‘In the industry, we've observed fragmentation, especially among larger organizations,’ says Chris Fisher

Have hardware or software with potential exposure or vulnerabilities that could be exploited by a hacker.
Chris Fisher is a seasoned marketing professional who specializes in digital marketing and demand generation to fuel business growth. I integrate product messaging and innovative strategies with data-driven marketing to achieve quantifiable outcomes. Read on to know his thoughts about safeguarding the layers of Cyber-security.

When you consider vulnerability management, the goal is to identify all areas where you might have hardware or software with potential exposure or vulnerabilities that could be exploited by a hacker.

Media 7: What experiences or moments of truth ignited your desire for a career that marries product messaging with data-driven marketing? Can you take us through the key moments that ignited your passion for this field or role?
Chris Fisher:
I have a background in computer science, which is my degree and the basis of my university education. However, I discovered early on that I struggled with coding and realized I wouldn't excel in that area. Consequently, I began exploring alternative avenues within the IT world. I initially embarked on my career in information security as an IT security auditor, holding the necessary certification. I worked for firms like PricewaterhouseCoopers as an auditor before transitioning into a different role.

Subsequently, I assumed the position of program manager for the Internet sites of a large multinational technology company. It was during this period that I truly grasped the potential of leveraging the Internet for effective product messaging. This realization led me to make a career shift towards marketing, away from IT, and this decision was made in 2001.

M7: As the Marketing Officer at TAC Security, your expertise in merging product messaging, creative strategies, and data-driven marketing for tangible results is remarkable. What significant steps have you taken in this role that have expanded its potential?
CF:
When I joined TAC Security several years ago, Trishneet had a company with strong products but weak marketing. One of the initial priorities I set was establishing a roadmap for what I'd call our marketing infrastructure. This serves as the bedrock for data-driven marketing. To achieve this, we required a sturdy website and essential marketing automation tools for tasks such as email marketing, social media management, and search engine marketing. Without this foundation, executing data-driven marketing, as you refer to it, would be impossible.

The exciting development is that, thanks to the emergence of social media, the Internet, and websites, we now have a fantastic opportunity. We can conduct experiments and gather data swiftly, providing us with the necessary feedback for improvement. Therefore, the first step I proposed to Trishneet was, "Let's establish the foundation." We've successfully implemented several vital components. Our website has undergone two or three significant evolutions since my arrival, and we've incorporated a marketing automation platform. This platform enables us to gather and analyze data beyond website metrics, helping us gauge the effectiveness of our programs and campaigns.

M7: What spellbinding qualities do you believe weave a tapestry that distinguishes your company from the mundane crowd?
CF:
One of the unique differences we have is Trishneet Arora's background. He started in services and then transitioned into product development. He understands the importance of listening to customers, identifying their problems, and finding the best solutions. This service-oriented background shapes our entire culture. Service is part of our DNA; we genuinely care about our customers and design products to meet their needs, enabling them to perform their jobs more effectively and efficiently. Our key differentiator is this service-oriented DNA, which means we prioritize listening to our customers and addressing their challenges.

Another crucial aspect is the innovative ideas that Trishneet has integrated into our products. Our commitment to innovation keeps us one step ahead of the competition, helping end-users translate complex cybersecurity data into easily usable information. This empowers them to communicate effectively across their organizations, bridging technical and business boundaries. Consequently, they can clearly convey the cyber risk and take the necessary actions to mitigate it. 

Read more: 'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora


One of the initial steps in understanding your vulnerability and risk management posture is to have a complete inventory of everything connected to your network.

M7: How does the alchemy of content wield its power to conquer the formidable challenge of trust-building and brand differentiation faced by companies in the information and security space?
CF:
I've witnessed significant content evolution in the past decade during my involvement in cybersecurity marketing. Social media has gained prominence, making it easy for people to quickly grasp information. It has transformed their inclination to engage with content.

You must consider making a quick impact within the first few seconds. When someone views your content, they tend to scan and skim rather than read thoroughly. This has led to the rise of platforms like YouTube and video content. People are too busy, and their attention span is short. They want to quickly assess and decide if it is interesting enough to invest more time — perhaps a minute or even five if we are lucky. For companies like ours, the average website visit is often less than a minute, even if visitors find the information they seek. They will not linger on the site for long. This is why the content alchemy you mentioned needs to be concise, engaging, and convey trustworthiness to encourage viewers to spend more time on it.

