Combating the Risk of SQL Injection Attacks – Part 1

Aashish Yadav | July 29, 2022 | 1603 views | Read Time : 03:00 min

Combating the Risk of SQL Injection Attacks – Part 1

Structured Query Language or SQL, is the command-and-control language used by relational databases, including Microsoft SQL Server, Oracle, IBM DB2, and MySQL. Relational databases are a significant resource on the back end of online applications and content management systems (CMS) developed in PHP, .NET, Java EE, Hibernate, SQLite, or other scripting languages in current web development.

SQL injection is among the most dangerous web application vulnerabilities. It happens when a user inserts untrusted data into a database query. For example, while completing an online form. Smart attackers can construct user input to steal vital data, circumvent authentication, or damage the entries in your database when SQL injection is possible.

SQL injection attacks come in many types, but they always originate from the same source. The query string is combined with the user's untrusted data. As a result, the user's input might change the query's original intent.

Types of SQL Injection Attacks

SQLi attacks can be roughly classified into three categories when it comes to SQL injection types:

  • In-Band SQLi

    In-band SQLi is one of the most prevalent types of SQL injection, in which the data appears on the same channel as the malicious code. Two of the most common in-band SQL injection attack approaches are error-based and union-based SQL injection attacks. A verbose error (retrieved data) appears on the web page in response to a faulty or unexpected query in error-based SQLi attacks (the malicious user input).

Union-based SQLi combines the results of two or more SELECT statements into a single query. It could be used to get information from several tables in a database.

  • Out-of-Band SQLi

    Out-of-Band SQLi is a sort of SQL injection that is less prevalent. This occurs when the attacker is unable to retrieve the data utilizing the same channel through which the attack was conducted. The attacker's answer is provided through other channels, such as email, or it is dependent on the capabilities of the application's database server to perform DNS or HTTP connections to a server controlled by the attacker.

  • Inferential SQLi

There is no actual data transmission with this sort of SQL injection, often known as blind SQLi. Attackers, on the other hand, can watch how the application responds to payloads, giving them information on whether the query is run or how the database processes the requests. Although it is considerably simpler to recreate the logic of the original question with verbose errors, an attacker who is successful in executing a blind SQL injection attack on the application can reverse engineer the logic to get at the original query.

Another often used approach is a time-based blind SQLi attack, which includes evaluating the latency in response to determine whether or not the query is run. There is no delay in page loading after submitting the given request. If the comment is changed, as seen below, and there is a delayed response, the query was run. The attacker presently understands how to leverage the application's syntax for commenting out sections of a query. Once they get this information, they can use it to continue targeting the application in subsequent ways.

Tips to prevent SQL infection will be disclosed in our next article: Combating the Risk of SQL Injection Attacks—Part 2

Spotlight

WORLD Global Network

"WOR(l)D lands in India after a path full of success. Founded in 2011, during these years the Company has reached many important goals, thanks to its innovative service and products. With an headquarter in Miami, the company has settled many offices in the WOR(l)D and has decided to create two separate offices in India, one in Bangalore for the IT Department and one in Chennai for Accounting. WOR(l)D stands apart as a leader in the global markets of media, mobile and wearable technologies. Employing the brightest minds and best professionals, WOR(l)D constantly invest in great ideas and highly motivated people. Every WOR(l)D product reflects its passion for research, innovation and environmental responsibility. The passion we have for our work drives us to seek out new opportunities and to build a stronger network. India is one of several new countries with which our company aims to further expand its global network. The passion we’ve experienced from this new network is in perfect syn

