'Successful tech companies are able to cultivate leaders not only at the top of the business, but at all levels of the business,' says Reed Taussig.

AI-driven identity verification solutions
 
Reed Taussig is an accomplished chief executive officer, advisor and board member of companies specializing in anti-fraud software and enterprise application software. He is the CEO of AuthenticID, a Kirkland-based document verification and anti-fraud firm. In addition, he is an active participant on the boards of ClearData, Arkose Laboratories, and Darwinium.
Discover his story, thoughts on people management and insights on identity-based frauds in this exclusive interview.

Successful companies are able to cultivate leaders.

Media 7: Hi Reed, thank you for your time. Please tell us about your long and inspiring professional journey. You've started a lot of businesses and have generated significant returns for your investors.
Reed Taussig: Thank you for that. I've had my share of successes. I've also had my share of failures. I've been in the computer business for a long time starting in 1977 selling mainframe computers and check processing systems for the boroughs out of college and then moved on through the minicomputer business, data general, and into the software business with Unify, a database company, OpenText Gupta, a pioneer for PC Client Server software, and then ultimately into enterprise application software. So I ran seven companies in total as CEO and I am systematically able to fail at retirement. I think that probably sums up my career pretty well.

M7:  As someone with extensive experience in director, president, and vice president-level positions, how do you view the importance of leadership in effectively managing interpersonal relationships?
RT: Well, management is the art of getting people to do what they need to do, and that's all about leadership. You know, we need to move the company forward and in this direction and, as a person, you may not agree with that. So, leadership is all about people management. And successful companies are able to cultivate leaders not only at the top of the business, but at all levels of the business.

Leadership doesn't have to reside exclusively within the C-suites of a company; it should really reside at every level of the company and it should be recognized, nurtured and rewarded.

M7: Tell us what different kinds of frauds AutheticID is equipped to prevent?
RT: AuthenticID is a document verification business. Largely, document verification is used for new account origination. So if you walk into a phone store and you want to sign up for a new phone plan or buy a phone, they will ask you for some form of government-issued identification…typically, a driver's license. What we will do through our application is authenticate whether or not that driver's license is a real license or is it synthetic or altered in some way to determine in this particular case, is Reed Taussig really Reed Taussig?
We work in that regard for different types of companies across the telecom space, government, financial services, as well as other kinds of industries where identification and authentication of government documents is required either by law or regulation, or the government or the company, and our customer feels the need to do so.

Read more: 'Innovative, strategic marketing that’s well-executed yields substantial ROI,' believes Ann-Strackhouse Miller


Each new invention and development has its positive and negative impact on the employee population and society, and AI is no different.

M7: Considering your active involvement in the boards of ClearData, Arkose Labs, and Darwinium, can you share your insights on the current trends shaping the anti-fraud software sector?
RT: Arkose and Darwinium are both anti-fraud companies. Clear Data is a regulation and compliance company. The fraud space continues, so AuthenticID is in the anti-fraud fraud space, Darwinium as well as Arkose Labs, we all address different aspects of that industry.
In the case of Arkose, they're looking at botnets, automated high-frequency attacks; Darwinium is looking at the entire life cycle for account takeover, card-not-present transactions; and AuthenticID, as I mentioned, does document authentication. The online fraud problem continues to grow, regardless of how many resources have been thrown at it. I've been involved in the anti-fraud security business since 2004, so, it’s been almost 20 years now.
The tactics have grown, the amount of money that is at risk has grown. You see it every day in the papers that some major company got hacked and lost credentials for 25,000 people or whatever the case might be, or got hacked either through ransomware or illegal transfer of funds and things like that. And really, the losses are measured not in millions or even billions, but hundreds of billions of dollars every single year.

If you look at the number of companies that have been invested in by venture capital and private equity to fight fraud, it's in the thousands, and that industry continues to grow. It's one of the few places right now in the start-up world that continues to attract capital just because it has become an arms race between the fraudsters. Many of them are well-organized; think of them as corporate entities. It's not some single guy sitting in a basement trying to use stolen credit cards. I mean, that does happen, obviously, but it's also an organized crime in a very sophisticated, very well-funded way. And in many cases, they’re government-sponsored kinds of activities. So it's an interesting industry.

New tactics are used every day. And amazingly enough, you can get on the dark web. You don't even have to write these programs anymore. You can actually buy software packages that are designed to commit fraud against victims, I mean, that’s the same as a word processing package or a payroll package. So it has become an institutional problem on both sides, where institutions on both sides compete against each other, in our case, to stop the fraud, in their case, to create the fraud.

