Urgent Redefinition of Data Loss Prevention to Address Increasing Global Data Threats

Urgent Redefinition of DLP to Address Increasing Data Threats
Discover the significance of data protection in today's vulnerable world. Gain insights into the far-reaching impacts of data loss and the importance of proactive data security practices for businesses.
 

Understanding Data Protection’s Significance in an Ever-Vulnerable World

In today's highly competitive business landscape, organizations must recognize the immense value of their data resources and prioritize implementing robust data protection measures. Safeguarding data from external threats and internal vulnerabilities is paramount to ensuring businesses' smooth and secure operations. In an era of increasingly complex IT environments, data protection becomes an increasingly challenging endeavor, necessitating organizations to maintain a vigilant stance in safeguarding their critical information.

According to Ponemon Institute statistics, 77% of companies are woefully ill-prepared and planned when it comes to thwarting an attack or a data breach.

Protecting sensitive data, such as intellectual property, personally identifiable information, and financial records, poses a significant challenge for organizations. The modern workplace, characterized by extensive data collaboration across networks, devices, and applications, further amplifies the risk of data security incidents. Furthermore, limited resources often hinder organizations from keeping pace with the ever-growing array of data security risks.

However, as data volumes continue to expand, the escalating concerns surrounding data protection highlight the severe consequences organizations face in terms of financial loss, reputational damage, and legal repercussions resulting from data breaches. To mitigate these risks, they must adopt a proactive approach to data protection. This encompasses the implementation of robust security protocols, using encryption technologies, conducting regular security audits, and providing ongoing employee training on data security best practices.

This proactive approach enables businesses to operate with greater confidence, trust, and resilience. It is important to note that organizations must view data protection as an essential aspect of their overall business strategy and continually adapt and improve their data security practices. Only by protecting their data can organizations maintain a competitive edge, preserve customer trust, and uphold their reputation as reliable and secure entities in the marketplace.

The Far-Reaching Impacts of Data Loss

Data protection is a critical concern that applies to organizations of all sizes, and falling into the trap of thinking it only affects large enterprises can have devastating consequences. In fact, small businesses are often targeted by data theft attempts, as they may have fewer resources and can be more susceptible to attacks. Failing to keep up with data security measures and strategies results in severe repercussions for businesses. It damages their reputation, increase operational downtime, leave sensitive data unprotected, and even attract legal action. With organizations increasingly relying on cloud and online transactions, cyber threats now pose a significant risk to data integrity.

Data breaches can lead to the theft of valuable information, which can be sold to other parties or used for fraudulent activities. The financial impact of these breaches and losses is substantial. When a company fails to protect its sensitive information and allows data breaches to occur, it not only incurs financial losses but also experiences a significant blow to its reputation. Dissatisfied customers may take their business elsewhere, resulting in decreased revenue. Communicating a data loss incident to customers, while essential, can also erode trust and lead to discontentment. This can further drive customer churn and harm the business's overall reputation, especially if customer data is compromised. Rebuilding customer relationships in the aftermath of a data loss incident requires significant time and resources, as the consequences can persist for years.

Data Loss Prevention: An Essential Ingredient

Data loss prevention (DLP) is an integral part of a comprehensive data protection strategy, aiming to prevent unauthorized access, use, or disclosure of sensitive data. A well-implemented DLP system can help organizations proactively safeguard their data, mitigate risks, and avoid the aftermath of data loss incidents.

As Alexey Raevsky, CEO, Zecurion rightly stated in an interview with Media7,

If any organization has a mature DLP in place, there is no need of combating the aftermath of data loss.

A robust DLP system comprises advanced security protocols, encryption technologies, and continuous monitoring mechanisms. These components work together to identify vulnerabilities, prevent data breaches, and address potential threats.

The other key advantage of an effective DLP system is establishing and enforcing stringent access controls. This ensures that only authorized individuals can access and manipulate sensitive data, reducing the risk of data breaches caused by internal or external factors. Encryption technologies employed by DLP systems further enhance data protection by securing data at rest and in transit, making it challenging for malicious actors to compromise sensitive information.

Navigating Data Protection World with Enterprise DLP ‘Zecurion’

An enterprise DLP system offers a comprehensive solution designed to address organizations' complex data landscapes and security challenges. It provides centralized control and visibility over data across multiple systems, networks, and endpoints within the enterprise. Organizations can effectively manage and protect data throughout its lifecycle, regardless of location or format, by implementing a unified DLP framework.

This is where Zecurion becomes essential. It is a next-gen DLP provider that specializes in researching, investigating, and monitoring activities to prevent data loss incidents. Its DLP solution offers various features to enhance data protection and incident response:

  • User Behavior Analytics (UBA) with fast risk-based assessment: This feature provides visibility into employee activities and evaluates them based on parameters such as risk, productivity, policies, and emotional state. The Security Officer can closely monitor high-risk employees while allowing low-risk ones to operate with fewer limitations.

  • Screen Photo Detector: This feature detects attempts to photograph a screen using a smartphone by utilizing webcams. It employs two neural networks to ensure reliable smartphone detection and quickly identifies cybersecurity incidents in a fraction of a second.

  • Investigation Workflow Automation: This module simplifies investigations and streamlines the incident response cycle. It provides a comprehensive view of ongoing tasks, including their statuses, relevant data, assigned personnel, and deadlines. Cybersecurity team members can collaborate, leave comments, discuss progress, and attach supporting documents and incidents for efficient and effective incident resolution.