OTHER ARTICLES
PLATFORM SECURITY

The Great CISO Resignation

Article | October 12, 2022

CISOs Are Leaving in Droves The Great Resignation has been front-page news since Covid lockdowns, with many employees looking for the work-life balance they enjoyed at the time. Now, the phenomenon has spread to the role of Chief Information Security Officer (CISO) and shows no signs of letting up. In fact, industry experts predict that it is likely to worsen. A recent study from cybersecurity company BlackFog found that 32% of CISOs in the U.K. and U.S. have considered leaving and many planned to do so in just six months. The majority noted that the top reason for leaving was a lack of work-life balance. The CISO role is demanding, with firefighting and frequent changes in regulations and customer expectations taking up significant time both on and off the job. In another recent study in which 581 CISOs were surveyed, the IANS Research and Artico Search explored CISO compensation and job satisfaction. Three-fourths of CISOs are satisfied with their job, which is 7% higher than in the 2021 sample and more than double that of the 2020 sample. The main drivers of satisfaction are compensation, budget, executive visibility, and organizational support. However, despite high satisfaction numbers, the study found that as many as 44% of respondents are considering a job change. CISO Challenges LIABILITY AND EXPOSURE OF THE CISO There is a perception that CISOs face heightened liability for cyber intrusions and the response to cyber events. One extraordinary example is the recent conviction of Uber’s former security officer, which represents the first time a security executive has faced federal crime prosecution over a data security response. In this case the finding was that he obstructed justice by concealing information about a breach, destroying data, and covering up the incident. CISOs are often in the hot seat when it comes to cyber-intrusions and how they are handled. The Board of Directors (possibly including named corporate officers) in most cases are protected by being diligent about the Business Judgement Rule (BJR). Heavily adopted in Delaware case law and since adopted in various forms in many states, this “rule” stipulates that proper oversight includes demonstrating the duty of loyalty (no conflicting interests) and duty of care (make informed decisions) to be protected from liability. There are few cases (although Enron being one) where liability was found but it was for illegalities and poor business judgment. Since CISOs are not named corporate officers in most cases, BJR does not provide comfort. Similarly, liability insurance which covers legal defense fees and cash judgments often covers only directors and named corporate officers unless the CISO has been specifically included in the policy. DUTY TO REPORT Improving Board-CISO Transparency There is a mechanism found in corporate governance best-practices for ensuring that the most senior people in an organization get direct, unfiltered input from a key executive, regardless of reporting structure. It is called the executive session. This is in common use by Boards of Directors who meet individually with the Chief Financial Officer, Controller, and other key executives, notably without other management in the room. Questions are intended to be penetrating and the respondent is expected to respond openly. Now that cybersecurity has risen to a top risk for the enterprise, the CISO position should be among those who appear individually in an executive session with the highest governing body of an enterprise at least annually. This addition to governance best-practices would give Board members and State governors unfiltered information on cybersecurity matters, thereby helping to fulfil their oversight responsibility. Bob Zukis, founder and CEO of the Digital Directors Network, reports that a survey of its membership of more than 900 IT, cyber, and boardroom leaders shows nearly half of the respondents already have some form of this policy in practice. However, this is still a minority of the overall CISO population, signaling more transparency between the CISO and Board is needed. CISOs in State Governments Government organizations also face many of these issues. Evidence shows that CISOs in state governments are as vulnerable to other job offers as CISOs in the private sector. In the span of eight days in October 2022, there were several reports of state CISOs resigning, including Oklahoma, Georgia, Pennsylvania, and North Dakota. [1] Legal liability is not an issue the government CISO needs to be worried about since governments and their employees are immune from legal suits. However, government CISOs are highly concerned about shouldering blame, especially in the press, for security intrusions or their coverup. As with private industry, state governments should also institute this recommended practice. NCC recommends CISOs be called upon to appear in an executive session with agency heads and even the governor at least once a year. The State of Texas, for example, already has a version of this policy implemented in a statute and in practice. Texas Administrative Code includes provisions for: Reporting, at least annually, directly to the agency head the status and effectiveness of the security program and its controls. Informing any relevant parties in the event of noncompliance with the state agency’s information security policies Resolving the Great CISO Resignation For organizations across the public and private sectors, cybersecurity has risen to one of the top risks and has increased the importance of the role of the CISO. Most are looking to improve their work-life balance and reduce some of the stressors of the job. While many CISOs are also concerned about trends in liability and becoming headline news for decisions made on the job, requiring CISOs to appear in executive sessions with board members or state governors can help to alleviate these concerns and improve CISO job satisfaction while at the same time improving how the most senior levels of organizations fulfil their responsibilities for oversight of top risks.

