Category: News Alerts

Cary, NC, Sept. 4, 2024, CyberNewsWire — In a proactive response to the rapidly evolving landscape of cyber threats, INE Security, a global leader in cybersecurity and network training, today unveiled a crucial initiative aimed at fortifying corporate defenses against digital dangers.

The newly launched guide, “5 Practical Steps to Reduce Cyber Threats,” offers actionable strategies for cybersecurity leaders to enhance their team’s preparedness and response capabilities.

Dara Warn, CEO of INE Security, emphasized the importance of robust cybersecurity training amid growing threats: “The surge in cybercrime is causing unprecedented economic losses and continuously adapting to exploit technological advances. While state-of-the-art tools are vital, the true backbone of our defense strategy lies within our trained professionals—the human firewall.”

Unpacking the five steps

•Assess and identify training needs: INE Security advocates starting with a detailed assessment of team capabilities using tools like the Skill Sonar, which helps pinpoint individual and team training requirements.

•Implement a robust upskilling program: Comprehensive upskilling programs are crucial, ensuring relevance and accountability, thus maximizing the return on investment in employee development.

•Secure organizational buy-in: The effectiveness of continuous training programs hinges on the support from all organizational levels, especially executive leadership, underscoring the need for continuous skill enhancement.

•Monitor and adapt taining efforts: Ongoing evaluation of training effectiveness is essential, utilizing analytics tools to adjust programs and address emerging skills gaps actively.

•Encourage practical application: Real-world simulation training and scenario-based cyber ranges bridge the gap between theory and practice, significantly boosting skill application and readiness.

Security and resilience

Implementing these steps promises substantial benefits, enhancing not just security but also operational resilience. “Proactive defense capabilities, retention of critical knowledge, cost-effective staff development, and a culture of continuous learning are just the beginning,” Warn stated. “These efforts will not only mitigate immediate cyber risks but also strengthen long-term organizational health and security.”

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities first appeared on The Last Watchdog.

Singapore, Sept. 4, 2024, CyberNewsWire — Blackwired, the leading cyber observatory for disruptive cybersecurity technologies, has announced the launch of ThirdWatch?, a groundbreaking solution to identify direct threats facing an organization and its Third Parties.

ThirdWatch? is a subject-directed monitoring platform that provides a comprehensive 360-degree view in 3D of existential threats that impact organizations and the associated cyber risks posed by their vendors, partners, suppliers, networks, and digital assets. Utilizing a non-invasive, zero-touch technology process, ThirdWatch? generates Direct Threat Intelligence while cross-referencing this intelligence with traditional vulnerability assessment data. This integration produces evidence-based scoring and specific solution sets to mitigate all direct cyber threats facing an organization.

Direct Threat Risk Management

This innovative platform establishes a new category—Direct Threat Risk Management. By incorporating all features of Attack Surface Management (ASM) and Third-Party Risk Management (TPRM) tools, ThirdWatch? surpasses conventional offerings, delivering enhanced usability, substantial value, and unique Direct Threat Intelligence.

Central to ThirdWatch? are its pivotal features, including Direct Threat Intelligence, Direct Threat Mitigation, Third-Party Risk Management, Network Vulnerability Assessment, 3D Visualization, a comprehensive Ecosystem, and Evidence-Based Scoring. The platform is designed with five key configurations: Enterprise, Audit, Managed Service Provider (MSP), Incident Response (IR), and Legal.

“Implementing a ‘defend forward’ mentality is crucial. To combat modern threats, organizations need to pivot to a proactive approach to threat management, seeking out threats and neutralizing them before they escalate into attacks, says Jeremy Samide, Blackwires’s CEO and co-founder. “ThirdWatch? empowers organizations to identify and eliminate direct threats that jeopardize core operations, subsidiaries, and affiliates while mitigating risks posed by third parties in their ecosystems.”

ThirdWatch? ensures compliance with third-party regulatory cybersecurity requirements and helps organizations navigate potential supply chain disruptions caused by cyber events.

Management teams can utilize the platform to monitor their cybersecurity operations’ effectiveness, access cyber threat landscapes swiftly, and provide a digital witness record of pre-event direct threat intelligence.

Blackwired leverages industry and government expertise to deliver innovative solutions that integrate cutting-edge technologies such as artificial intelligence, edge computing, blockchain, and quantum computing. This strategic integration is underpinned by a methodology that starts with the premise of proactive prevention and, when necessary, offense – a notably different approach compared to traditional reactive cybersecurity measures.

