'Innovative, strategic marketing that’s well-executed yields substantial ROI,' believes Ann Strackhouse Miller

Autonomous Penetration Testing for Companies
Ann Strackhouse Miller is a strategic marketing leader with 11+ years of experience building pipelines for high-growth companies through various marketing disciplines. Read on to know her perspective on thought leadership in a rapidly changing information security landscape and the importance of robust cybersecurity solutions.

While thinking about all of the different channels you can access to reach your buyers, it’s also important to start thinking about how to get your brand on the map.

Media 7: Hi Ann, thank you for time to this. Can you walk us through your experience in strategic market leadership and developing pipelines for high-growth firms across different marketing disciplines over the past 11+ years?
Ann Strackhouse: One of the values my parents instilled in me from a young age is that you can never stop learning. That's something I've applied to my career and have found it to be a main seed of growth for me.
I've worked at several startups in various funding stages, and I've also worked at enterprise-sized companies.
Each experience I've had was considerably different from the next. The most valuable roles where I've learned the most have been at earlier stage startups, but it's very hard to succeed in implementing an entire Marketing function if you haven't lived through examples of larger team structures and how things operate behind the scenes. You're essentially inheriting a blank canvas, and there is a world of opportunity for innovation.

When I'm in the job market, there are 3 things I initially evaluate about the company to decide if I want to move forward:
  • Is the product solving a problem that isn't already being solved?
  • Are they doing it in an innovative way?
  • Is there a significant total addressable market to go after?
If the answer to any of these is no, then it's not a fit because I won't be set up for success from the start. When the answer to these 3 is yes, it's a green light, but then the hard part begins.

My key pillars of focus are always lead generation, brand awareness and operations. I've found that operational workflows should be incredibly intricate and strategic, and have often times seen that function of Marketing neglected. It's crucial that the MarTech stack aligns together and is a scalable model from the outset. Marketing budgets are sizeable and there will always be a need to prove the ROI on any spend. Equally important is the need to review Marketing program performance so data-driven decisions can be made. Through experimentation, you should evaluate your programs and their effectiveness and iterate from there -- doubling down on where you see the most traction. Depending on what industry, there will be learnings throughout the process. For example: Targeting Government? Expect to get creative because of the mandates on employees receiving any type of monetary gift for an exchange of service. You can also expect a much longer deal cycle, which leads me to filling the funnel.
 
Strategically planning the timing of inbound leads is crucial. If you're working at a high-growth start up it's best to front-end your lead generation activities at the beginning of your Go-to-Market launch. From there as you evaluate your programs you can start to see where your conversion rates are high and move to a more even-paced model. While thinking about all the different channels you can access to reach your buyers, it's also important to start thinking about how to get your brand on the map.

This is where my company evaluation criteria come into play. You have a solid product to bring to the market, and then it's about getting your company on the map. Tap into differentiators. What is unique to your company that competitors don't have? This will often lead to 'newsworthy' shareables and an increase in brand recognition. One of the unique features we have at Horizon3.ai is that our rapid response program is open to anyone at our company who wants to comment. Typically, there are only a few leaders who are permitted to comment on industry news. But if you have a group of incredibly skilled individuals, why not open it up to everyone? 

It's been an exciting journey full of learnings, successes, challenges and failures. Driving change keeps you up at night. And it should.
Innovative, strategic marketing that's well-executed yields substantial ROI, but it also lifts the brand and all associated with it. Great marketing engages prospects and customers, motivates employees and reinforces the company's mission and product value to investors, partners and other key stakeholders. Exceptional growth starts with a "be great or be gone" mindset and the recognition that great creativity doesn't land without equally strong, programmatic execution. That demands clear planning and integration across marketing and public relations elements, across campaigns, across regions, and across product lines.


M7: In your role as Director of Marketing at Horizon3.ai, how would you prioritize the development of strategic partnerships and collaborative relationships in order to drive business growth and success?
AS: Partnerships are really the circulatory system that moves technology innovation through the market. If you look at cybersecurity for medium-sized businesses as an example, you see it's a major part of the overall opportunity over the next 10 years, but the profound shortage of experienced cybersecurity talent is likely to limit the opportunities for strong cybersecurity solutions that aren't supported by equally strong partnerships. Many of the best emerging organizations will, by necessity, need to tightly define the roles their internal cybersecurity teams play, and instead will turn to integrators and MSSPs as their "forward operations."

