Active Directory Recovery and Its Impact on ROI

Aashish Yadav | June 28, 2022 | 146 views | Read Time : 8 min

Active Directory Recovery and Its Impact on ROI
Active Directory manages users, apps, and resources and handles user authorization and authentication.

Cyberattacks are on the rise throughout every sector, disrupting consumer goods and services, organizations, and endangering public safety. Businesses that haven't been attacked can have trouble justifying a cyber-first business recovery strategy.

However, as more cyberattacks make headlines and the cost of ransom payments and cyber insurance grows, corporate leaders must prioritize building a proven cyber-first business recovery strategy. The first step is to safeguard the Active Directory (AD), which is most businesses’ primary identity database globally.

Active Directory is the primary access point for cybercriminals: 90% of the cyberattacks Mandiant reported, include Active Directory as the first attack vector or the gateway to elevated access. Most attacks in recent years, including SolarWinds, included compromised credentials.

Cyberattack victims soon realize that every minute matters during a breach. Failure to effectively restore Active Directory would lead to a second assault using the same strategies as the first.

The issue is not whether a company can afford a rapid, cyber-first Active Directory approach. The question is how Active Directory can help businesses safeguard their data and also boost their ROI.

What Benefits Does Active Directory Hold for Businesses?

There are several ways in which Active Directory can help businesses:

Centralized Data Repository

In a multi-master database, Active Directory holds the identification information of apps, users, and resources. The Active Directory database stores data as objects and has a capacity of 2 billion objects. Users can use this identification data to access resources from anywhere on the network. Administrators can handle corporate application authentication and permission from a centralized place. Identity would be copied across numerous systems without directory services, making it impossible for administrators to oversee operations.


Minimized Data Replication

Multiple domain controllers are necessary for complicated business needs like branch offices. Sub-domain controllers are aware of changes made to the Active Directory database if identities are controlled from a centralized approach. With a centralized domain controller, Active Directory can delegate duties across the business, as well as tools and utilities for adding, removing, and modifying active identities and objects. It employs a synchronization method to guarantee that data is consistent across all domain controllers. As a result, it enables making company-wide adjustments with a few mouse clicks.


Security Auditing Capabilities

Regular audits assist you in understanding new security dangers. Active Directory enables the collection and auditing of identity infrastructure events like authentication, directory service changes, and access violations. It also facilitates the collection of data from a centralized place for the purpose of debugging authentication and authorization difficulties that users can encounter.


Network Security

Active Directory improves security across an organization. Higher-level management authorities can delegate authorization for resources and apps to other administrators or users through delegation. Active Directory items are linked in a hierarchical manner. Permissions are inherited by an object in the AD tree from its parent objects. These features guarantee that users are uniquely and securely recognized. Administrators can build and update permissions from a single database, decreasing the possibility of inaccurate or outdated configuration.


Calculating Your Active Directory Recovery ROI

Although every IT manager or administrator understands that an effective Active Directory recovery plan is a critical component of any business-developed standard, assessing the practical ROI (return on investment) of an optimized Active Directory recovery plan is frustratingly complex. Here are important ways:


Operational Losses

It's probable that a significant portion of your operations depend on Active Directory to authenticate users as the foundation for delivering access to apps, systems, and data. How much money or productivity will your company lose for every hour Active Directory is down? How many hours, days, or weeks would it require before the company reaches a point of no return and is unable to recover financially? Remember the City of Baltimore's ransomware attack? Their operational recovery took several months and cost more than $18 million.


Lack of Plan That Includes AD

If your company is mature enough, it has a BC/DR strategy to restore business activities after an outage. Most disaster plans account for the loss of infrastructure or location. Few organizations have a strategy for recovering operations following a hack, particularly ransomware. How you restore Active Directory depends on what hackers changed in Active Directory. How far back must you go to get a known secure Active Directory version? What Active Directory-dependent systems, services, and apps won't work if Active Directory is recovered to an earlier state? Do you have a recent malware-free backup to restore? Without a strategy or understanding of what changed in Active Directory before recovery, your company will spend immeasurable time correcting all the issues.