Stand Out from Completion with the Next-Gen DLP

Zecurion stands out from its competitors due to its ease of implementation and successful use cases demonstrating its instrumental value. One notable example is its pivotal role in a recent forensic investigation conducted for an oil refinery. The investigation uncovered fraudulent activities by intermediaries selling the refinery's products at inflated prices. Zecurion's DLP solution played a critical role in identifying the involvement of a group of managers, including a C-level executive, who had gone to the extent of forging documents to conceal their actions. A financial and legal audit conducted with the help of Zecurion revealed that the fraudsters' actions had resulted in a loss of over $25 million for the organization. The DLP solution proved invaluable in enabling the refinery to take legal action against the perpetrators and terminate the employment of the three key individuals involved in the scam. The success of Zecurion's DLP solution in this particular use case further establishes its reputation as a trusted and effective solution for safeguarding organizations against data loss and fraudulent behavior.

Privacy and Protection: Balance is Crucial

It is important to note that while organizations must prioritize data security, balancing security measures and respecting employee privacy and autonomy is equally important. While a robust data security framework is essential and ensures that sensitive information is adequately protected, employees must feel that their personal information is handled with care and that their privacy is respected. This can be achieved through clear and transparent data usage policies, consent-based data collection practices, and strict adherence to data protection regulations. Organizations can create a culture of trust and accountability by establishing these guidelines and practices, instilling confidence among employees that their privacy is valued and protected.

Additionally, organizations can foster a culture of data security awareness and education among employees. Regular training and updates on data security best practices can turn employees into proactive participants in maintaining a secure work environment. This not only enhances data security but also cultivates a sense of shared responsibility and accountability among employees. When employees feel that their privacy is respected and they are given the autonomy to perform their duties effectively, they are more likely to adhere to data security protocols and actively contribute to the organization's overall security posture.

Spotlight

SCALABLE Network Technologies

Based in Culver City, California, SCALABLE provides network design and analysis tools and cyber training systems that enable customers to develop, test and deploy large, sophisticated enterprise wireless networks and new communications equipment, and train personnel on cyber defense. Our solutions integrate software virtual networks with physical hardware and applications, allowing users to rapidly test a wide range of highly realistic scenarios for better operational planning, more effective training and enhanced communications effectiveness without the expense of building out physical infrastructure. SCALABLE provides a repeatable, verifiable and highly cost effective solution.

OTHER ARTICLES
Enterprise Security, Network Threat Detection, Software Security

Protection vs Privilege

Article | June 19, 2023

As of May 2023, 39% percent of workers in the UK work from home at some point during their week. Whilst understandable, the hybrid-working environment continues to pose more risks to organisations and their data. As more devices are accessed beyond the confines of the corporate network, businesses must account for the inherent risks presented by insecure or non-existent endpoint control. As users of these devices have more administrative control, and without the constant presence of IT services, the door is left open for increased phishing, ransomware and malware attacks. A daunting 88% of data breaches are now caused by employee error. Just earlier this month, the genealogy company 23andMe confirmed that its data had been compromised in an attack from hackers who claimed to have accessed millions of data points from accounts by taking advantage of users login credentials. The problem with this is that the users are not the root of the issue. The concern comes not only from employees, but from the number of endpoints being accessed from multiple locations, and the lack of control over the access and privileges that these devices have. A frightening statistic revealed in a study from Forbes, showed that 23% of UK and US small businesses used no form of endpoint security, and that a further 57% simply believe they won’t be targeted by cyber-attacks. The reason this is so concerning is that cybersecurity companies have reported a 20% increase in victims of such attacks just in the last year. These attacks not only put company and customer data at risk but can also result in a strain on IT services and leave users without the systems and tools essential for productivity. Preventing unlimited access One of the ways that attacks break through endpoints and escape into an organisation's network is by exploiting local admin rights on end-users' workstations. Those local admin rights are handy for the user. For example, they can install a new printer driver or update an application plug-in without calling the IT help desk. But they can also be abused to install malware or configure the computer to make an attack easier. It could be easy to remove those local admin rights or the shadow user account on the workstations with those elevated permissions. But that will frustrate end-users and increase the load on the help desk. The key issue here, is the concept of privilege. Users often need the privilege to elevate their devices by running an administrator account in order to gain access to, and update applications. Unfortunately, this greatly increases risk as these elevated administrator accounts are much more attractive to hackers for this exact reason - their access to more lucrative data. It has been reported that 70% of all data breaches are targeted at privileged accounts, which is especially alarming when taking into account the fact that 90% of IT security professionals have said that their organisations’ users have more privilege than is necessary. The issue for many companies arises in finding the balance between the users’ access to local admin rights and their productivity. More open access to the admin rights makes things easier and convenient for the users but opens the door to security risks with more endpoints to target. A study by the Ponemon Institute showed that 73% of organisations believed that threats to their endpoints had significantly increased, and that a staggering 80% of organisations that had been compromised by cyber-attacks did not know what type of attack they had been subjected to. The need for a more effective and efficient security measure is clear. Endpoint privilege management (EPM) oversees and governs the privilege of network devices. It completely removes the need for users to have administrator accounts on the devices they use, whilst still enabling them to have elevated access to certain applications. EPM only elevates approved applications and provides the users with a clear audit list of those which have been approved. Privilege to protect Whilst not a universal fix, the implementation of EPM, for example, can help alleviate the risks and reinforce a culture of security within organisations. It is understandable to be cautious when faced with words and phrases such as “approved applications” or “removing administrator rights”, but EPM is not about limiting your users’ experience or productivity. EPM does not forbid or remove access to applications. The IT team can grant approved users’ permission to run specific applications with elevated permissions for a limited period, to carry out specific actions. Users can then access what they need to, while IT retains visibility over all actions in case activity needs to be stopped, or incidents need to be investigated at a later date. If permissions need to be granted on an individual basis, for each user and application, IT will be buried under an avalanche of requests – so EPM tools will allow rules and policies to be created and then applied at scale. Users can do the work they need with few calls to the Help Desk. IT gets fewer interruptions and can focus on more valuable work. Auditors can see who had access to which applications and logs show the actual users, not an arbitrary administrator account. Endpoint privilege management is vital to any organisation's cybersecurity strategy, not only to manage and control access to sensitive data and resources but minimise the chance of a data breach. EPM also plays a crucial role in ensuring compliance with industry standards and regulations to avoid the legal liabilities that may ensue should a breach occur.

