PLATFORM SECURITY

Cerby Launches With World’s First Security Platform for Unmanageable Applications

Cerby | June 28, 2022

Cerby
Cerby officially launched today with the world’s first security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity.

The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million.

“Our goal at Cerby is simple but sweeping: To increase productivity for enterprises by empowering employees to use the technologies they prefer while automating compliance and security,” said Co-Founder and CEO, Belsasar Lepe. “In this era of IT consumerization, employee choice and enterprise security are not mutually exclusive—with the right tools and strategies, they go hand-in-hand. When business professionals get real autonomy, security becomes everyone’s responsibility, rather than just one of many priorities for the IT department. The Cerby platform for unmanageable applications enables organizations to boost efficiency, comply with existing policies and reduce exposure to cyberattacks—it’s truly a win-win-win.”

Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches.

The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security.

Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done.

To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban.

“We chose Cerby because we needed a secure and centralized place to manage access to our paid social accounts. “Because Cerby can seamlessly integrate with our organization’s single sign-on technology and also connect to the social platforms’ APIs, we are able to create organizational efficiencies by granting and removing access within one place. Additionally, the automated access removal of employees who have left the company provides a level of security we did not previously have.”

Nina Donnard, AVP, Paid Social, L’Oreal

The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time).

Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings.

“I love that Cerby solves a problem every CIO faces: unmanageable applications,” said Yousuf Khan, Partner at Ridge Ventures and former CIO. “When non-IT employees use unauthorized applications, they might be gaining productivity, but they are also unlocking a Pandora’s box of security vulnerabilities. The pandemic only made it worse: 71% of users in the US now acquire their own applications to do their jobs. Cerby is the first solution I’ve seen that significantly reduces the risk of these unmanageable applications by applying zero trust principles and automating the entire application lifecycle. The best part of it is that it’s not a top-down, managerial edict: Employees become an active and motivated part of the solution. Business professionals get the power to choose their applications, productivity gets a boost, and the company ensures security and compliance–everyone wins. Other cybersecurity products demand enforcement; Cerby encourages enrollment. This is the best way to enhance employee trust and increase productivity.”

The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords.

About Cerby
Cerby delivers the world’s first platform built to positively guide employees' security behaviors no matter which applications they use. We protect brands around the world, including some of the most recognizable businesses, by taking an approach that empowers both employees and security teams, using Zero Trust principles. Our proprietary technology uses robotic process automation to understand applications in a business context and automatically enforces security best practices before misconfigurations turn into breaches. Cerby is a must-have for technology executives and their teams to protect the brand, stay secure and increase productivity.

Spotlight

The internet was designed to share information, not protect it. Commerce and life is now shared on the net. As organizations exploit their digital assets, they create risks which must be managed. Initially, most organizations took a defensive posture focused solely on secure information technology and digital assets. Organizations soon learned it is not practical to protect everything, every time

Spotlight

The internet was designed to share information, not protect it. Commerce and life is now shared on the net. As organizations exploit their digital assets, they create risks which must be managed. Initially, most organizations took a defensive posture focused solely on secure information technology and digital assets. Organizations soon learned it is not practical to protect everything, every time

Related News

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Phosphorus Announces New Partnership with Dewpoint to Expand Its xIoT Security Solutions and Platform in US Market

Phosphorus | September 26, 2022

Phosphorus, the leading provider of advanced and full-scope security for the extended Internet of Things (xIoT), today announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by traditional IT security solutions. We look forward to working with Dewpoint to help expand our US sales channels and bring the world’s most advanced xIoT security platform to more organizations.” Kal Gajera, Director of North America Channels at Phosphorus Phosphorus’s Extended Enterprise xIoT Security Platform is the world’s first and only automated security platform capable of delivering xIoT Attack Surface Management, xIoT Hardening, and Remediation, and xIoT Detection and Response across the full range of IoT, OT, and Network-connected devices—spanning both new and legacy devices. This enables large organizations to scale xIoT technologies (which can amount to millions of devices per organization) without having to add any additional employees to find, fix, and monitor them. ABOUT PHOSPHORUS Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates. ABOUT DEWPOINT Dewpoint has been bringing business and technology together since 1996. We make sure technology is solving all your business problems, providing transparency of spend for executives, and enhancing collaboration and flexibility. As the IT industry and businesses continue to change, Dewpoint provides the thought leadership and industry expertise to offer a new level of services in project management, digital innovation, infrastructure, security, cloud, and a range of tailored professional and managed service solutions for all our clients.

