IT Security Leaders Engage in Risky Security, Password Habits

Helathitsecurity | February 25, 2020

IT security practitioners routinely engage in risky password and authentication practices. And there’s a misalignment between expectations and reality when it comes to the implementation of usable security tools, according to a recent report from Yubico and conducted by the Ponemon Institute. Researchers surveyed 2,507 global IT and IT security leaders, as well as 563 individual users. They found that while most IT leaders have strong awareness of best practice authentication and password management, those tools and skills are often not put into action due to inconvenience or usability issues. In fact, individual users were found to have better security practices than the IT leaders. The report found that of the 35 percent of users who reported experiencing an account takeover, 76 percent changed how they managed their account passwords or protected their accounts.

Spotlight

Traditional stateful packet inspection firewalls focus on blocking network layer threats by evaluating the ports and protocols used by network layer traffic. The latest Next-Generation Firewalls utilize deep packet inspection to scan the entire packet payload to provide advanced intrusion prevention, antimalware, content filtering and anti-spam.

Spotlight

Traditional stateful packet inspection firewalls focus on blocking network layer threats by evaluating the ports and protocols used by network layer traffic. The latest Next-Generation Firewalls utilize deep packet inspection to scan the entire packet payload to provide advanced intrusion prevention, antimalware, content filtering and anti-spam.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Copado Launches New DevSecOps Training Module to Make Releases Faster and More Secure

Copado | September 01, 2022

Copado, the global leader in low-code DevOps, today announced it launched a new DevSecOps training module to help make software releases faster and more secure. The new module is available in the Copado Community, where its 55,000 members can learn, connect and grow their careers. Copado has already trained more than 35,000 DevOps specialists and certified more than 20,000 DevOps professionals with a goal to train 15,000 more by the end of 2022. Research has shown that 70% of development teams lack the knowledge and skills needed to implement DevSecOps best practices. "Without DevSecOps best practices, software releases can be plagued with quality and security issues, costing more time and money post-production to correct them. "To address this growing need for DevSecOps skill sets, Copado is offering self-paced online training to upskill DevOps professionals, administrators, developers and architects. Our community can help jumpstart a new career path or level up your current path by unlocking your full potential." Pat McQueen, Senior Vice President of Customer Success & Global Services at Copado The DevSecOps module is designed to help make release cycles shorter, more secure and resilient. It explains how to integrate compliance, security and testing in a DevOps pipeline in order to avoid cybersecurity architects manually maintaining the security consoles and additional configurations in the application. It highlights the importance of security and compliance for an organization, identifies DevSecOps best practices, and explains how to build a successful DevSecOps strategy and culture. Copado also joined industry leaders Accenture, Broadcom, IBM and others in the new OASIS Open Value Stream Management (VSM) Interoperability Technical Committee. The group will develop new interoperability standards to enable VSM data sharing across platforms. "DevOps and DevSecOps are extremely fractured markets when it comes to tools: there are literally thousands of products that are involved in building resilient pipelines," said Daniel Riedel, Senior Vice President of Strategic Services for Copado. "As the industry matures, value stream management will help bring observability to the process. Creating an interoperability standard now will ensure that organizations can rely on cohesiveness in tool integration. Interoperability will provide the transparency to ensure a stronger, more resilient infrastructure for customers and employees." About Copado Copado is the leading DevOps and testing solution for low-code SaaS platforms that run the world's largest digital transformations. Backed by Insight Partners, Salesforce Ventures and SoftBank Vision Fund, Copado accelerates multi-cloud, enterprise deployments by automating the end-to-end software delivery process to maximize customers' return on their cloud investment. More than 1,000 companies rely on Copado to drive digital transformation with speed, quality and value including Boston Scientific, Coca-Cola, Fair Trade, Linde, MassMutual, Schneider Electric and Shell. Copado processes over 50 million DevOps transactions per month and is rated with a 100% score on the Salesforce AppExchange.