The launch of ThirdWatch? marks a significant evolution in cybersecurity strategy. Organizations can utilize the platform to enhance cyber resilience while safeguarding their digital assets against a rapidly changing threat landscape. As cyber risks escalate, ThirdWatch? offers a proactive defense mechanism designed to help organizations stay one step ahead of malicious threat actors.

About Blackwired: Blackwired is a cybersecurity innovation company dedicated to developing disruptive technologies that challenge conventional security approaches. The team comprises former Chief Information Security Officers and expert government contractors that have a direct understanding of enterprise-level security needs to ensure the highest level of cybersecurity resilience across industries.

Blackwired leverages cutting-edge technologies – including artificial intelligence, edge computing, blockchain, and quantum computing – combined with human ingenuity to empower its innovative concepts, turning groundbreaking ideas into practical, robust platforms. For more information, please visit Blackwired | LinkedIn.

Media contact: Ethel Ooi, Pink Tiger Media for Blackwired, ethel.ooi@pinktigermedia.com

The post News alert: Blackwired launches ‘ThirdWatch?’ — an advanced third-party risk management platform first appeared on The Last Watchdog.

Cary, NC, Aug. 22, 2024, CyberNewsWire — INE Security, a global cybersecurity training and certification provider, recently launched initiatives with several higher education institutions in an ongoing campaign to invest in the education of aspiring cybersecurity professionals.

“There is a critical skills gap in the industry, which has enormous implications for businesses and individuals alike,” said Dara Warn, INE Security’s CEO. “We are working to partner with higher education institutions to close that gap, rewrite the book on how to prepare cybersecurity students, and ultimately reinforce the entire industry’s strength and security.”

According to the team, in a world where digital threats transcend borders, the need for robust cybersecurity education has never been more critical. Universities around the globe are stepping up, recognizing that their role in preparing the next generation of cybersecurity experts is crucial not only for national security but also for maintaining global competitiveness. As cyber threats become more sophisticated, educational institutions are compelled to provide their students with the skills necessary to navigate and mitigate these risks effectively.

One of the most pressing reasons for advanced cybersecurity training is the sheer scale and global nature of cyber threats. According to the 2020 Cost of a Data Breach Report by IBM, the average total cost of a data breach globally reached $3.86 million, highlighting the severe economic impact of these incidents. This global threat landscape requires a workforce that is not only technically proficient but also equipped with a comprehensive understanding of international cybersecurity challenges.

Columbus State University

Columbus State University (CSU) is a public university located in the southeastern United States, serving approximately 7,000 students annually. To address the growing demand for skilled cybersecurity professionals in Georgia, CSU launched the NEXUS program in 2017, driven by the state’s identified shortage of 15,000-30,000 IT and cybersecurity professionals. The challenge was that CSU’s cybersecurity education lacked hands-on labs and certification opportunities, making it difficult for students to gain practical skills and accredited certifications essential for the cybersecurity workforce.

In 2019, CSU partnered with INE Security to integrate the Junior Penetration Tester (eJPT) certification into its curriculum. The eJPT learning path’s hands-on nature, robust application, and immediate feedback were key in addressing the practical training gap. Cybersecurity lecturers at CSU led the integration of the eJPT certification.

Since then, 122 students have registered and completed the certification, following a progressive training model starting with IT Fundamentals and CompTIA certifications, followed by eJPT, and culminating in the SEC+ certification. The eJPT certification ensures foundational skills for advanced roles, with a 90% first-attempt pass rate and immediate feedback for those retaking the exam.

FOUR18 Intelligence

FOUR18 Intelligence works with students to deliver live-fire training, and partnered with INE Security to enhance hands-on, real-world cyber defense education. The collaboration aims to make high-quality cybersecurity training accessible and impactful for learners at every stage of their career, anywhere in the world. Part of the strategy centers around FOUR18’s DEF3NSE system, which is the first of its kind to offer live-fire cyber threat learning and micro-internships at scale. The partnership is designed to provide students a truly immersive learning experience that prepares them for real-world security risks through practical hands-on engagement, a goal achieved through the joining of INE Security and FOUR18 Intelligence.

Virtually Testing Foundation 

Virtually Testing Foundation (VTF) is a California-based 501(c)3 e-learning non-profit organization that started with a mission to educate and help people transition into the field of cybersecurity. INE Security partnered with VTF as a technical training resource, giving the organization’s interns access to premium training, hands-on labs, on-demand videos, immersive learning tactics, and discounted access to highly sought-after industry certifications. The partnership opportunity enables VTF interns to access top-tier training materials at no cost, representing a crucial stride in equipping individuals with cybersecurity skills to close critical skills gaps.

Career prospects

The career prospects in the cybersecurity field are highly promising. The Bureau of Labor Statistics projects a 31% growth in employment for information security analysts from 2019 to 2029, significantly faster than the average for all occupations. This demand reflects the critical need for cybersecurity professionals who are well-versed in handling both national and international challenges.

