No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks.

People still write passwords down in notebooks and post-it notes.

MEDIA 7: With 17 years of experience in cybersecurity and research, what was the inspiration behind founding Jenny?
TINESH CHHAYA:
The real inspiration came from wanting to support users from within the cyber market, and outside of it, to help them make trusted and informed decisions on cyber security providers before they are bought, invested, or partnered with these companies. I wanted to build trust between users and suppliers, provide assurance and also have clarity on the information provided by the suppliers. Jenny is able to provide this, and with speed.


M7: You are four weeks away from launching Jenny V.2! Could you please shed some light on some of the latest developments on this SaaS Cyber Business Intelligence Platform?
TC:
Jenny V.1 focused on the marketing information provided by the vendor and only that. Jenny 2.0 re-enters into the market as a Cyber Business Intelligence Platform that offers a complete 360° view of security suppliers such as information on financials, the security posture of the supplier including Threat Intelligence, Third-party Risk assurance, employee information, third party review taken from global review companies, all supplier social media content and dive deep into the company collecting over 30 data points on the company, therefore providing a complete view on that supplier and allowing trust to be built easier with users.


Read More: Shaun Clark of HighLevel believes in pairing Artificial Intelligence with People Engagement


From a cyber perspective, the industry needs to ensure that the movement of digital information is regulated and monitored, protection is put in place for unauthorized access, which in turn would allow for confidentiality.



M7: How does Jenny help businesses find cybersecurity products and services that are right for them?
TC:
Jenny is like a search engine for information on security vendors. As we gather, organize, and categorize with supervised machine learning capabilities, Jenny enriches vendor information with critical profile data in near real-time. Our library science approach makes searching and analyzing vendors and service providers easier, and more natural. There is also human involvement whereby we contact the suppliers and further validate the information that Jenny has found along with asking them to furnish us with relevant information via an onboarding process.


M7: With a growing need for digital transformations, what are some of the biggest cybersecurity risks plaguing the industry?
TC:
From a cyber perspective, the industry needs to ensure that the movement of digital information is regulated and monitored, protection is put in place for unauthorized access, which in turn would allow for confidentiality. Internal security systems, security control, and technology integrity hardening would be key. Ensuring that security controls such as application vulnerability management, network security, and security monitoring would need to be considered as an organization moves along any sort of digital journey.

Read More: 'Blockchain technology's mass adoption problem can be solved by a multi-framework platform and interconnected environments' believes Yifan He


If a ransomware attack happened, you would be in serious trouble if all your data was gone in an instant.



M7: According to you, what are some of the best approaches that enterprises can adopt to improve the protection of their data in hybrid and remote working environments?
TC:
This is something that every enterprise has had to adapt and put into place since COVID-19 hit us all. For us, we started with some basics, such as enabling 2FA right across the teams to ensure we tighten up over the usual username and password efforts. Soon after, we spent time educating the teams to look out for suspicious emails, messages, and anything out of the ordinary. The main thing was for the employees to stop, think and alert our IT team if they have any concern at all before opening or pressing forward on an email, paying an invoice request from me, or even knowing who they are connecting to and through over an open WiFi network. We also asked staff to change passwords regularly which is easier said than done. People still write passwords down in notebooks and post-it notes. As a company, we back up every 15 mins, however, many companies don’t back up at all. If a ransomware attack happened, you would be in serious trouble if all your data was gone in an instant. Finally, we employ a lot of young people, and they like the freedom to be able to work flexibly and without any restrictions, so we have a rule - that they use their work devices responsibly and over lunch and breaks for personal things. 


M7: What are some of the different ways enterprises can utilize AI to drive large-scale shifts towards sustainability in their business models?
TC:
For us, Jenny helps reduce the carbon footprint. With over 9000 security global vendors, you can imagine that even with on a functional level, such as sales for example, the amount of travel each year from a client on each site leads to a lot of fuel being used. We are one of many AI-driven companies that are powered and provide our services through online, so as a collective, you can only imagine how much fuel we could save.

ABOUT DECIPHER CYBER

Decipher Cyber is the portal that provides an on-demand access to 360-degree trusted research and reviews on cyber technology vendors and service providers. Jenny 2.0, the revolutionary AI-driven platform that’s already helping thousands of users across the globe make more informed decisions on cyber. Jenny removes the risk from vendor analysis.