M7: How do the solutions and services offered by your company benefit various industries? Could you please explain?
RT: In the case of AuthenticID, we benefit our customers by determining whether or not the credentials that are being used to identify a driver's license or a passport are authentic and that they haven't been altered. They're not somebody else's driver's license or a synthetic ID on which I put, you know, my picture or those kinds of things.
And so really, what we're doing is, risk-based authentication to determine whether Reed is Reed, to stop that fraud. That's true across all of these anti-fraud companies. They are addressing some aspects of a transaction to ensure that it's not fraudulent. In the case of Arkose Labs for example, in terms of dealing with high-frequency attacks, really what that comes down to is account takeover. It's called credential stuffing, where you create millions of credentials pairs and shoot them at a website to figure out if one of them is correct and that opens the door for you. Once that door is open, the fraudster can access your account.
So that's a big business in itself. Card-not-present fraud, which Darwinium deals with, as well as account takeover. A much more high-level issue is, again, risk-based authentication where I'm looking at all of the aspects of that user. Where are they? What devices are they using? Do they have a history? What else do I know about them? For example, somebody logs on to a system, and you can determine that this person has 35 email addresses and 25 devices that have been used. That person is probably a fraudster. Likewise, if you look at a document, that is what AuthenticID does, or if you can prove that an ID has been altered in some way, shape or form. It's not an authentic document. You can pretty much conclude then that the person who's presenting that document isn't trying to do a legitimate transaction.
So that's how we benefit our customers. We provide them with accurate information on a very timely basis. You know, seconds, milliseconds, which will allow them to decide whether they should accept or reject that transaction.

M7: Data privacy has always been a sensitive topic. How do fraud-detection companies ensure the confidentiality of various types of profiles while detecting and preventing fraud?
RT: That's a good question and it is a topic of discussion for every company trying to prevent fraud or protect themselves against fraud, as well as every company selling services or products to those companies to stop the fraud. There are global regulations now – GDPR, California Data Privacy, Australia Data Sovereignty, India has many privacy laws, so the list goes on.
Typically, what's happening is anti-fraud companies like AuthenticID, Darwinium, Arkose, we either tokenize the data– so  your name, address, telephone number, or social security number, whatever it is– we tokenize that so that it is not readable in a human form by humans at all or we use the data for a millisecond or two and then delete it, and it's gone. Then, of course, there's the whole issue of even more sensitive biometrics. But if you think about it, there have been some very clever solutions put in place by particularly Apple, for example, with Face ID. Face ID recognizes your face, but the only place that data is stored is actually on your device, your phone, and you've provided permission to Apple to store that information on your phone; it's under your control. If you want, you can delete it then.

Other exciting aspects of data privacy have become very difficult to deal with; for example, under GDPR and the State of California, both have the ‘Right to be Forgotten’. So I can contact a company, let's say it's Walmart or someplace I'm doing business with and say, whatever information you have about me, I want you to erase, and legally they have to do that.
The problem with that, of course, is that if you're a fraudster, they figure out that you're a fraudster and they deny a transaction, so you get back in touch with them and say, well, I want all this information about me to be deleted at this point in time. So there are a lot of competing agendas here that have become very hard to navigate if you're both an enterprise business trying to protect yourself from fraud or a company, like, AuthenticID, who is selling services and products to those companies to protect them against fraud.

The Europeans with GDPR, in particular, have extended their reach, so that even if you're in the United States, if you are a European citizen resident, the person doesn't have to be a citizen, he/she can be an American living in Europe. An American living in France logs on to book a hotel or a flight reservation in the United States and provides PII (personally identifiable information), on which you have to provide your name, address, credit card number and that information in some way is compromised even though that information is compromised outside of the EU, and in this case, in the United States, that US company becomes liable for that.

It's difficult to enforce something like that. But nevertheless, the whole issue around PII has become very contentious in some ways, and they're only being strengthened, not weakened. So it does provide advantages to fraudsters, there's no question about it. When you go to the airport and board an aircraft, you have to show some level of identification. In some cases, when traveling globally you provide biometric information, which is probably the most sensitive of all information, so to get on that airplane, you have to provide that level of detail. But, on the internet, the trend is to move away from collecting extensive PII data.

So, I could go on for a long time on the whole issue of data privacy. As CEO of AuthenticID and being on the board of these anti-fraud companies, it’s a priority. If you're involved in any kind of commerce whatsoever, the whole issue of data privacy is front and center in terms of managing risk and compliance as well as just getting your job done.

Read more: 'Enterprises that don't leverage AI and ML will likely be at a disadvantage,' believes Miquido's Jerzy Biernacki


Billions and billions of dollars are spent in buying equipment, buying software and employing people to stop fraud.

M7: What are the best practices for Knowledge-Based Authentication processes?
RT: It starts with people. Many instances of fraud are created due to phishing attacks or simply being unaware of an attack in process. On the dark web,, I was, for example, a victim myself of identity takeover where somebody acquired my credentials.  My driver's license number, my Social Security number, and my address were acquired on the dark Web, and they ended up leasing a Mercedes-Benz in my name. So it could happen to anybody, even if you are very aware of what's going on. As CEO of AuthenticID or any fraud company, you're always a target from the fraudsters who try to fool you into something.