Read More
PLATFORM SECURITY

Top 5 Application Security Trends Businesses Must Be Aware of in 2023

Article | June 13, 2022

Introduction Top 5 Trends for Businesses to Improve Their Existing Application Security 1.AppSec and Convergence 2.Adoption of Automated AI Security Capabilities 3.Emphasis on Securing the Software Supply Chain 4.Extreme 'Shift Left' 5.Upsurge in Demand for Vulnerability Prioritization Moving Forward with Application Security Introduction The proliferation of applications and their usage across the business landscape has made application security a strategic initiative that spans departments rather than an activity. Several factors are driving the rethinking of application security as a broader strategic program, including the evolving threat landscape, more incremental software development frameworks, and the adoption of nimbler. With the acceleration of software development and the greater-than-ever role of code in current business infrastructure, application security is shifting left in the process and infusing every step to ensure that the applications reaching customers' hands are secure and reliable. Top 5 Trends for Businesses to Improve Their Existing Application Security Applications serve as a doorway to servers and networks, making them an excellent target for malicious actors. Since cyber attackers constantly improve their techniques for breaking into software, it is becoming essential for businesses to gain insights into ever-evolving trends in the AppSec space. Here are some of the prominent trends that businesses should aware of to improve their existing application security. Trend 1: AppSec and CloudSec Convergence To accurately estimate attack surface and overall security posture, both application code vulnerabilities and cloud service hosting misconfigurations must be examined. The convergence of AppSec and CloudSec is becoming a critical component of modern security operations. It allows organizations to gain a comprehensive view of the attack surface and better understand the risks posed by application code and cloud service providers. By looking at these two areas cohesively, organizations can identify business-critical vulnerabilities and prioritize their remediation efforts. Trend 2: Adoption of Automated AI Security Capabilities The increasing volume and complexity of security threats pose significant challenges for organizations, causing strain on their threat detection and response capabilities. This leads to slower response times, higher costs, and a greater impact on security incidents. To address this issue, many companies are turning to security automation as a potential solution. One of such approaches involves the use of artificial intelligence (AI), which can automate data gathering, threat identification, and incident response processes. By adopting security automation, companies can optimize the use of limited security personnel and resources, enabling them to focus on high-value activities that provide maximum benefit to the organization. Trend 3: Emphasis on Securing the Software Supply Chain The software supply chain is emerging as a primary area of focus due to the heightened risks associated with software development. This urgency has been further compounded by the recent attack, such as Solarwind data breach and the Log4j attack on Apache, increasing the significance of software security measures. Companies are taking a more proactive approach for making enhancements in the software supply chain to protect their applications, including conducting Static Application Security Testing (SAST) to identify and address vulnerabilities before malicious actors can exploit them. Trend 4: Extreme 'Shift Left' The ‘shift left’ in software development has gained significant momentum in recent years. The idea behind this approach is to prioritize security and other critical aspects of software development at the earliest possible stage in the development process. By doing so, organizations can make more informed security decisions and identify and address security vulnerabilities before they cause any damage. As the pace of development continues to increase, organizations are increasingly adopting this approach in their software development processes to protect their systems and data from security risks. Trend 5: Upsurge in Demand for Vulnerability Prioritization Managing vulnerabilities in a software system requires analyzing vast amounts of data to determine issues that require immediate attention and prioritization. However, the growing presence of false positives is negatively impacting this process, resulting in decreased efficiency and wasted resources. Organizations are increasingly looking for vendors to provide vulnerability management tools that can reduce false positives, differentiate between low-priority issues and severe security threats, and offer actionable insights to mitigate them. Moving Forward with Application Security Applications security has become more critical than ever before for businesses in the current digital scape. With the attack surface constantly expanding and the frequency of threats on the rise, organizations must remain agile and employ the best effective strategies to protect their applications from potential cyberattacks. The significance of application security has not gone unnoticed. As organizations continue to invest in security measures, they are increasingly upgrading themselves as per emerging security trends to protect themselves against evolving cyber threats. This includes adopting the ‘shift left’ approach, tightening controls, and having a clear definition of remediation processes.