This is just one example of the role that strategic partnerships will play, and it's a dynamic that will only strengthen over time because, by virtue of their ongoing experience on the front lines fighting cyber threats, those partners will further consolidate and strengthen their position.

Likewise, the current talent shortage should inspire forward-looking organizations to work with ecosystem partners to drive certain aspects of usability and ease of reporting, particularly when it comes to helping the customer's CISO communicate to and with their senior-most executives, board members, risk officers and regulators.


M7: Please provide a brief description of the products and services offered by Horizon3.ai.
AS: It's likely every organization will be attacked at some point. It's not a case of if, but when. Experts urge (and regulations increasingly mandate) that organizations continuously identify their ineffective security controls and identify the critical, exploitable weaknesses that they must immediately fix.

The situation is further complicated by the abundance of "noisy" security tools that issue false positives, overwhelming security teams and forcing them to chase vulnerabilities that can't be exploited while at the same time overlooking readily exploitable, high-impact threats.

Horizon3.ai's NodeZero pentesting platform is based on the concept of using offense to inform defense. It lets organizations find and fix their vulnerabilities before an attacker exploits them. It can continuously assess an enterprise's attack surface, identifying the ways that an attacker can chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise systems and data. It provides organizations, MSSPs and integrators with a laser focus on the problems and vulnerabilities that can actually be exploited, without wasting their time and resources chasing false positives. NodeZero answers the top three questions that every CISO and security team needs to ask: "What's exposed?" "What needs to be fixed first?" and "How will we do more with less?"

Read more: 'Enterprises that don't leverage AI and ML will likely be at a disadvantage,' believes Miquido's Jerzy Biernacki


Exceptional growth starts with a be great or be gone mindset and the recognition that great creativity doesn't land without equally strong, programmatic execution.

M7: What makes content such an important factor in the marketing of products and services in the information technology industry?
AS: Content is king. This is a widely adapted notion with good reason. It's incredibly important to meet buyers where they are in their journey. Every organization should be doing an ongoing content audit to ensure each phase of the buyer's journey (research, consideration, and purchase) has messaging and content to match the stage they're in. If you have a comprehensive handle on who your personas are, what they care about and what role they play in their buying teams, you're going to see increased email open rates, assistance in closing deals, and higher conversion rates. A continuous nurture stream of relevant content will always help leads move down the funnel.

From a thought leadership standpoint, it's paramount to produce high-quality content that people want to keep coming back for. One of my current goals for our content strategy is to move away from trying to make a sale by promoting our product, to becoming a resource hub for cybersecurity professionals. Attackers only have to get it right once, while cybersecurity professionals have to be on point 24/7. Because the threat landscape is ever-evolving, CISOs and their teams constantly have to stay at the forefront of innovating their security stack, strategy and operations. Due to the high stress of the SOC function, these professionals greatly rely on peer-to-peer references and learnings from like-minded professional's stories on how to maximize risk avoidance and ultimately stay out of the news.

Creating a customer advocacy program will provide the space for these interactions. Cultivate customer champions who will share their story on a webinar and participate in a written case study or a video testimonial. 
Communication is the core of effective marketing, and content is at the core of communication.

M7: What do you think are the most significant changes that have taken place in the information and technology business during the past few years?
AS: Without a doubt, the global pandemic drove waves of workers to migrate from offices to working from home, massive upticks in retail and ecommerce, and almost immediate retooling and evolutions of major systems for "pickup at curbside" continuity. We all moved fast to drive the changes that helped meet public needs and kept businesses running, and that wave of change vastly altered and expanded the threat surface, creating ripple effect vulnerabilities. It also newly empowered threat actors in ways too numerous to list here. That seismic growth is also being followed by economic disruptions. And what thrives in disruption and economic uncertainty? Cybercrime.

Simultaneously, the world's threat landscape has shifted, with unfriendly nation state players more determined, resourced, and skilled than ever before.
We're in a different world than we were in just four years ago. The rate of change has been historic.