Recovery Might Not Be an Answer

If all the modifications performed by the bad dudes during an assault are, say, adding an account to the Domain Admins group, then restoring Active Directory to a few days ago or last month would not be the best solution. Instead, perhaps a less expensive approach would be to monitor changes in Active Directory and have the option to either prevent changes to "protected" accounts (such as the Domain Admins group) or immediately return a change to a sanctioned configuration.


Closing Lines

In other words, the ROI of Active Directory recovery is significantly more dependent on your present capacity to return to a known-productive and known-secure state post-attack than it is on an online ROI calculation that ignores the various factors involved in a ransomware attack. By running through certain situations and considering your present recovery capabilities, you will uncover expenses that can be avoided by implementing a suitable Active Directory recovery solution—one that is intended to guard against, prevent, and recover from malicious modifications to Active Directory.


QNA

How to restore the Active Directory?

  • Restart the server
  • From the boot menu, press F8 to access advanced settings
  • Scroll down to the Directory Services Restore Mode option
  • Press the Enter key to restart the computer in safe mode. It will not launch the directory services


How can I restore a failed domain controller?

Restoring a Domain Controller in non-authoritarian mode
  • In the GUI, choose the Restore wizard
  • Find the required DC
  • From the recovery menu, choose Restore Entire VM
  • Then, choose a recovery point
  • Select whether the restoration should take place in the original location or a new one
  • Complete the steps necessary to complete the procedure.


For Active Directory, what is "Recovery Manager"?

The Recovery Manager for Active Directory allows you to automate backups and easily compare a backup to the present value of Active Directory to identify changes and restore data immediately.

Spotlight

Cyber Cloud Technologies LLC

With decades of service to National Security Interest, Cyber Cloud was built upon nationally historical principles; we call them our Five I’s. Integrity, Intelligence, Intuitive, Innovation, Integration Our company is focused on delivering Information Technology, Information Security and Intelligence solutions in collaboration with our customer to ensure high quality products are delivered on time and within budget.

OTHER ARTICLES
PLATFORM SECURITY

Security-as-a-Service (SECaaS): A Cost-Effective Way of Cybersecurity

Article | August 12, 2022

Cybersecurity threats are growing by the day. Many businesses are unintentionally exposed to hackers and should investigate the possibilities of Security as a Service (SECaaS). While investing in a firewall, anti-virus software, physical office security, an intruder alarm, and CCTV could be insufficient. Unfortunately, in today's ever-changing digital world, this is not enough to keep today's cyber criminals at bay. Malware, ransomware, phishing, viruses, denial of service, distributed denial of service, man-in-the-middle, and brute force attacks are all examples of cybercrime. These are just a few of the methods cybercriminals utilize to attempt to undermine your network security. One of the simplest solutions to securing your system and network is to use security as a service, or SECaas. Why Should Businesses Deploy SECaaS? Depending on your company's demands, your SECaaS provider can build a customized security solution that protects your data, keeps your internal systems safe, and provides you with peace of mind at an affordable price. Cost Saving One of the most significant advantages of a Security-as-a-Service model is that it saves a company money. A cloud-delivered service is often provided in subscription levels with many upgrade possibilities, allowing businesses to pay for just what they need when they want it. It also eliminates the requirement for specialist skills. Updated Security Tools When you use SECaaS, you get access to the most up-to-date security technologies and resources. To be successful, anti-virus and other security solutions must be kept up-to-date with the most recent updates and virus definitions. These upgrades are handled for you on every server, PC, and mobile device by implementing SECaaS across your business. Greater Agility and Better Provisioning One of the most appealing aspects of as-a-service solutions is that your consumers can have rapid access to these products. SECaaS solutions can be scaled up or down as needed, and they are available on-demand where and when you need them. That means no more uncertainties about deployment or upgrades since everything is handled for you by your SECaaS supplier and accessible through a web-enabled dashboard. Make Resources Available When security provisions are maintained outside, your IT employees can concentrate on what matters most to your firm. SECaaS frees up resources, provides comprehensive visibility through management dashboards, and offers you the assurance that your IT security is being handled effectively by an outsourced security team. If you choose, you can delegate management of security procedures to your IT staff, who will handle all policy and system updates through a web interface. Consistent Security As new technology emerges, the provider's databases and protection software will be constantly updated and enhanced. Moreover, it will help in continually monitoring the network for threats using our innovative AI technology to offer round-the-clock security. A fully human-powered team cannot detect every danger, but AI augments human capabilities to give better protection. What Can SECaaS Safeguard Against? It's essential to know what Security-as-a-Service can defend against but also WHERE it will protect you. Your data is now everywhere; on laptops, mobile phones, tablets, local servers, edge servers, cloud services, and each platform has to be protected. SECaaS protects local network devices, edge services, cloud services, WiFi, mobile phones, and tablets. Some of the viruses from which SECaaS protects you are: Malware Ransomware Phishing Virus Denial of service (DoS) Distributed denial-of-service (DDoS) Man-in-the-middle Brute force attacks Closing Lines SECaaS has become the preferred company security approach due to its advantages. SECaaS decreases hardware costs, outsources and streamlines security administration, and eliminates the need for costly security professionals. Since many businesses are embracing cloud technology but are unsure about security, they require their service providers to handle it. SECaaS providers can solve cloud security challenges, including data breaches, DDoS assaults, and phishing.

