CI Security® Works With SBS Security to Protect and Defend Customers From Cyber-Attacks

SBS Security, CI Security | August 21, 2020

CI Security® is now working with SBS Security to protect and defend customers from cyber-attacks. The combined offering will help customers evolve every part of their security program, from 24x7 threat investigation to scheduled assessments of the program and technical testing of networks and systems. CI Security offers a suite of services that allow organizations to get critical insight into what’s threatening their network environments.

Teaming up with CI Security allows SBS Security to offer the type of security only large companies have been able to afford. Critical Insight Managed Detection and Response (MDR) gives small and medium companies a 24x7x365 security operations center staffed by real people doing thorough investigations to catch attacks. While the average amount of time a criminal is inside a network is more than 200 days, SBS Security’s customers will now be able to stop attacks in less than 2 hours with Critical Insight™ MDR.

Spotlight

Webroot commissioned a study to gauge the prevalence of web-borne attacks, their consequences and how IT pros are responding. Among the results: the vast majority of companies surveyed experienced one or more types of web-borne attacks in 2012. The survey report also includes recommendations - such as deploying a secure web gateway - for responding to this new threat environment.

Spotlight

Webroot commissioned a study to gauge the prevalence of web-borne attacks, their consequences and how IT pros are responding. Among the results: the vast majority of companies surveyed experienced one or more types of web-borne attacks in 2012. The survey report also includes recommendations - such as deploying a secure web gateway - for responding to this new threat environment.

Related News

DATA SECURITY, PLATFORM SECURITY

mParticle announces new custom access roles API to enhance security of customer data

mParticle | October 10, 2022

mParticle, a leader in customer data infrastructure, announced today that it is introducing Custom Access Roles to its platform, extending its enterprise-grade controls to enhance security and simplify compliance. With customer data breaches in the news almost daily, there is a need for more robust data controls, especially for the world's largest brands. Modern security and compliance practices take a least privileged access approach to platform roles. To achieve true least privileged access, companies need to customize their roles to fit their business. Custom Access Roles give customers the flexibility to create unique roles tailored to the needs of not only marketers, developers, and product managers, but anyone in the company who works with customer data. Custom Access Roles limit the number of users that have privileged access, thereby protecting customer data. As teams set out to build their first-party data set, data protection becomes even more important. Not all users need access to all customer data, and admins need to be able to assign access based on the nuances of their business. With Custom Access Roles, mParticle customers can decide which permissions belong to which roles, ensuring that the right users have access to the right data. For example, a "Developer" role could have access to set up a new integration, but not to create audiences. An "Auditor" role could have access to view reporting, but not to edit reports. The mParticle Customer Data Platform (CDP) is the trusted customer data pipeline of the world's largest brands. It is the only CDP on the market with advanced security and privacy controls built for the compliance regulations enterprise organizations face. With over 300+ tested and trusted out-of-the-box integrations, infrastructure that spans the globe, and a solutions team with a proven track record of success. Custom Access Roles is another example of mParticle's focus on addressing enterprise-level challenges as they continue to evolve. About mParticle mParticle is an AI Customer Data Platform that powers the entire marketing stack with real-time customer data. Companies like NBCUniversal, JetBlue, Venmo, and Airbnb use mParticle to simplify their customer data infrastructure, maximize the value of their data, and accelerate growth at scale. Over the last year, the company has raised $150M in funding and acquired two startups, Vidora and Indicative. Founded in 2013, mParticle is headquartered in New York City with employees around the globe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Zapata Computing Earns Two New Patents for Post-Quantum Cybersecurity Threat Intelligence