Read More
PLATFORM SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 11, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

WORLD Global Network

"WOR(l)D lands in India after a path full of success. Founded in 2011, during these years the Company has reached many important goals, thanks to its innovative service and products. With an headquarter in Miami, the company has settled many offices in the WOR(l)D and has decided to create two separate offices in India, one in Bangalore for the IT Department and one in Chennai for Accounting. WOR(l)D stands apart as a leader in the global markets of media, mobile and wearable technologies. Employing the brightest minds and best professionals, WOR(l)D constantly invest in great ideas and highly motivated people. Every WOR(l)D product reflects its passion for research, innovation and environmental responsibility. The passion we have for our work drives us to seek out new opportunities and to build a stronger network. India is one of several new countries with which our company aims to further expand its global network. The passion we’ve experienced from this new network is in perfect syn

Related News

ENTERPRISE IDENTITY, SOFTWARE SECURITY, CLOUD SECURITY

Lookout Announces the Successful Divestiture of Its Consumer Mobile Security Business Segment

Businesswire | June 05, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced it has closed the previously announced sale of its consumer mobile security business to F-Secure, a global provider of consumer security products and services. With this strategic divestiture Lookout will focus on expanding its core enterprise business, built around the Lookout Cloud Security Platform. The sale of Lookout’s consumer mobile security business represents a deliberate and strategic decision to optimize its enterprise product portfolio and concentrate its product innovation and go-to-market on the expansion of these core competencies. The divestiture sets Lookout up for long-term growth and further positions the Company to address the security transformation impacting organizations today, including the increase in remote work, the shift to cloud-based delivery models and the transition to zero trust architectures. “We are pleased to announce the successful divestiture of our mobile consumer security business, which represents a significant milestone in our strategic transformation to become a pure-play enterprise cybersecurity company,” Jim Dolce, CEO at Lookout. “With this refined focus, we will continue to drive innovation, invest in the development of cutting-edge solutions and drive greater value for our customers.” Lookout’s core enterprise business includes Lookout Mobile Endpoint Security and its security services edge (SSE) cloud-native solution, the Lookout Cloud Security Platform. The Company entered the cloud security market through its acquisition of CipherCloud in March 2021. Its Cloud Security Platform was recently scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge (SSE)1 report in each of the four use cases. The Gartner Critical Capabilities for SSE – an essential companion to the Gartner Magic Quadrant™ for SSE2 in which Lookout was named a Visionary for the second year in a row – is a comparative analysis that scores products or services against a set of critical differentiators that every business needs, as identified by Gartner. These four use cases include Secure Web and Cloud Usage, Detect and Mitigate Threats, Connect and Secure Remote Workers and Identify and Protect Sensitive Information. As part of the sale agreement, F-Secure acquires all of the Lookout consumer mobile security products and technology and assumes all responsibility for ongoing operations and customer relationships. Additionally, the Company’s consumer employees will become part of F-Secure. About Lookout Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter. © 2023 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design®, and SIGNAL FLARE® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, SCREAM, the 4 Bar Shield Design, and the Lookout multi-color/multi-shaded Wingspan design.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Lacework Unifies Entitlements Management and Threat Detection for Simplified Cloud Security