M7: There is already evidence that criminal organizations use highly automated attack techniques. In your opinion, what do you think is the future of cybersecurity?
AS:
The future of cyber threats will run at machine speed – algorithm vs. algorithm – with humans by exception. Attackers have accelerated their attacks using AI faster than defenders can improve their security effectiveness. So it's time for organizations to shift from a business-as-usual to an under-attack cybersecurity mindset.

Committed attackers will invest resources to compromise high-value targets as we saw with the SolarWinds attack. For these organizations – the Global 100, defense companies, critical infrastructure, e-Commerce, healthcare, manufacturing, social, etc. – a "wartime" mindset is critical. They must assume the attacker will get in and focus on actively defending their cyber terrain.


M7: Can you explain Horizon3.ai's approach to identifying and addressing security vulnerabilities and verifying the effectiveness of the solutions implemented?
AS: To understand and address IT infrastructure vulnerabilities before a cyber-attacker can exploit them, organizations have to continuously identify their ineffective security controls and identify critical, exploitable weaknesses that they must immediately fix.

And that's what autonomous pentesting with NodeZero does.It also leverages expertise, data, and insights to build an autonomous defense designed to be automated, with the intervention of humans by exception. That is the advanced level of effectiveness that sets NodeZero and Horizon3.ai apart. Right now, there are less than 5,000 OSCP-certified ethical hackers in the United States, and it takes ten years of hands-on experience to become a senior penetration tester. Meanwhile, demand for security testing has increased exponentially. Until NodeZero, only the most well-funded companies and organizations could conduct such testing. It's why the platform was specifically architected for usability – to help "democratize" autonomous pentesting.

Last year, Horizon3.ai customers ran nearly 7,000 pentests with NodeZero before coming to us, many of these customers could conduct pentests only once a year or, for some, not at all. Today, many constantly verify their security posture by running multiple pentests in a single month, and some prolific users run over 40 pentests a month with NodeZero.-  which is well above the often-cited recommendation of one to two pentests a year.

Usability must go hand-in-hand with results comprehension. NodeZero testing yields a graphical representation of the actual attack paths an attacker could use to chain together misconfigurations, vulnerabilities, and weaknesses to compromise their organization. This gives customers the insight needed to mitigate risk by prioritizing exploitable weaknesses with their corresponding fix actions, verifying that each weakness actually has been remediated, and giving the C-Suite and Board a new, clearly understandable lens into the organization's security posture.

Read more: Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud


It’s time for organizations to shift from a business-as-usual to an under attack cybersecurity mindset.

M7: Can you shed light on why attackers prioritize obtaining credentials and explain how Horizon3.ai Node Zero tackles this problem?
AS:
Compromised credentials are how attackers get in, and billions of compromised passwords and usernames are now available cheap on the dark web as a result of the breaches of the last ten years. Human nature being what it is, people continue reusing passwords and not updating them regularly.

So the big question is: "if they get in, what could they do?" NodeZero answers it. NodeZero was able to compromise a major financial services organization in 7 minutes and 19 seconds in a recent pentest. This customer had purchased best-in-class security tools, yet few alerts were triggered, and defenders could not react fast enough to stop the attack. Security effectiveness is the critical initiative every enterprise should undertake to ensure they are getting the most impact out of their security investments, and the best way to verify that effectiveness is through continuous penetration testing.

M7: What is password spray and how does NodeZero weaponize the technique in internal and external pentests?
AS:
In a password spraying attack, a threat actor tries to access a large number of accounts (usernames) on an application by using a single commonly used password, which avoids the account lockouts that happen during other types of attacks, such as brute force attacks. Our customers understand the risks that credential-based attacks pose to their organizations because NodeZero allows them to safely assess their environment against such attacks. In the last year, NodeZero successfully executed credential-based attacks over 6,000 times (out of the 34,000 times in which NodeZero successfully executed an attack compromising at least one host), and to significant effect. For example, when a medical clinic ran an internal pentest with NodeZero, it learned that its systems were exploitable after NodeZero conducted open-source intelligence gathering on the company's name, scraped potential employees from LinkedIn, then conducted password spraying.