There are so many examples, and I'm sure you get them yourself, where you get emails that say, "We're sorry, but your account has been temporarily suspended because of illegal entry, please log in and provide your credentials.” Well, that's never going to happen in most cases; I mean, if you log into Google from a new device, they'll send you an email and say, we noticed this login from this device, which we have not seen before. If this was you, fine, no responses are required, but if not, please call us or contact us or change your username and password or those kinds of things.

I probably get 10 phishing emails every day on my various email accounts. So you just have to be super aware of this, because it does start with people in terms of managing these kinds of systems. Secondly, of course, there are a lot of tools out there at different levels, whether it's network security, database security, data loss protection products, fraud risk-based authentication products, identity verification products, etc.

Most large enterprises will employ a dozen different solutions at different layers and levels of the company to try to protect themselves. So it's a big business. Billions and billions of dollars are spent in terms of buying equipment, buying software and employing people to stop fraud. But ultimately, what it really comes down to is a sense of awareness and caution on the part of the user, whether it's a home user or employee wherever you are, to make sure that who is asking you for information is legitimate, so you're not being phished in any way when someone tries that you give up any information that you shouldn't be.

M7: In your opinion, what are the most significant benefits that users across all sectors of the economy can anticipate receiving from artificial intelligence systems in the years ahead?
RT: That's a multi-dimensional question. I read yesterday that AI will put 300,000 jobs at risk. And that's probably true. If you're looking at low-level copywriting, for example, and other things, along those lines that computers, you know, can execute at that level. Undoubtedly, there will be dislocation in the marketplace. As was the case when building an automobile at the beginning of the 20th century was a manual process; cars were assembled by hand. Today they're assembled by robots largely. So the number of people involved in that is far less. But what it does also allow you to do is create new products.

AI will do this as well. It will enable you to develop new, impossible products and services that were unimaginable before the introduction of AI. And the investigations in medicine or every level of knowledge I believe will benefit from AI; at least, we don't end up in a science fiction situation where the computers go rogue on us. I don't think that'll happen, but we're looking at significant structural changes in the marketplace in the workforce, just as robots displaced people in the manufacturing space and the Internet.  Email, for example, has reduced the amount of postal mail. With cell phones, payphones have been replaced. There are no such things in the United States. I don't know about India, but you need help finding a payphone in the United States. They don't exist because everybody has a cell phone. So, each new invention and development has its positive and negative impact on the employee population and society, and AI is no different. So, it's going to have a significant effect.

M7: Could you please discuss any new ideas and developments that AuthenticID has in the pipeline for the coming years?
RT: Well, there are a lot of things that we are doing within the product and the product set, including the use of AI and machine learning to do a better job. And when I say a better job, there are different aspects of that.

We have a new release coming out – a new release of our product will provide at least 30% improvement in terms of document recognition. There are such things like false positives and false negatives. Sometimes we can't recognize a document particularly well because we’ve never seen it before, so we're not sure what it's supposed to look like. We're coming up with a number of improvements along those lines using AI.

The other issue, of course, is speed. Customers want a very fast turnaround. Say if you're in an online transaction. If you end up with, let's say, a 10-second delay because some vendor, it takes 10 seconds to read a document, the chances of that customer abandoning that transaction is very high. If all of a sudden everything stops for 10 seconds, and you see a sign “please, wait while we process,” a customer may ask ‘what's this?’ So there’s a large amount of abandonment as a result of that. Thus, faster and better document recognition are the things that we're looking at.

We're also toying with the idea of moving the company into other verticals. Largely right now, we're in financial services, we work with the government, we work with cable companies, and people like that. We're looking at new verticals to expand into potentially and geographically as well.

ABOUT AUTHENTICID

AuthenticID is a Washington-based company that offers AI-driven solutions for real-world identity verification. Its cutting-edge solution quickly, securely and accurately verifies identities, enabling businesses to conduct transactions confidently, strengthen underwriting, and reduce fraud-related losses. AuthenticID's AI technology uses fused machine learning algorithms and state-of-the-art computer vision to identify fake IDs, photo mismatches, and suspicious activity associated with names or faces. With an accuracy rate of over 99%, AuthenticID is a leader in identity verification quality. Its solution streamlines customer onboarding procedures, leading to double-digit increases in conversion rates with no increase in marketing spend.To know more about AuthenticID please visit; https://www.authenticid.com/

More C-Suite on deck

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

Related News

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Spotlight

AuthenticID

AuthenticID

AuthenticID’s disruptive and cutting-edge, AI-driven solution quickly, accurately, and securely reproduces real-world identity verification so that companies can be assured of who they are conducting business with, strengthen underwriting, reduce the losses associated with fraud, and streamline oner...

Events

Resources