Read More
PLATFORM SECURITY

Secure your organization’s critical data and increase your bottom line through Vertex’s Managed Security Operations Centre (SOC) Services

Article | June 13, 2022

Over the last two years, cybersecurity has seen a tectonic upheaval as digital transformation efforts have been accelerated, the workforce has become more diverse, and threats have continued to evolve. Security teams are under looming pressure to neutralize more threats with the same number of resources as firms across industries face new cybersecurity concerns. Many security teams are stretched too thin to identify genuine threats quickly due to the never-ending deluge of warnings and vast volumes of log data to comb through daily. As a result, businesses must make updating their Security Operations Centers (SOC) a top priority. Modernizing the SOC plan involves directing resources into boosting security maturity and cybersecurity, with the goal of lowering the organization’s total risk. The best plan must be scalable enough to handle the changing and broad spectrum of security risks while also being adapted to the company’s specific requirements. As a consequence, threat detection and response across the whole environment has improved, as has visibility and team silos. Although each company’s route to SOC transformation is unique, there are a few critical aspects that all businesses should keep in mind when getting started. Let us look at a few of those in detail. Aligning Security Measures with Business Objectives. Beginning the process by aligning security priorities with corporate objectives. This stage is critical because it stops businesses from simply relying on technology. Budget, industry-specific rules and reporting requirements, and the company’s general risk tolerance are all factors to consider while developing these objectives. Considering this isn’t a one-and-done procedure, the Chief Information Security Officer (CISO) must maintain direct contact with the CEO and other top management officials to guarantee ongoing alignment. CISOs must be realistic about the biggest possible dangers to the firm when engaging with leadership about what is needed for SOC modernization and why, without resorting to negative tactics like spreading fear of threats. Team Vertex can help you align your corporate objectives with necessary security measures required to setup an SOC so your firm is prepared in the event of a cyber threat. Establishing a Security Readiness Standard Following the establishment of essential business goals with executive participation, the next stage in improving the overall security measure is to examine the SOC’s strengths and weaknesses. Security operations should be viewed as a crucial business function by companies. The operational efficacy of the SOC must be measured, just like any other critical business component, by examining which key performance indicators (KPIs) and service-level agreements (SLAs) are being satisfied. This standard offers a clear image of the most critical use cases as well as any gaps in the cybersecurity strategy that need to be addressed. It might be difficult to figure out how to make this list at first. However, security teams will have a clearer view of where opportunities to develop their operations exist if they measure against metrics like mean time to detect (MTTD) and mean time to respond (MTTR) to cyber-attacks. Team Vertex’s proficient team of analysts can help you analyze and identify the potential gaps in the system and examine the above-mentioned KPIs and SLAs. Incorporating a Cybersecurity Framework Now it is time to map an operating framework to connect your strategy with particular tactics, techniques, and procedures after you have clearly determined the most important gaps and set timescales and personnel needs. By employing these constantly developing libraries of threat actor tactics, security teams may pinpoint the business’s largest possible threats and assess their protection priorities carefully. Another paradigm to consider is zero trust. Rather than focusing on the corporate perimeter, it stresses an identity-centric paradigm that focuses on safeguarding resources (such as data, identities, and services) regardless of where they are located. Strengthen your defense by beefing up your SOC. The SOC is at the heart of a company’s offensive and defensive strategies against possible attackers. Organizations that do not have the capability to allocate a function or form an in-house team to handle SOC must resort to third party outsourced solutions. Vertex can be that third-party SOC solutions provider by providing an outsourced security operations center, or managed SOC. This permits your security logs to be aggregated into a separate location where our experienced team can examine them and identify the activities necessary to maintain your organization’s security infrastructure and remediate any incidents. Penetration testing, gap analysis, and better compliance are also available. Although no single solution can cure all your security issues, having all of the necessary components in place will help your firm weather the next digital storm, regardless of its source.