More THOUGHT LEADERS

Q&A with Shelton Newsham, Director and Founder at Newsham Business Solutions

Media 7 | May 12, 2021

Shelton Newsham, Director and Founder at Newsham Business Solutions, is a highly experienced board advisor, educator and public speaker and specialist in a number of areas enabling me to support management to identify risk, reduce exposure and achieve organisational objectives.He is a subject matter expert in many disciplines including process improvement, organsational assessment and information security. He has also worked closely with both UK Government agencies and international law enforcement....

Read More

‘Marketing can be the oxygen to a company’s growth,’ says Shashi Kiran

Media 7 | April 19, 2023

Shashi Kiran has a growth mind-set and enjoy driving results that make an effect, add value, and give people a good time. Integrity, authenticity, and staying away from politics are important parts of my identity. He has worked in marketing, sales, business development, and product management at both big global companies with global teams and multi-billion dollar sales and multi-stage startups. Read more to know his thoughts on role of marketing in IT industry....

Read More

'Successful tech companies are able to cultivate leaders not only at the top of the business, but at all levels of the business,' says Reed Taussig.

Media 7 | April 13, 2023

Reed Taussig is an accomplished chief executive officer, advisor and board member of companies specializing in anti-fraud software and enterprise application software. He is the CEO of AuthenticID, a Kirkland-based document verification and anti-fraud firm. In addition, he is an active participant on the boards of ClearData, Arkose Laboratories, and Darwinium. Discover his story, thoughts on people management and insights on identity-based frauds in this exclusive interview....

Read More

Q&A with Shelton Newsham, Director and Founder at Newsham Business Solutions

Media 7 | May 12, 2021

Shelton Newsham, Director and Founder at Newsham Business Solutions, is a highly experienced board advisor, educator and public speaker and specialist in a number of areas enabling me to support management to identify risk, reduce exposure and achieve organisational objectives.He is a subject matter expert in many disciplines including process improvement, organsational assessment and information security. He has also worked closely with both UK Government agencies and international law enforcement....

Read More

‘Marketing can be the oxygen to a company’s growth,’ says Shashi Kiran

Media 7 | April 19, 2023

Shashi Kiran has a growth mind-set and enjoy driving results that make an effect, add value, and give people a good time. Integrity, authenticity, and staying away from politics are important parts of my identity. He has worked in marketing, sales, business development, and product management at both big global companies with global teams and multi-billion dollar sales and multi-stage startups. Read more to know his thoughts on role of marketing in IT industry....

Read More

'Successful tech companies are able to cultivate leaders not only at the top of the business, but at all levels of the business,' says Reed Taussig.

Media 7 | April 13, 2023

Reed Taussig is an accomplished chief executive officer, advisor and board member of companies specializing in anti-fraud software and enterprise application software. He is the CEO of AuthenticID, a Kirkland-based document verification and anti-fraud firm. In addition, he is an active participant on the boards of ClearData, Arkose Laboratories, and Darwinium. Discover his story, thoughts on people management and insights on identity-based frauds in this exclusive interview....

Read More

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vade Joins the Pax8 Marketplace to Offer MSPs AI Microsoft 365 Email Security Solutions

Globenewswire | June 01, 2023

Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers. “According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.” Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field. Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity. “As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.” The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure. Vade M365 offerings include: Phishing, spear phishing, and malware/ransomware protection Auto- and assisted remediation Cross-tenant incident response Automated user awareness training SIEM integration Error-free configuration Deploy in minutes No MX record change Layers with EOP/ATP To learn more about Pax8 and Vade, please visit www.pax8.com. About Pax8 Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at pax8.com. About Vade Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit www.vadesecure.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Netskope Intelligent SSE Integrates with Amazon Security Lake to Enable Faster Threat Detection and Response in Hybrid Work Environments