M7: What's your perspective on the significance of safeguarding every layer of cyber security?
CF:
I believe this is of utmost importance. Last year, I delivered a presentation to the Cecil organization in India. One key point I emphasized is that for a security organization responsible for safeguarding their company's assets, they must maintain a high level of vigilance every day in all aspects. In contrast, a hacker only needs to be successful once to potentially inflict significant harm on an organization.

To illustrate this to security leaders, I use the analogy of safeguarding the crown jewels of their company. Each facet of those jewels represents an area that they must carefully consider and protect. If there's a vulnerability in any of those facets, hackers can exploit it. Therefore, it's crucial for them to assess all areas of risk and protect every facet of that crown jewel. Failing to do so would leave them vulnerable to a damaging attack.

M7: What, in your opinion, will constitute the most crucial advancements in vulnerability management over the upcoming years?
CF:
I alluded to this question earlier when you asked me about the most significant advancement in vulnerability management. I believe it lies in the steps we've taken with our products to transform technical risk into something meaningful for security leaders and their organizations to convey beyond the technical teams within a company. We've developed a cyber risk scoring algorithm that converts technical risk into an easily understandable score. It simplifies the assessment, allowing you to see red, yellow, or green, indicating whether we're improving or regressing compared to the previous day. Additionally, it helps us identify where to focus our attention through our dashboard system to address the vulnerabilities presenting the highest risk to the organization.

Another notable advancement we've made in the last six months is translating technical risk into financial risk. This, too, aids security organizations in communicating with business leaders by quantifying the potential financial impact, whether it's a million, two million, or ten million dollars. Business leaders find this approach more comprehensible than a cybersecurity score or a report stating, "We've identified a thousand vulnerabilities, and we've patched 800 of them, focusing on the high-risk ones, as we work to enhance our security posture." This ongoing journey revolves around translating technical risk into metrics and reports that resonate with business leaders, enabling them to support cybersecurity actions and invest in our security efforts, backed by an understanding of the cost to our organization.

M7: Delving deeper into your company's vision and aspirations for pioneering global industry innovation, could you provide a comprehensive perspective on its visionary mission and the pioneering innovations it endeavors to introduce globally within your industry?
CF:
We've designed the features I mentioned to translate technical risk into meaningful insights. Our ongoing mission is to expand our ESOF platform, making it the preferred solution for companies seeking comprehensive cybersecurity coverage. As I mentioned earlier, security leaders must protect every aspect of their environment to address cyber risk, and vulnerability management is just one piece of the puzzle.

In the industry, we've observed fragmentation, especially among larger organizations. They often need tools from multiple vendors to cover the various aspects of cybersecurity. To address this, we've developed Esau Enterprise Security in one framework, which allows us to swiftly and easily introduce new capabilities while maintaining a unified architecture and platform. This is crucial for cybersecurity teams, given the challenges they face, such as staffing shortages and the rapid industry growth that makes it difficult to retain or hire personnel.

With a single platform that continually expands its capabilities to address diverse customer needs beyond vulnerability management, we simplify the decision for our customers. They no longer have to contend with an array of tools, training requirements, and staffing constraints. Instead, we provide one solution that caters to multiple aspects of their security needs. Our cloud-based architecture, with common services and presentation layers, enables us to rapidly integrate new features and enhance the value we offer to our customers. This is how we are positioning ourselves to provide greater value across the globe.

Read more: ‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev


When creating content on platforms like LinkedIn, our foremost objective is not merely self-promotion but the promotion of content that empowers the customer to acquire knowledge that could potentially address their challenges.

M7: Could you explain the automated ESOF VMDR recently launched by TAC Security and its role in streamlining vulnerability and risk management?
CF:
The concept behind VMDR was to provide customers with a comprehensive vulnerability and risk management solution. When you consider vulnerability management, the goal is to identify all areas where you might have hardware or software with potential exposure or vulnerabilities that could be exploited by a hacker.