Read More
Enterprise Security, Network Threat Detection, Software Security

The NIS2 cyber security rules are coming – are you ready?

Article | July 18, 2023

The EU NIS cyber security regulations are evolving for 2024 – and if you’re not currently aware of how they’ll apply to your organisation, now is the time to get up to speed with the likely requirements. Not only is the directive being tightened, but an extended range of healthcare and related organisations will be added to the list of ‘critical entities’ that must comply. These include certain medical device manufacturers, pharmaceutical companies, and organisations that carry out R&D. The Network and Information Systems (NIS) standards were set up in 2016 to protect essential services – such as water, energy, healthcare, transport and digital infrastructure – from online cyberattacks. The updated legislation, NIS2, will have stricter rules and reporting requirements, and higher penalties for non-compliance. They will apply to medium-sized and large businesses that operate within one or more EU countries. Those based only in the UK can’t sit back, however, as the original NIS regulations will still apply as part of British law. What’s more, a UK version of the rules is coming very soon, and it’s likely that the framework will closely resemble the EU’s. What will the requirements cover? There are a number of cyber risk management measures that all organisations that come under the scope of NIS2 will be required to put in place. For instance, they will need to conduct regular security assessments and risk analyses, adopt incident response and handling plans, and appoint a chief information security officer (CISO), among other obligations. The new directive will streamline and strengthen incident reporting requirements. Entities must notify regulators of any incident that has compromised data, or had a significant impact on the provision of their services, for instance by causing severe operational disruption or financial loss. Applying information system security policies and business continuity plans will form part of the obligations, as will conducting cyber security testing, and training for all staff. The use of multi-factor authentication (MFA) and encryption, where appropriate, will also be mandated. There is plenty of focus within the directive on the cornerstones of cyber security best practice – in particular the proper control of administrator-level account credentials, privileged access, and endpoints, all of which are prime targets for attackers. Under NIS2, organisations are being separated into ‘critical’ and ‘important’ entities. It’s important to determine which category yours will fall under, as requirements are different for each. The third party threat will also be addressed in NIS2 through the pulling in of managed service providers (MSPs) to the list of ‘critical entities’, with the aim of keeping digital supply chains secure. MSPs are often granted privileged access to clients’ corporate systems and networks, which creates security risks. What are the consequences of non-compliance? Organisations that come under the regulations’ purview will be subject to random checks, regular security audits, on-site inspections and off-site supervisions. For those found to be in breach, sanctions could include warnings, temporary suspension of certain activities, and temporary prohibition to exercise certain managerial functions. Financial penalties could be as high as 10 million Euros or 2% of an organisation’s global turnover – whichever is higher. What steps should healthcare organisations take now? Organisations should take action to establish whether the EU or UK NIS2 regulations will apply to them and what their responsibilities will be. Having identified any gaps in existing cyber security processes, policies and practices, they must determine what changes need making to address them. As a priority, they must review their incident response plans, and incident management and reporting procedures. It’s also a good idea to begin assessing the security posture of partners and third parties in the supply chain, and incorporating relevant security requirements into contracts. Given the framework’s focus on protecting privileged admin accounts, organisations should implement controls that will limit the number of staff members who hold these powerful credentials. Implementing privileged access management (PAM) will allow IT to control who is granted access to which systems, applications and services, for how long, and what they can do while they’re using them. Preparing for the introduction of the EU NIS2 regulations should be considered as more than just a compliance exercise. By meeting the strengthened requirements, healthcare organisations will be building a foundation of resilience that protects them, their customers, and the essential services they provide.

