Q&A with David Etue, Chief Executive Officer at Nisos

Media 7 | March 25, 2021

David Etue, Chief Executive Officer at Nisos, has driven the success of security solutions and portfolios as an executive focused on cybersecurity with roles in strategy, corporate development, product management, marketing, business development, management consulting, security program leadership, and technical implementation. He has achieved success in both small and large enterprises.

David has a strong background in information security, cybersecurity, privacy, and integration technologies including both the technology and business impact. In addition to his education in business administration and finance, David has taken leadership training at GE's John F. Welch Leadership Development Center at Crotonville. Additionally, he completed GE's Six Sigma Black Belt Training and is Green Belt Certified. He is trained in the Pragmatic Marketing Framework, is a Certified Information Privacy Professional holding both the base CIPP and CIPP/G government privacy extension, and a Certified CISO.

Financially motivated actors are innovating their fraud, abuse, and eCrime approaches to find new ways to exploit victims. I’m continually amazed by the innovation in how actors are gaming the system.



MEDIA 7: Could you please tell us a little bit about yourself? What inspired you to pursue a career in cybersecurity?
DAVID ETUE:
Hello! Thanks for the opportunity to talk today. I am the CEO of Nisos, where we provide managed intelligence offerings to transform how cyber intelligence enables organizations to disrupt motivated and sophisticated adversaries. 

What inspired me to have a career in cybersecurity? I started using technology as a young kid, including being a sysop (systems administrator) of a BBS (bulletin board system) in high school. I was fascinated by how different systems could interact to share information. I also got my first insight into how technology could be abused. Having to defend a system from attacks, trying to keep others from stealing access to our modems to make long-distance calls, and seeing people share illicit content opened my eyes to how having a deep understanding of how technology works could enable you to better defend it. 

Those experiences piqued my interest in information security. I kept focused on it as a hobby and then I got the opportunity early in my career to become more involved. It wasn’t considered a career path back then like cybersecurity is today, but there was something about it that I just loved. What I’ve realized since is that it has three key attributes that I found really fulfilling. Firstly, the rate of change is very high. We have adversaries who innovate every day and we have to counter that innovation.

Secondly, it is a key intersection of technology and business. There is an old adage that the only secure computer is one that is turned off and locked in a safe, making it not very useful. Finding the right balance of technology enablement and risk mitigation is an awesome challenge. Finally, the mission matters: technology has become an essential element of how we live, and adequately defending that is critical to society. It’s great when something you love also turns out to enable a great career opportunity. 

M7: How do you think medium-sized enterprises should make optimum use of intelligence?
DE:
Intelligence is a key enabler of proper prioritization of resources and focuses when responding to an event. Every organization lacks the resources to protect everything perfectly, so must make decisions on how to apply scarce resources. Understanding your likely adversaries and their tactics, techniques, and procedures (TTPs) is something I’ve found highly approachable to organizations of all sizes. Understanding those factors, enables prioritizations that optimize defense against the more likely attacks. Intelligence can help inform upfront assessment, and external threat hunting and intelligence updates provide continuous feedback for learning and adjustment.

When responding to events, there is often critical context “outside the firewall” that enables better response to an attack. It can show how the attack is occurring and potential methods to mitigate the attack that aren’t visible to the Security Operations Center (SOC) from internal system telemetry. It can often illustrate if you are being targeted directly versus your industry versus an opportunistic attack. Attributing the actor behind the attack can offer insight into the motivations and goals of the attack. It can also open new response methods for some classes of actors, including legal and law enforcement. 

One of the biggest challenges a medium-size enterprise is presented with is getting the signal-to-noise ratio right so they can focus on impactful intelligence. Definitionally, intelligence is information that is actionable to drive a decision. Unfortunately, a lot of threat “intelligence” out there isn’t actionable without expertise or organizational context and creates noise. This is the area that has prevented most organizations with small intelligence teams from making the impact they desire. Ensuring what they get is actionable is critical if you don’t have the internal expertise and capability to turn information into intelligence. That is what excites me so much about what we do at Nisos. We have the expertise to bring context to deliver finished intelligence to make it actionable for our clients.