Read More
PLATFORM SECURITY

5G: New Possibilities, New Threats

Article | July 12, 2022

5G is the next generation of mobile networks, and its introduction marks the beginning of a new era in the world of networking and cybersecurity. The fifth generation of mobile networks is not only faster than all the previous ‘Gs’ that were launched but also offers new and exciting opportunities for businesses. It is expected to be a game-changer for the business world because of its capabilities to expand business offerings and connect to the IoT. Let's delve into the insights about the new possibilities 5G technology brings for businesses. New Technology: Possibilities 5G Technology Brings In for Businesses Among the most significant benefits of 5G technology is the potential for employees to achieve more in less time, which increases revenue and reduces costs. The tremendous jump in connectivity provided by 5G will generate considerable opportunity for a wide range of industries from healthcare to retail to fintech. According to a study by IHS Markit, the global economy will be worth $13.2 trillion by 2035. This will create 22.3 million jobs in the 5G global value chain alone. Increased IoT Capabilities IoT devices are notoriously vulnerable due to their ease of use and connection. In 2020, Forescout Research found 33 IoT vulnerabilities affecting four open-source TCP/IP stacks (FNET, uIP, Nut/Net, and PicoTCP). According to Forescount, these stacks power millions of devices worldwide. The enormous development of IoT systems has been fueled by consumer devices, business network appliances, and industrial IoT (IIoT) devices. 5G will improve various IoT functionalities and provide critical upgrades to entire networks without pausing functionality, freezing operations or overloading servers. Bridging the Skills Gap Because of advancements in video and remote technologies, 5G will also tremendously benefit small businesses by enhancing hiring processes and assisting business owners in hiring suitable talent to contribute to their business development and help their businesses grow. 5G breaks down barriers to hiring by letting companies find, interview, narrow down, and hire the best people worldwide. Cost Savings 5G is expected to enhance the battery life of devices such as laptops by up to ten times. As a result, companies will see cost savings by lowering the quantity of hardware and IT infrastructure required. This represents a move away from a hardware-driven economy and into an economy that is majorly anchored on software and systems. Savings on decreased administration and other operations can permeate the organization and eventually contribute to the bottom line. New Threats: 5G Cybersecurity Risks Like every technology born, even 5G networks face various threats. Some are passed down from previous generations and legacy standards, while others are new threats associated with the software-defined networking technology owing to 5G. Below are some of the 5G security issues that businesses can tackle with the help of additional cybersecurity measures. Inherited & Emerging Vulnerabilities Compared to earlier generations of wireless networks, 5G is designed to be more secure. For backward compatibility, 5G must still be able to communicate with older standards. In the absence of a security-minded approach, this compatibility requirement assures that the flaws discovered in the outdated SS7 and Diameter protocols utilized by 2G and 4G networks can still haunt a new 5G-based network architecture. Growing Supply Chain Concerns As a result of government intervention in the development of telecom equipment, 5G security risks have been politicized. The use of 5G infrastructure equipment sold by Chinese vendors like ZTE and Huawei is banned in various countries, including the United Kingdom, India, and the United States. These regulations were put in place because of fears that Chinese governmental control over these 5G equipment vendors could undermine the design and data security of 5G equipment offered by these companies. Decentralized security In 5G networks, traditional security checkpoints like hub-and-spoke hardware-based routers have been replaced by cloud of software-defined digital routers that can't be looked at or managed. With more routing points and devices, as well as quicker speeds that favor smash-and-grab attackers, security teams must depend on automated monitoring and create innovative methods to address the rising security vulnerabilities. More IoT Devices Not all manufacturers are emphasizing cybersecurity, as seen with many low-end smart devices. 