Q&A with David Etue, Chief Executive Officer at Nisos

Media 7 | March 25, 2021

David Etue, Chief Executive Officer at Nisos, has driven the success of security solutions and portfolios as an executive focused on cybersecurity with roles in strategy, corporate development, product management, marketing, business development, management consulting, security program leadership, and technical implementation. He has achieved success in both small and large enterprises.

David has a strong background in information security, cybersecurity, privacy, and integration technologies including both the technology and business impact. In addition to his education in business administration and finance, David has taken leadership training at GE's John F. Welch Leadership Development Center at Crotonville. Additionally, he completed GE's Six Sigma Black Belt Training and is Green Belt Certified. He is trained in the Pragmatic Marketing Framework, is a Certified Information Privacy Professional holding both the base CIPP and CIPP/G government privacy extension, and a Certified CISO.

Financially motivated actors are innovating their fraud, abuse, and eCrime approaches to find new ways to exploit victims. I’m continually amazed by the innovation in how actors are gaming the system.



MEDIA 7: Could you please tell us a little bit about yourself? What inspired you to pursue a career in cybersecurity?
DAVID ETUE:
Hello! Thanks for the opportunity to talk today. I am the CEO of Nisos, where we provide managed intelligence offerings to transform how cyber intelligence enables organizations to disrupt motivated and sophisticated adversaries. 

What inspired me to have a career in cybersecurity? I started using technology as a young kid, including being a sysop (systems administrator) of a BBS (bulletin board system) in high school. I was fascinated by how different systems could interact to share information. I also got my first insight into how technology could be abused. Having to defend a system from attacks, trying to keep others from stealing access to our modems to make long-distance calls, and seeing people share illicit content opened my eyes to how having a deep understanding of how technology works could enable you to better defend it. 

Those experiences piqued my interest in information security. I kept focused on it as a hobby and then I got the opportunity early in my career to become more involved. It wasn’t considered a career path back then like cybersecurity is today, but there was something about it that I just loved. What I’ve realized since is that it has three key attributes that I found really fulfilling. Firstly, the rate of change is very high. We have adversaries who innovate every day and we have to counter that innovation.

Secondly, it is a key intersection of technology and business. There is an old adage that the only secure computer is one that is turned off and locked in a safe, making it not very useful. Finding the right balance of technology enablement and risk mitigation is an awesome challenge. Finally, the mission matters: technology has become an essential element of how we live, and adequately defending that is critical to society. It’s great when something you love also turns out to enable a great career opportunity. 

M7: How do you think medium-sized enterprises should make optimum use of intelligence?
DE:
Intelligence is a key enabler of proper prioritization of resources and focuses when responding to an event. Every organization lacks the resources to protect everything perfectly, so must make decisions on how to apply scarce resources. Understanding your likely adversaries and their tactics, techniques, and procedures (TTPs) is something I’ve found highly approachable to organizations of all sizes. Understanding those factors, enables prioritizations that optimize defense against the more likely attacks. Intelligence can help inform upfront assessment, and external threat hunting and intelligence updates provide continuous feedback for learning and adjustment.

When responding to events, there is often critical context “outside the firewall” that enables better response to an attack. It can show how the attack is occurring and potential methods to mitigate the attack that aren’t visible to the Security Operations Center (SOC) from internal system telemetry. It can often illustrate if you are being targeted directly versus your industry versus an opportunistic attack. Attributing the actor behind the attack can offer insight into the motivations and goals of the attack. It can also open new response methods for some classes of actors, including legal and law enforcement. 

One of the biggest challenges a medium-size enterprise is presented with is getting the signal-to-noise ratio right so they can focus on impactful intelligence. Definitionally, intelligence is information that is actionable to drive a decision. Unfortunately, a lot of threat “intelligence” out there isn’t actionable without expertise or organizational context and creates noise. This is the area that has prevented most organizations with small intelligence teams from making the impact they desire. Ensuring what they get is actionable is critical if you don’t have the internal expertise and capability to turn information into intelligence. That is what excites me so much about what we do at Nisos. We have the expertise to bring context to deliver finished intelligence to make it actionable for our clients.