Just as an actual cyber threat actor would do, NodeZero chained other weaknesses with the successful password spray to achieve multiple critical impacts. In this case, over 1,600 credentials were captured and used to access services and infrastructure. NodeZero compromised one domain, almost 50 hosts, and two domain users while discovering nearly 50 data stores open to ransomware. NodeZero was able to execute this operation completely safely. It showed proof of the exploit and gave the customer the steps necessary to fix their weaknesses.

M7: Can you tell me about Horizon3.ai's plans for innovation and growth in the coming years? How do you see the company evolving to meet new challenges in the cybersecurity market?
AS:
We're best in class today, but we know that threat actors are investing heavily in development of ever more sophisticated threats.
In addition to autonomous testing across premise, cloud and hybrid environments, we're focused on usability. We've just rolled out NodeZero Analytics, a level of usability that empowers cyber pros regardless of their level of experience. Additionally, we're focused on refining usability so that autonomous pentesting is a force multiplier. At the heart of the refresh are detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful.

ABOUT HORIZON3.AI

Horizon3.ai was founded in 2019 by former industry and U.S. National Security veterans with the mission to help organizations to see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure organizations are prepared to respond to real attacks.
To know more about Horizon3.ai, please visit; https://www.horizon3.ai/.

More C-Suite on deck

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

Related News

API Security

Cequence and Vercara Partner to Combat Cyber Threats and Revolutionize API Security

Cequence Security | January 25, 2024

Cequence Security is proud to announce a new partnership with Vercara, a leading provider of cloud-based services that secure the online experience. This collaboration aims to fortify the cybersecurity landscape by pairing Vercara’s network and application protections with Cequence Security's innovative Unified API Protection (UAP) platform. Security teams encounter substantial hurdles in safeguarding API applications from cyber-attacks, including the rapid development and deployment of API applications across diverse cloud providers. The unmanaged and unprotected nature of these APIs can harbor critical vulnerabilities, making them susceptible to exploitation. Moreover, the lack of a clear and consistent security posture across the application footprint introduces further complexities. To address these challenges, Cequence Security's UAP platform provides a comprehensive discovery of the entire API attack surface, encompassing both external and internal APIs. It ensures compliance with security and governance best practices, eliminating unknown and unmitigated API security risks. Furthermore, the solution offers native real-time inline protection, blocking API attacks before they reach applications. "The absence of API protection puts you at risk of potential theft, fraud, non-compliance, and business disruptions,” said Carlos Morales, SVP Solutions at Vercara. “Our partnership with Cequence combines our collective best-in-class services to address the evolving demands of the cybersecurity landscape, ensuring that businesses can confidently deploy needed applications and successfully navigate the complexities of API security with advanced, holistic protection.” Arun Gowda, VP, Business Development at Cequence Security, said, “In the evolving landscape of cybersecurity, the extensive risk of data compromise in API breaches goes beyond external APIs to internal ones. These often-overlooked internal APIs can access sensitive data not intended for public exposure. APIs have changed the game for attackers, making it imperative to prioritize the security of all assets accessible through APIs, including those not expected to be publicly exposed.” He added, “We are pleased to combine our innovative API security solutions with Vercara's innovative WAF and DDoS services to deliver advanced, holistic API protection. This collaboration reinforces our commitment to provide unparalleled security measures for businesses reliant on APIs.” Cequence Security's UAP platform is unparalleled in addressing all phases of the API security lifecycle. It provides: Discovery: A continuous API attack surface discovery management product that assesses your application footprint, offering a complete inventory of external APIs. Compliance: A security posture management product that identifies security risks in APIs, ensuring compliance with specifications, security test requirements, and governance best practices. Protection: Detects and prevents sophisticated automated API attacks and business logic abuse using advanced machine learning rules, providing real-time protection without relying on third-party components. About Cequence Security Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal and external APIs to defend against attacks, targeted abuse, and fraud. Requiring less than 15 minutes to onboard an API without requiring any instrumentation, SDK, or JavaScript integration, the flexible deployment model supports SaaS, on-premises, and hybrid installations. Cequence solutions scale to handle the most demanding Fortune and Global 2000 organizations, securing more than 8 billion daily API calls and protecting more than 3 billion user accounts across these customers. To learn more, visit www.cequence.ai. About Vercara Vercara is a purpose-built, global, cloud-based security platform that provides layers of protection to safeguard businesses’ online presence, no matter where attacks originate or where they are aimed. Delivering the industry’s highest-performing solutions and supported by unparalleled 24/7 human expertise and hands-on guidance, top global brands depend on Vercara to protect their networks and applications against threats and downtime. Vercara’s suite of cloud-based services is secure, reliable, and available, delivering peace of mind and ensuring that businesses and their customers experience exceptional interactions all day, every day. Pressure-tested in the world’s most tightly regulated and high-traffic verticals, Vercara’s mission-critical security portfolio provides best-in-class DNS and application and network security (including DDoS and WAF) services to its Global 5000 customers and beyond. For more information, visit vercara.com.

