DATA SECURITY, PLATFORM SECURITY
mParticle | October 10, 2022
mParticle, a leader in customer data infrastructure, announced today that it is introducing Custom Access Roles to its platform, extending its enterprise-grade controls to enhance security and simplify compliance.
With customer data breaches in the news almost daily, there is a need for more robust data controls, especially for the world's largest brands. Modern security and compliance practices take a least privileged access approach to platform roles. To achieve true least privileged access, companies need to customize their roles to fit their business. Custom Access Roles give customers the flexibility to create unique roles tailored to the needs of not only marketers, developers, and product managers, but anyone in the company who works with customer data.
Custom Access Roles limit the number of users that have privileged access, thereby protecting customer data. As teams set out to build their first-party data set, data protection becomes even more important. Not all users need access to all customer data, and admins need to be able to assign access based on the nuances of their business. With Custom Access Roles, mParticle customers can decide which permissions belong to which roles, ensuring that the right users have access to the right data. For example, a "Developer" role could have access to set up a new integration, but not to create audiences. An "Auditor" role could have access to view reporting, but not to edit reports.
The mParticle Customer Data Platform (CDP) is the trusted customer data pipeline of the world's largest brands. It is the only CDP on the market with advanced security and privacy controls built for the compliance regulations enterprise organizations face. With over 300+ tested and trusted out-of-the-box integrations, infrastructure that spans the globe, and a solutions team with a proven track record of success. Custom Access Roles is another example of mParticle's focus on addressing enterprise-level challenges as they continue to evolve.
mParticle is an AI Customer Data Platform that powers the entire marketing stack with real-time customer data. Companies like NBCUniversal, JetBlue, Venmo, and Airbnb use mParticle to simplify their customer data infrastructure, maximize the value of their data, and accelerate growth at scale. Over the last year, the company has raised $150M in funding and acquired two startups, Vidora and Indicative. Founded in 2013, mParticle is headquartered in New York City with employees around the globe.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
BeyondTrust | November 04, 2022
BeyondTrust, the leader in intelligent identity and access security today released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.
Prediction #1: Negative, Zero, and Positive Trust -- Next year, expect products to actually be “zero trust-ready", satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent (maybe not using such simple puns on the number zero). Some will provide positive zero trust authentication and behavioral monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs.
Prediction #2: Camera-Based Malware is here. Say “Cheese”! -- In 2023, expect to see the first of many exploits that challenge smart cameras and the technology embedded within to leverage vulnerabilities. While there have been timeless discussions on the risks of using QR codes, we’re only now beginning to understand the risks from our smart cameras. As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation.
Prediction #3: Reputation for Ransom—The rise of Ransom-Vaporware – We will see a rise in the extortion of monies based purely on the threat of publicizing a fictional breach. Society so willingly accepts the veracity of breaches reported in the news—and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself.
Prediction #4: The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails -- Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organizations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies.
Prediction #5: Cyber Un-insurability is the New Normal -- In 2023, more businesses will face the stark realization that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. The truth is, it’s becoming downright difficult to obtain quality cyber insurance at a reasonable rate.
Prediction #6: The Latest Concert Hack: Wearable Risk Surfaces and Hackable E-Waste -- If you have recently attended a large concert, you may have received a disposable LED bracelet that can receive RF transmissions during the event. The device is meant to be low cost, disposable, and have potentially only single use. In 2023, expect threat actors to easily decode the RF transmissions using tools like Flipper Zero to wreak havoc on venues that use these enhancements. Some, may be to form a protest for some other purpose.
Prediction #7: Compliance Conflicts are Brewing -- Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organizations embracing modern technology, zero trust, and digital transformation initiatives.
Prediction #8: The Death of the Personal Password -- The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorize access.
Prediction #9: De-Funding of Cyber Terrorists Becomes Law -- Governments all over the world will entertain a new approach to protect organizations from ransomware and stop the funding of terrorists: ban ransomware payouts outright. Granted, threat actors may move on to a new form of cyber crime to fund their operations, but ransomware as we know it will fade away.
Prediction #10: Cloud Camouflage is Confronted -- To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications.
Prediction #11: Social Engineering in the Cloud -- Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks leveled at employers and organizations across the cloud.
Prediction #12: Unfederated Identities to Infinity and Beyond -- Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite—unless it is well-defined for identity management teams to provide access beyond what typically is available today.
Prediction #13: OT Gets Smarter, Converges with IT -- Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation.
Predictions #14: Headline Breaches Move to Second-Page News -- Expect news of breaches to be buried deeper—whether in print or online format based on audience fatigue, lack of interest, or just because it is no longer exciting. With that said, legal, regulatory, and compliance responses will become front-page news should an organization fail to follow the proper steps for public disclosure and risk mitigation.
Prediction #15: A Record-“Breaching” Year -- Expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors, but also due to the larger changes in the world that will impact an organization's ability to mitigate, remediate, or prevent a problem.
BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
BeyondTrust protects all privileged identities, access, and endpoints across your IT environment from security threats, while creating a superior user experience and operational efficiencies. With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 75 of the Fortune 100, and a global partner network.
Picus Security | November 10, 2022
Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the availability of its next-generation security validation technology. The new Picus Complete Security Validation Platform levels up the company's attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness.
"Picus helped create the attack simulation market, and now we're taking it to the next level, By pushing the boundaries of automated security validation and making it simpler to perform, our new platform enables organizations even without large in-house security teams to identify and address security gaps continuously."
-H. Alper Memis, Picus Security CEO and Co-Founder
The all-new-and-improved Picus platform extends Picus's capabilities beyond security control validation to provide a more holistic view of security risks inside and outside corporate networks. It consists of three individually licensable products:
Security Control Validation - simulates ransomware and other real-world cyber threats to help measure and optimize the effectiveness of security controls to prevent and detect attacks.
Attack Path Validation - assesses an organization's security posture from an 'assume breach' perspective by performing lateral movement and other evasive actions to identify high-risk attack paths to critical systems and users.
Detection Rule Validation - analyzes the health and performance of SIEM detection rules to ensure that SOC teams are reliably alerted to threats and can eliminate false positives.
A global cybersecurity workforce gap of 3.4 million professionals∗ means automated security validation is now essential to reduce manual workloads and help security teams respond to threats sooner. Recently, the US's Cybersecurity and Infrastructure Security Agency (CISA) and UK's National Cyber Security Centre (NCSC) published a joint advisory recommending organizations test their defenses continually and at scale against the latest techniques used by attackers.
Insights from point-in-time testing are quickly outdated and do not give security teams a complete view of their security posture, With the Picus platform, security teams benefit from actionable insights to optimize security effectiveness whenever new threats arise, not once a quarter. With our new capabilities, these insights are now deeper and cover even more aspects of organizations' controls and critical infrastructure,said Volkan Erturk, Picus Security CTO and Co-Founder.
About Picus Security
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Validation Platform is trusted by leading organizations worldwide to continuously validate security effectiveness and deliver actionable insights to strengthen resilience 24/7. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. Picus has been named a 'Cool Vendor' by Gartner and is cited by Frost & Sullivan as one of the most innovative players in the BAS market.