Read More
Network Threat Detection, Platform Security, Software Security

Leading the Pack: Top 15 Network Security Providers for Businesses

Article | July 18, 2023

Uncover the network security leaders at the forefront of fortifying digital space against an array of cyber threats. Discover solutions tailored to ensure business's online safety and continuity. In the expanding digital space, where cyberattacks and data breaches are a constant threat, businesses of all sizes must prioritize network security to preserve customer confidence, safeguard sensitive data, and ensure uninterrupted operations. With this, selecting the right network security provider has become an integral element of a company's cybersecurity strategy. As businesses continue to navigate the technological landscape, working with a dependable and holistic network security provider is an investment that pays off in terms of protecting assets, maintaining trust, and ensuring continuous operations. Here are some of the leading network security providers for businesses: 360 SOC, Inc. 360 SOC, Inc., a cybersecurity corporation headquartered in Scottsdale, Arizona, is a model of innovation and efficiency. Together with its sister company, HTG 360, Inc., the company has earned a commendable reputation for providing cutting-edge security solutions to marginalized business communities at competitive prices. With a team of experienced security consultants, visionary business leaders, and adept engineers, 360 SOC employs its distinctive 'Reverse DNA' methodology, which leverages a unique combination of business acumen and technological expertise. Praetorian Praetorian is at the forefront of offensive security services, providing enterprises with unwavering assistance in navigating the digital domain. Utilizing profound cybersecurity expertise, the company's skilled professionals provide the necessary knowledge to fortify defenses against persistent and sophisticated attacks. Its managed services provide full protection against an exhaustive range of attack vectors, including external, internal, cloud, web applications, secrets, phishing, and supply chain and vendor risks. With Praetorians as their vigilant guardian, Chief Information Security Officers (CISOs) of the world's prominent businesses are confident in their ability to propel digital expansion without hindrance. SecqureOne For the past 17 years, SecqureOne (SQ1), a prominent Silicon Valley-based cybersecurity and compliance solution provider, has graciously served global businesses. SQ1 has emerged as a trustworthy security partner for companies across various industries, including healthcare, pharmaceuticals, financial services, manufacturing, retail, hospitality, insurance, government, legal, technology, oil, and energy. Its platform, SQ1Shield, combines 24x7 vigilant monitoring led by skilled cybersecurity analysts, Managed Detection and Response (MDR) services for endpoints and networks, and proficiency in Security Orchestration and Automated Response mechanisms. NordLayer NordLayer stands as a leading provider of flexible and easily deployable cybersecurity solutions for businesses of all sizes and operational models, developed using NordVPN's excellence as a benchmark. The company's mission is to facilitate network security for businesses, enabling a streamlined approach to fortification. By enhancing internet security and modernizing network and resource access, NordLayer offers technological enhancements that align with the most stringent regulatory compliance requirements. Following the Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) principles, NordLayer focuses on the security service edge within cybersecurity services. Silver Spring Networks Silver Spring Networks is a pivotal enabler of the Internet of Important Things, consistently promoting the dependable and secure interconnection of important entities. Municipalities, utilities, and corporations across five continents leverage the company's cost-effective and high-performance IoT network and data platform to improve operational efficiency, embrace sustainability and indicate cutting-edge offerings poised to improve countless lives. With a track record of delivering over 27.3 million devices, Silver Spring Networks offers a battle-tested, standards-driven, and military-grade secure foundation. Absolute Software Absolute Software emerges as the sole provider of intelligent, self-renewing security solutions. The company distinguishes itself as the only platform orchestrating an enduring digital linkage that proficiently and dynamically imparts visibility, control, and self-healing characteristics on endpoints, applications, and network connections. This fortification enables clients to strengthen their cyber resilience against the rising tide of ransomware and malicious attacks. Absolute's eminence is highlighted by its lasting recognition as a Leader in G2's Summer 2023 Grid Report for Endpoint Management - a prestigious honor earned for the fourteenth consecutive quarter - and as a Leader for the fourth successive quarter in the grid for Zero Trust Networking. ARIA Cybersecurity Solutions ARIA Cybersecurity Solutions is a leading firm that provides multifaceted solutions with dual functions: increasing the efficacy of businesses' existing security infrastructure and helping the deployment of extensive AI-driven Security Operations Center (SOC) capabilities within a unified framework. The company's solutions introduce novel methods for monitoring internal traffic, in addition to cautious analytics directed at security tools such as SIEMs or its ARIA ADR application, through novel approaches. This synergy significantly amplifies threat detection and proactively thwarts cyberattacks and data intrusions. Diverse industries rely on ARIA Cybersecurity Solutions services to strengthen their security posture, regardless of their operational context. ES Cyber Solutions Headquartered in Willowbrook, IL, ES Cyber Solutions (formerly ESPO Systems) is a renowned cybersecurity company offering a vast array of services and solutions carefully designed to address complex security requirements. The company is proud to represent six prominent cybersecurity vendors and their respective partner networks, with a primary focus on managed security services provisioning (MSSP) and