Arkose Labs’ CEO Kevin Gosschalk, aims to, ‘Bankrupt the business of online fraud’

Media 7 | November 11, 2021

Kevin Gosschalk, CEO, Arkose Labs introduces their innovative solutions and takes us inside their recent event ‘2021 Bankrupting Fraud Virtual Summit’. Read on to know what their marketing efforts are focused on.

Asking for help is foundational for leading a growing company.

MEDIA 7: Thanks for your time! Could you please tell us a little bit about your professional journey so far?
KEVIN GOSSCHALK:
I founded Arkose Labs in 2016, with the intent to create a suite of fraud and account security solutions that deliver a long-term way to increase trust on the internet. Our approach is to bankrupt the business of online fraud by diminishing fraudsters’ ROI. Fortunately, the market has responded positively - we’ve raised more than $114 million in venture funding from SoftBank, Wells Fargo, Microsoft’s venture capital fund, M12, and PayPal and are rapidly scaling our customer base and workforce, and transforming the world of digital commerce by working with some of the world’s leading businesses across multiple industries like gaming, travel, banking, and retail. I was born and raised in Brisbane, Australia, graduated from the Queensland University of Technology with a degree in Interactive Entertainment. Before founding Arkose Labs, I worked in biomedical research, where I used machine vision technology for the early detection of diabetes. I later developed technology that assisted adults with intellectual differences in social settings. My unique background enables me to take a disruptive approach that gamifies fraud prevention. 

Arkose Labs is recognized for the work we’re doing. We've won multiple industry awards including the Gartner Cool Vendor Award in 2020, the Cyber Defense Magazine Awards for Hot Company in Fraud Prevention; CEO of the Year; and Top Women in Cybersecurity. We were also shortlisted for Best Use of Security/Anti-Fraud Solution in Payments in Fintech Futures’ 2021 PayTech Awards and named an honoree for Fast Company’s World Changing Ideas. This past August, we made our debut appearance on the prestigious Inc 5000 list, coming in at number 195. Arkose Labs ranked 5th in the security industry and 11th in the Bay Area. It���s an exciting time to be sharing my experience with the fraud and risk management industry, and I’m delighted to have joined our sponsors Feedzai, PayPal, Outseer, and Socure to present the 2021 Bankrupting Fraud Virtual Summit earlier this month.


M7: Congratulations on Arkose Labs reaching greater heights! You have been instrumental in building a suite of fraud and abuse prevention solutions through Arkose Labs. Could you please share more about these solutions?
KG:
Businesses are dealing with more customers in the digital realm than ever before — and more fraudsters.
As customer expectations about their security online continue to evolve in the digital-first economy, so too does fraud. It’s a critical balance to fight against fraud while enhancing user experience and maintaining the sanctity of consumers’ digital accounts.

Our fraud prevention platform stops the bad actors by making it too costly to commit fraud, taking away their motivation--money. We’ve recently enhanced our suite of products to be even more vigilant: Arkose Detect, our risk engine with enhanced IP intelligence; Arkose Insights, which provides real-time visibility into each event in a session and easy-to-consume reason codes; and Arkose Enforce, our market-leading challenge-response solution.



Arkose Labs believes in creating true partnerships with our clients. We’re an important extension of their team. Our solutions work to protect businesses and their customers against bots and abuse, payment, micro deposit, new account, and IRS fraud, as well as API protection, website scraping, and account takeovers. We’re also the first vendor to offer a credential stuffing warranty and a 100% SLA guarantee through Arkose Detect and Arkose Enforce. These solutions work seamlessly together to provide unified risk decisioning and step-up authentication. In the last three years, Arkose Labs has experienced tremendous growth. We attribute this growth to our best-in-class online fraud prevention technology and critical solutions as cybercrime continues to threaten commerce.

Read More: BROADWai’s Co-Founder and CEO Micah Hollingworth says their solutions ‘allow businesses to focus on higher-value work’


When it costs more for the attacker to come after their target than the ROI they get from attacking, they give up.