As more of our interactions become digital, it presents new opportunities for financially motivated malicious actors to take advantage of and conduct fraudulent activity.



M7: What is your approach at Nisos to solving adversary-centric problems?
DE:
Threat actors are a “who”, not a “what” and we provide our clients with insight into their adversaries (the “who”); their tactics, techniques, and procedures (the “how”); and their motivations and intentions (the “why”). Importantly, we deliver that in a way that is actionable to our clients and goes beyond traditional cybersecurity attacks including fraud, risk, reputation, key person, and other non-traditional business risks.
We have designed our intelligence collection and analysis with this adversary-centric approach, and also have a number of operators who managed adversarial operations on behalf of government agencies and therefore have a unique perspective on the challenge.
 
There is a naïve perspective that knowing your adversary isn’t necessary and that you should just protect your systems and all will be okay. As mentioned previously, we need to apply our scarce resources wisely, and understanding our adversaries gives an important lens to that decision. Additionally, the attribution or unmasking of adversaries can give insight into how to best mitigate an attack, and also can open up additional response methods including legal and law enforcement approaches. 

M7: What do you believe are the top cybersecurity threats that have arisen post-COVID-19?
DE:
COVID-19 has accelerated our adoption of, and therefore dependence on, technology by leaps and bounds. We have jumped 5+ years on the adoption curve out of necessity and invention. While remote work and e-commerce rightfully get a lot of attention, it has also impacted how we get health care, how we experience performance art, and so many other things. In many cases, we adopted these technologies out of necessity and therefore increased our attack surface without adequate time for planning security given the broader adoption and new use cases.

So broadly, I have a serious concern that we are adopting technology faster than our ability to secure it, which provides adversaries significant opportunities. Additionally, a global recession impacts employment and past research points to growth to people pursuing illicit paths in those times increasing the number of adversaries we need to defend against. We need to deal with that increased attack surface, broader technology dependency, and potentially additionally motivated adversaries.

The other risk I think about related to the changes driven by COVID-19 is how systems can be used to maliciously leverage human relationships. Much of the recent acceleration of technology has been driven by how we interact, requiring more trust in electronic interactions, but often without support for that trust in the underlying technology has changed. 

Financially motivated actors are innovating their fraud, abuse, and eCrime approaches to find new ways to exploit victims. I’m continually amazed by the innovation in how actors are gaming the system. We see it everywhere—from the gig economy to advertising fraud to counterfeit goods to fake customer service and more. 

One of the key areas impacting trust is disinformation and misinformation. The spotlight has rightfully been shined on geopolitical disinformation, but it is also occurring elsewhere. Our security measures were typically designed to protect the technology and not focused on the trust and safety of the interactions occurring on them.

This has become a tool available to every class of adversary, and you can see the early adoption - fake product reviews to influence buying decisions, misleading company news to drive stock prices, local application to politics and charitable endeavors, and more. I expect continued adversary use of misinformation as a tool, and a need to adapt our systems and intelligence to address it.


Organizations are ramping up security monitoring to try to know what is happening on endpoint devices. It’s a unique opportunity for security to advocate for the employee experience.



M7: How do you ensure data security while your employees work from home?
DE:
I think we need to think differently about the problem. There are many things that security and infrastructure teams are doing to improve security posture. There are some baseline controls that if not already deployed, should be. Strong authentication and proper security controls for internet-facing systems, and endpoint security visibility are the key ones that come to mind. 

However, when you experience a significant change like we have with pandemic-driven work from home, it really requires stepping back and getting a new perspective on your approach. Poor security hygiene on a family member’s device could create lateral movement risk to a corporate device. That security control that prevented non-corporate approved printers needs to be turned off because the corporate ones are no longer available.