professional services. With a history dating back to 2009, ES Cyber Solutions has a proven track record of providing remote and on-site professional services to over 8000 clients worldwide. Supported by cutting-edge technology, the skilled team assures rapid and effective deployment, enabling immediate value realization for esteemed clients. Skybox Security Skybox Security, headquartered in San Jose, California, stands out as an unrivaled organization that provides an all-encompassing view of hybrid and multi-cloud networks and facilitates an in-depth understanding of the attack surface. The company streamlines the process of identifying, prioritizing, and resolving vulnerabilities by providing businesses with holistic visibility, sharp analytics, and effective automation. This transformative strategy optimizes security policies, actions, and change processes across all enterprise networks and cloud environments. By adopting Skybox Security, businesses enable their security teams to transfer their attention to strategic business initiatives, ensuring secure business enablement on a vast scale. Nexum, Inc. Nexum, Inc., founded in 2002 in Chicago and headquartered in Hammond, Indiana, develops custom solutions to meet businesses' specific needs, ranging from identifying and preventing network threats, intrusions, and disruptions to ensuring frictionless alignment with business objectives. The company excels in multiple domains, including security engineering and architecture services, managed security services, and level 1 and level 2 support programs for prestigious brands. Its unwavering dedication to protecting digital landscapes exemplifies its commitment to a diverse clientele, spanning from multinational corporations to smaller, regional, and local organizations. NextRay AI Detection & Response Inc. NextRay AI Detection & Response Inc. stands as a pioneering AI-driven cybersecurity enterprise. Using cutting-edge technology, NextRay AI provides sophisticated and proactive solutions that are meticulously designed to empower clients to combat complex threats, zero-day vulnerabilities, and cloud-based assaults with unmatched efficacy. The company's extensive capabilities include enhanced network and threat visibility, Early Stage Detection and Response, Advanced Network Forensics, and robust AI and cyber security capabilities. This strategic combination of innovation and experience positions NextRay AI at the forefront of protecting digital terrains and enables businesses to navigate the ever-changing cybersecurity space confidently. ReasonLabs ReasonLabs has emerged as a pioneering force in cybersecurity, delivering Fortune 500-caliber cyber protection to countless home users worldwide. Powered by AI prowess, its cutting-edge antivirus engine analyzes billions of files across the globe, preventing cyberattacks in real time and around the clock. RAV Endpoint Protection, the company's primary endpoint security solution, constitutes a multi-layered defense strategy that effectively protects home users from the dangers of next-generation threats and serves as the centerpiece of its comprehensive suite. ReasonLabs is unwavering in its dedication to safeguarding digital domains, providing residential users with a line of defense comparable to the level of security employed by multinational corporations. Safari Micro Safari Micro, founded in 1997, has become a reputable value-added reseller specializing in IT hardware, software, and a plethora of services, including network infrastructure, cloud computing, storage, security, endpoint solutions, and managed services. The company serves a diverse clientele in the US, including businesses, state municipalities, educational institutions, and government agencies. Safari Micro's strategic powers reside in its ability to forge strong partnerships with manufacturers and distributors of varying sizes, allowing its sales and IT services professionals to deliver precise solutions precisely when needed. SBS CyberSecurity, LLC SBS CyberSecurity, LLC (SBS) is a reputable cybersecurity consulting and auditing firm of the highest caliber. Since its founding in 2004, SBS has assisted numerous organizations in establishing robust risk management programs and mitigating cybersecurity vulnerabilities effectively. The company is distinguished by its ability to provide customized, all-inclusive solutions, including cybersecurity risk management software, network security tools, consulting services, IT audits, and educational initiatives. Through its multifaceted approach, SBS CyberSecurity enables clients to make well-informed security decisions, instilling confidence in the security and integrity of their most vital data assets. Cynet Security Cynet Security is a pioneer and market leader in advanced threat detection and response. The company's devotion to simplifying security is demonstrated by its rapid deployment of an exhaustive platform that includes detection, prevention, and automated response to sophisticated threats, all while maintaining an exceptionally low rate of false positives. This method effectively reduces the time between detection and resolution, thereby minimizing the potential for damage to organizations. The company expands its offerings by providing consumers with access to a team of expert threat analysts and investigators 24 hours a day, seven days a week. Security Leaders: Transforming Network Security for Businesses As organizations rely increasingly on digital infrastructure to conduct operations, communicate sensitive information, and interact with customers, the surface area for potential cyber threats increases proportionally. This necessitates that businesses have extensive network security in order to place a crucial barrier between valuable assets and malicious actors, protecting against a spectrum of threats ranging from data breaches and ransomware attacks to phishing attempts. Since businesses navigate the complexities of the contemporary cyber frontier, these distinguished network security providers emerge as more than just protection mechanisms; they represent the sentinels of trust, dependability, and innovation. These industry-leading network security providers serve as an impregnable shield, allowing businesses to exploit the complete potential of technology without making any concessions.