M7: Sounds astounding! Could you please give us an insight into the recently held ‘2021 Bankrupting Fraud Virtual Summit’?
KG:
Following the success of our inaugural Bankrupting Fraud Virtual Summit last year, hosted another virtual opportunity to discuss real-world solutions to the major issues of online fraud prevention and account security from the industry’s best and brightest. Our Bankrupting Fraud Virtual Summit, which took place on November 9 and 10, featured a full agenda of experts, masterclasses, and live networking events. We created the summit to inform and facilitate connections and enable digital businesses to better understand and prepare themselves for the continued onslaught of fraud attempts.

The summit featured more than 25 virtual sessions covering various topics in online fraud and account security. Participants were able to learn best practices from the industry's top leaders and discover real-world solutions to the significant issue of online fraud prevention and account security. We were thrilled to be able to provide a collaborative event that fully explored securing the user experience across digital platforms. Guest speakers included Troy Hunt, founder of “Have I Been Pwned?” and Geoff White, cyber security author and host of “The Lazarus Heist'' podcast, as well as many other industry experts. I co-presented with Neil Walsh of the United Nations and hosted a fireside chat with Brian Krebs, renowned investigative journalist, and author of “Krebs of Security.”

The image below represents the top countries being cyberattacked around the world:



M7: Arkose Labs’ vision is “Bankrupting the Business of Fraud”, your approach is different from your competitors. What are your thoughts on this?
KG:
Fraudsters are motivated by money. The sheer growth of people on the internet means more ROI for criminals. Our solutions protect our clients by making automated fraud more costly. When it costs more for the attacker to come after their target than the ROI they get from attacking, they give up. The financial motivation isn’t there, and they move on. Additionally, we provide a level of protection that doesn’t negatively impact the user experience.

Read More: HeadSpin's Brien Colwell shows us how humans can work together with AI to create successful systems


As customer expectations about their security online continue to evolve in the digital-first economy, so too does fraud.



M7: What are the major advertising and marketing tools you use to hike up the brand awareness of your company?
KG:
Arkose Labs is a mission-led organization that is committed to helping make the digital economy a safer place because fraud is a lucrative career path that many people around the world choose. Career fraudsters are highly organized and run fraud rings like legitimate, well-funded businesses. Our goal is to empower our customers with an approach that is rooted in long-term deterrence, not just mitigation. Our marketing efforts are focused on creating a community of fraud fighters across the globe. Central to that is becoming a trusted partner to our customers and prospects. To accomplish that goal, we collaborate fearlessly with our customers and ecosystem partners by sharing insights and wisdom on fraud trends, fraudster tactics, and the shifting threat landscape. We host an annual industry event called the Bankrupting Fraud Summit, where the community gathers to hear the latest, discuss tactics with peers, and get the intelligence they need to adapt their fraud-fighting strategies.

Insights are also shared through educational materials, like our quarterly Fraud and Abuse report, webinars, and small-group roundtables. And we work closely with agenda-setting journalists so that they can help broadcast breaking news about fraud attacks broadly and quickly. We hold ourselves to a very high standard of accountability. Just a few months ago, we announced the industry’s only Credential Stuffing Warranty -- again, leading the industry by putting our money where our mouth is. We've long been committed to changing the economics of fraud by bankrupting the business model that fraudsters have put in place. We build upon that by keeping the most recognizable companies in the world armed with information and solutions.


M7: Lastly, you have been named 'CEO of the Year' by the Cyber Defense Magazine and are regarded as an expert in the fraud and risk management industry. Could you please impart some wisdom that you gained through your journey?
KG:
Thank you for asking this question. A one-word summary of my answer is simply people. I foster the notion that investing in people is a critical success factor because an active, diverse -- in experience and thought -- group of people can change the world. I’ve learned that asking for help is foundational for leading a growing company, and I’m very open that I may not have all of the answers. Having an ecosystem of advisors and mentors who can help me navigate the path and avoid the common pitfalls is crucial so much so that I constantly rely on my advisors for their depth of experience that I can lean on as we scale the business. My thinking is advanced every time I reach out and ask other people for their perspectives, ideas, and assistance. Finally, being nimble and open to change are imperatives. The landscape in which we operate is constantly evolving, which means we have to be aware of the quick pivots adversaries are making so that we can protect our customers.

