, including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

 Media Contact: Michael Sena, AI SPERA, support@aispera.com

The post News alert: AI SPERA attains PCI DSS certification for its search engine solution ‘Criminal IP’ first appeared on The Last Watchdog.