As more of our interactions become digital, it presents new opportunities for financially motivated malicious actors to take advantage of and conduct fraudulent activity.



M7: What is your approach at Nisos to solving adversary-centric problems?
DE:
Threat actors are a “who”, not a “what” and we provide our clients with insight into their adversaries (the “who”); their tactics, techniques, and procedures (the “how”); and their motivations and intentions (the “why”). Importantly, we deliver that in a way that is actionable to our clients and goes beyond traditional cybersecurity attacks including fraud, risk, reputation, key person, and other non-traditional business risks.
We have designed our intelligence collection and analysis with this adversary-centric approach, and also have a number of operators who managed adversarial operations on behalf of government agencies and therefore have a unique perspective on the challenge.
 
There is a naïve perspective that knowing your adversary isn’t necessary and that you should just protect your systems and all will be okay. As mentioned previously, we need to apply our scarce resources wisely, and understanding our adversaries gives an important lens to that decision. Additionally, the attribution or unmasking of adversaries can give insight into how to best mitigate an attack, and also can open up additional response methods including legal and law enforcement approaches. 

M7: What do you believe are the top cybersecurity threats that have arisen post-COVID-19?
DE:
COVID-19 has accelerated our adoption of, and therefore dependence on, technology by leaps and bounds. We have jumped 5+ years on the adoption curve out of necessity and invention. While remote work and e-commerce rightfully get a lot of attention, it has also impacted how we get health care, how we experience performance art, and so many other things. In many cases, we adopted these technologies out of necessity and therefore increased our attack surface without adequate time for planning security given the broader adoption and new use cases.

So broadly, I have a serious concern that we are adopting technology faster than our ability to secure it, which provides adversaries significant opportunities. Additionally, a global recession impacts employment and past research points to growth to people pursuing illicit paths in those times increasing the number of adversaries we need to defend against. We need to deal with that increased attack surface, broader technology dependency, and potentially additionally motivated adversaries.

The other risk I think about related to the changes driven by COVID-19 is how systems can be used to maliciously leverage human relationships. Much of the recent acceleration of technology has been driven by how we interact, requiring more trust in electronic interactions, but often without support for that trust in the underlying technology has changed. 

Financially motivated actors are innovating their fraud, abuse, and eCrime approaches to find new ways to exploit victims. I’m continually amazed by the innovation in how actors are gaming the system. We see it everywhere—from the gig economy to advertising fraud to counterfeit goods to fake customer service and more. 

One of the key areas impacting trust is disinformation and misinformation. The spotlight has rightfully been shined on geopolitical disinformation, but it is also occurring elsewhere. Our security measures were typically designed to protect the technology and not focused on the trust and safety of the interactions occurring on them.

This has become a tool available to every class of adversary, and you can see the early adoption - fake product reviews to influence buying decisions, misleading company news to drive stock prices, local application to politics and charitable endeavors, and more. I expect continued adversary use of misinformation as a tool, and a need to adapt our systems and intelligence to address it.


Organizations are ramping up security monitoring to try to know what is happening on endpoint devices. It’s a unique opportunity for security to advocate for the employee experience.



M7: How do you ensure data security while your employees work from home?
DE:
I think we need to think differently about the problem. There are many things that security and infrastructure teams are doing to improve security posture. There are some baseline controls that if not already deployed, should be. Strong authentication and proper security controls for internet-facing systems, and endpoint security visibility are the key ones that come to mind. 

However, when you experience a significant change like we have with pandemic-driven work from home, it really requires stepping back and getting a new perspective on your approach. Poor security hygiene on a family member’s device could create lateral movement risk to a corporate device. That security control that prevented non-corporate approved printers needs to be turned off because the corporate ones are no longer available.

Intellectual property is now in the employee’s home office. I’d argue that all of those risks have been present for years, but they’ve grown in prevalence. In general, I think zero trust principles are one of the best paths forward from a technology perspective.

Another element that we need to look at is the mental health and engagement of our teams. It’s short-sighted to think that this doesn’t impact our cybersecurity posture. If people are exhausted from not figuring out work-life separation, are depressed, or feel disconnected from work, what will that cause? They may not realize the phishing attempt isn’t a real request. They may not report a security incident. They may decide to find employment elsewhere in search of an environment that feels more inclusive or supportive. 

