ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 08, 2023
Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password.
As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults.
By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information.
“Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.”
By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane.
Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables:
Faster device setup flow using a registered device
The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device
The ability to regain access to an account with a recovery key, in the event of a total device loss
Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication.
New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub.
About Dashlane
Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.
Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
PRWeb | May 23, 2023
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the launch of its new QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organizations in identifying users that are most susceptible to scanning malicious QR codes.
Many organizations are aware of the typical social engineering techniques used by bad actors such as phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. However, bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks.
QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones. According to QRTIGER, an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.
The malicious links in QR Codes take users to risky websites, execute malware or ransomware on their devices or steal information. In fact, last year the FBI released a warning that QR codes may be tampered with by cybercriminals to direct victims to malicious sites. This is also sometimes referred to as QRLjacking.
KnowBe4’s new QR Code PST helps manage the threat of malicious QR codes by identifying users who may scan these codes and expose an organization to vulnerabilities that have the potential to cause significant downtime and security breach risks. The new, complementary tool is available for immediate use for up to 100 users in 35 languages with additional feature options. Additionally, after being used the tool calculates an organization’s Phish-prone™ Percentage (PPP) — the number of end users who are prone to being phished.
“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code,” said Stu Sjouwerman, CEO, KnowBe4. “As bad actors diversify their social engineering techniques, it is imperative that organizations educate their employees on the potential danger of QR codes. KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organization is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organization’s security culture and encourages a healthy level of skepticism.”
To begin using the new, complementary QR Phishing Security Test, visit: https://info.knowbe4.com/qr-code-phishing-security-test.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 60,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | April 25, 2023
Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne (NYSE: S), a global leader in autonomous security and pioneer in deep learning models and neural networks, plans to use the same technologies to defeat them. The company today unveiled a revolutionary threat-hunting platform that integrates multiple layers of AI technology to deliver unparalleled security capabilities and real-time, autonomous response to attacks across the entire enterprise. The news was announced during RSA Conference 2023, the premier cybersecurity event being held at the Moscone Center in San Francisco.
“Today marks a paradigm shift in cybersecurity,” said Tomer Weingarten, CEO, SentinelOne. “AI is among the most disruptive technologies of our time, and with our new capabilities, we can unleash its power to help companies control all aspects of enterprise security - from visibility to response - with unmatched speed and efficiency.”
A first-of-its-kind offering, the SentinelOne threat-hunting platform seamlessly fuses real-time, embedded neural networks and a large language model (LLM)-based natural language interface, supercharging users with AI to monitor and operate all security data and boost their productivity and scale their operations. Through the platform, security teams can ask complex threat and adversary-hunting questions and run operational commands to manage their entire enterprise environment using natural language, and within seconds receive deep insights and full, transparent, correlated results to prompt actions across the cybersecurity ecosystem.
An Intelligent, Action-Oriented Approach
Built on the industry’s most performant security data lake, the SentinelOne threat-hunting platform aggregates and correlates information from device and log telemetry across endpoint, cloud, network and user data, and not only delivers insights, but recommends response actions that can be immediately executed - from mitigation and investigation to endpoint, cloud and user management.
“Our cybersecurity AI platform represents a major leap forward in cybersecurity,” said Ric Smith, Chief Product and Technology Officer, SentinelOne. “By allowing users to automate response and take action without the need for coding skills and process and analyze petabytes of data in near-real time, it promises to radically simplify security operations and empower defenders in unprecedented and unforeseen ways.”
The Future of Cybersecurity
The SentinelOne platform will also allow users to lay a solid foundation for the future and secure tomorrow, today.
“Bad actors are increasingly employing AI-based, automated tools to infiltrate all facets of networks with unprecedented speed,” Weingarten said. “With our unmatched experience and capabilities, organizations can quickly scale their cybersecurity operations to stay ahead of these evolving threats and create a strong structural foundation for cybersecurity defenses for years to come.”
A Force for Good
And they can do it in a responsible, ethical way. “At SentinelOne, our mission is to be a force for good, and our unwavering commitment to ensuring that our cutting-edge technologies are used safely, ethically and responsibly is evident in every aspect of our platform,” Weingarten said. “There is a huge shortage of cybersecurity talent, and in advancing the capabilities of skilled security practitioners, our new capabilities will allow organizations to quickly scale to secure the cloud and avoid the storm of automated and fast-flux attacks that adversaries using generative AI can create. In addition, we allow customers to retain complete control of their data, reinforcing our dedication to keeping sensitive information in the hands of its rightful owners.”
The new capabilities will be delivered as part of SentinelOne’s threat-hunting experience and are available in limited preview today. For more information, please visit www.sentinelone.com.
About SentinelOne
SentinelOne is a leader in autonomous cybersecurity and a Forbes AI 50 company. SentinelOne Singularity™ is a cybersecurity AI platform that detects, prevents, and responds to cyber attacks at machine speed, empowering organizations to secure endpoints, cloud workloads, containers, identities, and mobile and network-connected devices with speed, accuracy and simplicity. The SentinelOne Singularity™ Platform is powered by DataSet™, an AI-enabled data lake technology. Over 10,000 customers, including hundreds of the Global 2000, prominent governments, healthcare providers, and educational institutions, trust SentinelOne to secure the future today. To learn more, visit www.sentinelone.com.
Any unreleased products, services or solutions referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase SentinelOne products, services and solutions should make their purchase decisions based upon offerings that are currently available.
“Safe harbor” statement under the Private Securities Litigation Reform Act of 1995: This press release contains forward-looking statements. The achievement or success of the matters covered by such forward-looking statements involve risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, our results could differ materially from the results expressed or implied by the forward-looking statements.
The risks and uncertainties referred to above include - but are not limited to – risks associated with our limited operating history; intense competition; fluctuations in our operating results; network or security incidents against us; our ability to successfully integrate acquisitions and strategic investments; defects, errors or vulnerabilities in our platform; risks associated with managing our rapid growth; general market, political, economic, and business conditions; our ability to attract and retain new and existing customers, or renew and expand our relationships with them; the ability of our platform to effectively interoperate within our customers’ IT infrastructure; disruptions or other business interruptions that affect the availability of our platform; the failure to timely develop and achieve market acceptance of new products and services as well as existing products, services and support offerings; and rapidly evolving technological developments in the market for security products, services and support offerings.
Additional risks and uncertainties that could affect SentinelOne’s financial results are included in under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” set forth in our filings and reports with the Securities and Exchange Commission (“SEC”), including our most recently filed Annual Report on form 10-K, subsequent Quarterly Reports on Form 10-Q and other filings and reports we may file from time to time with the SEC, copies of which are available on our website at investors.sentinelone.com and on the SEC’s website at www.sec.gov.
SentinelOne, Inc. assumes no obligation and does not intend to update these forward-looking statements, except as required by law.
Read More