Furthermore, the integration of advanced technologies like artificial intelligence and machine learning in combating cybercrime highlights the evolving nature of the field and the continuous learning opportunities it presents. Universities that collaborate with cybersecurity firms to incorporate these technologies into their training programs not only enhance the learning experience but also ensure that their students are prepared for the future demands of the cybersecurity landscape.

Higher education and the future

Higher education institutions and organizations that invest in comprehensive cybersecurity training, especially through partnerships with experienced cybersecurity training partners, are making a significant contribution to the global economy. By equipping students with the necessary skills to face and address international cyber challenges effectively, these institutions are ensuring that their graduates are not only competitive but also ready to lead in the global arena. These efforts not only protect the institutions’ data and reputations but also prepare their students for a world where cybersecurity expertise is revered and essential.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security launches initiatives in support of aspiring cybersecurity professionals first appeared on The Last Watchdog.

Cary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can lead to a financial crisis and laying out five key reasons why cybersecurity training is important.

Impact of cyber attacks

The financial toll of cyber incidents can be staggering. The average cost of a data breach ballooned to $4.88 million dollars in 2023, a 10% spike over the previous year, according to a recent IBM report. The same report illuminates the value of a robust cybersecurity staff, showing a majority of those breached were short-staffed in cybersecurity, and experienced an average loss of $1.76 million more in beach costs.

“As cyber threats become more sophisticated, the cost of not investing in cybersecurity training escalates exponentially,” explains Dara Warn, CEO of INE Security. “Effective training is not merely a line item expense — it’s an indispensable investment in the operational integrity and financial security of organizations. Choosing the right training partner and prioritizing cybersecurity training for businesses should not be viewed as optional by CISOs and CIOs.”

Operational disruption

Beyond the direct costs of a cyberattack, operational disruptions often require extensive system recoveries, diverting resources and causing significant revenue losses, as was the recent case for CDK Global. The automotive dealership software solution provider was hit by a ransomware attack, crippling the auto industry and opening the company up to substantial litigation risks, a one-two punch that will likely take years to realize the full extent of the damages.

Reputational damage

The indirect costs of cyber breaches, such as reputational damage, can be more harmful than the immediate financial penalties. After the 2019 data breach of Capital One, which affected approximately 100 million customers in the U.S., the bank faced not only regulatory fines but also a significant erosion of customer trust. The incident led to lawsuits and a decline in customer growth, illustrating how reputational damage can translate into long-term financial losses and highlighting the fragility of critical IT infrastructures.

Compliance costs

Neglecting cybersecurity training also exposes organizations to regulatory risks. Non-compliance with frameworks such as GDPR in Europe or HIPAA in the United States can result in substantial fines. In 020, Marriott faced a fine of more than $23 million by the UK’s Information Commissioner’s Office for a breach that affected millions of guests. Although reduced from an initial $124 million due to mitigation factors, including the economic impact of COVID-19, the fine underscores the significant financial penalties associated with failing to protect customer data.

The case for training

Investing in cybersecurity training is not just about mitigating risks—it’s about financial prudence. Well-trained employees are less likely to fall prey to phishing attacks or other forms of social engineering, significantly reducing the potential for breaches. Moreover, a knowledgeable IT team can ensure that systems are kept up-to-date and secure against emerging threats, decreasing the likelihood of costly incidents.

From a financial perspective, the return on investment for cybersecurity training is clear. The cost of training and upskilling staff is considerably lower than the expenses associated with recovering from a cyber attack, not to mention the long-term savings from avoiding fines and reputational damage.

Protection through education

Cybersecurity training empowers employees by educating them about the risks associated with cyber threats and the methods by which these threats can infiltrate an organization. By understanding the tactics used by cybercriminals, such as phishing, ransomware, and other forms of social engineering, employees become more adept at recognizing suspicious activities and less likely to inadvertently expose the organization to a breach. This type of education is crucial, as human error remains one of the leading causes of security failures.

Value of certifications

Achieving the best certifications for cybersecurity such as Junior Penetration Tester (eJPT), CompTIA Security+, and Certified Information Systems Security Professional (CISSP) provides IT professionals with comprehensive knowledge and skills that are crucial for managing and mitigating cybersecurity risks effectively. These certifications are recognized across the industry and signify a professional’s ability to design, implement, and manage a best-in-class cybersecurity program. They are not merely educational tools but are also instrumental in shaping the cybersecurity landscape within an organization.