Read More

Platform Security

D3 Security is a proud participant in the Microsoft Security Copilot Partner Private Preview

D3 Security | January 08, 2024

D3 Security today announced its participation in the Microsoft Security Copilot Partner Private Preview. D3 Security was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft. “In the context of security, AI’s impact is likely to be profound, tilting the scales in favor of defenders and empowering organizations to defend at machine speed. At Microsoft, we are privileged to have a leading role in advancing AI innovation, and we are so grateful to our incredible ecosystem of partners, whose mission-driven work is critical to helping customers secure their organizations and confidently bring the many benefits of AI into their environments,” said Vasu Jakkal, Corporate Vice President, Microsoft Security. D3 Security is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. “D3 has always pushed SOAR technology forward, be it through our deep research into integration design; our Event Pipeline, which reduces alert-handling time by up to 99%; or our operationalizing of the MITRE ATT&CK and D3FEND frameworks,” said Gordon Benoit, President, D3 Security. “By teaming with Microsoft in the Security Copilot Partner Private Preview, we will be able to use AI to evolve SOAR in ways that would have sounded impossible just a year ago.” Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft's unique global threat intelligence and more than 65 trillion daily signals. About D3 Security D3 Security’s Smart SOAR™ (security orchestration, automation, and response) solves entrenched problems in cybersecurity by transforming separate tools into a unified ecosystem with multi-tier automation, codeless orchestration, and robust case management. Smart SOAR performs autonomous triage and reduces false positives so enterprise, MSSP, and public sector security teams can spend more time on real threats. Product or service names mentioned herein may be the trademarks of their respective owners.

Read More

Data Security

Rubrik Chosen by Carhartt to Drive Complete Cyber Resilience

Rubrik | January 10, 2024

Rubrik, the Zero Trust Data Security™ company, today announced that America’s premium workwear brand Carhartt has consolidated multiple legacy backup tools with Rubrik Security Cloud to achieve cyber resilience. After moving to Rubrik, Carhartt realized more than 50 percent in monthly cost savings, while significantly improving its data security capabilities. “Data resilience is key to the continued security and success of our business. We work hard to ward off intruders but we have to operate on the assumption that they will find a way in,” said Michael Karasienski, cloud platforms manager at Carhartt. “Rubrik Security Cloud restores data fast and without fail for both our cloud and on-premises environments. Rubrik plays a key role in building trust in our system with secure protocols and access controls; it isn’t just a data security solution, it’s peace of mind for our brand.” Established in 1889, Carhartt has a rich heritage of developing rugged products for workers on and off the job. The company honors hard work, approaching its business with the same honesty, dependability, and trust that its consumers display day-in and day-out. Prior to Rubrik, Carhartt used a variety of different backup solutions across its operations. After an upgrade of a critical application failed, Carhartt’s administrators discovered that that application data hadn’t been backed up, forcing the team to reconstruct more than two-weeks’ worth of data manually. Furthermore, the Carhartt team discovered malware in backups from its legacy tools, resulting in weeks of searching data sets to manually complete the investigation. With Rubrik Security Cloud, Carhartt’s IT team can now devote more time to other priorities — like business requests, incidents, and reducing technical debt — while saving more than 50 percent in operational costs each month. The company’s IT and Security teams are also collaborating to reduce risk to the organization, zeroing in on malware and tying investigations into its security operations center. “A highly interconnected business like Carhartt is responsible for mountains of sensitive data. Protecting that data is paramount to maintain customer trust and minimize business disruption,” said Anneka Gupta, Chief Product Officer at Rubrik. “Outdated legacy technology was never built with security in mind, so organizations must turn to modernized platforms and zero-trust methodologies to defend their data. With a holistic solution like Rubrik Security Cloud, organizations like Carhartt know their business will be resilient in the face of any cyber threat.” Carhartt utilizes numerous Rubrik products, including Anomaly Detection, Sensitive Data Monitoring, Threat Hunting, as well as its integration with Microsoft Sentinel. About Rubrik Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Read More