Prnewswire | June 07, 2023

Lacework, the data-driven security platform, today announced new CIEM functionality that empowers teams to gain observability of all cloud identities, know precisely who can perform what actions, and easily identify which identities pose the greatest risk. Furthermore, Lacework's actionable approach to CIEM provides customers with recommendations on how to reduce their identity risk. By combining these new capabilities with cloud security posture management, attack path analysis, and threat detection into a single platform, Lacework gives customers a clear understanding of their cloud identity landscape, visibility into cloud identity and access management (IAM) misconfigurations and exposed secrets, and continuous discovery of identity threats. The benefits of public cloud come with complex challenges in managing identity risk. With over 35,000 granular permissions across hyperscale cloud providers, organizations struggle to limit unnecessary access. Most cloud users and instances are granted far more permissions than they actually need, leaving organizations highly exposed to cloud breach, account takeover, and data exfiltration. And the fact that machine identities in the cloud typically outnumber humans by an order of magnitude intensifies the issue. "Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk," said Philip Bues, Research Manager for Cloud Security, at IDC. "Beyond prioritizing risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk." Preventing Cloud Identity Risk with New Entitlement Management Technology Lacework dynamically discovers cloud user, resource, group and role identities and their net-effective permissions and then automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. This means Lacework not only informs customers of risky identities and entitlements, but also shows those identities that are hardly used or even need entitlements to begin with. "CIEM is a vital facet of a comprehensive cloud security strategy," said Paolo del Mundo, Director of Application Security, The Motley Fool. "It's encouraging to see Lacework incorporating this into their well-rounded CNAPP solution, potentially providing a robust response to the challenge of managing cloud access permissions effectively." Combined with Lacework's ability to prioritize risks from an attack path context, as well as detect user and entity behavior anomalies, customers are able to: Continuously comply with IAM security and regulatory compliance requirements. Identify cloud user, application and service identities, know exactly what actions each can take, and prioritize the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams. Continuously discover risky behavior, including lateral movement and privilege escalation, without needing to write rules or stitching together disparate alerts. Rapidly detect insider threats associated with malicious or accidental abuse of permissions. "Our customers need to know what entities are actually doing in their cloud and whether it's malicious or inappropriate, and it can't get in the way of their ability to move fast," said Adam Leftik, Vice President, Product, Lacework. "Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize, and respond to identity alerts. It's the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward." About Lacework Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.

Read More

ENTERPRISE SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Safe Security Unveils Industry's First AI-Fueled Cyber Risk Cloud of Clouds Platform with SafeGPT to Answer Cyber Questions a Hundred Times Faster

Prnewswire | June 02, 2023

Safe Security (SAFE), the leader in AI-based cyber risk management SaaS platform, announced today the industry's first Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE's Cyber Risk Cloud of Clouds enables organizations to make informed and predictive dynamic security decisions to reduce risk. Real-Time, Data-Driven, Aggregated Risk in a Single Place SAFE's Cyber Risk Cloud of Clouds provides organizations with a granular and aggregated view of enterprise security risk by bringing together multiple disparate cyber signals, including Crowdstrike, Wiz, AWS, Azure, Google Cloud Provider, Qualys, Tanium, Rapid7, ServiceNow, and more in a single view. This provides organizations with visibility across their entire attack surface ecosystem, including technology, people, and third parties. AI Breach Predictions and Prioritized Actions to Prevent Breaches Using SAFE's predictive AI data models, co-developed with MIT, SAFE generates breach likelihood for different risk scenarios like ransomware. For example, accurately answer questions like: How likely are you to be hit by a ransomware attack in the next 12 months? What is your likelihood of being hit by the latest malware like "Snake" malware? What is your dollar impact for that attack? What prioritized actions can you proactively take to reduce the ransomware breach likelihood and reduce dollar risk? "The CISO is facing an unprecedented level of pressure and the role has evolved into a major business decision maker. With SAFE, CISOs can gain a new level of visibility with higher confidence, through real-time access into their cybersecurity posture, to make the most impactful strategy to decrease cyber risk," said Saket Modi, CEO and Co-Founder of SAFE. "The new release of SafeGPT, a generative AI interface, powered by LLM models is a game-changer. It helps CISOs get the right answers a hundred times faster." SafeGPT Drives Easy Access and Risk Reducing Decisions SAFE's generative AI chat interface powered by LLM models, SafeGPT, offers an intuitive platform for managing cyber risk with ease, providing stakeholders with a clear and comprehensible overview of the organization's cybersecurity posture. With its user-friendly dashboard and natural language processing capabilities, SafeGPT enables users to ask targeted questions of their cyber risk data, determine the most effective strategies for mitigating risk, and respond confidently to inquiries from regulators and other key stakeholders. "The market transitions going on now are going to affect every industry and vertical worldwide," said John Chambers, former Executive Chairman and CEO of Cisco and current founder and CEO of JC2 Ventures." AI is going to have a tremendous impact on cybersecurity, which is why I am excited about the launch of SafeGPT. It simplifies complex problem-solving for board members and C-level executives." About Safe Security Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data driven approach that empowers enterprises, boards, regulators and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100m, SAFE is growing over 200% year-over-year and serves some of the largest global enterprises.