Intellectual property is now in the employee’s home office. I’d argue that all of those risks have been present for years, but they’ve grown in prevalence. In general, I think zero trust principles are one of the best paths forward from a technology perspective.

Another element that we need to look at is the mental health and engagement of our teams. It’s short-sighted to think that this doesn’t impact our cybersecurity posture. If people are exhausted from not figuring out work-life separation, are depressed, or feel disconnected from work, what will that cause? They may not realize the phishing attempt isn’t a real request. They may not report a security incident. They may decide to find employment elsewhere in search of an environment that feels more inclusive or supportive. 

Organizations are ramping up security monitoring to try to know what is happening on endpoint devices. While it may be right to add more monitoring given the change in risk posture, a “Big Brother” emotion without the appropriate employee support infrastructure to accompany it, isn’t well-positioned to achieve the planned risk reduction outcomes. It’s a unique opportunity for security to advocate for the employee experience.

M7: What is your advice to our readers to prevent and be aware of fraud and eCrime?
DE:
 As more of our interactions become digital, it presents new opportunities for financially motivated malicious actors to take advantage of and conduct fraudulent activity. It is important to understand these trends as you use technology, as you engage with customers and partners, and as you deploy and manage technology platforms of your own. 

As I mentioned before, the continual innovation by adversaries is amazing. While unsophisticated actors engage with methods that are easy to detect with the old adage, “If it sounds too good to be true, it probably is”, investment in more sophisticated attacks is prevalent. We have seen audio deep fakes, account farming, synthetic identity fraud, as well as the sale of fraud-enablement tools in the underground.

When launching a technology platform, security teams will often generate “abuse cases”, which is like a “use case” but from the perspective of how an adversary could misuse the platform. Abuse cases need to evolve from being focused on the confidentiality, availability, and integrity of the system to also cover fraud and abuse cases. I’ve found it helpful to define fraud as actions that create losses for your organization and abuse as actions that use your platform to cause losses to others and to ensure your abuse cases cover both. 

Examples of fraud would be activities like unpaid premium accounts or creating gift cards illegally. Examples of abuse would include using your platform to run scams or fake product reviews impacting what products a consumer purchases. Beyond developing to prevent those cases, it is also important to monitor for activity outside of norms, have the ability to determine if it is malicious and if so, respond. We continually are evolving our monitoring and response capabilities at Nisos as adversaries innovate.

ABOUT NISOS

Nisos is a Managed Intelligence company. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation and abuse of digital platforms. For more information visit: www.nisos.com

More C-Suite on deck

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs's Vanita Pandey believes ‘Online account is going to be the currency that people will trade on’

Media 7 | December 13, 2021

Vanita Pandey, CMO - Arkose Labs, speaks about the role that Innovative Payment Models play in the changing dynamics of purchase and shopping. Read on to know her thoughts about how necessary is content for attracting consumers in this age and much more.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Related News

