Home > News > featured news > Digital Growth Exposes Firms to Complexity and Threats

Digital Growth Exposes Firms to Complexity and Threats

Infosecurity Magazine | January 30, 2019

Digital transformation is exposing organizations to greater IT complexity and cyber-risk, according to new global research from Thales eSecurity. The security vendor polled 1200 execs with responsibility for IT and data security in nine countries around the world to compile its 2019 Thales Data Threat Report. It found that over a third (39%) class themselves as belonging to one of the two most advanced digital transformation categories defined by report author IDC. This means they’re either “aggressively disrupting” markets or embedding digital into the enterprise to become more agile. Nearly all (97%) admitted they will use sensitive data in these emerging technologies. This is a major risk, given that traditional corporate network perimeters are a thing of the past as more fluid cloud and mobile technologies dominate. It’s also a concern given that these new digital platforms can add greater complexity, according to the vendor. For example, 40% of firms polled are using multiple cloud platforms across SaaS, PaaS and IaaS models.

Spotlight

Agari Phishing Defense: Machine Learning Models

Traditional email security products struggle to detect email impersonation threats such as BEC and targeted phishing campaigns. These threats consistently bypass defenses that rely on signatures and policies like Secure Email Gateways and native-cloud email filters. This guide breaks down how Fortra’s Agari uses advanced data sc

More featured news

Spotlight

Agari Phishing Defense: Machine Learning Models

Traditional email security products struggle to detect email impersonation threats such as BEC and targeted phishing campaigns. These threats consistently bypass defenses that rely on signatures and policies like Secure Email Gateways and native-cloud email filters. This guide breaks down how Fortra’s Agari uses advanced data sc

Related News

Enterprise Security, Platform Security, Software Security

Jamf Teams With Google Cloud to Enable Collaborative, Mobile Workforces Through New Advanced Security and Management Workflows

Globenewswire | July 07, 2023

Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, announced three new integrations with Google Cloud, enabling and protecting mobile workforces that use Google and Apple. Encompassing Zero Trust, observability, and identity workflows, Jamf continues to provide unique value for Google Cloud users with Apple devices. Bringing Zero Trust to Life: Google Cloud’s BeyondCorp Enterprise Now Available for iOS and iPadOS Jamf’s integration with BeyondCorp now supports device compliance signals for iOS and iPadOS. The addition of Apple’s mobile platforms builds on last year’s release of the Jamf and Google Cloud’s BeyondCorp integration for macOS. Jamf is the first management platform to support Apple desktop and mobile devices in this Zero Trust framework. “Some of the world’s most successful organizations choose to empower their employees with Mac and iPhone, while taking advantage of Google Cloud’s speed, security and flexibility for Cloud applications,” said Sam Weiss, Alliance Partner Manager for Google at Jamf. “Now these modern companies that choose Apple hardware and Google Cloud software can more effectively secure and manage their mobile workforces.” Jamf’s extensive Apple device management and security capabilities allow the enforcement and monitoring of device compliance status. When integrated with BeyondCorp, admins can create context-aware access policies that include Jamf compliance status. This combination of device-based and user-based access controls allows organizations to define policies specific to their needs, ensuring all devices and users can access corporate data wherever they choose to work from. "We at Unibuddy are thrilled about the seamless integration between Jamf and Google Cloud's BeyondCorp, which aligns with our Zero Trust security model. This partnership will enable us to efficiently manage our macOS and iOS devices while enhancing our security posture and ensuring the privacy of our employees," said Rupen Valand, Global IT Manager at Unibuddy. "Strong security is important for university partners and employees because it helps protect sensitive data and build trust. By providing an extra layer of security for accessing company resources, this solution empowers our employees to work remotely with ease and confidence, unencumbered by security or privacy concerns. We're excited to implement this solution and unlock its full potential with our teams at Unibuddy." Elevating Security Operations: Google Cloud’s Chronicle Enhances Jamf Integration Security teams are more effective when they have complete visibility of events in their environment. Google Cloud’s Chronicle is a modern security operations suite that enables threat detection, investigation and response with speed, scale and precision. Chronicle SIEM’s default parsers for Jamf Pro and Jamf Protect now map even more Jamf data into Chronicle’s unified data model (UDM). Additionally, Chronicle’s new support for Webhooks means Jamf Protect can automatically send security alerts and events to Chronicle as they occur. Now, IT and security teams can more effectively collaborate on security event detection and prevention by aggregating Jamf’s Apple device telemetry in Chronicle. The Chronicle parsers for Jamf Pro, Jamf Protect and support for Webhook, are all available now. “Directly integrating Jamf Protect into Chronicle has been a big win for us,” said Mikail Tunç, Head Of Security at Algbra. “The extensive detail provided by Jamf Protect Telemetry logs has heightened our ability to identify and mitigate more threats than ever, while staying resilient to Apple OS updates. We look forward to contributing to the broader community by open-sourcing our Chronicle detection rules over Jamf Protect data.” Simplifying end-user protection: Jamf brings Google Cloud Identity support to Jamf Trust Jamf has extended Google Cloud Identity support to Jamf Trust and improved the user app for endpoint security. This enhancement brings a consistent single sign-on experience for users with their Identity credentials, enabling robust endpoint security without complex integrations or additional assistance from IT. “At Spendesk, we’re thrilled to have our native identity provider Google Cloud supported by the Jamf Trust app. This will allow us to speed up our Zero Trust adoption. It’s really great how Jamf supports Google Cloud-based organizations like Spendesk,” said Hakim Boukir, IT Manager at Spendesk. About Jamf Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. To learn more, visit www.jamf.com.

