Cloud Security: The Next-generation Security Framework

Aashish Yadav | August 20, 2022 | 1856 views | Read Time : 02:50 min

Cloud Security: The Next-generation Security Framework

The world is undergoing rapid a digital transformation, and cloudification is also an important part of this transformation. As per Statista, over 60% of all corporate data is stored in the cloud as of 2022. The increased use of the cloud and rapid cloud migration have also raised security-related concerns. This concern is important too. With a rise in the number of businesses adopting the cloud, more and more data will be at risk if cloud security is not taken seriously.


The discipline and practice of securing cloud environments, applications, data, and information are referred to as cloud security or cloud computing security. Cloud security involves protecting cloud environments against unauthorized access, distributed denial of service (DDOS) attacks, hackers, viruses, and other threats. Although cloud security refers to security in cloud settings, cloud-based security is the software as a service (SaaS) delivery model of security services that are hosted in the cloud instead of implemented through on-premise hardware or software.


Cloud Security Challenges: Most Security Professionals Are Finding It Hard to Deal With

According to the TripWire Survey, 76% of cybersecurity experts have found it difficult to manage cloud-related security challenges. A recent Lacework analysis highlights the problems that developers and security professionals have when dealing with cloud security concerns. According to the survey, just one out of every three developers feels that the time they invest in cloud security is productive.

According to these statistics and reports, security experts are struggling to deal with cloud security concerns. The following are some of the common challenges that have hindered the cloud security environment.

Lack of Visibility

One of the biggest challenges for security pros is gaining complete access to the cloud computing system and its data. According to an Ixia study of 338 IT security professionals, less than 20% believed they had complete insight into cloud systems and data packets. According to the same research, 87% of respondents thought that the cloud computing system's lack of visibility led to the complexity of data security threats.

Because several cloud services are used outside of corporate networks as well as through third parties, it's easy to miss the sight of how and by whom your data is being viewed.


Lack of Proper Tools to Manage, Detect, and Prevent Cloud Security Threats

Businesses have only provided mediocre tools that are ill-equipped to combat security tools. A flawless cloud security product should be well-positioned to provide an immediate and clear view of all potential security risks that a business confronts across its cloud computing infrastructure and resources.

Web Application Firewalls, misconfiguration monitors, access control tools, and biometric authentication technologies are good for verifying users' identities and should be accessible to a business. However, SSL certificates, which are a core data encryption tool, are crucial. As a result, security professionals no longer need to be concerned about data security as it moves between cloud storage platforms.


Misconfigurations

In 2019, incorrectly configured assets were responsible for 86% of all records that were compromised, making unauthorized insider access a primary concern for cloud computing systems. It's possible to make an error in setup by, for example, keeping the administrator passwords set to their defaults or failing to provide proper privacy settings.


C-Suite and Cloud Security: Key Strategies


Walking a Thin Line

Never forget that for corporate leaders, it is a continuous challenge to safeguard current revenues and generate a profit by balancing successful business investments with (unprofitable) security investments. They might perceive it as an additional cost, but you must explain why native public cloud security is insufficient and why the obligation to protect their own data cannot be neglected. Data kept on the cloud is no more secure than data maintained elsewhere in the organization. As a result, it is essential to execute extra, targeted security measures in order to fully integrate cloud security protocols with the rest of your security architecture and automate security operations wherever possible.


Consistency Is the Key

Cloud security isn't any different from other types of cybersecurity, so a consistent strategy to maintain security across the whole company, irrespective of where information or applications reside, is necessary. Managing and orchestrating different security methodologies and solutions complicates the security environment, increasing the possibility of errors and vulnerabilities. Emphasize the significance of a consistent, strategic approach to cybersecurity in general.