ABOUT ARKOSE LABS

Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers an industry-first warranty on account protection. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks while improving good user throughput. Based in San Francisco, CA with offices in Brisbane, Australia, and London, UK, the company was honored as the 195th fastest growing company in the United States on the 2021 Inc. 5000 list.

More C-Suite on deck

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

Balbix | November 17, 2022

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services. The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report. "Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment." Gaurav Banga, Founder and CEO of Balbix Cyber Security Posture Automation for Google Cloud Platform Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to: Get comprehensive, near real-time visibility of their Google Cloud assets. Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets. Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues. Measure risk in terms of breach likelihood and business impact in order to prioritize remediation. Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores Cyber Asset Attack Surface Management for Multi-Cloud Environments The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls. Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk. "By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks." The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk. About Balbix Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised. "The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk." Other key survey findings include: 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time. Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months. The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security. "While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget." The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore. Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk: While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment. The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%. In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

ThreatX Launches Robust Online Training to Increase Access to Cybersecurity Expertise

ThreatX | November 17, 2022

ThreatX, the leading API protection platform, today announced the launch of the ThreatX Academy, an online portal hosting an extensive library of cybersecurity training modules. These courses provide an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers. ThreatX is providing all foundational 100-level content at no charge. Training content spans many areas of cybersecurity, including Application Security, Data Protection and Privacy, Networking, Secure DevOps and Wireless Security, among others. The need for cybersecurity professionals has been growing at a rapid pace, and that demand is expected to continue. The number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021 (from 1 million to 3.5 million). Further, it is predicted that the same number of jobs will still be open in 2025. This cybersecurity skills gap, along with the accelerated pace at which both technology and cyberattackers’ tactics are evolving, has made protecting digital assets increasingly difficult for businesses. In fact, 80% of organizations suffered one or more breaches due to a lack of cybersecurity skills and/or awareness within the last 12 months, underscoring the need for solid and robust training content. Alongside Massachusetts-based training company, Security Innovation, ThreatX developed more than 140 hours of online security training videos beginning at an introductory level and progressing to more advanced subjects, such as Blockchain Security and Automating Security Updates. All 100-level content will be available free of charge, while 200 and 300-level content will be accessible via subscription. Through the integrated learning management platform, users will be able to consume the content in sequential fashion and earn certifications. The ThreatX Academy experience is powered by Raven360, a Massachusetts-based digital Academy business. ThreatX will share all content, free of charge, with select nonprofit organizations, including participants of the Massachusetts Rehabilitation Commission’s (MRC) Networking Technology Program. In addition, ThreatX Academy has partnered with (ISC)2 and is now an approved (ISC)2 CPE Submitter Partner. ThreatX content may count toward (ISC)2 CPE credits. (ISC)², is an international nonprofit cybersecurity professional organization. Through (ISC)², members can earn several well-established security certifications, including: CISSP Certified in Cybersecurity SSCP - Security Administration CCSP - Cloud Security CSSLP - Software Security In order to maintain these certifications, members must earn Continuing Professional Education (CPE) Credits. Through ThreatX’s partnership with (ISC)², security practitioners will now be able to earn CPE Credits for consuming ThreatX Academy content. “Cybersecurity is a continuous learning experience, and the need for training resources in the industry is only growing stronger. “We are excited to announce the launch of ThreatX Academy, and we look forward to advancing the program in the future as part of our broader effort to close cybersecurity’s ongoing talent gap.” Gene Fay, CEO of ThreatX About ThreatX ThreatX’s API protection platform and complete managed services make the world safer by protecting APIs from all threats, including DDoS attempts, complex botnets, zero-day and multi-mode attacks. ThreatX applies artificial intelligence and machine learning to detect and respond to even the slightest indicators of suspicious activity in real-time. Today, ThreatX protects APIs for companies in every industry across the globe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