5G means more effectiveness and possibilities for the Internet of Things (IoT). As the number of connected devices grows, so does the number of prospective areas of attack. Devices such as a fish tank thermometer and a smart TV are examples of devices that might weaken the network. Network breaches and hacking could become more frequent because of the absence of security standards for IoT devices. Overcoming 5G Security Challenges Even if the new 5G technology doesn't fundamentally impact the measures that businesses must take to secure their assets, it does reduce the margin for error and raise the stakes in the event of a failure. Many strategies for dealing with existing network security issues apply equally well to 5G security threats. Strengthen Existing Cybersecurity Measures As we know, most security threats to 5G technology originate from previous generations. Businesses should continue to use existing security techniques to combat such attacks. Businesses must strengthen their existing security equipment to make those strategies more effective. Also, it is essential to educate users in order to minimize human errors that can compromise data and network security. Regular Infrastructure Audit When it comes to data exfiltration, a bad actor's dream is a company's blind spots. You'll need to audit your company's personnel infrastructure. You should also keep an eye on 4G-related vulnerabilities that could continue to harm older devices and networks. Deploy AI & ML for Protection Security providers are embedding AI and machine learning (ML) into their products and services to combat more complex cyberattacks. Experts believe that AI and machine learning systems can grow with the threat matrix, learning to detect and eliminate threats before they breach critical systems and put lives and sensitive data at risk. This will greatly help secure the network and safeguard the data stored in the cloud. IoT Management Solutions As 5G devices become available on mobile device management software, it is essential to control them to ensure device security. To secure the devices that will use 5G technology, you must look for a device management system that can evolve with the demands of your business. Look for a system that focuses on IoT management particularly. Tech Manufacturers Should Develop Secured Products 5G will double the number of connected devices while increasing speed and bandwidth. Unfortunately, many IoT devices are fundamentally insecure, making them obvious targets for hackers. Each insecure IoT device on a company's network offers an additional possible attack route. To prevent IoT devices from being vulnerable targets for cybercriminals, manufacturers must make them more secure. Also, the IoT Cybersecurity Act, which applies to government contractors, was passed by the US Congress. However, regulation of industry suppliers is still not good enough. Key Elements for 5G Cybersecurity for Businesses Conclusion 5G technology will be embraced despite all the challenges since it promises to provide businesses with a powerful new tool capable of driving faster, broader IoT deployments and a competitive advantage in the market. One harsh reality of the digital age is that risks will always exist. In line with the birth of every new technology, new threats are also born, and in the same manner, even solutions emerge. Businesses can overcome all challenges and eliminate all 5G security threats by implementing proper measures. 5G, IoT, AI, and ML are all part of the global tech revolution; leverage these technologies today to position yourself as a leader of tomorrow. FAQ What is the frequency of 5G? Verizon's millimeter wavelength (mmWave)-based 5G Ultra Wideband runs at frequencies between 28 and 39GHz. This is far higher than the frequency used by 4G networks, which ranges between 700 and 2500 MHz. What are the fundamental technologies that makeup 5G? OFDM (Orthogonal frequency-division multiplexing) is a way of modulating a digital signal over several channels to decrease interference. 5G employs the 5G NR air interface in conjunction with OFDM principles. 5G also makes use of higher bandwidth technologies like sub-6 GHz and mmWave. Why does a businessperson need 5G training? Faster connections mean more efficient business operations for your organization. Employees can anticipate that 5G will improve internal and external communications, allowing for better flexibility and time efficiency. Employees should also expect less restriction on where they can work, open doors during office hours, the ability to work from home, and a much better balance between work and life.