Read More

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | February 17, 2020

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

Spotlight

SCALABLE Network Technologies

Based in Culver City, California, SCALABLE provides network design and analysis tools and cyber training systems that enable customers to develop, test and deploy large, sophisticated enterprise wireless networks and new communications equipment, and train personnel on cyber defense. Our solutions integrate software virtual networks with physical hardware and applications, allowing users to rapidly test a wide range of highly realistic scenarios for better operational planning, more effective training and enhanced communications effectiveness without the expense of building out physical infrastructure. SCALABLE provides a repeatable, verifiable and highly cost effective solution.

Related News

Software Security

Palo Alto Networks Intends to Acquire Talon Cyber Security

Palo Alto Networks | November 08, 2023

Palo Alto Networks plans to acquire Talon Cyber Security to enhance its Secure Access Service Edge (SASE) solution. Talon's Enterprise Browser technology, when integrated with Prisma SASE, will provide secure access to business applications. The acquisition reflects the importance of adapting SASE solutions to ensure consistent security for unmanaged devices. Palo Alto Networks, a global cybersecurity leader, has announced its intent to acquire Talon Cyber Security, an enterprise browser technology pioneer, to enhance its Secure Access Service Edge (SASE) solution and provide comprehensive protection for managed and unmanaged devices. In today's digital landscape, unmanaged devices often connect to enterprise applications without adequate security measures, making them susceptible entry points for attackers seeking to access sensitive information. Lee Klarich, Chief Product Officer of Palo Alto Networks, emphasized the importance of securing all work activity through an Enterprise Browser without compromising device privacy to protect users and applications effectively. He continued that the integration of Talon's technology with Prisma SASE aims to provide consistent security for all users and devices. Anand Oswal, SVP and GM at Palo Alto Networks highlighted the significance of securing unmanaged devices with the same robust security as managed devices, especially in today's dynamic threat landscape. HE further stated that the combination of Prisma SASE and Talon's Enterprise Browser is poised to revolutionize security measures in modern digital environments. Talon Cyber Security's Enterprise Browser technology offers an innovative solution that, when integrated with Prisma SASE, will enable users to securely access business applications from any device, including non-corporate devices, while ensuring a seamless user experience. This strategic move by Palo Alto Networks addresses the evolving security challenges in a connected world. Talon's Co-Founder and CEO, Ofer Ben-Noon, acknowledged the shifting work models and user preferences and the need for powerful last-mile security solutions. Talon's Enterprise Browser is designed to offer familiar user experiences with enterprise-grade protection. Ben emphasized that partnership with Palo Alto Networks is seen as a catalyst to accelerate its mission of delivering superior outcomes for customers. Talon, founded by Ofer Ben-Noon and Ohad Bobrov, secured the RSA Conference's Innovation Sandbox contest in 2022. The co-founders will continue to lead their teams within the Prisma SASE team at Palo Alto Networks upon the completion of the acquisition. Anand Oswal, Senior Vice President and General Manager at Palo Alto Networks, highlighted the advantages and security risks associated with Bring Your Own Device (BYOD) policies. He noted that Talon's Enterprise Browser provided security teams enhanced visibility and control over work-related Software as a Service (SaaS) and web activity across all devices, including personal and unmanaged endpoints. Anand emphasized the need for Secure Access Service Edge (SASE) solutions to adapt in order to secure unmanaged devices with the same consistent security measures applied to managed devices. This would enable users to access business applications securely from any device and location.

Read More

Cloud Security

Tigera Boosts Calico for Enhanced Security & Performance

Tigera | November 07, 2023

Tigera, a provider of an active security platform for containers and Kubernetes, has announced significant upgrades to its Calico Open Source and Calico Cloud. These improvements focus on enhancing the security, scalability, and performance of Kubernetes deployments for enterprises, providing a comprehensive solution for containerized environments. Given the increased utilization of Windows containers in production, Tigera has introduced the Calico Open Source Windows HostProcess Container feature. It streamlines node pool deployment, eliminating the need for manual node initialization and enhancing Kubernetes administrators' ability to manage Windows container-based applications efficiently. Calico Cloud now introduces a Security Score and Recommended Actions feature, addressing the paramount importance of security in Kubernetes clusters. This feature offers administrators an at-a-glance view of their organization's security posture by monitoring historical trends and risks by namespace. Moreover, it provides actionable recommendations tailored to each workload, fortifying the security of individual workloads and the entire cluster. It supports IPv6 for the eBPF dataplane, meeting the demands of enterprise-class applications by providing scalable, high-performance networking. This innovation ensures optimal performance for latency-sensitive applications and addresses IP shortages. Multi-cluster Kubernetes deployments over VxLAN are on the rise, requiring enhanced application layer observability and security. Calico introduces Kubernetes Cluster Mesh for VxLAN, offering a scalable solution for workload communication and security policy enforcement across Kubernetes clusters. This simplifies complex multi-cluster environments and ensures enterprise infrastructure can run efficiently, securely, and compliantly. These Calico enhancements redefine container networking and security, enabling enterprises to secure, scale, and optimize their Kubernetes clusters with unparalleled confidence. Tigera's Chief Product Officer, Amit Gupta, emphasized the importance of these updates, stating that Calico provides the industry's most complete solution for securing and observing Kubernetes environments. About Tigera Tigera provides the industry's sole active security platform, complemented by comprehensive observability capabilities tailored for containers and Kubernetes. The company's platform operates on a multifaceted front, effectively thwarting, identifying, troubleshooting, and autonomously mitigating potential security breach risks. It offers its platform through two distinct avenues: a fully managed SaaS solution, Calico Cloud, or a self-managed service, Calico Enterprise. Its open-source offering, Calico Open Source, is the most widely adopted solution for container networking and security, shaping the landscape of secure container environments.