Balbix | November 17, 2022

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services. The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report. "Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment." Gaurav Banga, Founder and CEO of Balbix Cyber Security Posture Automation for Google Cloud Platform Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to: Get comprehensive, near real-time visibility of their Google Cloud assets. Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets. Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues. Measure risk in terms of breach likelihood and business impact in order to prioritize remediation. Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores Cyber Asset Attack Surface Management for Multi-Cloud Environments The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls. Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk. "By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks." The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk. About Balbix Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised. "The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk." Other key survey findings include: 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time. Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months. The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security. "While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget." The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore. Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk: While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment. The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%. In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

ThreatX Launches Robust Online Training to Increase Access to Cybersecurity Expertise

ThreatX | November 17, 2022

ThreatX, the leading API protection platform, today announced the launch of the ThreatX Academy, an online portal hosting an extensive library of cybersecurity training modules. These courses provide an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers. ThreatX is providing all foundational 100-level content at no charge. Training content spans many areas of cybersecurity, including Application Security, Data Protection and Privacy, Networking, Secure DevOps and Wireless Security, among others. The need for cybersecurity professionals has been growing at a rapid pace, and that demand is expected to continue. The number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021 (from 1 million to 3.5 million). Further, it is predicted that the same number of jobs will still be open in 2025. This cybersecurity skills gap, along with the accelerated pace at which both technology and cyberattackers’ tactics are evolving, has made protecting digital assets increasingly difficult for businesses. In fact, 80% of organizations suffered one or more breaches due to a lack of cybersecurity skills and/or awareness within the last 12 months, underscoring the need for solid and robust training content. Alongside Massachusetts-based training company, Security Innovation, ThreatX developed more than 140 hours of online security training videos beginning at an introductory level and progressing to more advanced subjects, such as Blockchain Security and Automating Security Updates. All 100-level content will be available free of charge, while 200 and 300-level content will be accessible via subscription. Through the integrated learning management platform, users will be able to consume the content in sequential fashion and earn certifications. The ThreatX Academy experience is powered by Raven360, a Massachusetts-based digital Academy business. ThreatX will share all content, free of charge, with select nonprofit organizations, including participants of the Massachusetts Rehabilitation Commission’s (MRC) Networking Technology Program. In addition, ThreatX Academy has partnered with (ISC)2 and is now an approved (ISC)2 CPE Submitter Partner. ThreatX content may count toward (ISC)2 CPE credits. (ISC)², is an international nonprofit cybersecurity professional organization. Through (ISC)², members can earn several well-established security certifications, including: CISSP Certified in Cybersecurity SSCP - Security Administration CCSP - Cloud Security CSSLP - Software Security In order to maintain these certifications, members must earn Continuing Professional Education (CPE) Credits. Through ThreatX’s partnership with (ISC)², security practitioners will now be able to earn CPE Credits for consuming ThreatX Academy content. “Cybersecurity is a continuous learning experience, and the need for training resources in the industry is only growing stronger. “We are excited to announce the launch of ThreatX Academy, and we look forward to advancing the program in the future as part of our broader effort to close cybersecurity’s ongoing talent gap.” Gene Fay, CEO of ThreatX About ThreatX ThreatX’s API protection platform and complete managed services make the world safer by protecting APIs from all threats, including DDoS attempts, complex botnets, zero-day and multi-mode attacks. ThreatX applies artificial intelligence and machine learning to detect and respond to even the slightest indicators of suspicious activity in real-time. Today, ThreatX protects APIs for companies in every industry across the globe.

Read More

Spotlight

Arkose Labs

Arkose Labs

Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers an industry-first warranty on account protection. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the RO...

Events

Resources