ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
PRWeb | May 23, 2023
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the launch of its new QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organizations in identifying users that are most susceptible to scanning malicious QR codes.
Many organizations are aware of the typical social engineering techniques used by bad actors such as phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. However, bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks.
QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones. According to QRTIGER, an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.
The malicious links in QR Codes take users to risky websites, execute malware or ransomware on their devices or steal information. In fact, last year the FBI released a warning that QR codes may be tampered with by cybercriminals to direct victims to malicious sites. This is also sometimes referred to as QRLjacking.
KnowBe4’s new QR Code PST helps manage the threat of malicious QR codes by identifying users who may scan these codes and expose an organization to vulnerabilities that have the potential to cause significant downtime and security breach risks. The new, complementary tool is available for immediate use for up to 100 users in 35 languages with additional feature options. Additionally, after being used the tool calculates an organization’s Phish-prone™ Percentage (PPP) — the number of end users who are prone to being phished.
“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code,” said Stu Sjouwerman, CEO, KnowBe4. “As bad actors diversify their social engineering techniques, it is imperative that organizations educate their employees on the potential danger of QR codes. KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organization is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organization’s security culture and encourages a healthy level of skepticism.”
To begin using the new, complementary QR Phishing Security Test, visit: https://info.knowbe4.com/qr-code-phishing-security-test.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 60,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 10, 2023
CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced enhancements to its CyberArk Identity Flows orchestration solution, including new integrations with Gurucul, Proofpoint and SentinelOne. Part of the CyberArk Identity Security Platform, CyberArk Identity Flows automates risk response tasks and processes through no-code app integrations and workflows, and improves response times, efficiency and productivity.
CyberArk Identity Flows includes a user-friendly workflow builder with powerful integration and orchestration capabilities for identity-related business processes, data management and security event responses.
New features enable organizations to orchestrate complex responses to a potential threat or security event and act on the valuable data provided by threat monitoring and alerting systems. For example, when a security alert is triggered due to continued failed login attempts, users can be automatically moved into a “risky persons” group to restrict access to specific resources. This feature can also automatically notify relevant parties of the risk, create IT tickets, or take other actions based on security policies.
The new technology integrations, available on CyberArk Marketplace, expand these capabilities to work with the industry’s leading threat detection systems, including:
Gurucul Security Analytics and Operations Platform – detects threats and provides analytics-driven risk scoring to quickly identify and prioritize new, emerging and unknown threats. CyberArk Identity Flows can gather the risk score from Gurucul and orchestrate appropriate responses and actions to reduce the manual effort associated with threat investigation and remediation while securing the associated identity(s).
Proofpoint Targeted Attack Protection (TAP) – detects email threats and assigns a level of risk to individuals with a Very Attacked People (VAP) feature. CyberArk Identity Flows can utilize the insights provided by Proofpoint to orchestrate appropriate responses such as moving identities into different groups to change access permissions, change an authentication policy, send alerts, post notifications or create IT tickets.
SentinelOne Singularity Platform – detects and hunts for threats across user endpoints, containers, cloud workloads and IoT devices. When risks are detected, CyberArk Identity Flows leverages that context to make decisions within workflow actions that need to take place across the identity infrastructure.
With CyberArk Identity Flows, workflows can be built in minutes through a user-friendly visual editor and thousands of pre-built connectors to more than 700 applications. CyberArk Identity Flows now also integrates with CyberArk Identity Security Intelligence, a shared service of the CyberArk Identity Security Platform that leverages user behavior analytics to detect and remediate anomalous and risky activity by employees. When high-risk behavior is detected, CyberArk Identity Flows is used to orchestrate response actions to reduce response times to attacks to minimize risk.
“Flexible automation and orchestration are critical to a proactive Identity Security program and vital to improving the security posture of our clients. That’s why we’ve been so focused on delivering new CyberArk Identity Flows innovations,” said Peretz Regev, chief product officer at CyberArk. “With these enhancements and integrations, we make it simple for organizations to use CyberArk Identity Flows to reduce IT overhead, accelerate service agility and strengthen their overall security, ultimately improving operational efficiencies.”
CyberArk Identity Flows can be purchased as a standalone solution, or as part of the CyberArk Identity Security Platform. CyberArk applies intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With the CyberArk Identity Security Platform, organizations can enable Zero Trust and least privilege with complete visibility, enabling every identity to securely access any resource, located anywhere, from everywhere.
To learn more, please register for “Better Security with Threat Response Automation,” a webinar taking place on May 18, 2023 or visit https://www.cyberark.com/products/identity-flows/.
CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
Businesswire | May 12, 2023
Vanta, a leading trust management platform, announced today that it has expanded its partnership with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, with a new integration that improves compliance and security operations for organizations of all sizes. Vanta also announced three new strategic investors in their previously announced Series B — Atlassian Ventures, HubSpot Ventures and Workday Ventures.