Read More

Network Threat Detection

Fortinet Focuses on Business Growth to Drive Cybersecurity Innovation

Fortinet | November 06, 2023

Fortinet prioritizes secure networking, universal SASE, and security operations to expand globally and innovate in cybersecurity. Secure networking is estimated to reach $86 billion by 2027 and universal SASE $36 billion, aligning with the strategic change. Focusing on cybersecurity growth strengthens Fortinet's commitment to customer value and innovation. Fortinet, a global leader in cybersecurity, is focusing its business strategy on high-growth markets, emphasizing secure networking, universal secure access service edge (SASE), and security operations. This shift will drive innovation and reinforce its commitment to customers. Fortinet is reorganizing its research & development (R&D) and go-to-market (GTM) strategies around the three markets mentioned. They will develop integrated and advanced products to cater to these areas. Fortinet operates globally, serving hyperscale customers and promoting cybersecurity technologies. The three core markets Fortinet is concentrating on are secure networking, universal SASE, and security operations. These markets are expected to experience substantial growth, and Fortinet has a competitive advantage in them. This strategy aims to expand Fortinet's global business and provide value to its customers. The company is aligning with areas of high demand in the cybersecurity sector. Its current collection of organically developed and integrated products and services enjoys a notable competitive edge in the aforementioned three crucial markets: The market for secure networking is anticipated to reach $86 billion by 2027, expanding at a rate of nearly nine percent per year. 5G gateways, network firewalls, secure switches, and access points comprise the majority of its composition. With the expansion of its firewall business, Fortinet anticipates a corresponding increase in revenue for its FortiGuard Security Services, which are propelled by artificial intelligence (AI). Secure networking remains an integral component of Fortinet's strategy, given that it dominates both firewall revenues and units shipped in its greatest addressable market. Also, by 2027, the universal SASE market is anticipated to reach $36 billion, representing an annual expansion of nearly 20%. The system integrates various cloud-native networking and security technologies, including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP), zero-trust network access (ZTNA), SASE, and others. Its purpose is to streamline the process of implementing a zero-trust strategy. All functions of the SASE solution developed by Fortinet can be executed either in an appliance or in the cloud. This capability is facilitated by a unified management console, networking and security layer, and operating system. Recently, Fortinet was positioned in the inaugural Gartner Magic Quadrant for Single-Vendor SASE in 2023. Lastly, the security operations market is anticipated to reach $78 billion by 2027, expanding at slightly more than 14% per year. Fortinet's SecOps platform is the most comprehensive, integrated, and broad in the industry, enabling organizations to gain control and insight into their distributed operations through security orchestration, endpoint detection and response (EDR), automation and response (SOAR), security information and event management (SIEM), network detection and response (NDR), and additional integrated enterprise-grade cybersecurity technologies. Complementing Fortinet's R&D expenditures are strategic realignments in its GTM investments, concentrating on security operations, universal SASE, and secure networking. With the assistance of marketing support and training, sales will be structured in accordance with these three strategic areas in order to increase market penetration and consumer engagement.

Read More

Software Security

Palo Alto Networks Intends to Acquire Talon Cyber Security

Palo Alto Networks | November 08, 2023

Palo Alto Networks plans to acquire Talon Cyber Security to enhance its Secure Access Service Edge (SASE) solution. Talon's Enterprise Browser technology, when integrated with Prisma SASE, will provide secure access to business applications. The acquisition reflects the importance of adapting SASE solutions to ensure consistent security for unmanaged devices. Palo Alto Networks, a global cybersecurity leader, has announced its intent to acquire Talon Cyber Security, an enterprise browser technology pioneer, to enhance its Secure Access Service Edge (SASE) solution and provide comprehensive protection for managed and unmanaged devices. In today's digital landscape, unmanaged devices often connect to enterprise applications without adequate security measures, making them susceptible entry points for attackers seeking to access sensitive information. Lee Klarich, Chief Product Officer of Palo Alto Networks, emphasized the importance of securing all work activity through an Enterprise Browser without compromising device privacy to protect users and applications effectively. He continued that the integration of Talon's technology with Prisma SASE aims to provide consistent security for all users and devices. Anand Oswal, SVP and GM at Palo Alto Networks highlighted the significance of securing unmanaged devices with the same robust security as managed devices, especially in today's dynamic threat landscape. HE further stated that the combination of Prisma SASE and Talon's Enterprise Browser is poised to revolutionize security measures in modern digital environments. Talon Cyber Security's Enterprise Browser technology offers an innovative solution that, when integrated with Prisma SASE, will enable users to securely access business applications from any device, including non-corporate devices, while ensuring a seamless user experience. This strategic move by Palo Alto Networks addresses the evolving security challenges in a connected world. Talon's Co-Founder and CEO, Ofer Ben-Noon, acknowledged the shifting work models and user preferences and the need for powerful last-mile security solutions. Talon's Enterprise Browser is designed to offer familiar user experiences with enterprise-grade protection. Ben emphasized that partnership with Palo Alto Networks is seen as a catalyst to accelerate its mission of delivering superior outcomes for customers. Talon, founded by Ofer Ben-Noon and Ohad Bobrov, secured the RSA Conference's Innovation Sandbox contest in 2022. The co-founders will continue to lead their teams within the Prisma SASE team at Palo Alto Networks upon the completion of the acquisition. Anand Oswal, Senior Vice President and General Manager at Palo Alto Networks, highlighted the advantages and security risks associated with Bring Your Own Device (BYOD) policies. He noted that Talon's Enterprise Browser provided security teams enhanced visibility and control over work-related Software as a Service (SaaS) and web activity across all devices, including personal and unmanaged endpoints. Anand emphasized the need for Secure Access Service Edge (SASE) solutions to adapt in order to secure unmanaged devices with the same consistent security measures applied to managed devices. This would enable users to access business applications securely from any device and location.