Read More

Enterprise Security, Platform Security, Software Security

Conceal Unveils MSP Community Program

Business Wire | August 01, 2023

Conceal, the leader in browser security for managed service providers, today announced the launch of its Conceal MSP Community Program. A significant highlight of this initiative is the offer of a free NFR license for Managed Service Providers (MSPs), demonstrating Conceal's commitment to strengthening its partnerships within the MSP community. Conceal continues to build on its significant traction within the MSP ecosystem, always responsive to partner feedback and striving to simplify and enhance the effectiveness of its deployment process. The Conceal MSP Community Program marks a new chapter in this ongoing dialogue, with the free NFR license aimed at enabling MSPs to fully experience and understand the power of the ConcealBrowse solution, thus facilitating its integration into their service offerings. “Our partnership with Conceal has empowered us to offer a comprehensive cybersecurity package that's second to none," declared Dave Thompson of TeamLogic IT of San Ramon, CA. "Their ConcealBrowse solution, with its cutting-edge isolation technology, has been instrumental in defending our clients against malware and ransomware. The fact that it can be easily integrated into our existing security offerings has enhanced the overall value we deliver to our clients. We're proud to work with a partner who shares our commitment to cybersecurity resilience.” Furthermore, Conceal recognizes the cybersecurity challenges small to mid-sized companies face, notably ransomware and credential theft. Through the Conceal MSP Community Program, MSPs will be in a stronger position to offer innovative solutions to these threats. ConcealBrowse can easily be integrated into existing security packages or function as a standalone solution for companies lacking protection, thereby increasing overall cybersecurity resilience within limited budgets. About Conceal Conceal’s primary offering, ConcealBrowse, harnesses a sophisticated intelligence engine that works at machine speed with near-zero latency. It dynamically and transparently pre-processes and analyzes code, migrating suspicious, unknown, and risky browser activity to a secure cloud-based isolation environment. Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform employs Zero Trust isolation technology to defend against sophisticated cyber threats. Globally, organizations of all sizes depend on Conceal to ensure their users and IT operations remain secure and isolated from potential attacks. For more information, visit https://conceal.io/. About TeamLogic IT TeamLogic IT is a national provider of advanced technology solutions for companies of all sizes. Local offices provide clients with the IT support they need to run their businesses more efficiently by leveraging the latest technology solutions, including managed IT services, cybersecurity, business continuity, cloud services, mobility solutions, unified communications, and consulting and support. With more than 150 independently owned and operated locations across North America, TeamLogic IT helps companies minimize downtime and improve productivity.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

Enterprise Security, Platform Security, Software Security

Jamf Teams With Google Cloud to Enable Collaborative, Mobile Workforces Through New Advanced Security and Management Workflows