Make It Visual

While discussing concerns about cybersecurity, non-tech savvy-board members usually drop out. Instead, use their language and structure the discussion around business risk. Highlight how the cloud is just another risk that must be addressed and help board members understand the reality and possible consequences of security issues. For example, show them how common data breaches or loss situations have resulted in CEOs apologizing to the public. This should spark their interest. The idea is to address cloud and cyber risk like any other risk by finding gaps and managing them to the most significant degree possible.


Why Do Businesses Need Cybersecurity Mesh for Cloud Security?

According to Fortune, the worldwide cybersecurity industry will exceed USD 375 billion by 2029. Organizational resources are becoming more likely to be situated outside of an organization's localized security zone, and growth patterns indicate that enterprises of all sizes must be nimble enough to scale quickly without risking network security.

As an organization grows beyond its physical boundaries, each node has become a possible access point that could be utilized to compromise the entire network. Hackers are increasingly launching attacks like ransomware and other types of malware through these insecure access points. The annual cost of such attacks is estimated to be approximately $6 trillion and growing.

The most practical and adaptive solution to dealing with these dangers in an enterprise-level organization is cybersecurity mesh. It extends security throughout your architecture, allowing you to safeguard all systems and access points with a single, unified set of technologies. A cybersecurity mesh can also develop when new threats arise since it is driven by the most recent threat intelligence.

Enterprises require cybersecurity mesh to support core business operations such as:
  • Making use of third-party applications and services
  • Creating new distribution channels
  • Introducing new initiatives


How can you Improve Cloud Security Hygiene?

We believe we understand the concept of hygiene, but how about cloud security hygiene? Although our computers don't have teeth to brush, that concept provides a starting point for a different view of security hygiene. If you have a task that you must complete on a regular basis, you must complete it everywhere. It is not acceptable to clean your teeth just once a year or to brush only the front teeth. Similarly, you cannot patch software or verify your security setups just once a year or simply for your most visible systems.

Suggestions for smarter and more systematic cloud security hygiene:
  • Sort the categories of cloud coverage
  • Determine the range of your controls.
  • Consider the situation within your cloud.
  • Cancel the confidence!


Least Privilege Access for Cloud Security

The POLP (Principle of Least Privilege) also known as POLP, is an essential security principle. When it comes to public cloud security, the Principle of Least Privilege approach states that all identities, both human and non-human, should be permitted the least amount of access necessary to carry out their respective tasks. Moreover, an often overlooked guideline is that those identified should provide access for just the period required to fulfill their mission.

Why should you consider implementing Least Privilege?

  • Protect Against Risks
  • Limit Damage
  • Classify Data
  • Improve Security
  • Reduce Liability


Must-Have Cloud Computing Security Features

Companies of all sizes must be hyper-vigilant when it pertains to cybersecurity, regardless of whether they utilize traditional on-premises technology or cloud-based infrastructure. Businesses are at the mercy of hackers due to slow responses to cyber-attacks and ineffective security measures.

According to Economist data, "the average duration between an attacker breaching a network and its owner discovering the intrusion is 205 days." During that period, hackers can cause immeasurable damage to the company and its consumers.

The issue is that putting in place robust security features might be cost-prohibitive for the organization making the investment. Utilizing a cloud service provider can reduce the substantial upfront capital costs associated with cutting-edge cyber security measures.

Must-have cloud computing security features are as follows:
  • Top-of-the-Line Perimeter Firewall
  • Intrusion Detection Systems with Event Logging
  • Internal Firewalls for Individual Applications and Databases
  • Data-at-Rest Encryption
  • Tier IV Data Centers with Excellent Physical Security


Closing Lines

Since most businesses already use cloud services in some way or another, cloud security has become a necessity. Gartner predicted that the worldwide market for public cloud services would rise 23.1% in 2021, reflecting the rapid pace of adoption of these services.

Protecting data and business data, like customer orders, confidential design blueprints, and financial records is a critical component of cloud security. Preventing data breaches and theft is crucial for retaining your customers' confidence and safeguarding the assets that lead you to a competitive edge.