Read More

ENTERPRISE IDENTITY, SOFTWARE SECURITY, CLOUD SECURITY

Lookout Announces the Successful Divestiture of Its Consumer Mobile Security Business Segment

Businesswire | June 05, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced it has closed the previously announced sale of its consumer mobile security business to F-Secure, a global provider of consumer security products and services. With this strategic divestiture Lookout will focus on expanding its core enterprise business, built around the Lookout Cloud Security Platform. The sale of Lookout’s consumer mobile security business represents a deliberate and strategic decision to optimize its enterprise product portfolio and concentrate its product innovation and go-to-market on the expansion of these core competencies. The divestiture sets Lookout up for long-term growth and further positions the Company to address the security transformation impacting organizations today, including the increase in remote work, the shift to cloud-based delivery models and the transition to zero trust architectures. “We are pleased to announce the successful divestiture of our mobile consumer security business, which represents a significant milestone in our strategic transformation to become a pure-play enterprise cybersecurity company,” Jim Dolce, CEO at Lookout. “With this refined focus, we will continue to drive innovation, invest in the development of cutting-edge solutions and drive greater value for our customers.” Lookout’s core enterprise business includes Lookout Mobile Endpoint Security and its security services edge (SSE) cloud-native solution, the Lookout Cloud Security Platform. The Company entered the cloud security market through its acquisition of CipherCloud in March 2021. Its Cloud Security Platform was recently scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge (SSE)1 report in each of the four use cases. The Gartner Critical Capabilities for SSE – an essential companion to the Gartner Magic Quadrant™ for SSE2 in which Lookout was named a Visionary for the second year in a row – is a comparative analysis that scores products or services against a set of critical differentiators that every business needs, as identified by Gartner. These four use cases include Secure Web and Cloud Usage, Detect and Mitigate Threats, Connect and Secure Remote Workers and Identify and Protect Sensitive Information. As part of the sale agreement, F-Secure acquires all of the Lookout consumer mobile security products and technology and assumes all responsibility for ongoing operations and customer relationships. Additionally, the Company’s consumer employees will become part of F-Secure. About Lookout Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter. © 2023 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design®, and SIGNAL FLARE® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, SCREAM, the 4 Bar Shield Design, and the Lookout multi-color/multi-shaded Wingspan design.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Lacework Unifies Entitlements Management and Threat Detection for Simplified Cloud Security

Prnewswire | June 07, 2023

Lacework, the data-driven security platform, today announced new CIEM functionality that empowers teams to gain observability of all cloud identities, know precisely who can perform what actions, and easily identify which identities pose the greatest risk. Furthermore, Lacework's actionable approach to CIEM provides customers with recommendations on how to reduce their identity risk. By combining these new capabilities with cloud security posture management, attack path analysis, and threat detection into a single platform, Lacework gives customers a clear understanding of their cloud identity landscape, visibility into cloud identity and access management (IAM) misconfigurations and exposed secrets, and continuous discovery of identity threats. The benefits of public cloud come with complex challenges in managing identity risk. With over 35,000 granular permissions across hyperscale cloud providers, organizations struggle to limit unnecessary access. Most cloud users and instances are granted far more permissions than they actually need, leaving organizations highly exposed to cloud breach, account takeover, and data exfiltration. And the fact that machine identities in the cloud typically outnumber humans by an order of magnitude intensifies the issue. "Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk," said Philip Bues, Research Manager for Cloud Security, at IDC. "Beyond prioritizing risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk." Preventing Cloud Identity Risk with New Entitlement Management Technology Lacework dynamically discovers cloud user, resource, group and role identities and their net-effective permissions and then automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. This means Lacework not only informs customers of risky identities and entitlements, but also shows those identities that are hardly used or even need entitlements to begin with. "CIEM is a vital facet of a comprehensive cloud security strategy," said Paolo del Mundo, Director of Application Security, The Motley Fool. "It's encouraging to see Lacework incorporating this into their well-rounded CNAPP solution, potentially providing a robust response to the challenge of managing cloud access permissions effectively." Combined with Lacework's ability to prioritize risks from an attack path context, as well as detect user and entity behavior anomalies, customers are able to: Continuously comply with IAM security and regulatory compliance requirements. Identify cloud user, application and service identities, know exactly what actions each can take, and prioritize the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams. Continuously discover risky behavior, including lateral movement and privilege escalation, without needing to write rules or stitching together disparate alerts. Rapidly detect insider threats associated with malicious or accidental abuse of permissions. "Our customers need to know what entities are actually doing in their cloud and whether it's malicious or inappropriate, and it can't get in the way of their ability to move fast," said Adam Leftik, Vice President, Product, Lacework. "Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize, and respond to identity alerts. It's the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward." About Lacework Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.