Organizations are ramping up security monitoring to try to know what is happening on endpoint devices. While it may be right to add more monitoring given the change in risk posture, a “Big Brother” emotion without the appropriate employee support infrastructure to accompany it, isn’t well-positioned to achieve the planned risk reduction outcomes. It’s a unique opportunity for security to advocate for the employee experience.

M7: What is your advice to our readers to prevent and be aware of fraud and eCrime?
DE:
 As more of our interactions become digital, it presents new opportunities for financially motivated malicious actors to take advantage of and conduct fraudulent activity. It is important to understand these trends as you use technology, as you engage with customers and partners, and as you deploy and manage technology platforms of your own. 

As I mentioned before, the continual innovation by adversaries is amazing. While unsophisticated actors engage with methods that are easy to detect with the old adage, “If it sounds too good to be true, it probably is”, investment in more sophisticated attacks is prevalent. We have seen audio deep fakes, account farming, synthetic identity fraud, as well as the sale of fraud-enablement tools in the underground.

When launching a technology platform, security teams will often generate “abuse cases”, which is like a “use case” but from the perspective of how an adversary could misuse the platform. Abuse cases need to evolve from being focused on the confidentiality, availability, and integrity of the system to also cover fraud and abuse cases. I’ve found it helpful to define fraud as actions that create losses for your organization and abuse as actions that use your platform to cause losses to others and to ensure your abuse cases cover both. 

Examples of fraud would be activities like unpaid premium accounts or creating gift cards illegally. Examples of abuse would include using your platform to run scams or fake product reviews impacting what products a consumer purchases. Beyond developing to prevent those cases, it is also important to monitor for activity outside of norms, have the ability to determine if it is malicious and if so, respond. We continually are evolving our monitoring and response capabilities at Nisos as adversaries innovate.

ABOUT NISOS

Nisos is a Managed Intelligence company. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation and abuse of digital platforms. For more information visit: www.nisos.com

More C-Suite on deck

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vade Joins the Pax8 Marketplace to Offer MSPs AI Microsoft 365 Email Security Solutions

Globenewswire | June 01, 2023

Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers. “According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.” Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field. Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity. “As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.” The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure. Vade M365 offerings include: Phishing, spear phishing, and malware/ransomware protection Auto- and assisted remediation Cross-tenant incident response Automated user awareness training SIEM integration Error-free configuration Deploy in minutes No MX record change Layers with EOP/ATP To learn more about Pax8 and Vade, please visit www.pax8.com. About Pax8 Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at pax8.com. About Vade Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit www.vadesecure.com.

Read More

ENTERPRISE IDENTITY, SOFTWARE SECURITY, CLOUD SECURITY

Lookout Announces the Successful Divestiture of Its Consumer Mobile Security Business Segment

Businesswire | June 05, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced it has closed the previously announced sale of its consumer mobile security business to F-Secure, a global provider of consumer security products and services. With this strategic divestiture Lookout will focus on expanding its core enterprise business, built around the Lookout Cloud Security Platform. The sale of Lookout’s consumer mobile security business represents a deliberate and strategic decision to optimize its enterprise product portfolio and concentrate its product innovation and go-to-market on the expansion of these core competencies. The divestiture sets Lookout up for long-term growth and further positions the Company to address the security transformation impacting organizations today, including the increase in remote work, the shift to cloud-based delivery models and the transition to zero trust architectures. “We are pleased to announce the successful divestiture of our mobile consumer security business, which represents a significant milestone in our strategic transformation to become a pure-play enterprise cybersecurity company,” Jim Dolce, CEO at Lookout. “With this refined focus, we will continue to drive innovation, invest in the development of cutting-edge solutions and drive greater value for our customers.” Lookout’s core enterprise business includes Lookout Mobile Endpoint Security and its security services edge (SSE) cloud-native solution, the Lookout Cloud Security Platform. The Company entered the cloud security market through its acquisition of CipherCloud in March 2021. Its Cloud Security Platform was recently scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge (SSE)1 report in each of the four use cases. The Gartner Critical Capabilities for SSE – an essential companion to the Gartner Magic Quadrant™ for SSE2 in which Lookout was named a Visionary for the second year in a row – is a comparative analysis that scores products or services against a set of critical differentiators that every business needs, as identified by Gartner. These four use cases include Secure Web and Cloud Usage, Detect and Mitigate Threats, Connect and Secure Remote Workers and Identify and Protect Sensitive Information. As part of the sale agreement, F-Secure acquires all of the Lookout consumer mobile security products and technology and assumes all responsibility for ongoing operations and customer relationships. Additionally, the Company’s consumer employees will become part of F-Secure. About Lookout Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter. © 2023 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design®, and SIGNAL FLARE® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, SCREAM, the 4 Bar Shield Design, and the Lookout multi-color/multi-shaded Wingspan design.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vade Joins the Pax8 Marketplace to Offer MSPs AI Microsoft 365 Email Security Solutions