Read More
SOFTWARE SECURITY

Machine Learning-Powered Cybersecurity: A Guardian of the Future

Article | May 18, 2022

Today, as more and more businesses are undergoing digital transformation, the risk of cybersecurity is also rising. Cyber risk has evolved as one of the significant threats for businesses over time. Businesses are struggling to safeguard themselves from a growing number of cyber threats. Because of cybercrime, businesses lost approximately $1,797,945 per minute in 2021, according to Tessian. Machine learning (ML) and artificial intelligence (AI) tools offer huge potential to help businesses and other entities deal with a wide range of current cybersecurity challenges. AI and ML enable real-time learning and analysis of potential cyber threats. They also use algorithms to make behavioral models, which they then use to predict cyberattacks whenever new data becomes available. Let’s have a look at the reasons why ML-based cybersecurity has become more crucial than ever. Why Has Machine Learning Become so Important in Cybersecurity? There are several reasons why ML-based machine learning has grown to prominence. Cybersecurity systems can use AI and ML to analyze attack patterns and learn from them in order to prevent them and respond to their changing behavior. It can support cybersecurity professionals in becoming more proactive in terms of preventing risks and dealing with current attacks in real-time. In short, good data and machine learning can make cybersecurity easier, more proactive, cheaper, and much more effective. How can Machine Learning help businesses improve their cybersecurity? AI and machine learning are providing significant advantages to organizations that implement them in their cybersecurity programs. According to a report from the Capgemini Research Institute, 61% of businesses think AI will be needed to find critical threats, and 69% think AI will be needed to deal with cyberattacks. AI and ML can quickly analyze huge quantities of data, making it far faster than manually detecting threats. AI and ML minimize cyber threat detection and response effort, making them cost-effective. The Capgemini report found a 12% average cost reduction. Cyber analysts are alerted aboutattacks and categorize the kinds, which helps them determine the correct response. As more data is analyzed and the technologies learn from past patterns, AI and machine learning improve cybersecurity over time. AI and ML are used by many businesses to rank network threats and figure out which parts have been attacked the most. Businesses use AI to identify malicious activity automatically. AI and machine learning are also being used to detect suspicious user behavior. Many businesses prevent financial fraud by predicting unusual consumer behavior utilizing machine learning. AI and machine learning can also help businesses predict potential cyberattacks. Companies Bolster their Cyber Security Systems through ML Concluding Lines If used correctly, machine learning can improve cybersecurity. Machine learning's dramatic and lasting influence is real. Integrating AI and ML to improve cybersecurity is crucial, but organizations should remember that these technologies are only as effective as the analysts who control and use them.

Read More

Spotlight

Cyber Cloud Technologies LLC

With decades of service to National Security Interest, Cyber Cloud was built upon nationally historical principles; we call them our Five I’s. Integrity, Intelligence, Intuitive, Innovation, Integration Our company is focused on delivering Information Technology, Information Security and Intelligence solutions in collaboration with our customer to ensure high quality products are delivered on time and within budget.

Related News

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

DATA SECURITY

HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments

HYAS | August 10, 2022

Leading security technology firm HYAS Infosec — whose proactive solutions ensure that businesses can keep moving full forward in our ever-changing world — today announced the general release of its newest product, HYAS Confront, a cybersecurity solution offering complete visibility into every corner of a production environment. HYAS will be demoing Confront at Black Hat USA in Las Vegas from August 8 to August 11. Production environments are increasingly becoming a target for bad actors, as they want their attacks to cause as much disruption as possible. Afterall, if a company’s production environment is rendered inoperable, its ability to generate income is shut down. HYAS Confront addresses this growing issue by giving DevSecOps teams complete visibility into their production environment. HYAS Confront finally gives them a definitive picture of which devices on their network are communicating with one another, which devices are sending traffic outside the network, and how often and to whom they are sending it. HYAS Confront also automatically identifies communication to known command and control servers as well as other risks and threats. “We have gotten an excellent response from our first customers, who began using the service during development and testing. “We are extremely proud of the solution we have brought to market and the vital role it fulfills in providing complete network visibility.” HYAS CEO David Ratner Most cybersecurity solutions on the market today focus on protecting the perimeter of your network, but unfortunately, regardless of the strength of your outward-facing security posture, you will be breached at some point. The numbers bear this out, with 97 percent of companies reporting having experienced a successful cybersecurity breach at some point. However, even if bad actors sneak past your perimeter security, they can’t hide from the foundational network monitoring provided by HYAS Confront. Once deployed, a process that usually takes less than 30 minutes, it establishes a baseline of normal, healthy network traffic. With this data, HYAS Confront can recognize aberrations from normal traffic patterns that could indicate a problem. When such an anomaly is discovered, Confront alerts administrators so they can take appropriate action. But the benefits of full production environment visibility doesn’t end with security. HYAS Confront can also reveal issues like misconfigurations, violations of policies or controls, and incomplete removal of malware after an attack. One of the most difficult aspects of incident response is ensuring that the environment is actually clean again, and HYAS Confront’s visibility can play a vital role in that process. It can also be a useful tool for understanding service assurance. This innovative solution integrates seamlessly with other network management and security infrastructure, working alongside them to enhance the value of these pre-existing investments. This improves overall network health, preventing problems down the road and giving businesses the confidence to move forward at full speed. “Production environments are so critical to a company’s ability to function, and unfortunately, no matter how strong your perimeter is, bad actors will eventually find a way in,” said Ratner. “HYAS Confront’s distinctive ability to detect anomalies within your production environment ensures that even in these cases, you can uncover the problem before it does damage, letting businesses operate confidently and without fear of costly interruptions.” About HYAS HYAS is a valued partner and world-leading authority on cyber adversary infrastructure and communication to that infrastructure. We help businesses see more, do more, and understand more about the nature of the threats they face — or don’t even realize they are facing — in real time. HYAS’s foundational cybersecurity solutions and personalized service provide the confidence and enhanced risk mitigation that today’s businesses need to move forward in an ever-changing data environment.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