DATA SECURITY,ENTERPRISE IDENTITY

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

Illumio | September 29, 2022

Illumio, Inc., the Zero Trust Segmentation company, today announced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops. Hybrid work has expanded the attack surface, introducing new threats and making organizations more vulnerable, so it’s become increasingly important for employees to have secure access to applications and data wherever they are located. Unlike other Zero Trust Segmentation solutions, Illumio Endpoint lets your policy follow your teams’ laptops wherever they work, whether at home, in the office, or at a coffee shop. With Illumio Endpoint, the first device that gets infected will also be the last. Organizations are more interconnected and vulnerable in hybrid workplaces, and the attack surface is growing increasingly complex. Additionally, attacks on hybrid work environments are more expensive, costing an average of about $600K more than the global average. Even with endpoint detection and response tools in place, endpoints still get breached – according to ESG, 76 percent of organizations experienced a ransomware attack in the past two years alone. Illumio Endpoint includes: Extended visibility and segmentation policy controls for macOS and Windows devices, allowing organizations to see risk and stop attacks from spreading from laptops, workstations, and VDIs. A single, unified console to see and manage visibility and segmentation policy across endpoints, clouds, and data centers, making Zero Trust Segmentation easier, faster, and more efficient for security teams. Work from anywhere support with segmentation policy that follows the device, so organizations have the confidence that their networks are secure, and their employees can remain productive while working from anywhere. The ability to control application access so users can only reach the necessary applications from their device, not the entire data center and cloud, minimizing the organization's risk from vulnerable or compromised endpoints. "Before Illumio, we had only a slim idea of what kind of communications were running across our network. But with Illumio, we clearly see exactly what's connecting to individual endpoints. David Ault, VP of Information Security at Telhio Credit Union “The hybrid workforce is here to stay, which exposes organizations to a more complex attack surface and more risk, particularly on the endpoint,” said Mario Espinoza, Chief Product Officer at Illumio. “It’s important to have tools that can detect and respond to an identified breach, but unidentified attacks can spread throughout the organization to access critical data and assets when Zero Trust Segmentation is not in place to proactively contain the breach. With Illumio Endpoint, security leaders will gain the comprehensive protection needed to build resilience to attacks throughout their hybrid IT and as employees work from anywhere.” “Ransomware and other cyberattacks often involve end user devices somewhere in the attack chain, moving laterally on to other higher-value assets,” said Dave Gruber, Principal Analyst, ESG. “Because attackers continue to find ways in and move laterally fast, prevention, detection and response mechanisms can fall short stopping these fast-moving attacks. Containment strategies such as Zero Trust Segmentation across endpoint devices can proactively stop ransomware and other fast-moving attacks from spreading to critical infrastructure and assets, reducing risk.” About Illumio Illumio, the Zero Trust Segmentation company, stops breaches and ransomware from spreading across the hybrid attack surface. The Illumio ZTS Platform visualizes all traffic flows between workloads, devices and the internet, automatically sets granular segmentation policies to control communications, and isolates high-value assets and compromised systems proactively or in response to active attacks. Illumio protects organizations of all sizes, from Fortune 100 to small business, by stopping breaches and ransomware in minutes, saving millions of dollars in application downtime, and accelerating cloud and digital transformation projects.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Cybeats | September 29, 2022

Cybeats Technologies Inc., a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions. The partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an application. Cybeats SBOM Studio is an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software. Veracode will provide advice and guidance around the commercial deployment of SBOM Studio within its existing customer base. The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market. Through this alliance, the companies' joint customers will be able to maximize their technology investments and procure, develop, and deploy secure software, while reducing the risk of a security breach resulting from weak links in their software supply chain. "As a Veracode Elite Technology Alliance Partner, Cybeats brings additional expert solutions to the frictionless developer experience already offered by our Continuous Software Security Platform," said Laurie Haley, Vice President of Strategic Alliances at Veracode. "By complementing our existing software composition analysis capability, Cybeats' integrated solutions will allow customers to maximize SBOM (Software Bill of Materials) utility and simplify their workflow for greater ROI." "We are honoured to partner with Veracode to expand each other's presence in the global cybersecurity market. As the cyber risk related to software supply chain attacks continues to mount, deep visibility and universal transparency using SBOMS is necessary for resilient cybersecurity defense." Yoav Raiter, CEO, Cybeats "In this modern era of rapid development, the importance of time to market and automation is paramount. Together, Veracode and Cybeats offer a substantial contribution to enabling our customers to align with the SBOM market needs and seamlessly support practices mentioned in SSDF NIST 800-218 framework without increasing the overhead on their development and product security teams," said Dmitry Raidman, CTO, Cybeats Through a single, centralized platform offering comprehensive visibility into vulnerabilities using all software security testing types, Veracode delivers one of the industry's only cloud-native solutions that allows partners to onboard quickly and seamlessly, so companies can securely move AppSec to the cloud. As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments. The partner program provides market-leading solutions and services to get partners up and running straight away, with minimal impact to their existing business. Cybeats SBOM Studio SBOM Studio provides organizations with the capability to efficiently manage SBOM and software vulnerabilities, and provides proactive mitigation of risks to their software supply chain. Key product features include robust software supply chain intelligence, universal SBOM document management and repository, continuous vulnerability, threat insights, precise risk management, open source software license infringement and utilization, and secure SBOM exchange with regulatory authorities, customers and vendors, at reduced cost. About Cybeats Cybeats is a leading software supply chain intelligence technology provider, helping organizations manage risk, meet compliance and secure software from procurement, development through operation. Our platform provides customers with deep visibility and universal transparency into their software supply chain, as a result enables them to increase operational efficiencies and revenue. Cybeats. Software Made Certain.