Globenewswire | June 01, 2023

Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers. “According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.” Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field. Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity. “As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.” The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure. Vade M365 offerings include: Phishing, spear phishing, and malware/ransomware protection Auto- and assisted remediation Cross-tenant incident response Automated user awareness training SIEM integration Error-free configuration Deploy in minutes No MX record change Layers with EOP/ATP To learn more about Pax8 and Vade, please visit www.pax8.com. About Pax8 Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at pax8.com. About Vade Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit www.vadesecure.com.

Read More

ENTERPRISE IDENTITY, SOFTWARE SECURITY, CLOUD SECURITY

Lookout Announces the Successful Divestiture of Its Consumer Mobile Security Business Segment

Businesswire | June 05, 2023

Lookout, Inc., the endpoint-to-cloud security company, today announced it has closed the previously announced sale of its consumer mobile security business to F-Secure, a global provider of consumer security products and services. With this strategic divestiture Lookout will focus on expanding its core enterprise business, built around the Lookout Cloud Security Platform. The sale of Lookout’s consumer mobile security business represents a deliberate and strategic decision to optimize its enterprise product portfolio and concentrate its product innovation and go-to-market on the expansion of these core competencies. The divestiture sets Lookout up for long-term growth and further positions the Company to address the security transformation impacting organizations today, including the increase in remote work, the shift to cloud-based delivery models and the transition to zero trust architectures. “We are pleased to announce the successful divestiture of our mobile consumer security business, which represents a significant milestone in our strategic transformation to become a pure-play enterprise cybersecurity company,” Jim Dolce, CEO at Lookout. “With this refined focus, we will continue to drive innovation, invest in the development of cutting-edge solutions and drive greater value for our customers.” Lookout’s core enterprise business includes Lookout Mobile Endpoint Security and its security services edge (SSE) cloud-native solution, the Lookout Cloud Security Platform. The Company entered the cloud security market through its acquisition of CipherCloud in March 2021. Its Cloud Security Platform was recently scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge (SSE)1 report in each of the four use cases. The Gartner Critical Capabilities for SSE – an essential companion to the Gartner Magic Quadrant™ for SSE2 in which Lookout was named a Visionary for the second year in a row – is a comparative analysis that scores products or services against a set of critical differentiators that every business needs, as identified by Gartner. These four use cases include Secure Web and Cloud Usage, Detect and Mitigate Threats, Connect and Secure Remote Workers and Identify and Protect Sensitive Information. As part of the sale agreement, F-Secure acquires all of the Lookout consumer mobile security products and technology and assumes all responsibility for ongoing operations and customer relationships. Additionally, the Company’s consumer employees will become part of F-Secure. About Lookout Lookout, Inc. is the endpoint-to-cloud cybersecurity company that delivers zero trust security by reducing risk and protecting data wherever it goes, without boundaries or limits. Our unified, cloud-native platform safeguards digital information across devices, apps, networks and clouds and is as fluid and flexible as the modern digital world. Lookout is trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and safely. To learn more about the Lookout Cloud Security Platform, visit www.lookout.com and follow Lookout on our blog, LinkedIn and Twitter. © 2023 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design®, and SIGNAL FLARE® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, SCREAM, the 4 Bar Shield Design, and the Lookout multi-color/multi-shaded Wingspan design.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Introduces First Identity Security-Based Enterprise Browser

