‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Leadership style combines a bottom-up approach
Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Personalizing the content, highlighting benefits, and ensuring consistency across channels helps us connect with our audience and build trust.

Media 7: Can you provide an overview of your professional journey and how you reached the position of CEO and Co-Founder of Autobahn Security?
Aleksander Groshev: My journey began as one of the first employees at Secucloud (acquired by Aryaka), an IT security startup, where I was responsible for transforming the venture into a leading SASE platform provider. During my tenure as the Head of Product at Fincite, a leading B2B FinTech firm specializing in Digital Wealth Management, I had the privilege of spearheading product strategy and roadmap, as well as managing the growth of product development. At Fincite we have developed a wealth management B2B platform that empowers over 7,000 investment advisors worldwide. In my current mission at Autobahn Security, I transitioned from the role of VP of Product into CEO & late Co-Founder, and I am determined to elevate the company to new heights as the foremost platform for vulnerability prioritization and remediation.

M7: What inspired the creation of Autobahn Security, and what sets it apart from other SaaS platforms in the cybersecurity industry?
AK:
While advising Fortune Global 500 companies, we have found that the fear of hacking attacks creates tremendous pressure on businesses. To address the threat, companies were forced to invest in a variety of tools - but this investment alone was not enough. The information generated by the tools is overly complex and must be interpreted to derive recommendations for action. However, there are not enough cyber security experts available to process the immense flood of data and respond with the right measures. By deploying traditional scanning tools, which show the sheer number of vulnerabilities and often prioritize them incorrectly, companies' anxiety has even further increased.

To get companies out of the uncertainty cycle, we have developed a cybersecurity platform that aggregates data generated by cloud assets and scanning tools as well as re-evaluates it from a hacker perspective. This allows organizations to ensure that those vulnerabilities that are of the most interest to cyber criminals receive the most attention. The vulnerabilities found are automatically clustered and prioritized, helping IT teams focus on essential tasks - fixing vulnerabilities rather than analyzing them.
Through our signature Hackability Score, which is a unique KPI, organizations can benchmark their security levels against others, allocate budgets, and track progress. These can be achieved with our cyber fitness workouts. They provide easy-to-understand and easy-to-implement guidance that enables IT teams to close security gaps without in-depth expertise. Each of the action items is curated by our teams of security experts to provide organizations with the best possible guidance on their security journey.

M7: What are your predictions for the future of the IT industry? Do you anticipate any emerging trends or innovative tools that will reshape the field? Additionally, what significant opportunities and obstacles do you foresee in the upcoming years?
AK:
When it comes to predicting the future of the IT industry, it's important to acknowledge that the landscape is constantly evolving. Based on current trends, I can share some insights into what we might expect in the coming years.

Firstly, the continued growth and adoption of artificial intelligence (AI) and machine learning (ML) will significantly shape the IT industry. These technologies have already demonstrated their potential in various sectors, and we can anticipate further advancements in areas such as natural language processing, computer vision, and autonomous systems. As AI becomes more integrated into business processes, it will unlock new opportunities for automation, data analysis, and enhanced decision-making.

Cloud computing will continue to play a pivotal role in the IT industry. As organizations increasingly rely on cloud services, we can expect to see the emergence of more specialized cloud solutions tailored to specific industries and use cases. This will enable businesses to optimize their operations, improve flexibility, and reduce costs.

The Internet of Things (IoT) will also have a profound impact on the IT industry. As more devices become connected, generating vast amounts of data, there will be a growing need for efficient data management, security, and analytics. The integration of IoT with AI and ML will lead to advancements in areas like smart homes, autonomous vehicles, industrial automation, and healthcare.

Furthermore, cybersecurity will remain a critical concern. With the increasing digitization of businesses and society as a whole, the risk of cyber threats and data breaches will continue to grow. This creates a demand for innovative cybersecurity solutions, including advanced threat detection systems, encryption technologies, and robust authentication methods.

However, along with all the opportunities, there will be many obstacles to overcome. One of the major challenges is managing and analyzing the vast amounts of data generated by emerging technologies. This requires robust and scalable infrastructures, and skilled data scientists. Organizations will need to invest in building the necessary data infrastructure and fostering a data-driven culture. Lastly, the IT industry will need to address ever growing skills gap. As technology advances day by day, the shortage of professionals with the required expertise in these areas grows. Organizations and educational institutions must collaborate to bridge this gap through upskilling programs, training initiatives, and fostering a culture of lifelong learning.