Globenewswire | July 07, 2023

Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, announced three new integrations with Google Cloud, enabling and protecting mobile workforces that use Google and Apple. Encompassing Zero Trust, observability, and identity workflows, Jamf continues to provide unique value for Google Cloud users with Apple devices. Bringing Zero Trust to Life: Google Cloud’s BeyondCorp Enterprise Now Available for iOS and iPadOS Jamf’s integration with BeyondCorp now supports device compliance signals for iOS and iPadOS. The addition of Apple’s mobile platforms builds on last year’s release of the Jamf and Google Cloud’s BeyondCorp integration for macOS. Jamf is the first management platform to support Apple desktop and mobile devices in this Zero Trust framework. “Some of the world’s most successful organizations choose to empower their employees with Mac and iPhone, while taking advantage of Google Cloud’s speed, security and flexibility for Cloud applications,” said Sam Weiss, Alliance Partner Manager for Google at Jamf. “Now these modern companies that choose Apple hardware and Google Cloud software can more effectively secure and manage their mobile workforces.” Jamf’s extensive Apple device management and security capabilities allow the enforcement and monitoring of device compliance status. When integrated with BeyondCorp, admins can create context-aware access policies that include Jamf compliance status. This combination of device-based and user-based access controls allows organizations to define policies specific to their needs, ensuring all devices and users can access corporate data wherever they choose to work from. "We at Unibuddy are thrilled about the seamless integration between Jamf and Google Cloud's BeyondCorp, which aligns with our Zero Trust security model. This partnership will enable us to efficiently manage our macOS and iOS devices while enhancing our security posture and ensuring the privacy of our employees," said Rupen Valand, Global IT Manager at Unibuddy. "Strong security is important for university partners and employees because it helps protect sensitive data and build trust. By providing an extra layer of security for accessing company resources, this solution empowers our employees to work remotely with ease and confidence, unencumbered by security or privacy concerns. We're excited to implement this solution and unlock its full potential with our teams at Unibuddy." Elevating Security Operations: Google Cloud’s Chronicle Enhances Jamf Integration Security teams are more effective when they have complete visibility of events in their environment. Google Cloud’s Chronicle is a modern security operations suite that enables threat detection, investigation and response with speed, scale and precision. Chronicle SIEM’s default parsers for Jamf Pro and Jamf Protect now map even more Jamf data into Chronicle’s unified data model (UDM). Additionally, Chronicle’s new support for Webhooks means Jamf Protect can automatically send security alerts and events to Chronicle as they occur. Now, IT and security teams can more effectively collaborate on security event detection and prevention by aggregating Jamf’s Apple device telemetry in Chronicle. The Chronicle parsers for Jamf Pro, Jamf Protect and support for Webhook, are all available now. “Directly integrating Jamf Protect into Chronicle has been a big win for us,” said Mikail Tunç, Head Of Security at Algbra. “The extensive detail provided by Jamf Protect Telemetry logs has heightened our ability to identify and mitigate more threats than ever, while staying resilient to Apple OS updates. We look forward to contributing to the broader community by open-sourcing our Chronicle detection rules over Jamf Protect data.” Simplifying end-user protection: Jamf brings Google Cloud Identity support to Jamf Trust Jamf has extended Google Cloud Identity support to Jamf Trust and improved the user app for endpoint security. This enhancement brings a consistent single sign-on experience for users with their Identity credentials, enabling robust endpoint security without complex integrations or additional assistance from IT. “At Spendesk, we’re thrilled to have our native identity provider Google Cloud supported by the Jamf Trust app. This will allow us to speed up our Zero Trust adoption. It’s really great how Jamf supports Google Cloud-based organizations like Spendesk,” said Hakim Boukir, IT Manager at Spendesk. About Jamf Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. To learn more, visit www.jamf.com.