DATA SECURITY

HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments

HYAS | August 10, 2022

Leading security technology firm HYAS Infosec — whose proactive solutions ensure that businesses can keep moving full forward in our ever-changing world — today announced the general release of its newest product, HYAS Confront, a cybersecurity solution offering complete visibility into every corner of a production environment. HYAS will be demoing Confront at Black Hat USA in Las Vegas from August 8 to August 11. Production environments are increasingly becoming a target for bad actors, as they want their attacks to cause as much disruption as possible. Afterall, if a company’s production environment is rendered inoperable, its ability to generate income is shut down. HYAS Confront addresses this growing issue by giving DevSecOps teams complete visibility into their production environment. HYAS Confront finally gives them a definitive picture of which devices on their network are communicating with one another, which devices are sending traffic outside the network, and how often and to whom they are sending it. HYAS Confront also automatically identifies communication to known command and control servers as well as other risks and threats. “We have gotten an excellent response from our first customers, who began using the service during development and testing. “We are extremely proud of the solution we have brought to market and the vital role it fulfills in providing complete network visibility.” HYAS CEO David Ratner Most cybersecurity solutions on the market today focus on protecting the perimeter of your network, but unfortunately, regardless of the strength of your outward-facing security posture, you will be breached at some point. The numbers bear this out, with 97 percent of companies reporting having experienced a successful cybersecurity breach at some point. However, even if bad actors sneak past your perimeter security, they can’t hide from the foundational network monitoring provided by HYAS Confront. Once deployed, a process that usually takes less than 30 minutes, it establishes a baseline of normal, healthy network traffic. With this data, HYAS Confront can recognize aberrations from normal traffic patterns that could indicate a problem. When such an anomaly is discovered, Confront alerts administrators so they can take appropriate action. But the benefits of full production environment visibility doesn’t end with security. HYAS Confront can also reveal issues like misconfigurations, violations of policies or controls, and incomplete removal of malware after an attack. One of the most difficult aspects of incident response is ensuring that the environment is actually clean again, and HYAS Confront’s visibility can play a vital role in that process. It can also be a useful tool for understanding service assurance. This innovative solution integrates seamlessly with other network management and security infrastructure, working alongside them to enhance the value of these pre-existing investments. This improves overall network health, preventing problems down the road and giving businesses the confidence to move forward at full speed. “Production environments are so critical to a company’s ability to function, and unfortunately, no matter how strong your perimeter is, bad actors will eventually find a way in,” said Ratner. “HYAS Confront’s distinctive ability to detect anomalies within your production environment ensures that even in these cases, you can uncover the problem before it does damage, letting businesses operate confidently and without fear of costly interruptions.” About HYAS HYAS is a valued partner and world-leading authority on cyber adversary infrastructure and communication to that infrastructure. We help businesses see more, do more, and understand more about the nature of the threats they face — or don’t even realize they are facing — in real time. HYAS’s foundational cybersecurity solutions and personalized service provide the confidence and enhanced risk mitigation that today’s businesses need to move forward in an ever-changing data environment.

Read More

Events