Leveraging training for compliance

With the increasing number of data protection regulations, such as GDPR in Europe and CCPA in California, cybersecurity training becomes essential for ensuring compliance. Training programs that include components on regulatory requirements help organizations avoid costly fines and legal battles by keeping employees informed about their responsibilities under these laws. Compliance-focused training ensures that the organization not only meets current legal standards but is also prepared for new regulations that may arise.

Strategic security investments

The cost of implementing a robust cybersecurity preparedness training program is often dwarfed by the expenses associated with a data breach, which can include remediation costs, fines, lawsuits, and loss of reputation. By investing in continuous and updated training programs, organizations can create a culture of security that permeates every level of the company. This culture not only enhances security but also builds a corporate ethos where security becomes a daily operational element, as integral as customer service or quality control.

Attracting, retaining top talent

Organizations that provide ongoing professional development opportunities in cybersecurity are more likely to attract and retain top talent. Professionals in the field often seek environments where they can grow their skills and take on new challenges. Providing access to training and development programs makes an organization more attractive to ambitious cybersecurity professionals and enhances its reputation within the industry.

The financial stakes associated with cybersecurity are too high to ignore. As cyber threats evolve, the cost of inaction will only increase. Organizations must view cybersecurity training not as an optional expense but as a critical investment in their financial security and operational integrity. By prioritizing cybersecurity education, businesses can protect themselves against not only the immediate threats but also the extensive financial repercussions that can arise from a single breach.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security advisory: The steep cost of neglecting cybersecurity training first appeared on The Last Watchdog.

Cary, NC, Aug. 16, 2024, CyberNewsWire — The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape.

As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions. However, the effectiveness of this sophisticated technology heavily relies on the skilled deployment by IT and Information Security (IS) teams, emphasizing the critical importance of specialized training in this high-tech environment.

Effective AI security

HyperShield’s introduction into the cybersecurity arena brings a suite of advanced capabilities centered around AI-powered security systems and IT security automation. This transformative approach will result in a profound shift in how security teams operate, moving from manual control of qualifying and applying new security updates, to instead overseeing and fine-tuning automated AI responses. However, to successfully harness the full potential of HyperShield’s distributed proactive network security measures, comprehensive training is essential.

“HyperShield’s introduction is a game-changer for network security,” said Brian McGahan, CCIE Security and Director of Networking Content for INE Security, a global leader in networking and cybersecurity training and certifications. “The shift to AI-driven security architectures will require a new way of thinking, and it’s become more critical than ever that organizations equip their teams with the right training to fully leverage these new technologies. We need to ensure that security teams are not just familiar with their functionalities but are also trained in using these tools to proactively secure our networks.”

Training programs must not only cover the operational aspects of these new technologies but also foster a deep understanding of Security Orchestration, Automation, and Response (SOAR), which is integral to managing the sophisticated ecosystems in which solutions like HyperShield operate. This will ensure that security teams can effectively manage AI-scale data centers, and effectively operate security solutions across both public & private clouds, maintaining robust security across increasingly complex networks.

Securing business continuity

The role of IT/IS training extends beyond mere operational competence. Comprehensive training directly influences business continuity by equipping teams with the knowledge to implement and leverage autonomous segmentation and distributed exploit protection inherent to cutting edge solutions such as HyperShield.

Training can help to minimize human error—a significant factor in security breaches—by ensuring that teams can proactively manage and respond to emerging threats with minimal human intervention.

Inadequate training could lead to underutilization of these new solutions’ capabilities, potentially leaving enterprises vulnerable to sophisticated cyberattacks. On the other hand, well-trained teams can fully leverage the benefits of AI-driven security, for example using HyperShield’s capabilities to preemptively address vulnerabilities and enhance the overall security posture of the organization.

Automation, human oversight

Despite the advanced automation capabilities of AI-driven solutions like HyperShield, the need for human oversight persists. Today’s security personnel must be skilled at interpreting AI decisions and actions, particularly when integrating these new solutions into existing security architectures. Training in compensating controls and the system’s security solutions is crucial for managing the balance between automated responses and necessary human intervention.

Additionally, training should address the continuous adaptation required in the cybersecurity field, enabling teams to stay current with both AI-based updates and evolving cyber threats. Ongoing education helps to maintain operational resilience and ensures that proactive security measures keep pace with the needs of a dynamic security environment.

As we reimagine security with the rollout of Cisco HyperShield, the spotlight turns not just to the technology itself, but also to the professionals tasked with its deployment. The investment in comprehensive IT/IS training is not just beneficial—it’s imperative for leveraging the full spectrum of capabilities offered by new AI-driven security solutions. Effective training empowers security teams to minimize risks and secure business operations against the sophisticated threats of today and tomorrow. With Cisco HyperShield, businesses have the opportunity to elevate their cybersecurity measures, but only if their teams are prepared to lead this charge effectively.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training first appeared on The Last Watchdog.