Prnewswire | May 31, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced an integration between Netskope's Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake is a service that automatically centralizes an organization's security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi cloud environments. Organizations want more visibility across all their security data sources, including on-premises and cloud, to quickly identify and respond to potential threats. To do this, they must enable logging across their security infrastructure, but often face challenges with incompatible data formats and no centralized place to store the logs for useful analysis. To help solve these challenges, Netskope customers can now export logs from the Netskope Intelligent SSE platform to Amazon Security Lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF), an open community schema. This makes it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources. Netskope and AWS can help customers detect and investigate threats faster, by providing: Centralized Visibility: Organizations can now export logs, events and alerts collected by Netskope Cloud Exchange to Amazon Security Lake to get a holistic view of threats and vulnerabilities in their overall environment. Centralize years of cloud and on-premises security data at petabyte scale for detailed analysis. Stronger Security Posture: Organizations can use Netskope logs and Amazon Security Lake analysis tools to quickly discover and remediate threats and vulnerabilities across their environment to strengthen their security posture. Centralized Threat Remediation: Organizations can use Netskope and AWS services to respond to alerts and remediate threats from the centralized Amazon Security Lake console. "As security threats increase along with the ongoing shift to hybrid work, organizations want to be confident that their data, employees, and resources are safe from potential attacks and other nefarious activities," said Andy Horwitz, Vice President of Business Development, Netskope. "Netskope has helped thousands of customers improve their security posture through the use of our Netskope Intelligent SSE platform. By meeting the rigorous standards in support of Amazon Security Lake, organizations can have greater confidence in Netskope's deep technical expertise on AWS and our proven track record in securing even the most complex cloud environments." To learn more about how Netskope helps organizations further strengthen their security posture by sharing security-related logs and threat information with Amazon Security Lake, visit here. About Netskope Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Lacework Unifies Entitlements Management and Threat Detection for Simplified Cloud Security

Prnewswire | June 07, 2023

Lacework, the data-driven security platform, today announced new CIEM functionality that empowers teams to gain observability of all cloud identities, know precisely who can perform what actions, and easily identify which identities pose the greatest risk. Furthermore, Lacework's actionable approach to CIEM provides customers with recommendations on how to reduce their identity risk. By combining these new capabilities with cloud security posture management, attack path analysis, and threat detection into a single platform, Lacework gives customers a clear understanding of their cloud identity landscape, visibility into cloud identity and access management (IAM) misconfigurations and exposed secrets, and continuous discovery of identity threats. The benefits of public cloud come with complex challenges in managing identity risk. With over 35,000 granular permissions across hyperscale cloud providers, organizations struggle to limit unnecessary access. Most cloud users and instances are granted far more permissions than they actually need, leaving organizations highly exposed to cloud breach, account takeover, and data exfiltration. And the fact that machine identities in the cloud typically outnumber humans by an order of magnitude intensifies the issue. "Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk," said Philip Bues, Research Manager for Cloud Security, at IDC. "Beyond prioritizing risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk." Preventing Cloud Identity Risk with New Entitlement Management Technology Lacework dynamically discovers cloud user, resource, group and role identities and their net-effective permissions and then automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. This means Lacework not only informs customers of risky identities and entitlements, but also shows those identities that are hardly used or even need entitlements to begin with. "CIEM is a vital facet of a comprehensive cloud security strategy," said Paolo del Mundo, Director of Application Security, The Motley Fool. "It's encouraging to see Lacework incorporating this into their well-rounded CNAPP solution, potentially providing a robust response to the challenge of managing cloud access permissions effectively." Combined with Lacework's ability to prioritize risks from an attack path context, as well as detect user and entity behavior anomalies, customers are able to: Continuously comply with IAM security and regulatory compliance requirements. Identify cloud user, application and service identities, know exactly what actions each can take, and prioritize the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams. Continuously discover risky behavior, including lateral movement and privilege escalation, without needing to write rules or stitching together disparate alerts. Rapidly detect insider threats associated with malicious or accidental abuse of permissions. "Our customers need to know what entities are actually doing in their cloud and whether it's malicious or inappropriate, and it can't get in the way of their ability to move fast," said Adam Leftik, Vice President, Product, Lacework. "Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize, and respond to identity alerts. It's the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward." About Lacework Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Vade Joins the Pax8 Marketplace to Offer MSPs AI Microsoft 365 Email Security Solutions

Globenewswire | June 01, 2023

Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers. “According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.” Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field. Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity. “As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.” The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure. Vade M365 offerings include: Phishing, spear phishing, and malware/ransomware protection Auto- and assisted remediation Cross-tenant incident response Automated user awareness training SIEM integration Error-free configuration Deploy in minutes No MX record change Layers with EOP/ATP To learn more about Pax8 and Vade, please visit www.pax8.com. About Pax8 Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at pax8.com. About Vade Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit www.vadesecure.com.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Netskope Intelligent SSE Integrates with Amazon Security Lake to Enable Faster Threat Detection and Response in Hybrid Work Environments