Read More

PLATFORM SECURITY

Cerberus Sentinel completes acquisition of CyberViking

Cerberus Sentinel | July 07, 2022

Cerberus Cyber Sentinel Corporation (NASDAQ: CISO), a cybersecurity consulting and managed services firm based in Scottsdale, Ariz., announced that it has completed the acquisition of CyberViking, a cybersecurity company based in Georgia and Oregon. Upon the closing of the transaction, CyberViking became a wholly owned subsidiary of Cerberus Sentinel. CyberViking founder and cyber lead for the company is Carric Dooley. CyberViking specializes in application security services, incident response and threat hunting, and the creation and management of security operations centers. They have advised many Fortune 100 companies worldwide. "With the addition of CyberViking, we take a next step in expanding our international reach as well as broadening our expertise for our cybersecurity healthcare and industrial controls systems customers. "Carric is an innovative thinker who is well respected by customers for solving and preparing for challenging cybersecurity threats. The team is the very embodiment of our commitment to a culture of security." David Jemmett, founder and CEO, Cerberus Sentinel "We are looking forward to helping shape a global strategy for incident response, as well as driving new capabilities in application security," said Dooley. "We believe in the development of the cybersecurity community and have actively participated as trainers and presenters at global conferences. Our two organizations share a vision in helping our customers rise above the cybersecurity challenges inherent in threats today and in the future, and to get them to a place where they can concentrate on growing their business." About Cerberus Sentinel Cerberus Sentinel is an industry leader in Managed Cybersecurity and Compliance (MCCP) services with its exclusive MCCP+ managed compliance and cybersecurity services plus culture program. The company is rapidly expanding by acquiring world-class cybersecurity, secured managed services, and compliance companies with top-tier talent that utilize the latest technology to create innovative solutions to protect the most demanding businesses and government organizations against continuing and emerging security threats and compliance obligations.

Read More

SECURITY AUDIT AND COMPLIANCE

Balbix Announces New Integrations with ServiceNow to Further Automate and Improve Cyber Risk Quantification

Balbix | August 09, 2022

Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital workflow company. As a result of the integrations, customers can automatically augment cyber risk data with business context and integrate remediation efforts with their existing security and IT workflows. CISOs can eliminate thousands of hours from the time required to operationalize cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business. The integration with ServiceNow's configuration management database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars. Data is automatically deduplicated, correlated and inferenced to drastically reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, with the integration businesses can now: Measure and report on the dollar amount of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions). Quantify the dollar amount of risk related to externally facing assets, internal assets, assets that the IT department manages, and assets not managed by the IT department. "Historically, Fortune 500 companies would spend thousands of hours of manual labor mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making, Our integration with the ServiceNow CMDB, has enabled us to sharply reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response." Chris Griffith, chief product officer at Balbix. Businesses are struggling to report concrete CRQ results with 62% indicating they cannot calculate their breach risk in monetary terms, according to Balbix's own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated they lack continuous visibility into asset inventories making it difficult to correlate risk with business context, and instead relying on siloed tools, manual workflows, and qualitative analysis to quantify the exposure. "Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it, These integrations address the growing needs CISOs have to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to remediate their riskiest vulnerabilities faster." Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. In addition to automating advanced CRQ capabilities, the integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create ServiceNow remediation tickets from within Balbix. This enables security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Moreover, security analysts can create tickets to remediate a vulnerability for a single impacted asset or for a group of assets to specify remediation tasks more efficiently and reduce the mean time to remediate (MTTR) risk issues. About Balbix Balbix enables organizations to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. The Balbix Security Cloud™ platform ingests data from organizations' security and IT tools to understand every aspect of their cybersecurity posture, build a unified cyber risk model and then provide actionable insights for risk reduction. With Balbix, enterprises can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions. A rapidly growing set of Fortune 500 companies trust Balbix as the "brain" of their infosec programs and are realizing the benefits of maximally automated workflows and measurably lower cyber risk. Balbix was ranked #32 on the 2021 Deloitte Fast 500 North America, and has been recognized for innovation by Gartner.

Read More