Torrance, Calif., Aug. 12, 2024, CyberNewsWire — Criminal IP, an expanding Cyber Threat Intelligence (CTI) search engine from AI SPERA, has recently completed its technology integration with Maltego, a global all-in-one investigation platform that specializes in visualized analysis of combined cyber data.

This collaboration integrates Criminal IP’s comprehensive database of malicious IPs, domains, and CVEs directly into Maltego’s unified user interface and adds Criminal IP to Maltego’s marketplace, Transform Hub.

Maltego translates Criminal IP data into a visual data graph, allowing users to easily recognize relationships between each entity and associated risks by adjusting the layouts and assigning weights to them.

Visualizing breakthrough

Now through its partnership with Criminal IP, its trusted data source and an OSINT CTI tool, Maltego users can also harness Criminal IP’s comprehensive threat intelligence search functionalities to instantly visualize data.

New key features in Maltego allow users to visualize vulnerabilities by importing Criminal IP’s comprehensive data, including CVEs, assets’ reputation, botnets, Command & Control servers (C2), domain phishing information, and more.

They can also track exposed personal information in banner data, such as API keys, token values, bank account numbers, and Bitcoin wallet addresses, ensuring prompt identification.

The tool visually verifies relationships between IP addresses and domains, facilitating rapid response and effective threat tracking.

Single interface integration

Maltego is an integration platform with a high impact on the field of threat intelligence and has integrations with several well-known products, including Microsoft Sentinel, IBM QRadar, and Google Maps Geocoding.

Its existing features drastically accelerate complex cyber investigation by enabling quick preliminary OSINT investigations for digital profiling with Maltego Search as well as complex link analysis for large datasets with Maltego Graph.

Through Maltego Evidence and Maltego Monitor, the platform enables investigators to collect, monitor, and preserve social media intelligence in real time for prosecution and public safety.

About AI SPERA: AI SPERA, renowned for its advanced solutions, has expanded internationally with ‘Criminal IP’ as its flagship offering. Operating in 150+ countries, ‘Criminal IP’ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. Recently, AI SPERA’s ‘Criminal IP’ has entered the marketplace of major US data warehousing platforms including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

 Media contact: Michael Sena, AI SPERA, support@aispera.com

The post News alert: Criminal IP and Maltego team up to broaden threat intelligence data search first appeared on The Last Watchdog.

Philadelphia, PA, Aug. 1, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version of its widely-used VECTR platform for purple teams and adversary management program reporting and benchmarking.

VECTR Enterprise is designed to support organizations that want to mature and communicate the success of their purple team exercises with benchmarking and executive reporting features.

“We’re excited to release VECTR Enterprise to help CISOs and their teams clearly tell the story of their adversary detection program strengths, needs, and changes over time. VECTR Enterprise brings new visuals and integrated benchmark insights to help the CISO communicate a critical and complex topic to senior stakeholders” said Security Risk Advisors CEO, Tim Wainwright.

VECTR Enterprise Edition will introduce several premium features including:

•Benchmark results: This feature provides context for test results and posture with industry peers. VECTR Enterprise integrates Security Risk Advisors’ Threat Resilience Benchmarks and data directly into the platform.

•Compare results: Users can compare their results across different environments and over time to understand how and why their threat resilience may change.

•Premium testing content: The platform provides access to testing “Indexes” for AWS, Azure, AI, Ransomware, Linux, Mac, Kubernetes, and more.

•Premium automated content: Enterprise Edition includes thoughtfully curated automated content based on emerging attacker threat intelligence. This approach balances automation with the need for realistic and “attacker authentic assessments.”

•SaaS by SRA: VECTR Enterprise is delivered as a SaaS service by Security Risk Advisors, including Single Sign-On (SSO), Attribute-Based Access Control (ABAC), upgrades and maintenance. This allows user teams to focus on testing, reporting, and remediation without additional burden on system administrators.

About VECTR: VECTR™ is developed and maintained by Security Risk Advisors. It is designed to guide, track, and report metrics and industry benchmarks from purple team exercises/adversary simulations. VECTR™ helps organizations improve their security posture by identifying gaps in attacker visibility and testing the effectiveness of their security controls. For more information about VECTR™ Enterprise Edition, please visit https://vectr.io.

About Security Risk Advisors: Security Risk Advisors offers Purple Teams, Cloud Security, Penetration Testing, Cyber-Physical Systems Security and 24x7x365 Cybersecurity Operations. Based in Philadelphia, SRA operates across the USA, Ireland and Australia. Learn more at https://sra.io.