Read More

Cloud Security

Tigera Boosts Calico for Enhanced Security & Performance

Tigera | November 07, 2023

Tigera, a provider of an active security platform for containers and Kubernetes, has announced significant upgrades to its Calico Open Source and Calico Cloud. These improvements focus on enhancing the security, scalability, and performance of Kubernetes deployments for enterprises, providing a comprehensive solution for containerized environments. Given the increased utilization of Windows containers in production, Tigera has introduced the Calico Open Source Windows HostProcess Container feature. It streamlines node pool deployment, eliminating the need for manual node initialization and enhancing Kubernetes administrators' ability to manage Windows container-based applications efficiently. Calico Cloud now introduces a Security Score and Recommended Actions feature, addressing the paramount importance of security in Kubernetes clusters. This feature offers administrators an at-a-glance view of their organization's security posture by monitoring historical trends and risks by namespace. Moreover, it provides actionable recommendations tailored to each workload, fortifying the security of individual workloads and the entire cluster. It supports IPv6 for the eBPF dataplane, meeting the demands of enterprise-class applications by providing scalable, high-performance networking. This innovation ensures optimal performance for latency-sensitive applications and addresses IP shortages. Multi-cluster Kubernetes deployments over VxLAN are on the rise, requiring enhanced application layer observability and security. Calico introduces Kubernetes Cluster Mesh for VxLAN, offering a scalable solution for workload communication and security policy enforcement across Kubernetes clusters. This simplifies complex multi-cluster environments and ensures enterprise infrastructure can run efficiently, securely, and compliantly. These Calico enhancements redefine container networking and security, enabling enterprises to secure, scale, and optimize their Kubernetes clusters with unparalleled confidence. Tigera's Chief Product Officer, Amit Gupta, emphasized the importance of these updates, stating that Calico provides the industry's most complete solution for securing and observing Kubernetes environments. About Tigera Tigera provides the industry's sole active security platform, complemented by comprehensive observability capabilities tailored for containers and Kubernetes. The company's platform operates on a multifaceted front, effectively thwarting, identifying, troubleshooting, and autonomously mitigating potential security breach risks. It offers its platform through two distinct avenues: a fully managed SaaS solution, Calico Cloud, or a self-managed service, Calico Enterprise. Its open-source offering, Calico Open Source, is the most widely adopted solution for container networking and security, shaping the landscape of secure container environments.

Read More

Network Threat Detection

Fortinet Focuses on Business Growth to Drive Cybersecurity Innovation

Fortinet | November 06, 2023

Fortinet prioritizes secure networking, universal SASE, and security operations to expand globally and innovate in cybersecurity. Secure networking is estimated to reach $86 billion by 2027 and universal SASE $36 billion, aligning with the strategic change. Focusing on cybersecurity growth strengthens Fortinet's commitment to customer value and innovation. Fortinet, a global leader in cybersecurity, is focusing its business strategy on high-growth markets, emphasizing secure networking, universal secure access service edge (SASE), and security operations. This shift will drive innovation and reinforce its commitment to customers. Fortinet is reorganizing its research & development (R&D) and go-to-market (GTM) strategies around the three markets mentioned. They will develop integrated and advanced products to cater to these areas. Fortinet operates globally, serving hyperscale customers and promoting cybersecurity technologies. The three core markets Fortinet is concentrating on are secure networking, universal SASE, and security operations. These markets are expected to experience substantial growth, and Fortinet has a competitive advantage in them. This strategy aims to expand Fortinet's global business and provide value to its customers. The company is aligning with areas of high demand in the cybersecurity sector. Its current collection of organically developed and integrated products and services enjoys a notable competitive edge in the aforementioned three crucial markets: The market for secure networking is anticipated to reach $86 billion by 2027, expanding at a rate of nearly nine percent per year. 5G gateways, network firewalls, secure switches, and access points comprise the majority of its composition. With the expansion of its firewall business, Fortinet anticipates a corresponding increase in revenue for its FortiGuard Security Services, which are propelled by artificial intelligence (AI). Secure networking remains an integral component of Fortinet's strategy, given that it dominates both firewall revenues and units shipped in its greatest addressable market. Also, by 2027, the universal SASE market is anticipated to reach $36 billion, representing an annual expansion of nearly 20%. The system integrates various cloud-native networking and security technologies, including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP), zero-trust network access (ZTNA), SASE, and others. Its purpose is to streamline the process of implementing a zero-trust strategy. All functions of the SASE solution developed by Fortinet can be executed either in an appliance or in the cloud. This capability is facilitated by a unified management console, networking and security layer, and operating system. Recently, Fortinet was positioned in the inaugural Gartner Magic Quadrant for Single-Vendor SASE in 2023. Lastly, the security operations market is anticipated to reach $78 billion by 2027, expanding at slightly more than 14% per year. Fortinet's SecOps platform is the most comprehensive, integrated, and broad in the industry, enabling organizations to gain control and insight into their distributed operations through security orchestration, endpoint detection and response (EDR), automation and response (SOAR), security information and event management (SIEM), network detection and response (NDR), and additional integrated enterprise-grade cybersecurity technologies. Complementing Fortinet's R&D expenditures are strategic realignments in its GTM investments, concentrating on security operations, universal SASE, and secure networking. With the assistance of marketing support and training, sales will be structured in accordance with these three strategic areas in order to increase market penetration and consumer engagement.

Read More

Events