FAQ

What is the most reliable form of cloud computing security?

Encryption is among the most effective ways to protect your cloud computing platforms. There are numerous ways to use encryption, and they can be provided by a cloud provider or by a separate cloud security solutions supplier.


How is cloud security provided?

To safeguard your data, cloud service providers employ a variety of approaches. Firewalls are an essential component of cloud infrastructure. Firewalls safeguard the edge of your network security as well as your end users. Firewalls also protect traffic between various cloud-based apps.


What are the three most important areas of cloud security?

Below are the key areas for cloud computing security. If your cloud provider's solution lacks security in any one area, your company's important data might be at risk.
  • Physical Security
  • Software Security
  • Infrastructure Security

Spotlight

Namogoo

Many enterprises focus their security efforts on servers, network and infrastructure. However, 15%-30% of online users are infected with dangerous invisible cyber threats that businesses are not aware of. Client-Side Injected Malware (CSIM) runs through the user’s devices or browsers and bypasses any server-side security shield. CSIM includes spyware scripts, widgets (product comparisons and coupons), banner ads and inappropriate content that are injected into websites by extensions that are installed on customers’ browsers on both web and mobile devices.

OTHER ARTICLES
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

The Great CISO Resignation

Article | August 12, 2022

CISOs Are Leaving in Droves The Great Resignation has been front-page news since Covid lockdowns, with many employees looking for the work-life balance they enjoyed at the time. Now, the phenomenon has spread to the role of Chief Information Security Officer (CISO) and shows no signs of letting up. In fact, industry experts predict that it is likely to worsen. A recent study from cybersecurity company BlackFog found that 32% of CISOs in the U.K. and U.S. have considered leaving and many planned to do so in just six months. The majority noted that the top reason for leaving was a lack of work-life balance. The CISO role is demanding, with firefighting and frequent changes in regulations and customer expectations taking up significant time both on and off the job. In another recent study in which 581 CISOs were surveyed, the IANS Research and Artico Search explored CISO compensation and job satisfaction. Three-fourths of CISOs are satisfied with their job, which is 7% higher than in the 2021 sample and more than double that of the 2020 sample. The main drivers of satisfaction are compensation, budget, executive visibility, and organizational support. However, despite high satisfaction numbers, the study found that as many as 44% of respondents are considering a job change. CISO Challenges LIABILITY AND EXPOSURE OF THE CISO There is a perception that CISOs face heightened liability for cyber intrusions and the response to cyber events. One extraordinary example is the recent conviction of Uber’s former security officer, which represents the first time a security executive has faced federal crime prosecution over a data security response. In this case the finding was that he obstructed justice by concealing information about a breach, destroying data, and covering up the incident. CISOs are often in the hot seat when it comes to cyber-intrusions and how they are handled. The Board of Directors (possibly including named corporate officers) in most cases are protected by being diligent about the Business Judgement Rule (BJR). Heavily adopted in Delaware case law and since adopted in various forms in many states, this “rule” stipulates that proper oversight includes demonstrating the duty of loyalty (no