Read More

Enterprise Security, Platform Security, Software Security

Conceal Unveils MSP Community Program

Business Wire | August 01, 2023

Conceal, the leader in browser security for managed service providers, today announced the launch of its Conceal MSP Community Program. A significant highlight of this initiative is the offer of a free NFR license for Managed Service Providers (MSPs), demonstrating Conceal's commitment to strengthening its partnerships within the MSP community. Conceal continues to build on its significant traction within the MSP ecosystem, always responsive to partner feedback and striving to simplify and enhance the effectiveness of its deployment process. The Conceal MSP Community Program marks a new chapter in this ongoing dialogue, with the free NFR license aimed at enabling MSPs to fully experience and understand the power of the ConcealBrowse solution, thus facilitating its integration into their service offerings. “Our partnership with Conceal has empowered us to offer a comprehensive cybersecurity package that's second to none," declared Dave Thompson of TeamLogic IT of San Ramon, CA. "Their ConcealBrowse solution, with its cutting-edge isolation technology, has been instrumental in defending our clients against malware and ransomware. The fact that it can be easily integrated into our existing security offerings has enhanced the overall value we deliver to our clients. We're proud to work with a partner who shares our commitment to cybersecurity resilience.” Furthermore, Conceal recognizes the cybersecurity challenges small to mid-sized companies face, notably ransomware and credential theft. Through the Conceal MSP Community Program, MSPs will be in a stronger position to offer innovative solutions to these threats. ConcealBrowse can easily be integrated into existing security packages or function as a standalone solution for companies lacking protection, thereby increasing overall cybersecurity resilience within limited budgets. About Conceal Conceal’s primary offering, ConcealBrowse, harnesses a sophisticated intelligence engine that works at machine speed with near-zero latency. It dynamically and transparently pre-processes and analyzes code, migrating suspicious, unknown, and risky browser activity to a secure cloud-based isolation environment. Conceal enables organizations to protect users from malware and ransomware at the edge. The Conceal Platform employs Zero Trust isolation technology to defend against sophisticated cyber threats. Globally, organizations of all sizes depend on Conceal to ensure their users and IT operations remain secure and isolated from potential attacks. For more information, visit https://conceal.io/. About TeamLogic IT TeamLogic IT is a national provider of advanced technology solutions for companies of all sizes. Local offices provide clients with the IT support they need to run their businesses more efficiently by leveraging the latest technology solutions, including managed IT services, cybersecurity, business continuity, cloud services, mobility solutions, unified communications, and consulting and support. With more than 150 independently owned and operated locations across North America, TeamLogic IT helps companies minimize downtime and improve productivity.

Read More

Enterprise Security, Platform Security, Software Security

Contrast Security Releases Assess Feature for LLMs to Protect Against AI Security Threats

PR Newswire | August 07, 2023

Contrast Security (Contrast), the code security platform built for developers and trusted by security, today announced it will extend its market-leading application security testing (AST) platform to support testing of Large Language Models (LLMs) from OpenAI. In this first release, Contrast rules help teams that are developing software using the OpenAI application programming interface (API) set to identify and mitigate weaknesses that could expose an organization to prompt injection vulnerabilities: i.e., attacks involving injection of a prompt that deceives the application into executing unauthorized code. Prompt injection was identified as the top risk for LLM applications by the just-released OWASP 10 Top for Large Language Model Applications project. Contrast has continued to support OWASP's mission to improve Application Security (AppSec): In fact, Contrast's Chief Product Officer Steve Wilson led the 400-person volunteer team that created the OWASP Top 10 for LLMs. "As project lead for the new OWASP Top 10 for LLMs, I can say our group looked deeply at many attack vectors against LLMs. Prompt Injection repeatedly rose to the top of the list in our expert group voting for the most important vulnerability," said Wilson. "Contrast is the first security solution to respond to this new industry standard list by delivering this capability. Organizations can now identify susceptible data flows to their LLMs, providing security with the visibility needed to identify risks and prevent unintended exposure." According to the OWASP Top 10 for LLMs, a prompt injection vulnerability allows an attacker to craft inputs that can manipulate the operation of a trusted LLM. This results in the LLM acting as a "confused deputy" on behalf of the attacker. Given the high degree of trust usually associated with an LLM's output, the manipulated responses may go unnoticed and may even be trusted by the user, allowing the attack to potentially poison search results, deliver incorrect or malicious responses, produce malicious code, circumvent content filters, or to leak sensitive data. Prompt injections can be introduced via various avenues, including websites, emails, documents or any other data source that an LLM might rely on. Contrast is ideal for identifying all types of injection accurately, including this new form of AI prompt injection. Contrast uses runtime security to monitor actual application behavior and detect vulnerabilities, rather than scanning source code or simulating attacks. This approach is fast, easy and highly accurate, ensuring that developers are instantly notified of issues and provided all the information they need to correct problems. User input sent through OpenAI's official Python API to an LLM in a Python agent-instrumented application triggers the prompt injection rule. About Contrast Security Contrast is a world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete Software Development Life Cycle (SDLC) with Contrast to protect against today's targeted AppSec attacks. Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of Common Vulnerabilities and Exposures (CVEs). This allows security teams to avoid spending time focusing on false positives, leaving them more time to remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance. Contrast protects against major cybersecurity attacks for its customer base, which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, Sompo Japan and the American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM, GuidePoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers. The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists, including the Inc. 5000 List of America's Fastest-Growing Companies and the Deloitte Technology Fast 500 List of fastest-growing companies.

Read More

More featured news