One of the initial steps in understanding your vulnerability and risk management posture is to have a complete inventory of everything connected to your network. Creating such an asset inventory has been a challenge for security teams. So, we decided to take a step back and offer to do the asset inventory for you. We can discover everything on your network, assess it for vulnerabilities, automatically prioritize the issues, and provide a cyber risk score. We'll also guide you on what vulnerabilities to address first and give recommendations on how to patch them. Furthermore, we complete the full cycle by automatically rescanning the assets where vulnerabilities were found to ensure they've been addressed and patched, thus improving your overall risk posture.

Our automation covers the entire vulnerability lifecycle, from asset discovery to vulnerability assessment, prioritization, scoring, and rescanning. This automation allows you to confidently identify which assets require immediate attention to reduce your risk posture and track improvements over time through rescanning.

M7: Thought leadership serves as the guiding light for many companies. How does your company gauge the return on investment of its thought leadership initiatives, particularly concerning brand recognition, customer trust, or business growth?
CF:
I find this question quite intriguing, and it has been the subject of debate within my marketing teams for the past decade. In a broad sense, I would categorize thought leadership as a facet of awareness. The challenge with awareness metrics lies in their inherent complexity, especially when attempting to quantify the return on investment. When you consider demand generation tactics, the process is rather straightforward. You implement strategies to generate leads that enter the sales funnel, and it becomes relatively simple to ascertain that these leads have converted into opportunities, eventually translating into business growth. Consequently, measuring the financial impact of demand generation is a feasible task.

However, evaluating the efficacy of concepts such as thought leadership presents a more intricate challenge. With thought leadership, the primary objective is to initiate the initial steps in attracting and engaging individuals. The outcome may or may not result in actual business transactions. While having thought leadership in place undoubtedly bolsters one's brand, gauging its precise impact remains elusive. Therefore, our approach is to diligently work on these initiatives, recognizing that quantifying a financial impact may not always be feasible. I must admit, in the early days of social media, I held reservations about its utility. Heated debates ensued with my vice presidents responsible for PR and advertising. The difficulty lay in being able to say, "We've amassed numerous followers" or "Our posts are receiving significant attention." The pivotal questions revolved around whether these engagements translated into website visits or conversions.

Within my teams, I emphasize three primary objectives we aim to achieve: engagement, attraction, and thought leadership's role therein. Consequently, we find it necessary to scrutinize what I previously referred to as "vanity metrics." These encompass metrics like the number of clicks and likes, offering at least a rudimentary indication of whether our strategies are effectively attracting and engaging our target audience. Measuring conversion is comparably more straightforward. Once we have a lead, we meticulously follow their journey through the pipeline, culminating in either successful business conversions or otherwise. The intricacy emerges when we endeavor to measure the initial stages of attraction and engagement.

M7: Considering the future, how do you foresee your company's role in content evolution within the IT sector in the coming years? Are there any new strategies or approaches under your consideration?
CF:
In this context, we seek innovative methods to ascertain whether our brand recognition is on the rise. One of the most straightforward indicators is observing our position in organic search results when individuals type relevant keywords into their search engines. If our brand consistently appears in these organic search results, it signifies that we are being recognized. Subsequent clicks indicate engagement, reflecting the trust our audience places in our content. Consequently, we adopt a holistic approach, striving to measure various aspects of our online presence where quantifying business growth might be elusive, yet recognition and customer trust can be effectively gauged by analyzing social media and website metrics.

M7: Given your expertise in marketing automation and demand generation, can you highlight a specific instance where these strategies significantly contributed to enhancing brand visibility and customer engagement?
CF:
As I mentioned earlier in the interview, when I first joined TAC Security, we invested in marketing automation because we didn't have a platform at that time.

With the implementation of our marketing automation platform, we've gained the ability to rapidly assess the impact of our strategies on platforms like LinkedIn. From my perspective, LinkedIn is akin to the business version of Facebook.

By leveraging this marketing automation platform, we can promptly discern what content resonates with our audience and drives engagement. It's crucial for us to identify the posts or content that genuinely pique their interest and prompt them to take the next step, which, for me, is leading them to our website. While it's one thing for them to view a post or tweet announcing TAC Security's presence, it's another to track that engagement, such as reading a post or clicking on a link, indicating progress in the marketing funnel towards the sales funnel.