conflicting interests) and duty of care (make informed decisions) to be protected from liability. There are few cases (although Enron being one) where liability was found but it was for illegalities and poor business judgment. Since CISOs are not named corporate officers in most cases, BJR does not provide comfort. Similarly, liability insurance which covers legal defense fees and cash judgments often covers only directors and named corporate officers unless the CISO has been specifically included in the policy. DUTY TO REPORT Improving Board-CISO Transparency There is a mechanism found in corporate governance best-practices for ensuring that the most senior people in an organization get direct, unfiltered input from a key executive, regardless of reporting structure. It is called the executive session. This is in common use by Boards of Directors who meet individually with the Chief Financial Officer, Controller, and other key executives, notably without other management in the room. Questions are intended to be penetrating and the respondent is expected to respond openly. Now that cybersecurity has risen to a top risk for the enterprise, the CISO position should be among those who appear individually in an executive session with the highest governing body of an enterprise at least annually. This addition to governance best-practices would give Board members and State governors unfiltered information on cybersecurity matters, thereby helping to fulfil their oversight responsibility. Bob Zukis, founder and CEO of the Digital Directors Network, reports that a survey of its membership of more than 900 IT, cyber, and boardroom leaders shows nearly half of the respondents already have some form of this policy in practice. However, this is still a minority of the overall CISO population, signaling more transparency between the CISO and Board is needed. CISOs in State Governments Government organizations also face many of these issues. Evidence shows that CISOs in state governments are as vulnerable to other job offers as CISOs in the private sector. In the span of eight days in October 2022, there were several reports of state CISOs resigning, including Oklahoma, Georgia, Pennsylvania, and North Dakota. [1] Legal liability is not an issue the government CISO needs to be worried about since governments and their employees are immune from legal suits. However, government CISOs are highly concerned about shouldering blame, especially in the press, for security intrusions or their coverup. As with private industry, state governments should also institute this recommended practice. NCC recommends CISOs be called upon to appear in an executive session with agency heads and even the governor at least once a year. The State of Texas, for example, already has a version of this policy implemented in a statute and in practice. Texas Administrative Code includes provisions for: Reporting, at least annually, directly to the agency head the status and effectiveness of the security program and its controls. Informing any relevant parties in the event of noncompliance with the state agency’s information security policies Resolving the Great CISO Resignation For organizations across the public and private sectors, cybersecurity has risen to one of the top risks and has increased the importance of the role of the CISO. Most are looking to improve their work-life balance and reduce some of the stressors of the job. While many CISOs are also concerned about trends in liability and becoming headline news for decisions made on the job, requiring CISOs to appear in executive sessions with board members or state governors can help to alleviate these concerns and improve CISO job satisfaction while at the same time improving how the most senior levels of organizations fulfil their responsibilities for oversight of top risks.

Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Top 5 Application Security Trends Businesses Must Be Aware of in 2023

Article | March 29, 2023

Introduction Top 5 Trends for Businesses to Improve Their Existing Application Security 1.AppSec and Convergence 2.Adoption of Automated AI Security Capabilities 3.Emphasis on Securing the Software Supply Chain 4.Extreme 'Shift Left' 5.Upsurge in Demand for Vulnerability Prioritization Moving Forward with Application Security Introduction The proliferation of applications and their usage across the business landscape has made application security a strategic initiative that spans departments rather than an activity. Several factors are driving the rethinking of application security as a broader strategic program, including the evolving threat landscape, more incremental software development frameworks, and the adoption of nimbler. With the acceleration of software development and the greater-than-ever role of code in current business infrastructure, application security is shifting left in the process and infusing every step to ensure that the applications reaching customers' hands are secure and reliable. Top 5 Trends for Businesses to Improve Their Existing Application Security Applications serve as a doorway to servers and networks, making them an excellent target for malicious actors. Since cyber attackers constantly improve their techniques for breaking into software, it is becoming essential for businesses to gain insights into ever-evolving trends in the AppSec space. Here are some of the prominent trends that businesses should aware of to improve their existing application security. Trend 1: AppSec and CloudSec Convergence To accurately estimate attack surface and overall security posture, both application code vulnerabilities and cloud service hosting misconfigurations must be examined. The convergence of AppSec and CloudSec is becoming a critical component of modern security operations. It allows organizations to gain a comprehensive view of the attack surface and better understand the risks posed by application code and cloud service providers. By looking at these two areas cohesively, organizations can identify business-critical vulnerabilities and prioritize their remediation efforts. Trend 2: Adoption of Automated AI Security Capabilities The increasing volume and complexity of security threats pose significant challenges for organizations, causing strain on their threat detection and response capabilities. This leads to slower response times, higher costs, and a greater impact on security incidents. To address this issue, many companies are turning to security automation as a potential solution. One of such approaches involves the use of artificial intelligence (AI), which can automate data gathering, threat identification, and incident response processes. By adopting security automation, companies can optimize the use of limited security personnel and resources, enabling them to focus on high-value activities that provide maximum benefit to the organization. Trend 3: Emphasis on Securing the Software Supply Chain The software supply chain is emerging as a primary area of focus due to the heightened risks associated with software development. This urgency has been further compounded by the recent attack, such as Solarwind data breach and the Log4j attack on Apache, increasing the significance of software security measures. Companies are taking a more proactive approach for making enhancements in the software supply chain to protect their applications, including conducting Static Application Security Testing (SAST) to identify and address vulnerabilities before malicious actors can exploit them. Trend 4: Extreme 'Shift Left' The ‘shift left’ in software development has gained significant momentum in recent years. The idea behind this approach is to prioritize security and other critical aspects of software development at the earliest possible stage in the development process. By doing so, organizations can make more informed security decisions and identify and address security vulnerabilities before they cause any damage. As the pace of development continues to increase, organizations are increasingly adopting this approach in their software development processes to protect their systems and data from security risks. Trend 5: Upsurge in Demand for Vulnerability Prioritization Managing vulnerabilities in a software system requires analyzing vast amounts of data to determine issues that require immediate attention and prioritization. However, the growing presence of false positives is negatively impacting this process, resulting in decreased efficiency and wasted resources. Organizations are increasingly looking for vendors to provide vulnerability management tools that can reduce false positives, differentiate between low-priority issues and severe security threats, and offer actionable insights to mitigate them. Moving Forward with Application Security Applications security has become more critical than ever before for businesses in the current digital scape. With the attack surface constantly expanding and the frequency of threats on the rise, organizations must remain agile and employ the best effective strategies to protect their applications from potential cyberattacks. The significance of application security has not gone unnoticed. As organizations continue to invest in security measures, they are increasingly upgrading themselves as per emerging security trends to protect themselves against evolving cyber threats. This includes adopting the ‘shift left’ approach, tightening controls, and having a clear definition of remediation processes.

Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | August 12, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

Namogoo

Many enterprises focus their security efforts on servers, network and infrastructure. However, 15%-30% of online users are infected with dangerous invisible cyber threats that businesses are not aware of. Client-Side Injected Malware (CSIM) runs through the user’s devices or browsers and bypasses any server-side security shield. CSIM includes spyware scripts, widgets (product comparisons and coupons), banner ads and inappropriate content that are injected into websites by extensions that are installed on customers’ browsers on both web and mobile devices.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions

Globenewswire | May 29, 2023

WinMagic Inc. (the "Company" or "WinMagic") is proud to announce that it is now a member of the Lumen Technologies (NYSE: LUMN) Channel Partner program. WinMagic offers powerfully simple and seamless authentication and encryption solutions that use the endpoint to deliver unbeatable security. This partnership will enable the Company to leverage Lumen’s extensive network and cloud and security solutions to expand capabilities to existing WinMagic customers and enter new markets through access to Lumen’s comprehensive partner program. As a Lumen Channel Partner, WinMagic can draw on Lumen’s integrated portfolio of global solutions to enable greater product adaptability regarding network services, infrastructure and applications. Lumen’s solutions and infrastructure, combined with WinMagic’s innovative authentication and endpoint encryption products, provide customers with a complete portfolio of cybersecurity solutions. “This is a game-changer for customers. Paired with WinMagic’s next-gen security, Lumen’s edge compute infrastructure and portfolio of advanced solutions gives customers real power,” said Sara Seegers, regional vice president of indirect channel sales at Lumen. “Customers want to scale their operations as quickly as possible. They know this is the key to increasing their efficiency and growing their business. Together, we can bring results that exceed customer expectations.” "This partnership with Lumen brings users WinMagic’s most secure authentication technology to date with an incredible user experience," said Rahul Kumar, vice president of sales at WinMagic. "Our MagicEndpoint provides real-time, continuous authentication of the user plus endpoint device without requiring any user action. This strategy delivers the ‘always verify’ element of zero-trust security. We're excited to extend our next-gen security solutions to the Lumen network." WinMagic’s MagicEndpoint passwordless authentication solution delivers preboot authentication, Windows login and passwordless authentication to online services and applications. The software’s zero-trust security design complements government and commercial environments while delivering an end-to-end secure user experience. SecureDoc endpoint encryption enables organizations to secure all their data at the same time, keeping it safe from cyberattacks without disrupting productivity. About Lumen Technologies Lumen connects the world. We are dedicated to furthering human progress through technology by connecting people, data and applications — quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For more information, visit www.lumen.com. About WinMagic WinMagic is a leading developer of cybersecurity solutions that, for 25 years, has raised the bar for endpoint encryption. Over 2,500 businesses and government agencies trust the company with over 3 million active licenses globally. The WinMagic authentication and encryption suite protects your company's data, on-premises or in the cloud. WinMagic delivers a seamless authentication and encryption experience that increases productivity while protecting users and data. For more information, visit www.winmagic.com.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

New KnowBe4 SecurityCoach Integrates With Bitdefender GravityZone

PRWeb | May 22, 2023

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its new SecurityCoach product integrates with Bitdefender GravityZone, a leading next-generation endpoint protection platform for threat prevention, detection and response. The new partnership and product integration between the two cybersecurity leaders will help reduce risky behavior, support real-time security coaching and help organizations become more cyber resilient. SecurityCoach helps IT/security professionals develop a strong security culture by enabling real-time security coaching of their users in response to risky security behavior. Leveraging an organization’s existing security stack, IT/security professionals can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their users related to a detected event. “Bitdefender joins our ecosystem of technology partners, which is growing rapidly, to enrich the support we provide to our customers and fortify their organization’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with Bitdefender to provide a seamless integration with our new SecurityCoach product, which aims to deliver real-time security coaching and advice to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture. KnowBe4 is actively working with Bitdefender to provide an API-based integration to connect our platform with systems that IT/security professionals already utilize, making rolling out new products to their teams an easy and unified process.” “We are pleased to partner with KnowBe4 to integrate Bitdefender GravityZone with SecurityCoach,” said Daniel Daraban, senior director of product management at Bitdefender Business Solutions Group. “Businesses and organizations are under constant assault from ransomware, trojans, and other malware infecting systems. This integration leverages GravityZone’s behavioral analytics, machine learning, and root cause analysis for contextualized alerts resulting in actionable SecurityTips that help minimize risky user behavior.” KnowBe4 will provide step-by-step instructions and recommendations to help IT/security professionals achieve quick and pain-free integration and data syncing during the implementation process. KnowBe4 now integrates or partners with over 20 of the world's top cybersecurity platforms across Endpoint, Network, Identity, Cloud and Data Security https://www.knowbe4.com/integrations. For more information on SecurityCoach, visit http://www.knowbe4.com/securitycoach. About Bitdefender Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world. For more information, visit https://www.bitdefender.com. About KnowBe4 KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions

Globenewswire | May 29, 2023

WinMagic Inc. (the "Company" or "WinMagic") is proud to announce that it is now a member of the Lumen Technologies (NYSE: LUMN) Channel Partner program. WinMagic offers powerfully simple and seamless authentication and encryption solutions that use the endpoint to deliver unbeatable security. This partnership will enable the Company to leverage Lumen’s extensive network and cloud and security solutions to expand capabilities to existing WinMagic customers and enter new markets through access to Lumen’s comprehensive partner program. As a Lumen Channel Partner, WinMagic can draw on Lumen’s integrated portfolio of global solutions to enable greater product adaptability regarding network services, infrastructure and applications. Lumen’s solutions and infrastructure, combined with WinMagic’s innovative authentication and endpoint encryption products, provide customers with a complete portfolio of cybersecurity solutions. “This is a game-changer for customers. Paired with WinMagic’s next-gen security, Lumen’s edge compute infrastructure and portfolio of advanced solutions gives customers real power,” said Sara Seegers, regional vice president of indirect channel sales at Lumen. “Customers want to scale their operations as quickly as possible. They know this is the key to increasing their efficiency and growing their business. Together, we can bring results that exceed customer expectations.” "This partnership with Lumen brings users WinMagic’s most secure authentication technology to date with an incredible user experience," said Rahul Kumar, vice president of sales at WinMagic. "Our MagicEndpoint provides real-time, continuous authentication of the user plus endpoint device without requiring any user action. This strategy delivers the ‘always verify’ element of zero-trust security. We're excited to extend our next-gen security solutions to the Lumen network." WinMagic’s MagicEndpoint passwordless authentication solution delivers preboot authentication, Windows login and passwordless authentication to online services and applications. The software’s zero-trust security design complements government and commercial environments while delivering an end-to-end secure user experience. SecureDoc endpoint encryption enables organizations to secure all their data at the same time, keeping it safe from cyberattacks without disrupting productivity. About Lumen Technologies Lumen connects the world. We are dedicated to furthering human progress through technology by connecting people, data and applications — quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For more information, visit www.lumen.com. About WinMagic WinMagic is a leading developer of cybersecurity solutions that, for 25 years, has raised the bar for endpoint encryption. Over 2,500 businesses and government agencies trust the company with over 3 million active licenses globally. The WinMagic authentication and encryption suite protects your company's data, on-premises or in the cloud. WinMagic delivers a seamless authentication and encryption experience that increases productivity while protecting users and data. For more information, visit www.winmagic.com.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

New KnowBe4 SecurityCoach Integrates With Bitdefender GravityZone

PRWeb | May 22, 2023

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its new SecurityCoach product integrates with Bitdefender GravityZone, a leading next-generation endpoint protection platform for threat prevention, detection and response. The new partnership and product integration between the two cybersecurity leaders will help reduce risky behavior, support real-time security coaching and help organizations become more cyber resilient. SecurityCoach helps IT/security professionals develop a strong security culture by enabling real-time security coaching of their users in response to risky security behavior. Leveraging an organization’s existing security stack, IT/security professionals can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their users related to a detected event. “Bitdefender joins our ecosystem of technology partners, which is growing rapidly, to enrich the support we provide to our customers and fortify their organization’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with Bitdefender to provide a seamless integration with our new SecurityCoach product, which aims to deliver real-time security coaching and advice to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture. KnowBe4 is actively working with Bitdefender to provide an API-based integration to connect our platform with systems that IT/security professionals already utilize, making rolling out new products to their teams an easy and unified process.” “We are pleased to partner with KnowBe4 to integrate Bitdefender GravityZone with SecurityCoach,” said Daniel Daraban, senior director of product management at Bitdefender Business Solutions Group. “Businesses and organizations are under constant assault from ransomware, trojans, and other malware infecting systems. This integration leverages GravityZone’s behavioral analytics, machine learning, and root cause analysis for contextualized alerts resulting in actionable SecurityTips that help minimize risky user behavior.” KnowBe4 will provide step-by-step instructions and recommendations to help IT/security professionals achieve quick and pain-free integration and data syncing during the implementation process. KnowBe4 now integrates or partners with over 20 of the world's top cybersecurity platforms across Endpoint, Network, Identity, Cloud and Data Security https://www.knowbe4.com/integrations. For more information on SecurityCoach, visit http://www.knowbe4.com/securitycoach. About Bitdefender Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world. For more information, visit https://www.bitdefender.com. About KnowBe4 KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

Read More

Events