Read more: Content is a crucial aspect of your online presence as it essentially represents your brand,' says Michael Cichon


The integration of IoT with AI and ML will lead to advancements in areas like smart homes, autonomous vehicles, industrial automation, and healthcare.

M7: What are some of the best practices that IT teams should consider when it comes to network security?
AK:
In the realm of network security and cybersecurity in general, several key terms come to mind, each representing a crucial aspect of safeguarding companies.

Patching, the process of updating, fixing, or enhancing software, lies at the heart of network security. Through diligent patching practices, IT teams ensure that vulnerabilities are addressed, enabling the creation of more secure and reliable software systems. With each patch, potential security flaws are resolved, reinforcing the robustness of the software.

In parallel, the concept of hardening emerges as a fundamental principle in fortifying computer systems. It entails the implementation of various security measures to shield against unauthorized access, attacks, and malicious activities. By hardening a system, organizations fortify their defenses, creating barriers against potential threats and intrusions.

Identity management tools further contribute to the overall security posture by making it increasingly challenging for hackers to compromise identities. For instance, the implementation of Two-Factor Authentication (2FA) adds an extra layer of protection, reducing the risk of unauthorized access to sensitive information. Through effective identity management, organizations bolster their security infrastructure, mitigating the potential impact of identity-related breaches.

To complement these measures, vulnerability management emerges as a vital practice in maintaining a secure environment. By systematically identifying, understanding, and addressing vulnerabilities across the organization's network, proactive steps are taken to prevent potential security incidents. Vulnerability management serves as a continuous process, ensuring that vulnerabilities are promptly detected and mitigated - reducing the likelihood of successful cyberattacks.

Finally, the Endpoint Detection and Response (EDR) system takes center stage in the ongoing battle against cyber threats. Operating at the user device level, EDR systems vigilantly monitor for any signs of malicious activities or intrusions. By swiftly detecting and responding to emerging threats, EDR systems contribute to the overall resilience of an organization's security architecture, minimizing the potential impact of cyber incidents.

These interconnected components—patching, hardening, identity management, vulnerability management, and EDR systems—represent critical pillars. By adopting these practices, organizations fortify their defenses, fostering a secure and resilient technological landscape and letting them win the race against hackers.

M7: What role does data and analytics play in shaping your advertising strategies? How do you leverage customer insights and market trends to optimize advertising campaigns and drive better results?
AK:
Data and analytics play a crucial role in shaping our advertising strategies. We leverage customer insights and market trends to optimize campaigns and drive better results. Insights from our customer success and sales teams shape our ad strategy, and we closely monitor campaign performance for necessary adjustments. By analyzing data and staying informed about market trends, we ensure our ads are targeted, relevant, and effective.

M7: How do you tailor your messaging in the context of content creation and syndication to resonate with the specific needs and challenges of your audience?
AK:
In tailoring our messaging for content creation and syndication, our Product, Customer Success, and Sales teams begin by gaining a deep understanding of our audience's pain points through interactions and feedback. We directly address these challenges in our messaging while highlighting the potential results our product offers. Personalizing the content, highlighting benefits, and ensuring consistency across channels helps us connect with our audience and build trust. We actively seek continuous feedback to refine our approach over time.

M7: Could you explain how Autobahn Security's Cyber Fitness Workouts function and how they enable IT teams to efficiently address vulnerabilities?
AK:
The primary objective of our signature Cyber Fitness Workouts is to facilitate IT departments with comprehensive and user-friendly remediation guides that can be utilized by individuals without extensive security expertise.
Our process begins with thorough research, where we delve into multiple technical sources to ensure the accuracy and validity of the proposed remediation steps. By conducting extensive exploration, we gather information that serves as the foundation for our guides.