Our choice of platform for this purpose is HubSpot. It plays a critical role in enabling us to measure our performance and observe our brand's increasing visibility. We can see that people are not only following and monitoring our activities but also engaging by visiting our website.

M7: Exploring the profound significance of native advertising within the information and security sector. How does TAC Security approach native advertising to effectively engage its target audience?
CF:
Advertising is a challenging endeavor that demands attention, and its efficacy is often uncertain. Consequently, our approach has been to concentrate on native advertising on platforms frequented by our customers and audiences. Among these platforms, LinkedIn has proven to be highly effective. It is significantly more convenient to place an advertisement adjacent to a LinkedIn post, blog post, or other content where valuable information is shared.

When creating content on platforms like LinkedIn, our foremost objective is not merely self-promotion but the promotion of content that empowers the customer to acquire knowledge that could potentially address their challenges. As a technology company, it is easy to fall into the trap of highlighting the remarkable features of our products. However, we find it more effective to focus on understanding the customer's problems and demonstrating how our product can assist in resolving those issues. This approach enhances customer engagement and encourages them to explore adjacent content that piques their interest. Thus, commencing with an understanding of the customer's problem is crucial.

Rather than beginning with the promotion of our product and its features, we emphasize comprehending the customer's challenges, such as compliance or risk communication to a non-business audience. We convey our commitment to assisting them in overcoming these obstacles, with technology discussions being secondary. Initiating discussions centered on the customer's issues rather than features is pivotal to crafting native advertising that effectively targets our audiences.

As previously mentioned, I believe the way people consume content is evolving. Many internet users are pressed for time and possess short attention spans. Consequently, our content must evolve to become concise and engaging. It should capture the audience's interest within a minute or two, prompting them to invest additional time. This consideration leads us to explore shorter and more accessible content formats.

Over the past years, we have experimented with cartoons, recognizing that injecting a touch of humor into our content can grab the audience's attention and encourage them to pause and explore further. Given the gravity of our target audience's responsibilities, a hint of humor can be an effective attention-grabber. Additionally, we are producing shorter explainer videos that offer quick insights into how our solutions can address specific problems. These bite-sized pieces of content eliminate the need for form submissions and provide immediate value, aiding the audience in comprehending how our solutions align with their challenges.

ABOUT TAC SECURITY

TAC Security, a global leader in vulnerability management, offers protection to Fortune 500 companies, leading enterprises, and governments worldwide. Through its advanced Artificial Intelligence (AI) based Vulnerability Management Platform called ESOF (Enterprise Security in One Framework), TAC Security effectively manages over 5 million vulnerabilities. ESOF has been acknowledged as Gartner's top choice for Vulnerability Management/Assessment, making it the preferred solution by customers. The company has received accolades for its exceptional work environment, being recognized as a "Great Place to Work" and earning the title of "Great People Manager Company" for the third consecutive time by GMI in collaboration with Forbes and The Economic Times. To know more, please visit https://tacsecurity.com/. 

More C-Suite on deck

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

'AI & ML algorithms will play a critical role in identifying cyber threats,' asserts Trishneet Arora

Media 7 | July 28, 2023

Trishneet Arora, a self-made individual, demonstrated remarkable vision, intellect, and competence when he established a startup at the young age of 19. Under his guidance, the flagship venture has expanded into both the entertainment and educational sectors. With Trishneet at the helm, the potential for growth and success knows no bounds. Let's delve into his insights on securing UPI-based applications.

Read More

‘Security solutions need to be consistent, regardless of geography or technical stack,’ emphasizes Nishant Kaushik

Media 7 | June 16, 2023

Nishant Kaushik is an excellent technologist with strategic foresight and tactical know-how to manage technology-driven businesses and security expansion plans. He has successfully led cross-functional and highly focused teams to achieve business objectives that align with customer needs. Read this interview to discover Nishant’s expertise and unique perspective on omnichannel security and risk management.

Read More

‘Data and analytics play a crucial role in shaping our advertising strategies,' asserts Aleksander Groshev

Media 7 | June 28, 2023

Aleksander Groshev is the CEO and Co-Founder of Autobahn Security. Previously he was Vice President of Product responsible for the product development of the SaaS platform. Before joining Autobahn Security he held the position of Head of Product at Fincite, a wealth management B2B platform.