 Media contact: Douglas Webster, Marketing Manager, Security Risk Advisors, news@sra.io

The post News alert: Security Risk Advisors launchs VECTR Enterprise Edition for ‘purple team’ benchmarking first appeared on The Last Watchdog.

 Las Vegas, Nev., July 30, 2024, CyberNewsWire — Amid rising breaches including Snowflake, the platform helps security teams proactively detect and respond to identity-centric threats in business-critical SaaS applications.

Adaptive Shield, a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments. Since entering this space a year ago, the company has already become a leader in the field, implementing the solution in hundreds of enterprise customer environments.

Adaptive Shield will demonstrate its new ITDR platform and award-winning technology at booth #1268 during Black Hat USA, from August 7-8, 2024, showcasing its capabilities with the most complex threat detection use cases and campaigns seen in the wild.

The recent Snowflake breach served as a wake-up call for the SaaS industry. On May 27, a threat group announced the sale of 560 million stolen records from targeted attacks on single-factor authentication users in Snowflake. This event, which continues to make headlines, follows a series of significant breaches in SaaS applications over recent months.

“The Snowflake breach is a classic example of a SaaS security event that could have been prevented or, if not, detected. Organizations must recognize the shared SaaS security responsibility model, in which SaaS vendors provide native security controls, but it is ultimately the organization’s duty to actively ensure these controls are implemented,” said Maor Bin, co-founder and CEO of Adaptive Shield.

“Major incidents like this could easily be prevented with proper monitoring and hardening tools,” Bin added. “Beyond prevention, which is fundamental to SaaS security, having threat detection and response capabilities tailored for SaaS applications would have identified the Indicators of Compromise (IoCs) and halted the attack at the perimeter.”

Adaptive Shield’s ITDR platform works alongside the company’s prevention SaaS Security Posture Management (SSPM) platform and enables enterprises to proactively cover the breadth of attack vectors within the SaaS ecosystem. Identity-centric threats can originate from misconfigured settings, human and non-human identities, and compromised SaaS user devices.

These threats manifest in various forms, such as account takeovers, unintended publicly available links, malicious applications, and more. Real-life sophisticated campaigns detected by Adaptive Shield customers include:

•Threat actors taking over credentials in a payroll & HR management system and changing employee bank account details to transfer their salary to a different account.

•A partially deprovisioned former employee accessed and downloaded very sensitive data. This occurred due to misconfigurations within a highly complex operational platform.

•Detection of lateral movement from a disabled MFA demo account into production via OAuth, as a malicious app, directly into employee mailboxes.

•Access to public links in the CRM, intended for data sharing. While these public links were password protected, had expiration dates, and usage tracking, they were still accessible to unauthorized users.

•Account hijacking through user compromised user devices.

“Current ITDR solutions primarily address endpoint and on-premises Active Directory protection, but they do not cover the intricate SaaS environment. Addressing SaaS-related threats demands deep expertise and can be achieved only by cross-referencing and analyzing suspicious events in context from multiple sources, ensuring precise detection of subtle identity-centric threats,” said Gilad Walden, VP Product at Adaptive Shield.

Adaptive Shield integrates with over 160 applications out-of-the-box, enabling customers to connect their entire stack and achieve an accurate alerting of Indicators of Compromise (IoCs), drastically eliminating false positive alerts.

To meet with an Adaptive Shield executive onsite at Black Hat USA or remotely, users can reach out here.

About Adaptive Shield: Chosen by hundreds of large enterprises, including numerous Fortune 500 companies, Adaptive Shield continues to be the trusted SSPM and ITDR platform that enables security teams to stay on top of their organization’s apps, identities and any unusual user behavior in the SaaS ecosystem. Adaptive Shield leads the SaaS security space and is recognized with awards such as Gartner Cool Vendor, Frost & Sullivan’s Global Technology Innovation Leadership and the Global Infosec Awards 2024. For more information visit www.adaptive-shield.com

Media contact: Chloe Amante, Senior Account Executive, Montner Tech PR, camante@montner

The post News Alert: Adaptive Shield to showcase new ITDR platform for SaaS at Black Hat USA first appeared on The Last Watchdog.

Waltham, Mass., June 27, 2024, CyberNewsWire — Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks.

Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such as ransomware. Sophisticated cyberattacks, including new sinister forms of AI-driven attacks, are increasingly targeting the data storage infrastructure of enterprises.

Infinidat’s InfiniSafe ACP enables enterprises to easily integrate with their Security Operations Centers (SOC), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and simple syslog functions for less complex environments. A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect InfiniBox® and InfiniBox™ SSA block-based volumes and/or file systems and ensure near instantaneous cyber recovery.