Zapata Computing | December 06, 2022

Zapata Computing, the leading enterprise quantum software company, today announced that the company has earned two new patents for post-quantum cybersecurity techniques. The new patents are for its Variational Quantum Factoring (VQF) and Quantum-Assisted Defense Against Adversarial AI (QDAI) algorithms. With the addition of these patents, Zapata now owns one of the world’s largest quantum computing software patent portfolios. The company’s growing portfolio includes a diverse range of proprietary quantum algorithms, machine learning, optimization and hardware methods. VQF and QDAI In the Age of Post-Quantum Cybersecurity Threat Intelligence As the narrative regarding post-quantum cybersecurity continues to gain momentum across the security, intelligence and technology landscapes, VQF and QDAI underpin Zapata’s post-quantum cybersecurity threat intelligence solutions for its customers. VQF is a heuristic algorithm for cryptanalysis that can run on near-term quantum devices, quantum-inspired data structures, and other special purpose classical hardware. The hybrid quantum-classical algorithm was developed by Zapata’s technical experts and is a technique that demonstrates that an adversary can already start attempting to compromise existing encryption schemes using heuristic algorithms. A heuristic algorithm is designed to solve a problem faster than traditional methods by sacrificing accuracy or completeness for speed. This means that VQF is effective at identifying specific instances of the encryption vulnerability – helping enterprises shore up defenses in advance of an attack. “VQF introduces a new category of decryption possibilities that could arrive a lot sooner than the market expects. “We don’t need to wait for a fully fault-tolerant computer that can run Shor’s algorithm to see the threat. It’s not a sudden ‘one-day’ jump. VQF demonstrates that an adversary can try to compromise existing encryption schemes using heuristic algorithms that don’t have a mathematically provable guarantee they will compromise all instances. Using Shor’s algorithm, factoring a 2048-bit RSA number requires a quantum computer with millions of physical qubits running for hours. We estimate that VQF can factor a 2048-bit RSA number with approximately several thousand NISQ qubits in around the same amount of time.” Yudong Cao, CTO and co-founder of Zapata Computing QDAI is the first hybrid quantum-classical algorithm for defense against adversarial attacks. Machine learning (ML) classification models are prone to adversarial attacks. These attacks add a very small -- but carefully chosen -- variance to data that confuses the classifier, rendering results to be incorrect. Quantum computers provide a new method of attack against ML models that possess a uniquely quantum noise meant to confuse the model. QDAI trains ML models to be immune to these types of adversarial AI attacks. “Quantum computers have a high potential to exploit potential vulnerabilities of neural networks,” added Cao. “As threats accumulate and adversarial AI models get stronger, we must leverage the power of quantum and classical resources to successfully defend against these attacks. That’s exactly the reason we developed QDAI. As quantum computers grow, we may be able to switch to a fully quantum classifier, but in the meantime, there is potential for significant gains with the quantum-classical hybrid approach like QDAI.” “Zapata is consistently pushing the innovation envelope, developing new proprietary methods and technology that can benefit our customers and the ecosystem,” said Christopher Savoie, CEO of Zapata Computing. “These patents represent a growing focus and concern regarding the threat that quantum computers present to national security and global enterprises. We developed VQF and QDAI as proactive threat intelligence techniques in order to develop countermeasures so our enterprise and government customers can assess their systems and make them more robust against an attack. We anticipate that more vulnerabilities will emerge as quantum and AI technology mature, and we’ll continue to research and identify new threats down the road to try to stay a step ahead.” About Zapata Computing Zapata Computing, Inc. is a leading enterprise quantum software company. The Company’s Orquestra® platform supports the research, development, and deployment of quantum-ready applications® for enterprises’ most computationally complex problems. Zapata has pioneered new methods in ML, optimization, and simulation to maximize value from near-term quantum devices, and works closely with ecosystem hardware providers such as Amazon, D-Wave, Google, NVIDIA, Quantinuum, IBM, IonQ and Rigetti. Zapata was founded in 2017 and is headquartered in Boston, Massachusetts.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BeyondTrust Releases Cybersecurity Predictions for 2023 and Beyond

BeyondTrust | November 04, 2022

BeyondTrust, the leader in intelligent identity and access security today released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience. Prediction #1: Negative, Zero, and Positive Trust -- Next year, expect products to actually be “zero trust-ready", satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent (maybe not using such simple puns on the number zero). Some will provide positive zero trust authentication and behavioral monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs. Prediction #2: Camera-Based Malware is here. Say “Cheese”! -- In 2023, expect to see the first of many exploits that challenge smart cameras and the technology embedded within to leverage vulnerabilities. While there have been timeless discussions on the risks of using QR codes, we’re only now beginning to understand the risks from our smart cameras. As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation. Prediction #3: Reputation for Ransom—The rise of Ransom-Vaporware – We will see a rise in the extortion of monies based purely on the threat of publicizing a fictional breach. Society so willingly accepts the veracity of breaches reported in the news—and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself. Prediction #4: The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails -- Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organizations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies. Prediction #5: Cyber Un-insurability is the New Normal -- In 2023, more businesses will face the stark realization that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. The truth is, it’s becoming downright difficult to obtain quality cyber insurance at a reasonable rate. Prediction #6: The Latest Concert Hack: Wearable Risk Surfaces and Hackable E-Waste -- If you have recently attended a large concert, you may have received a disposable LED bracelet that can receive RF transmissions during the event. The device is meant to be low cost, disposable, and have potentially only single use. In 2023, expect threat actors to easily decode the RF transmissions using tools like Flipper Zero to wreak havoc on venues that use these enhancements. Some, may be to form a protest for some other purpose. Prediction #7: Compliance Conflicts are Brewing -- Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organizations embracing modern technology, zero trust, and digital transformation initiatives. Prediction #8: The Death of the Personal Password -- The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorize access. Prediction #9: De-Funding of Cyber Terrorists Becomes Law -- Governments all over the world will entertain a new approach to protect organizations from ransomware and stop the funding of terrorists: ban ransomware payouts outright. Granted, threat actors may move on to a new form of cyber crime to fund their operations, but ransomware as we know it will fade away. Prediction #10: Cloud Camouflage is Confronted -- To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications. Prediction #11: Social Engineering in the Cloud -- Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks leveled at employers and organizations across the cloud. Prediction #12: Unfederated Identities to Infinity and Beyond -- Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite—unless it is well-defined for identity management teams to provide access beyond what typically is available today. Prediction #13: OT Gets Smarter, Converges with IT -- Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation. Predictions #14: Headline Breaches Move to Second-Page News -- Expect news of breaches to be buried deeper—whether in print or online format based on audience fatigue, lack of interest, or just because it is no longer exciting. With that said, legal, regulatory, and compliance responses will become front-page news should an organization fail to follow the proper steps for public disclosure and risk mitigation. Prediction #15: A Record-“Breaching” Year -- Expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors, but also due to the larger changes in the world that will impact an organization's ability to mitigate, remediate, or prevent a problem. About BeyondTrust BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments. BeyondTrust protects all privileged identities, access, and endpoints across your IT environment from security threats, while creating a superior user experience and operational efficiencies. With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 75 of the Fortune 100, and a global partner network.

Read More