Read More

Related News

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Software Security

Deepwatch Announces New Forensic-Focused Operations Service To Enhance Cyber Resilience

Deepwatch | January 09, 2024

Deepwatch, the leading managed security platform for the cyber resilient enterprise, today announced the launch of Threat Signal, its standalone forensic-focused operations service. Deepwatch designed Threat Signal to enhance companies’ cybersecurity defenses, proactively identify and help mitigate attack vectors, and stay ahead of evolving risks to strengthen cyber resilience. Threat Signal provides protection beyond traditional security measures, finding advanced cyber threats that have bypassed existing controls by leveraging the latest attacker methodologies to stay in tune with the constantly evolving threat landscape. Using an “outside-in” methodology, Threat Signal evaluates an organization’s externally accessible presence from an attacker’s perspective to pinpoint and investigate risky systems and services. This informs the initial investigation and allows Deepwatch Experts to leverage advanced capabilities through organic intelligence, deep forensics, and threat hunting. According to Forrester’s “How to Make Threat Intelligence Actionable” report¹, “Over time, companies need to move beyond tactical use cases. Threat hunting can uncover threats that have bypassed traditional security tools, allowing companies to stop attacks earlier to minimize disruptions. As Forrester’s Threat Hunting 101 report describes, threat intelligence is vital because it provides insights into the TTPs of threat actors and details on how malware behaves. If time, expertise, and resources are constrained, consider leveraging an external service provider to conduct the threat-hunting exercise as an annual consulting engagement.” Threat Signal provides tailored and proactive security measures through customer-specific intelligence that takes an organization's unique attack surface, business risks, and the latest adversary intelligence or "threat cases" into account. Threat Signal’s additional features and capabilities include: Deepwatch Experts - Seasoned forensic security experts perform in-depth investigations, identifying threats before they disrupt an organization. Attack Surface Profiles - These profiles provide a customer actionable report, detailing external opportunity areas that an attacker could leverage against an organization, including high-risk opportunities, mitigation recommendations, and threat hunting leads. Forensic-Agent-Based Threat Hunting Engagements - Deepwatch’s specialists consistently engage in hunting activities to reveal concealed threats within a company’s infrastructure and provide a threat hunt summary report with detailed observations and any actions that the customer took during that hunt cycle. Reporting and Reviews - Deepwatch provides customers with reports, including: Weekly intelligence brief reports on analyzed open-source intelligence with Deepwatch recommendations. Summary presentations on the solution engagement status, including but not limited to hunting reports. Up to two executive reviews of the solution and observables per year. Ad-hoc awareness briefs of security advisories based on Deepwatch threat criteria. Annual intelligence reports on incident lessons learned and predictions. Malware Analysis - Deepwatch’s Adversary Tactics and Intelligence (ATI) team analyze collected malware and provide a report. Enhanced Security - Deepwatch’s MDR customers benefit from cross-collaborative security operations, harnessing advanced threat detection, and hyper-responsive capabilities. “As security professionals, we look to enhance a company’s security readiness. To do that, it’s critical for them to look beyond their existing security controls to ensure they are identifying and proactively protecting the business from external threats,” said Jerrod Barton, VP, Cyber Operations & Intelligence for Deepwatch. “With Threat Signal, we’re able to help our enterprise customers view their security readiness through the lens of the ‘attackers,’ ensuring that they can rapidly respond to any incoming threats, which in turn helps them elevate their cyber resilience.” About Deepwatch Deepwatch is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.