“The merging of cybersecurity and data infrastructure has been compelling CIOs, CISOs and IT team leaders to rethink how to secure enterprise storage across hybrid multi-cloud deployments in light of increasing cyberattacks. Enterprises need proactive strategies, seamless integration across IT domains, and the most advanced, automated technologies to stay ahead of cyber threats,” said Eric Herzog, CMO at Infinidat. Recognized as a cyber secure storage expert, Herzog is coming off participation in a string of cybersecurity panel discussions, roundtables and conference events.

“Infinidat has carved out a very unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications,” said Chris Evans, Principal Analyst at Architecting IT. “Infinidat’s newly launched InfiniSafe Automated Cyber Protection that easily meshes with the SIEM, SOAR or Security Operations Centers is exactly what enterprises need to include enterprise storage as a comprehensive approach to combat cyber threats.”

Infinidat’s new InfiniSafe ACP capability orchestrates the automatic taking of immutable snapshots of data, at the speed of compute, to stay ahead of cyberattacks by decisively cutting off the proliferation of data corruption.

Evans added, “This proactive cyber protection technique is extremely valuable, as it enables taking immediate immutable snapshots of data at the first sign of a potential cyberattack. This provides a significant advancement to ensure enterprise cyber storage resilience and recovery are integral to an enterprise’s cybersecurity strategy. ACP enhances an enterprise’s overall cyber resilience by reducing the threat window and minimizing the impact of cyberattacks on enterprise storage environments.”

The InfiniSafe Automated Cyber Protection is one of the biggest innovations of the year in cybersecurity because it unlocks the full potential of an enterprise’s security posture and maximizes the investments that an enterprise has made in protecting the business. By plugging into existing security mechanisms and continuous monitoring, InfiniSafe ACP bridges the gaps between enterprise storage and cybersecurity strategies that can transform the way CIOs and CISOs think about enterprise data infrastructures.

Information technology leaders have identified this ability to automate data snapshot commands and data pathways as critical to early detection and worry-free cyber recovery that minimizes the effects of even the most vicious and deceptive cyberattacks of malicious actors. An enterprise’s security team can put all its information from security operations through an enterprise storage intelligence grid to create the most sensitive triggers that often get missed by existing technologies and techniques.

Paul Rapier, VP of Information Technology at the Detroit Pistons, stated, “Infinidat’s efforts in enhancing cyber resilience for enterprises, particularly through the new InfiniSafe Automated Cyber Protection, are noteworthy for data security.”

Allen Shahdadi, Vice President of Global Sales at Sycomp, said, “Infinidat has become synonymous with guaranteed cyber resilient storage. Infinidat continues to deliver powerful solutions that solve critical cyber issues for enterprises and service providers around the globe. The InfiniSafe Automated Cyber Protection solution brings much needed capabilities to fight more effectively against cyberattacks. The automatic capture of immutable snapshots of primary data could be the difference between your data being held ransom and the rapid recovery of your data. Before international cybercriminals, hackers and fraudsters can gain an advantage, Infinidat’s InfiniSafe reduces the threat window decisively.” 

The InfiniSafe Automated Cyber Protection solution is the latest in a string of cybersecurity capabilities that Infinidat has brought forward to strengthen enterprise storage in the face of constant threats of a tsunami of cyberattacks. Infinidat has also unveiled the following extensions of its state-of-the-art cyber resilient capabilities:

•InfiniSafe Cyber Detection for VMware – Access to InfiniSafe cyber resilience capabilities to combat cyberattacks has been expanded into VMware environments. The impact of a cyberattack can be readily determined through this cyber detection capability, with highly granular insights by leveraging AI and machine learning whether or not a VMware datastore and the VM’s they encompass have been compromised.

•InfiniSafe Cyber Detection for InfiniGuard® – Cyber detection will be extended onto the InfiniGuard purpose-built backup appliance to help enterprises resist and quickly recover from cyberattacks. This proven capability provides highly intelligent scanning and indexing to identify signs of cyber threats in backup environments, helping ensure that data has integrity. The enhanced version will be available in 2H 2024.

As a leader in cyber resilient storage, Infinidat first unveiled its InfiniSafe software-based platform two years ago with a set of cybersecurity functions. This solution has won numerous awards and has been proven by large global enterprises. The comprehensive cyber resilience capabilities of InfiniSafe technology improve the ability of an enterprise to combat and protect against ever-increasing cyberattacks and data breaches by uniquely combining immutable snapshots, logical air gapping, fenced/isolated networks, and virtually instantaneous data recovery into a single, high-performance platform.