Next, we proceed with analysis and simplification. This stage involves a careful examination of complex technical procedures, which we then restructure and break down into a concise set of user-friendly steps. Our objective is to transform intricate processes into easily understandable actions, enabling IT professionals to navigate through them with ease. As we understand that different situations may call for alternative approaches, our guides are enriched with a range of options, providing IT professionals with flexibility based on their specific requirements or preferences.
In cases where existing resources lack necessary remediation steps, we take the initiative to fill those gaps. We create and incorporate the missing steps in our guides, ensuring comprehensive coverage of the cybersecurity landscape. By doing so, we address any potential limitations in available resources and provide IT professionals with comprehensive and reliable guidance.

To guarantee the effectiveness and reliability of our proposed fixes and remediation steps, we rigorously verify and test them. Our team carries out assessments to ensure that the suggested solutions are robust and capable of addressing the identified issues.

Through our research, analysis, enrichment of alternative approaches, creation of missing steps, and rigorous verification and testing, we make the lives of security analysts and IT professionals easier and empower them with the tools and knowledge to tackle cybersecurity concerns efficiently and effectively

Read more: ‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik


The continued growth and adoption of artificial intelligence (AI) and machine learning (ML) will significantly shape the IT industry.

M7: What is your leadership style and how do you foster a culture of collaboration, creativity, and accountability within the organizations of all industries?
AK:
I would say that my leadership style combines a bottom-up approach, involving key stakeholders in decision-making, combined with a top-down approach that sets clear expectations and goals. This usually fosters collaboration, creativity, and accountability. I encourage open communication, idea-sharing, and empower individuals at all levels. By emphasizing planning, execution, evaluation, and adjustment, we stay agile and continuously improve.

M7: In your opinion, how should the marketing strategy of a new product or service be developed?
AK: When developing a marketing strategy for a new product or service, we try following a few key steps:
 
  • Understand our target market: we conduct thorough market research to identify their needs and preferences.
  • Define our unique selling proposition (USP) for the new product or service: Determine what sets our offering apart from competitors.
  • Set clear objectives: Align our marketing goals with oour overall business objectives.
  • Craft a compelling value proposition: Clearly communicate the value our product or service it delivers.
  • Select the right marketing channels: Choose channels that effectively reach our target audience.
  • Build relationships and trust: Train our teams to engage with prospects and establish long-term partnerships.
  • Monitor and adapt: Continuously track performance, make data-driven decisions, and adapt as needed.

M7: Lastly, being a leading organization in the cybersecurity industry, how do you see thought leadership playing a role in driving innovation and shaping the future of network security? How does Autobahn Security strive to establish itself as a thought leader in the industry?
AK:
Thought leadership serves as a catalyst for innovation by fostering an environment of continuous learning and exploration. It allows us to anticipate emerging trends, identify potential threats, and develop proactive solutions that address the evolving challenges in network security. By actively engaging in thought leadership, we can contribute to the advancement of the field and drive meaningful change.

One of the key aspects that sets Autobahn Security apart is our Chief Scientist & Founder, Dr. Karsten Nohl, who is widely recognized as a world-renowned ethical hacker and cyber security researcher. With his extensive experience spanning over 12 years, Karsten has consistently been at the forefront of cybersecurity advancements. His insights and expertise have been instrumental in shaping the foundation of our products and services.

At Autobahn Security, we strive to establish ourselves as thought leaders in the industry by actively sharing our industry insights with our clients and prospects. We understand the importance of open communication and knowledge sharing to foster collaboration and growth. We leverage various communication channels and tools to disseminate our expertise, including whitepapers, blog posts, webinars, and speaking engagements at industry conferences. Furthermore, we actively participate in industry forums and collaborate with other thought leaders, researchers, and organizations. By engaging in meaningful discussions and partnerships, we contribute to collective knowledge and push the boundaries of cyber security.

ABOUT AUTOBAHN SECURITY

Autobahn Security is a SaaS platform that aggregates, filters and prioritizes vulnerabilities from multiple scanners and turns them easy-to-understand remediation guides. To know more, please visit https://autobahn-security.com/

More C-Suite on deck

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Media 7 | October 16, 2023

Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

Read More

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

Related News

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Spotlight

Autobahn Security

Autobahn Security

Autobahn Security is a SaaS platform that saves IT security experts time and empowers IT teams to make networks more secure. Our platform serves as the single pane of glass that aggregates, filters and prioritizes vulnerabilities from different scanners and turns them into easy-to-understand remedia...

Events

Resources