The new integration builds on an existing partnership between Vanta and CrowdStrike. In September 2022, the companies announced that CrowdStrike had made an investment in Vanta via the CrowdStrike Falcon Fund. That investment, along with the newly announced investments today by Atlassian Ventures, HubSpot Ventures and Workday Ventures, not only enable Vanta to continue growing its go-to-market, R&D and global expansion efforts, but provide valuable partnership opportunities via aligned customer and partner bases and industry-leading product innovation.
“As the market’s leading trust management platform, we’re excited to build on our industry-first partnership with CrowdStrike, bringing together our pioneering technologies to automate compliance securely across organizations—from small and midsize businesses to enterprise environments,” said Christina Cacioppo, CEO, Vanta. “As we transform the way companies demonstrate their security, and ultimately, establish and deepen trust, we’re thrilled to welcome new investments by Atlassian Ventures, HubSpot Ventures and Workday Ventures as we work to simplify and centralize security for our 5,000 global customers and beyond."
With cybersecurity threats continuing to increase in volume and complexity, it’s more critical than ever for organizations to prioritize their security posture and build trust with internal and external stakeholders alike. By leveraging the CrowdStrike Falcon® platform, Vanta customers gain visibility into employee agent deployment, allowing them to seamlessly configure and manage cloud monitoring to ensure internal policies are being upheld.
The integration with CrowdStrike increases automation for compliance security operations at scale within Vanta, empowering customers to:
Improve security posture by actively monitoring the status of corporate employee access to the Falcon platform, as well as mitigate potential misuse and insider threats by removing access for offboarded users.
Eliminate security blindspots with additional visibility into CrowdStrike agent installation coverage across relevant endpoints, and workloads for comprehensive protection and control.
Meet compliance standards by certifying CrowdStrike prevention policies by actively performing the relevant checks on the required devices and cloud workloads within the Vanta platform.
"Cybersecurity and compliance are both on similar trajectories of increasing complexity," said Daniel Bernard, Chief Business Officer, CrowdStrike. "Together with Vanta, CrowdStrike is automating continuous security and compliance so organizations of all sizes can elevate protection levels in an efficient manner."
Over the past year, Vanta has nearly doubled its customer base to serve over 5,000 companies across 58 countries, while expanding its global footprint with offices in Australia, Ireland and the U.S. In January, Vanta announced its acquisition of Trustpage to accelerate its enterprise momentum and transform trust into a marketable advantage for companies around the world.
“Developing trust and providing companies with solutions to support them as they grow is essential to our mission to help organizations grow better. Vanta enables companies to strengthen trust with customers by improving security and compliance management, making them a natural partner to HubSpot,” said Eric Richard, CISO and SVP of Engineering Operations, HubSpot. “I’m looking forward to the work Vanta and HubSpot will do together to create more secure digital experiences for companies and their customers.”
To meet demand from its rapidly expanding customer base, in Q1 alone, Vanta added over 50 new integrations, for a total of 125+ across the most essential cloud applications in a company's tech stack. With Vanta’s recently launched Vendor Risk Management (VRM) solution and Questionnaire Automation, customers can evaluate security in the buying process while closing their own deals faster — all in a single platform.
“Teams work in a more connected and collaborative nature than ever before. But with more apps and entry points in every organization’s tech stack, the companies of tomorrow need to ensure they’re secure today,” said Peter Lenke, Head of Atlassian Ventures. “We’re excited to invest in and partner with Vanta as they enable security teams to significantly reduce vendor risk by quickly inventorying vendors, performing security reviews, and remediating issues — all in the same platform they use for security and compliance today. Vanta closes the loop on the security lifecycle from start to finish. With our shared commitment to reimagine and deliver a more secure cloud, we couldn’t be more thrilled to join Vanta in its next phase of growth.”
In addition to its product and partnership acceleration in 2023, Vanta’s innovation has been recognized across a range of rankings and awards including securing the #17 spot in CNBC’s Disruptor 50, Inc’s Best Workplaces and the Fastest Growing Cybersecurity Company by the Cybersecurity Excellence Awards.
“The investment in Vanta reflects our commitment to intelligent automation and sophisticated technology that helps organizations navigate an ever-changing world,” said Michael Magaro, Senior Vice President of Corporate Growth, Workday Ventures. “As the strategic capital arm of Workday, trust and transparency are values that are ingrained in everything we do at Workday Ventures. Vanta is well-positioned to evolve the rapidly changing trust and security industry, and we look forward to partnering with them as they continue their journey to safeguard organizations and consumers everywhere.”
In 2022, Vanta raised $150 million in funding from leading investors Craft Ventures, Sequoia and Y Combinator and security industry pioneers like CrowdStrike, bringing the company’s total amount raised to $203 million at a $1.65 billion valuation.
Vanta is the leading trust management platform that helps simplify and centralize security for organizations of all sizes. Over 5,000 companies including Autodesk, Chili Piper, Flo Health, and Quora rely on Vanta to build, maintain and demonstrate their trust—all in a way that's real-time and transparent. Founded in 2018, Vanta has customers in 58 countries with offices in Dublin, New York, San Francisco and Sydney. For more information, visit www.vanta.com.