The InfiniSafe ACP is the latest example of Infinidat’s broadening innovation. It was introduced alongside the launch of the InfiniBox G4 family of next-generation storage arrays for all-flash and hybrid configurations. The G4 series is a completely new storage array family built from the ground up that substantially extends Infinidat’s cyber storage resilience and delivers up to 2.5x improvement in performance. The InfiniBox G4 series introduces a new set of foundational elements, powered by InfuzeOS, which is Infinidat’s software defined storage operating system.

Webinar On Demand. To watch Infinidat’s end-user webinar about the new solutions ? “The Future of Enterprise Storage, Cyber Security and Hybrid Multi-Cloud” – users can click here.

Connect with Infinidat. About Infinidat | Blog | Twitter | LinkedIn | Facebook | YouTube | Be our partner

About Infinidat. Infinidat provides enterprises and service providers with a platform-native primary and secondary storage architecture that delivers comprehensive data services based on InfiniVerse®. This unique platform delivers outstanding IT operating benefits, support for modern workloads across on-premises and hybrid multi-cloud environments. Infinidat’s cyber resilient-by-design infrastructure, consumption-based performance, 100% availability, and cyber security guaranteed SLAs align with enterprise IT and business priorities. Infinidat’s award-winning platform-native data services and acclaimed white glove service are continuously recommended by customers, as recognized by Gartner® Peer Insights reviews. For more information: www.infinidat.com.

Media contact: Sapna Capoor, Director of Global Communications, scapoor@infinidat.com +44 (0) 7789684159

The post News Alert: Infinidat introduces advanced cyber resiliency and recovery solution for enterprises first appeared on The Last Watchdog.

McLean, Va., June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes.

•FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time.

•The free plan covers up to 5 APIs, includes 1M API call logs per month, offers 7 days of data retention, and provides clear developer support.

FireTail, a disruptor in API security, unveils free access for all to its cutting-edge API security platform. This initiative opens the door for developers and organizations of any size to access enterprise-level API security tools.

Today, over 80% of all internet traffic is computer-to-computer communication via APIs. Every mobile app, IoT device, and most modern software applications use APIs, creating a broad attack surface for potential threats. FireTail’s hybrid approach to API security blends open-source code libraries with a feature-packed cloud platform and equips businesses with a unique suite of tools to eliminate API vulnerabilities and provide robust runtime API protection.

“API security is essential for modern applications, and every developer and tech team should have access to effective security tools,” said Jeremy Snyder, CEO and Co-Founder of FireTail. “Security through obscurity is no longer a viable approach. We’re on a mission to secure all of the world’s APIs and our new free plan ensures ongoing access to an API security platform that delivers genuine insight into the most pressing attack vectors – design flaws in APIs. It’s perfect for smaller organizations striving for stronger API protection, and a great way for individuals or teams within larger organizations to get started.”

Riley Priddle, Co-Founder and CTO at FireTail, added, “We’re excited to help organizations of all sizes to better protect their APIs. We want FireTail to become the de facto standard when it comes to API security. Just because you have a small number of APIs, it doesn’t mean they aren’t critical. We want everyone to have access to the best, enterprise-level API security tools. That’s why we offer both this free tier, as well as our open source libraries.”

For developers and small to medium-sized organizations needing to secure up to 5 APIs, FireTail’s free tier includes comprehensive API security features such as discovery, inventory, assessment, detection and response, and inline runtime protection. Key features include:

•Protection for up to 5 APIs

•1M API calls per month

•7 days of logging retention

Thomas Martin, Founder at NephoSec, shared “We’ve been working with FireTail from the outset as both a customer and a distribution partner. Having proven that the platform works for even the largest enterprises with the most complex API security requirements, it’s great to see the team opening that technology up to everyone. This will enable us to solve API security challenges for organizations of all shapes and sizes.”

To access the FireTail API security platform, users can visit https://www.firetail.app or join the team on Tuesday, July 2nd for an in-depth look at what FireTail’s free tier can do.

About FireTail: FireTail allows customers to solve all the most critical problems facing APIs today with a hybrid approach, bringing together cloud, application and code with full blocking capabilities to solve the root causes of API data breaches – flaws at the application and business logic layer in authentication, authorization and data handling. Headquartered in McLean, VA, with offices in Dublin, Ireland, and Helsinki, Finland, FireTail is backed by leading investors, including Paladin Capital, Zscaler, General Advance, and SecureOctane. Users can learn more at https://www.firetail.io.  

Media contact: Alan Fagan, Marketing Director, FireTail, media@firetail.io

The post News Alert: FireTail unveils free access to its enterprise-level API security platform — to all first appeared on The Last Watchdog.