Read More

DATA SECURITY,ENTERPRISE IDENTITY,PLATFORM SECURITY

Wipro Launches Cybersecurity Consulting Offering in Europe

Wipro | November 28, 2022

Wipro Limited, a leading technology services and consulting company, today announced that it is launching a strategic cybersecurity consulting offering in Europe. The announcement comes on the heels of a series of acquisitions in the consulting space—Edgile, Capco, and Ampion—and is part of the firm’s vision to build a global cybersecurity consulting offering to help clients stay ahead of a dynamic threat and regulatory environment. “Escalation of cyber threats, compounded by the rapidly changing regulatory environment, is creating brand new challenges for businesses across Europe. "Our extensive experience in cybersecurity, global network of cybersecurists, combined with our expanded consulting capabilities, will help clients stay ahead of emerging threats and adapt to a changing regulatory environment with speed and agility. We are thrilled to be bringing this offering to clients in this market at this critical juncture.” Tony Buffomante, Senior Vice President & Global Head of Cybersecurity and Risk Services (CRS) at Wipro Limited The new consulting capability, offered through Wipro CRS Europe, will expand on Wipro’s existing cybersecurity services and enable clients to tap into Wipro’s full set of capabilities—from strategy and implementation to managed services. Under this new offering, Wipro consultants located in Europe will work with clients to build tailored strategies and solutions that address the unique challenges in this market. Leveraging Wipro’s extensive global network of more than 9000 cybersecurists, Wipro CRS Europe will help clients realize enhanced scale and speed in implementations. “Our recent acquisitions in the cybersecurity space, as well as our recent strategic hires in Europe, have created an opportunity for us to rethink how we serve our clients in this market,” said John Hermans, Head of Wipro CRS Europe. “This launch will bring together our entire set of cyber capabilities under a single umbrella, allowing us to deliver clients a truly end-to-end offering that leads with strategy but delivers on every single aspect of their cybersecurity needs.” The new offering will bring all Wipro’s cyber consulting capabilities under one umbrella, CyberTransformSM, and deliver them to clients alongside the company’s managed services capabilities, CyberShieldSM. CyberTransform is Wipro’s business-aligned strategy-first approach to cybersecurity transformation. It enables business growth through a business-led approach to solve security, risk, cloud, identity, and compliance challenges on a global scale. CyberTransform brings together Wipro’s suite of cybersecurity consulting capabilities and delivers clients a truly holistic, 360 approach designed to help them manage cyber threats and build resilient, future-proof businesses. CyberShield is Wipro CRS’ industry-leading suite of managed services, which defends business operations through On-Demand cyber resilience management. About Wipro Limited Wipro Limited is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 250,000 employees and business partners across 66 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world.