Read More

DATA SECURITY,NETWORK THREAT DETECTION,PLATFORM SECURITY

Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch

Pathlock | September 27, 2022

Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the acquisition of Grey Monarch, a UK-based specialist SAP Partner dedicated to SAP Process Automation. The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and controls automation for the SAP ecosystem. Since 2008, Grey Monarch has developed expertise in SAP Security, Segregation of Duties, SAP Licence Optimization, SAP Background Processing Automation and Secure Managed File Transfer. With this acquisition, the SAP community will benefit from the very best SAP Process Automation advice, implementation skills, and software and training capabilities, improving levels of security, enhancing their users' experience and streamlining audit, compliance and control procedures. "It's now more imperative than ever for organizations to utilize a holistic view of user access and privileges so they can be managed, monitored and controlled to ensure the maximum protection of data, business processes and intellectual property," said David Lloyd, Director and Co-Founder, Grey Monarch. "Combining Grey Monarch's capabilities with the Pathlock family of expertise, resources and product portfolio will provide our customers, existing and new, with an unsurpassed visibility into their business applications." "We're thrilled to complete the acquisition of Grey Monarch. "We continue to see a strong demand for our globally recognized application security and controls automation solutions, and know that with Grey Monarch's specialization in SAP process automation we can continue to enable our global customers to revolutionize the way they secure their sensitive financial and customer data." Piyush Pandey, CEO of Pathlock In May 2022, Pathlock announced a $200M capital raise sponsored by Vertica Capital Partners alongside a merger with Appsian and Security Weaver and the acquisition of Belgium-based CSI Tools and Germany-based SAST SOLUTIONS. The company has successfully doubled in size in terms of revenue and employees and is now servicing over 1,400 customers across all major industries on a global scale with offices across the United States, Belgium, the UK, Germany, Israel and India. About Pathlock Pathlock is the leader in application security and controls automation. With Pathlock, enterprises can manage all aspects of access governance via a single platform, across applications, including user provisioning, ongoing User Access Reviews, segregation of duties, control testing, and audit preparation. Today, many of the world's most respected, global 2000 companies rely on Pathlock to protect their critical digital assets from financial, operational, regulatory and security threats, ensure corporate compliance and improve performance. Our customers have saved millions in employee productivity, labor costs, audit fees and data loss prevention.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