Prnewswire | May 31, 2023

Netskope, a leader in Secure Access Service Edge (SASE), today announced an integration between Netskope's Intelligent Security Service Edge (SSE) platform and Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake is a service that automatically centralizes an organization's security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi cloud environments. Organizations want more visibility across all their security data sources, including on-premises and cloud, to quickly identify and respond to potential threats. To do this, they must enable logging across their security infrastructure, but often face challenges with incompatible data formats and no centralized place to store the logs for useful analysis. To help solve these challenges, Netskope customers can now export logs from the Netskope Intelligent SSE platform to Amazon Security Lake. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings and converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF), an open community schema. This makes it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources. Netskope and AWS can help customers detect and investigate threats faster, by providing: Centralized Visibility: Organizations can now export logs, events and alerts collected by Netskope Cloud Exchange to Amazon Security Lake to get a holistic view of threats and vulnerabilities in their overall environment. Centralize years of cloud and on-premises security data at petabyte scale for detailed analysis. Stronger Security Posture: Organizations can use Netskope logs and Amazon Security Lake analysis tools to quickly discover and remediate threats and vulnerabilities across their environment to strengthen their security posture. Centralized Threat Remediation: Organizations can use Netskope and AWS services to respond to alerts and remediate threats from the centralized Amazon Security Lake console. "As security threats increase along with the ongoing shift to hybrid work, organizations want to be confident that their data, employees, and resources are safe from potential attacks and other nefarious activities," said Andy Horwitz, Vice President of Business Development, Netskope. "Netskope has helped thousands of customers improve their security posture through the use of our Netskope Intelligent SSE platform. By meeting the rigorous standards in support of Amazon Security Lake, organizations can have greater confidence in Netskope's deep technical expertise on AWS and our proven track record in securing even the most complex cloud environments." To learn more about how Netskope helps organizations further strengthen their security posture by sharing security-related logs and threat information with Amazon Security Lake, visit here. About Netskope Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY, CLOUD SECURITY

Lacework Unifies Entitlements Management and Threat Detection for Simplified Cloud Security

Prnewswire | June 07, 2023

Lacework, the data-driven security platform, today announced new CIEM functionality that empowers teams to gain observability of all cloud identities, know precisely who can perform what actions, and easily identify which identities pose the greatest risk. Furthermore, Lacework's actionable approach to CIEM provides customers with recommendations on how to reduce their identity risk. By combining these new capabilities with cloud security posture management, attack path analysis, and threat detection into a single platform, Lacework gives customers a clear understanding of their cloud identity landscape, visibility into cloud identity and access management (IAM) misconfigurations and exposed secrets, and continuous discovery of identity threats. The benefits of public cloud come with complex challenges in managing identity risk. With over 35,000 granular permissions across hyperscale cloud providers, organizations struggle to limit unnecessary access. Most cloud users and instances are granted far more permissions than they actually need, leaving organizations highly exposed to cloud breach, account takeover, and data exfiltration. And the fact that machine identities in the cloud typically outnumber humans by an order of magnitude intensifies the issue. "Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk," said Philip Bues, Research Manager for Cloud Security, at IDC. "Beyond prioritizing risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk." Preventing Cloud Identity Risk with New Entitlement Management Technology Lacework dynamically discovers cloud user, resource, group and role identities and their net-effective permissions and then automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. This means Lacework not only informs customers of risky identities and entitlements, but also shows those identities that are hardly used or even need entitlements to begin with. "CIEM is a vital facet of a comprehensive cloud security strategy," said Paolo del Mundo, Director of Application Security, The Motley Fool. "It's encouraging to see Lacework incorporating this into their well-rounded CNAPP solution, potentially providing a robust response to the challenge of managing cloud access permissions effectively." Combined with Lacework's ability to prioritize risks from an attack path context, as well as detect user and entity behavior anomalies, customers are able to: Continuously comply with IAM security and regulatory compliance requirements. Identify cloud user, application and service identities, know exactly what actions each can take, and prioritize the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams. Continuously discover risky behavior, including lateral movement and privilege escalation, without needing to write rules or stitching together disparate alerts. Rapidly detect insider threats associated with malicious or accidental abuse of permissions. "Our customers need to know what entities are actually doing in their cloud and whether it's malicious or inappropriate, and it can't get in the way of their ability to move fast," said Adam Leftik, Vice President, Product, Lacework. "Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritize, and respond to identity alerts. It's the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward." About Lacework Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.

Read More

Spotlight

Decipher Cyber

The portal that provides an on-demand access to 360-degree trusted research and reviews on cyber technology vendors and service providers. Jenny 2.0, the revolutionary AI-driven platform that’s already helping thousands of users across the globe make more informed decisions on cyber. Jenny removes t...

Events

Resources