Read More

ENTERPRISE SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Safe Security Unveils Industry's First AI-Fueled Cyber Risk Cloud of Clouds Platform with SafeGPT to Answer Cyber Questions a Hundred Times Faster

Prnewswire | June 02, 2023

Safe Security (SAFE), the leader in AI-based cyber risk management SaaS platform, announced today the industry's first Cyber Risk Cloud of Clouds for predicting and preventing cyber breaches. In contrast to the rest of the industry that takes a reactive approach, SAFE's Cyber Risk Cloud of Clouds enables organizations to make informed and predictive dynamic security decisions to reduce risk. Real-Time, Data-Driven, Aggregated Risk in a Single Place SAFE's Cyber Risk Cloud of Clouds provides organizations with a granular and aggregated view of enterprise security risk by bringing together multiple disparate cyber signals, including Crowdstrike, Wiz, AWS, Azure, Google Cloud Provider, Qualys, Tanium, Rapid7, ServiceNow, and more in a single view. This provides organizations with visibility across their entire attack surface ecosystem, including technology, people, and third parties. AI Breach Predictions and Prioritized Actions to Prevent Breaches Using SAFE's predictive AI data models, co-developed with MIT, SAFE generates breach likelihood for different risk scenarios like ransomware. For example, accurately answer questions like: How likely are you to be hit by a ransomware attack in the next 12 months? What is your likelihood of being hit by the latest malware like "Snake" malware? What is your dollar impact for that attack? What prioritized actions can you proactively take to reduce the ransomware breach likelihood and reduce dollar risk? "The CISO is facing an unprecedented level of pressure and the role has evolved into a major business decision maker. With SAFE, CISOs can gain a new level of visibility with higher confidence, through real-time access into their cybersecurity posture, to make the most impactful strategy to decrease cyber risk," said Saket Modi, CEO and Co-Founder of SAFE. "The new release of SafeGPT, a generative AI interface, powered by LLM models is a game-changer. It helps CISOs get the right answers a hundred times faster." SafeGPT Drives Easy Access and Risk Reducing Decisions SAFE's generative AI chat interface powered by LLM models, SafeGPT, offers an intuitive platform for managing cyber risk with ease, providing stakeholders with a clear and comprehensible overview of the organization's cybersecurity posture. With its user-friendly dashboard and natural language processing capabilities, SafeGPT enables users to ask targeted questions of their cyber risk data, determine the most effective strategies for mitigating risk, and respond confidently to inquiries from regulators and other key stakeholders. "The market transitions going on now are going to affect every industry and vertical worldwide," said John Chambers, former Executive Chairman and CEO of Cisco and current founder and CEO of JC2 Ventures." AI is going to have a tremendous impact on cybersecurity, which is why I am excited about the launch of SafeGPT. It simplifies complex problem-solving for board members and C-level executives." About Safe Security Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data driven approach that empowers enterprises, boards, regulators and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100m, SAFE is growing over 200% year-over-year and serves some of the largest global enterprises.

Read More

Events