Illumio | September 29, 2022

Illumio, Inc., the Zero Trust Segmentation company, today announced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops. Hybrid work has expanded the attack surface, introducing new threats and making organizations more vulnerable, so it’s become increasingly important for employees to have secure access to applications and data wherever they are located. Unlike other Zero Trust Segmentation solutions, Illumio Endpoint lets your policy follow your teams’ laptops wherever they work, whether at home, in the office, or at a coffee shop. With Illumio Endpoint, the first device that gets infected will also be the last. Organizations are more interconnected and vulnerable in hybrid workplaces, and the attack surface is growing increasingly complex. Additionally, attacks on hybrid work environments are more expensive, costing an average of about $600K more than the global average. Even with endpoint detection and response tools in place, endpoints still get breached – according to ESG, 76 percent of organizations experienced a ransomware attack in the past two years alone. Illumio Endpoint includes: Extended visibility and segmentation policy controls for macOS and Windows devices, allowing organizations to see risk and stop attacks from spreading from laptops, workstations, and VDIs. A single, unified console to see and manage visibility and segmentation policy across endpoints, clouds, and data centers, making Zero Trust Segmentation easier, faster, and more efficient for security teams. Work from anywhere support with segmentation policy that follows the device, so organizations have the confidence that their networks are secure, and their employees can remain productive while working from anywhere. The ability to control application access so users can only reach the necessary applications from their device, not the entire data center and cloud, minimizing the organization's risk from vulnerable or compromised endpoints. "Before Illumio, we had only a slim idea of what kind of communications were running across our network. But with Illumio, we clearly see exactly what's connecting to individual endpoints. David Ault, VP of Information Security at Telhio Credit Union “The hybrid workforce is here to stay, which exposes organizations to a more complex attack surface and more risk, particularly on the endpoint,” said Mario Espinoza, Chief Product Officer at Illumio. “It’s important to have tools that can detect and respond to an identified breach, but unidentified attacks can spread throughout the organization to access critical data and assets when Zero Trust Segmentation is not in place to proactively contain the breach. With Illumio Endpoint, security leaders will gain the comprehensive protection needed to build resilience to attacks throughout their hybrid IT and as employees work from anywhere.” “Ransomware and other cyberattacks often involve end user devices somewhere in the attack chain, moving laterally on to other higher-value assets,” said Dave Gruber, Principal Analyst, ESG. “Because attackers continue to find ways in and move laterally fast, prevention, detection and response mechanisms can fall short stopping these fast-moving attacks. Containment strategies such as Zero Trust Segmentation across endpoint devices can proactively stop ransomware and other fast-moving attacks from spreading to critical infrastructure and assets, reducing risk.” About Illumio Illumio, the Zero Trust Segmentation company, stops breaches and ransomware from spreading across the hybrid attack surface. The Illumio ZTS Platform visualizes all traffic flows between workloads, devices and the internet, automatically sets granular segmentation policies to control communications, and isolates high-value assets and compromised systems proactively or in response to active attacks. Illumio protects organizations of all sizes, from Fortune 100 to small business, by stopping breaches and ransomware in minutes, saving millions of dollars in application downtime, and accelerating cloud and digital transformation projects.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Cybeats Announces Partnership with Veracode, an Industry-Leading Application Security Firm