API Security

Cequence and Vercara Partner to Combat Cyber Threats and Revolutionize API Security

Cequence Security | January 25, 2024

Cequence Security is proud to announce a new partnership with Vercara, a leading provider of cloud-based services that secure the online experience. This collaboration aims to fortify the cybersecurity landscape by pairing Vercara’s network and application protections with Cequence Security's innovative Unified API Protection (UAP) platform. Security teams encounter substantial hurdles in safeguarding API applications from cyber-attacks, including the rapid development and deployment of API applications across diverse cloud providers. The unmanaged and unprotected nature of these APIs can harbor critical vulnerabilities, making them susceptible to exploitation. Moreover, the lack of a clear and consistent security posture across the application footprint introduces further complexities. To address these challenges, Cequence Security's UAP platform provides a comprehensive discovery of the entire API attack surface, encompassing both external and internal APIs. It ensures compliance with security and governance best practices, eliminating unknown and unmitigated API security risks. Furthermore, the solution offers native real-time inline protection, blocking API attacks before they reach applications. "The absence of API protection puts you at risk of potential theft, fraud, non-compliance, and business disruptions,” said Carlos Morales, SVP Solutions at Vercara. “Our partnership with Cequence combines our collective best-in-class services to address the evolving demands of the cybersecurity landscape, ensuring that businesses can confidently deploy needed applications and successfully navigate the complexities of API security with advanced, holistic protection.” Arun Gowda, VP, Business Development at Cequence Security, said, “In the evolving landscape of cybersecurity, the extensive risk of data compromise in API breaches goes beyond external APIs to internal ones. These often-overlooked internal APIs can access sensitive data not intended for public exposure. APIs have changed the game for attackers, making it imperative to prioritize the security of all assets accessible through APIs, including those not expected to be publicly exposed.” He added, “We are pleased to combine our innovative API security solutions with Vercara's innovative WAF and DDoS services to deliver advanced, holistic API protection. This collaboration reinforces our commitment to provide unparalleled security measures for businesses reliant on APIs.” Cequence Security's UAP platform is unparalleled in addressing all phases of the API security lifecycle. It provides: Discovery: A continuous API attack surface discovery management product that assesses your application footprint, offering a complete inventory of external APIs. Compliance: A security posture management product that identifies security risks in APIs, ensuring compliance with specifications, security test requirements, and governance best practices. Protection: Detects and prevents sophisticated automated API attacks and business logic abuse using advanced machine learning rules, providing real-time protection without relying on third-party components. About Cequence Security Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal and external APIs to defend against attacks, targeted abuse, and fraud. Requiring less than 15 minutes to onboard an API without requiring any instrumentation, SDK, or JavaScript integration, the flexible deployment model supports SaaS, on-premises, and hybrid installations. Cequence solutions scale to handle the most demanding Fortune and Global 2000 organizations, securing more than 8 billion daily API calls and protecting more than 3 billion user accounts across these customers. To learn more, visit www.cequence.ai. About Vercara Vercara is a purpose-built, global, cloud-based security platform that provides layers of protection to safeguard businesses’ online presence, no matter where attacks originate or where they are aimed. Delivering the industry’s highest-performing solutions and supported by unparalleled 24/7 human expertise and hands-on guidance, top global brands depend on Vercara to protect their networks and applications against threats and downtime. Vercara’s suite of cloud-based services is secure, reliable, and available, delivering peace of mind and ensuring that businesses and their customers experience exceptional interactions all day, every day. Pressure-tested in the world’s most tightly regulated and high-traffic verticals, Vercara’s mission-critical security portfolio provides best-in-class DNS and application and network security (including DDoS and WAF) services to its Global 5000 customers and beyond. For more information, visit vercara.com.