Read More

Software Security

Keeper Streamlines Compliance Processes With Granular Sharing Enforcements

Keeper Security, Inc. | January 11, 2024

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, announces Granular Sharing Enforcements will soon be available for all products in the Keeper® platform. Granular Sharing enables administrators to enforce detailed creating and sharing permissions at the user level. By implementing these permissions, organizations can ensure employees only have access to the resources necessary for their roles, minimizing the risk of unauthorized access, data breaches and lateral movement within a network. "It's critical for organizations to have security solutions that help them adhere to increasing regulations and compliance requirements," said Craig Lurey, CTO and Co-founder of Keeper Security. "Granular permission control helps organizations enhance their security posture by restricting access to sensitive information and systems. With Granular Sharing Enforcements, it's easier than ever for IT administrators to better control the principle of least privilege and streamline operations within their organizations." Keeper's added Granular Sharing Enforcement policies provide more detailed restrictions that administrators can apply to users for both creating and sharing records. Most employees do not need access to all of the data or functionalities within an organization, and many industries and geographical regions have specific regulations and compliance requirements regarding data protection and privacy, including HIPAA, GDPR, PCI DSS and SOX. Granular permission controls enable organizations to align with local and industry regulations by allowing them to define and enforce access policies. This helps in ensuring the organization is compliant with industry standards and legal requirements. Key features of Keeper's Granular Sharing Enforcements include: Auditing: Keeper provides clear alerting and reporting on over 100 different event types. Version control: Only a small subset of users have permissions to update or share records, helping teams ensure information is consistent and accurate. Seamless access on any device: Keeper provides the same user experience across platforms, ensuring cross functionality and ease of use, whether on web, desktop or mobile. Encryption: Keeper provides secure sharing with elliptic curve encryption, ensuring cybercriminals cannot intercept passwords or other shared records in transit. Keeper Administrators can easily customize permissions to best suit the compliance needs of their organization. Administrators modify permissions in the Enforcement Policies section of the Admin Console for the chosen role by selecting Creating and Sharing. Most permissions are activated by default for maximum security. Enforcements have been designed to be simple and powerful, allowing admins to choose the appropriate settings for their unique needs. Granular Sharing Enforcements will be available for all sharing needs within Keeper's Enterprise Password Manager, Keeper Secrets Manager and KeeperPAM. With Keeper's zero-knowledge password management and security platform, IT administrators have complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and other security policies. Keeper Secrets Manager® is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Its latest offering, KeeperPAM™, provides next-generation Privileged Access Management (PAM) that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that is cost-effective, easy to use and simple to deploy. KeeperPAM enables least-privilege access with zero-trust and zero-knowledge security. Enterprises select Keeper because of its strong security architecture, ability to support federated and passwordless authentication with any identity provider, seamless integration into on-premises, cloud or hybrid environments and ease of use across desktop and mobile devices. About Keeper Security Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper's affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

Platform Security

Stellar Cyber and Proofpoint Strategic Alliance to Deliver Comprehensive Email Security Solution For SecOps Teams

Stellar Cyber | January 23, 2024

Stellar Cyber, the innovator of Open XDR, announced a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this alliance, Proofpoint and Stellar Cyber customers benefit from an out-of-the-box integration enabling swift email investigations and real-time response actions to email-driven attacks. Proofpoint Targeted Attack Protection monitors emails to identify suspicious emails and potentially malicious attachments and URLs. Once identified, the findings are shared with Stellar Cyber automatically. Stellar Cyber’s Open XDR platform ingests, normalizes, and analyzes Proofpoint findings and other collected data to deliver a comprehensive threat picture. As security analysts conduct investigations, they can instruct integrated third-party products – including Proofpoint – on corrective actions. “Protecting organizations against email-borne attacks is a top priority, and security teams need a way to automatically correlate threat telemetry across the entire attack surface in order to quickly remediate threats,” said Andrew Homer, VP of Strategic Alliances, Stellar Cyber. “This new partnership with Proofpoint is the latest example of Stellar Cyber delivering on its Open XDR strategy to provide customers turn-key integrations that improve productivity and threat detection.” “Email attacks remain the number one entry point into an organization, and the level of sophistication of these attacks continues to grow exponentially,” said D.J. Long, Vice President, Strategic Alliances & Business Development, Proofpoint. “We’re thrilled to work with Stellar Cyber on this strategic alliance to help customers protect against advanced email-based threats and unify their cybersecurity defense.” Through this alliance, Stellar Cyber and Proofpoint give security teams an advantage over attackers, resulting in the following: Real-time threat signals exchanged for proactive detection Correlation of Proofpoint alerts across the entire attack surface Automated response actions for immediate threat containment About Stellar Cyber Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Spotlight

Tac Security

Tac Security

TAC Security is a global leader in vulnerability management that protects Fortune 500 companies, leading enterprises, and governments around the world. TAC Security manages 5+ Million vulnerabilities through it's Artificial intelligence (AI) based Vulnerability Management Platform ESOF (Enterprise ...

Events

Resources

Events