iTWire | May 30, 2023

CyberArk (NASDAQ: CYBR), the Identity Security company, today introduced CyberArk Secure Browser. This first-of-its-kind Identity Security web browser enables organisations to better protect against attacks with a flexible, identity-based approach to securing employee and third-party access to enterprise resources. By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.1 Browsers provide a vital connection between identities, applications and data, making them a prominent attack vector and a target for cybercriminals – especially in distributed, work-from-anywhere environments. A rise in post-MFA authentication attacks targeting session cookies reinforces the need for defense-in-depth strategies. Now, CyberArk is applying its deep cybersecurity experience, history of Identity Security innovation and intelligent privilege controls to web browsing. Part of the CyberArk Identity Security Platform, the Chromium-based CyberArk Secure Browser supports enterprise Zero Trust initiatives with integrated security, centralised policy management and productivity tools while delivering a familiar user experience. The CyberArk Identity Security Platform delivers the most robust, layered approach to address the number one area of cybersecurity risk: credential access.2 CyberArk Secure Browser is designed to eliminate existing security gaps between consumer-focused browsers and SaaS applications, endpoint-based controls and identity providers. By extending the CyberArk Identity Security Platform to the browser itself, CyberArk makes it easy for IT teams to tailor security, privacy and productivity controls on managed and unmanaged devices. Key features include: Cookieless Browsing: Cookieless browsing is a key differentiating feature that allows users to access and use web-based resources without exposing cookie files to attackers. The cookies will be stored remotely on CyberArk servers enabling secure and seamless web browsing without saving cookie files on the endpoints. This approach makes it difficult for attackers or third parties to steal, forge, alter or manipulate cookies to gain unauthorised access to sensitive resources and helps ensure that users’ web sessions, data and accounts remain confidential and secure. Data Exfiltration Protections: Companies can control the browsing experience with fine-grained policies designed to prevent data exfiltration attempts that can compromise corporate data. Password Replacement: CyberArk Secure Browser features patent-pending password replacement functionality. Instead of showing stored credentials for privileged resources or websites, the browser displays a one-time alphanumeric string. This string works only once, only in CyberArk Secure Browser and only for intended targets – eliminating the possibility that end users will see these privileged credentials in plain text. Extensibility: Third-party identity providers and out-of-the-box integrations are supported with the CyberArk Identity Security Platform solutions, including CyberArk Workforce Password Management and CyberArk Secure Web Sessions. This allows companies to customise session protections, access controls and credential management to each user based on their roles. It also works in conjunction with CyberArk Endpoint Privilege Manager to mitigate potentially risky web access and vulnerable endpoints. Quick Access Bar: The built-in quick access sidebar helps ensure end users can utilise their Single Sign-On (SSO) credentials to securely access frequently used apps, third-party tools and CyberArk privileged access management resources directly from CyberArk Secure Browser with the click of a button. “CyberArk is constantly innovating – working to protect our customers against current cybersecurity risk and emerging threats. Based on trends impacting hybrid work environments and research generated by our CyberArk Labs and Red Team, developing an enterprise browser – with an identity-first, security-first approach – was a natural progression for our business,” said Gil Rapaport, general manager, Access at CyberArk. “CyberArk Secure Browser represents a new era of web browsing, where security, privacy and productivity are the top priorities.” Dynamically mirroring controls and access policies existing on Chrome and Edge browsers that are already deployed on the end user’s device, CyberArk Secure Browser reduces IT overhead and accelerates the deployment timeline for employees, contractors and vendors. Planned availability for CyberArk Secure Browser on Windows endpoints is by the end of 2023. To learn more about CyberArk Secure Browser, please visit https://lp.cyberark.com/secure-browser-early-access.html. About CyberArk CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Read More

Spotlight

Nisos

Nisos

Nisos is a Managed Intelligence company. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and ...

Events

Resources