Cybeats | September 29, 2022

Cybeats Technologies Inc., a leading software supply chain risk and security technology provider announces a strategic partnership with Veracode, a leading global provider of application security testing solutions. The partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats' software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an application. Cybeats SBOM Studio is an enterprise-class solution that helps companies understand and track third-party components that are an integral part of their own software. Veracode will provide advice and guidance around the commercial deployment of SBOM Studio within its existing customer base. The partnership aims to enable both companies to continue to expand their existing presence in the global cybersecurity market. Through this alliance, the companies' joint customers will be able to maximize their technology investments and procure, develop, and deploy secure software, while reducing the risk of a security breach resulting from weak links in their software supply chain. "As a Veracode Elite Technology Alliance Partner, Cybeats brings additional expert solutions to the frictionless developer experience already offered by our Continuous Software Security Platform," said Laurie Haley, Vice President of Strategic Alliances at Veracode. "By complementing our existing software composition analysis capability, Cybeats' integrated solutions will allow customers to maximize SBOM (Software Bill of Materials) utility and simplify their workflow for greater ROI." "We are honoured to partner with Veracode to expand each other's presence in the global cybersecurity market. As the cyber risk related to software supply chain attacks continues to mount, deep visibility and universal transparency using SBOMS is necessary for resilient cybersecurity defense." Yoav Raiter, CEO, Cybeats "In this modern era of rapid development, the importance of time to market and automation is paramount. Together, Veracode and Cybeats offer a substantial contribution to enabling our customers to align with the SBOM market needs and seamlessly support practices mentioned in SSDF NIST 800-218 framework without increasing the overhead on their development and product security teams," said Dmitry Raidman, CTO, Cybeats Through a single, centralized platform offering comprehensive visibility into vulnerabilities using all software security testing types, Veracode delivers one of the industry's only cloud-native solutions that allows partners to onboard quickly and seamlessly, so companies can securely move AppSec to the cloud. As a result of this partnership, Veracode can easily integrate the full breadth of Cybeats' software solutions into their customers' environments. The partner program provides market-leading solutions and services to get partners up and running straight away, with minimal impact to their existing business. Cybeats SBOM Studio SBOM Studio provides organizations with the capability to efficiently manage SBOM and software vulnerabilities, and provides proactive mitigation of risks to their software supply chain. Key product features include robust software supply chain intelligence, universal SBOM document management and repository, continuous vulnerability, threat insights, precise risk management, open source software license infringement and utilization, and secure SBOM exchange with regulatory authorities, customers and vendors, at reduced cost. About Cybeats Cybeats is a leading software supply chain intelligence technology provider, helping organizations manage risk, meet compliance and secure software from procurement, development through operation. Our platform provides customers with deep visibility and universal transparency into their software supply chain, as a result enables them to increase operational efficiencies and revenue. Cybeats. Software Made Certain.

Read More

DATA SECURITY,NETWORK THREAT DETECTION,PLATFORM SECURITY

Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch

Pathlock | September 27, 2022

Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the acquisition of Grey Monarch, a UK-based specialist SAP Partner dedicated to SAP Process Automation. The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and controls automation for the SAP ecosystem. Since 2008, Grey Monarch has developed expertise in SAP Security, Segregation of Duties, SAP Licence Optimization, SAP Background Processing Automation and Secure Managed File Transfer. With this acquisition, the SAP community will benefit from the very best SAP Process Automation advice, implementation skills, and software and training capabilities, improving levels of security, enhancing their users' experience and streamlining audit, compliance and control procedures. "It's now more imperative than ever for organizations to utilize a holistic view of user access and privileges so they can be managed, monitored and controlled to ensure the maximum protection of data, business processes and intellectual property," said David Lloyd, Director and Co-Founder, Grey Monarch. "Combining Grey Monarch's capabilities with the Pathlock family of expertise, resources and product portfolio will provide our customers, existing and new, with an unsurpassed visibility into their business applications." "We're thrilled to complete the acquisition of Grey Monarch. "We continue to see a strong demand for our globally recognized application security and controls automation solutions, and know that with Grey Monarch's specialization in SAP process automation we can continue to enable our global customers to revolutionize the way they secure their sensitive financial and customer data." Piyush Pandey, CEO of Pathlock In May 2022, Pathlock announced a $200M capital raise sponsored by Vertica Capital Partners alongside a merger with Appsian and Security Weaver and the acquisition of Belgium-based CSI Tools and Germany-based SAST SOLUTIONS. The company has successfully doubled in size in terms of revenue and employees and is now servicing over 1,400 customers across all major industries on a global scale with offices across the United States, Belgium, the UK, Germany, Israel and India. About Pathlock Pathlock is the leader in application security and controls automation. With Pathlock, enterprises can manage all aspects of access governance via a single platform, across applications, including user provisioning, ongoing User Access Reviews, segregation of duties, control testing, and audit preparation. Today, many of the world's most respected, global 2000 companies rely on Pathlock to protect their critical digital assets from financial, operational, regulatory and security threats, ensure corporate compliance and improve performance. Our customers have saved millions in employee productivity, labor costs, audit fees and data loss prevention.

Read More

Spotlight

Nisos

Nisos

Nisos is a Managed Intelligence company. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and ...

Events

Resources