Read More

DATA SECURITY, NETWORK THREAT DETECTION, PLATFORM SECURITY

Exabeam Introduces New-Scale SIEM™

Exabeam | October 17, 2022

Exabeam, a global cybersecurity leader and creator of New-Scale SIEM for advancing security operations, today announced a groundbreaking cloud-native portfolio of products that enables security teams everywhere to Detect the Undetectable™. New-Scale SIEM is a powerful combination of cloud-scale security log management, industry-leading behavioral analytics, and an automated investigation experience. Built on the cloud-native Exabeam Security Operations Platform, the New-Scale SIEM product portfolio gives worldwide security teams the greatest fighting chance at defeating adversaries with advanced threat detection, investigation, and response (TDIR). The new product portfolio is generally available (GA) today. “Security operations teams have faced difficulty defending against complex threats and evolving adversarial behavior because technology innovation has not kept up in the realm where big data meets cybersecurity. “Exabeam is known for having the best behavioral analytics product on the market — it’s why so many of the world’s largest organizations count on Exabeam every day to help stop adversaries, including the majority now utilizing valid credentials. We are marrying behavior analytics with the world's most modern, hyperscale, cloud-native data lake to ingest, parse, store, and search data in real time from anywhere. The SIEM industry has been ripe for evolution for some time and New-Scale SIEM represents that evolution.” Michael DeCesare, CEO and President Exabeam Unmatched Performance Significantly more affordable than competitive offerings, the new Exabeam cloud-native product portfolio is built on an open platform that integrates with more than 500 different third-party products and includes nearly 8,000 pre-built parsers, greatly reducing onboarding, deployment, and run times. An industry-first, security teams can now search query responses across petabytes of hot, warm, and cold data in seconds. Organizations can now also process logs at sustained speeds of over one million events per second. “The Exabeam Security Operations Platform and portfolio of products are designed like no other on the market. We deliver the single solution security operations analysts can count on to conduct accelerated, thorough threat detection, investigation, and response (TDIR) with the most consistent and successful outcomes,” said Adam Geller, Chief Product Officer, Exabeam. “We provide security teams with a holistic picture of their environment –– data from core security products, IT infrastructure, and business applications joined with critical user and device context and timely threat intelligence data –– to detect what competitive SIEMs simply can’t. In addition to our industry-leading behavioral analytics, we’re proud to deliver world-class security log management and new modular SIEM solutions for organizations at all stages of their data growth and security journey.” Understanding Normal Behavior to Detect and Prioritize Anomalies Organizations can use Exabeam to defend against the rising threat of external and internal attacks that in today’s world are more often than not leveraging compromised credentials. More than 750 behavioral models power 1,200 anomaly detection rules in Exabeam to baseline normal behavior for every user and device. This is beyond anything a legacy SIEM can possibly create with correlation rules. For example, for an organization with basic logging, 20,000 users, and 50,000 assets, Exabeam can dynamically build and update 50 million unique detection rules. According to the 2022 Verizon DBIR, over 90% of breaches are rooted in compromised credentials. Whether it’s phishing, ransomware, malware, or other external threats, valid credentials have emerged as the adversaries’ primary target. This combined with explosive amounts of data demands a shift in investment from legacy on-premises, rule-based detections to cloud-native SIEM platforms that uniquely understand normal behavior, even as normal keeps changing. “It’s all about the credentials. Today’s announcement takes Exabeam, our customers, partners, and the SIEM market into an entirely new stratosphere,” said Ralph Pisani, President, Exabeam. “Detecting stolen or misused credentials –– and the abnormal behavior that follows –– is not possible without understanding normal behavior. If you don’t know normal behavior for every single user and device in your environment, understanding abnormal behavior in your organization is a near impossible undertaking –– this is a fundamental capability that only Exabeam can deliver on at scale.” Whether replacing a legacy product with New-Scale SIEM, or complementing an ineffective third-party SIEM solution by adding the industry’s most powerful behavioral analytics and automation to it, Exabeam can help organizations achieve security operations success. Exabeam customers are moving to and experiencing the benefits of New-Scale SIEM. “Exabeam is our holistic security operations platform that provides and coordinates automated visibility, detection, analytics, investigation, and response across our key operating environments,” said Jerry Larsen, IT Security Manager, Patrick Industries. “We have several ERP systems that all need to be protected and Exabeam does the job better than any legacy SIEM we looked at –– we’re excited to be an Exabeam customer and part of their innovation machine.” “At NEC Australia, securing our data, users, devices and infrastructure are paramount to how we operate as a technology company. Having broad and accurate visibility of our IT environment as well as the ability to recognise what’s normal behavior for our users and entities is key,” said Peter Fröchtenicht, National Service Manager – Security and Compliance, NEC Australia. “Deploying Exabeam’s SIEM has enabled our team to effectively prioritize security alerts, which has freed up time for our analysts to focus on other security tasks, whilst also having a greater understanding of our attack surface and how all our employees interact with our resources.” New Exabeam products include: Exabeam Security Log Management - Cloud-scale security log management to ingest, parse, store, and search log data with powerful dashboarding and correlation. Exabeam SIEM - Cloud-native SIEM at hyperscale with fast, modern search, and powerful correlation, reporting, dashboarding, and case management. Exabeam Fusion - New-Scale SIEM™, powered by modern, scalable security log management, powerful behavioral analytics, and automated TDIR. Exabeam Security Analytics - Automated threat detection powered by user and entity behavior analytics with correlation and threat intelligence. Exabeam Security Investigation - TDIR powered by user and entity behavior analytics, correlation rules, and threat intelligence, supported by alerting, incident management, automated triage, and response workflows. Exabeam architected its new security operations platform and New-Scale SIEM product portfolio on Google Cloud (NASDAQ: GOOGL). “We are delighted that Exabeam has built its platform and portfolio of products on Google Cloud to help more companies securely leverage their data at cloud scale,” said Gerrit Kazmaier, Vice President and General Manager, Data Analytics and Business Intelligence at Google Cloud. “The combination of Exabeam cybersecurity products with Google's Data Cloud capabilities removes limits on security team productivity, storage, and speed to fully optimize security operations.” About Exabeam Exabeam is a global cybersecurity leader that created New-Scale SIEMTM for advancing security operations. Built for security people by security people, we reduce business risk and elevate human performance. The powerful combination of our cloud-scale security log management, behavioral analytics, and automated investigation experience gives security operations an unprecedented advantage over adversaries including insider threats, nation states, and other cyber criminals. We Detect the UndetectableTM by understanding normal behavior, even as normal keeps changing – giving security operations teams a holistic view of incidents for faster, more complete response.

Read More