Read More

Platform Security

D3 Security is a proud participant in the Microsoft Security Copilot Partner Private Preview

D3 Security | January 08, 2024

D3 Security today announced its participation in the Microsoft Security Copilot Partner Private Preview. D3 Security was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft. “In the context of security, AI’s impact is likely to be profound, tilting the scales in favor of defenders and empowering organizations to defend at machine speed. At Microsoft, we are privileged to have a leading role in advancing AI innovation, and we are so grateful to our incredible ecosystem of partners, whose mission-driven work is critical to helping customers secure their organizations and confidently bring the many benefits of AI into their environments,” said Vasu Jakkal, Corporate Vice President, Microsoft Security. D3 Security is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. “D3 has always pushed SOAR technology forward, be it through our deep research into integration design; our Event Pipeline, which reduces alert-handling time by up to 99%; or our operationalizing of the MITRE ATT&CK and D3FEND frameworks,” said Gordon Benoit, President, D3 Security. “By teaming with Microsoft in the Security Copilot Partner Private Preview, we will be able to use AI to evolve SOAR in ways that would have sounded impossible just a year ago.” Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft's unique global threat intelligence and more than 65 trillion daily signals. About D3 Security D3 Security’s Smart SOAR™ (security orchestration, automation, and response) solves entrenched problems in cybersecurity by transforming separate tools into a unified ecosystem with multi-tier automation, codeless orchestration, and robust case management. Smart SOAR performs autonomous triage and reduces false positives so enterprise, MSSP, and public sector security teams can spend more time on real threats. Product or service names mentioned herein may be the trademarks of their respective owners.

Read More

Data Security

Rubrik Chosen by Carhartt to Drive Complete Cyber Resilience

Rubrik | January 10, 2024

Rubrik, the Zero Trust Data Security™ company, today announced that America’s premium workwear brand Carhartt has consolidated multiple legacy backup tools with Rubrik Security Cloud to achieve cyber resilience. After moving to Rubrik, Carhartt realized more than 50 percent in monthly cost savings, while significantly improving its data security capabilities. “Data resilience is key to the continued security and success of our business. We work hard to ward off intruders but we have to operate on the assumption that they will find a way in,” said Michael Karasienski, cloud platforms manager at Carhartt. “Rubrik Security Cloud restores data fast and without fail for both our cloud and on-premises environments. Rubrik plays a key role in building trust in our system with secure protocols and access controls; it isn’t just a data security solution, it’s peace of mind for our brand.” Established in 1889, Carhartt has a rich heritage of developing rugged products for workers on and off the job. The company honors hard work, approaching its business with the same honesty, dependability, and trust that its consumers display day-in and day-out. Prior to Rubrik, Carhartt used a variety of different backup solutions across its operations. After an upgrade of a critical application failed, Carhartt’s administrators discovered that that application data hadn’t been backed up, forcing the team to reconstruct more than two-weeks’ worth of data manually. Furthermore, the Carhartt team discovered malware in backups from its legacy tools, resulting in weeks of searching data sets to manually complete the investigation. With Rubrik Security Cloud, Carhartt’s IT team can now devote more time to other priorities — like business requests, incidents, and reducing technical debt — while saving more than 50 percent in operational costs each month. The company’s IT and Security teams are also collaborating to reduce risk to the organization, zeroing in on malware and tying investigations into its security operations center. “A highly interconnected business like Carhartt is responsible for mountains of sensitive data. Protecting that data is paramount to maintain customer trust and minimize business disruption,” said Anneka Gupta, Chief Product Officer at Rubrik. “Outdated legacy technology was never built with security in mind, so organizations must turn to modernized platforms and zero-trust methodologies to defend their data. With a holistic solution like Rubrik Security Cloud, organizations like Carhartt know their business will be resilient in the face of any cyber threat.” Carhartt utilizes numerous Rubrik products, including Anomaly Detection, Sensitive Data Monitoring, Threat Hunting, as well as its integration with Microsoft Sentinel. About Rubrik Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Read More

Spotlight

Horizon3.ai

Horizon3.ai

Horizon3.ai's mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud atta...

Events

Resources