DATA SECURITY

ISTARI, the Cyber Risk Management Company, to Invest in Pioneer Prevalent AI (PAI)

ISTARI | July 05, 2021

A global cybersecurity platform, ISTARI, which is dedicated to helping clients managing digital risk and build cyber resilience, and the leaders in Security Data Science, Prevalent AI (PAI), has today announced that ISTARI has opted to become an important minority shareholder of PAI.

Industry veterans Sir Iain Lobban, Paul Stokes, Arun Raj, and Andrew France OBE founded PAI in 2017. When founded, they had the aims such as enabling organisations to quickly ingest, convert and contextualise complex, large, and disparate data sources by using their Security Data Science Platform and connected services, increasing the capability to respond to cyber riss and attacks in time and prevent it.

Rashmy Chatterjee, the Chief Executive Officer of ISTARI commented that they are thrilled to welcome PAI to the ISTARI Collective. In response, Sir Iain Lobban, PAI Founder and Chairman, added that this is a spectacular match to join together with the same aim and goal protecting organizations from cyber threats.


About ISTARI

ISTARI was established in 2020 and headquartered in Singapore. It is a an investment company, founded by Temasek. It is an advisory practice, investor and educator through its cyber Academy and has a global presence in the US, Europe and Singapore.


About PREVALENT AI

PREVALENT AI (PAI), the leaders in Security Data Science, provides successful cyber analytics solutions for both government and commercial. Founded by former UK government cyber officials and industry experts in 2017, the company has changed the way organisations use risk data. Its 75 professionals work out of two offices, which are located in London and Cochin, India.

Spotlight

Disparate systems and data strategies within an organisation are creating problems for many businesses across Asia Pacific. Region-wide, the rapid growth and complexity of data, as well as demands for fast and easy data retrieval, were the top two challenges in data management. If organisations adopt an integrated business application they can potentially change the way people and processes work. Time and budget constrained CIOs, and IT departments can take control of critical business data, and move core apps for human resources/pay roll to the cloud, and free up budget and time to focus on core IT projects.  Read more to learn how you can address the main challenges associated with cloud services, ERP, applications, analytics and reporting.


Other News
PLATFORM SECURITY

SentinelOne and Okta Integration Accelerates Incident Response with XDR and Identity Security

SentinelOne | May 31, 2022

SentinelOne, an autonomous cybersecurity platform company, today announced SentinelOne XDR Response for Okta, enabling security teams to quickly respond to credential compromise and identity-based attacks. The integration of SentinelOne’s XDR platform with Okta’s identity management capabilities offers a powerful new solution to accelerate response and minimize enterprise risk. “Attackers exploit endpoint and identity security and access gaps. SentinelOne and Okta are leaders in securing both of these enterprise domains. “Incorporating SentinelOne Singularity XDR into the Okta identity platform improves the contextual awareness of our solution, ensuring that every identity is verified and malicious actors cannot advance laterally in pursuit of high-value targets. With SentinelOne across enterprise attack surfaces and Okta enforcing identity policies, organizations enjoy the best of both worlds in a single solution.” Stephen Lee, VP Technical Strategy & Partnerships, Okta According to the 2022 Verizon Data Breach Investigations Report, 82% of breaches involved the human element including the use of stolen credentials. While there are existing solutions that secure various pieces of the enterprise they are often siloed, causing gaps in visibility and making it difficult to achieve a holistic understanding of an organization’s security posture. “Groupon is on a constant journey of modernization, adopting new and cutting-edge cloud technologies like SentinelOne Singularity XDR and Okta to best protect our employees and customers,” said Ryan Ogden, Director of Information Security, Groupon. “Consolidating context from various tools and automating response force multiplies our team to address the growing scale and speed of threats.” SentinelOne’s StorylineTM observes all concurrent processes across OSs and cloud workloads, providing rich context for any potential endpoint security incident. When a threat is detected, Singularity XDR informs Okta of the last logged-in user for that endpoint and Okta provides identity context from Okta data. By combining XDR and identity context, the joint solution helps security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks. SentinelOne XDR Response for Okta provides a fully automated remediation process, alleviating the burden on the SOC team and allowing analysts to focus on higher-value tasks. Other key use cases include: Threat Enrichment - automatically enriches threats within Singularity XDR with recent login information via Okta to make security data actionable. User Suspension - terminates active sessions originating from compromised devices to minimize response time for prevention and remediation. Reset Password - forces password resets, preventing SSO-enabled lateral movement across corporate applications. Force Reauthentication - initiates a multi-factor authentication (MFA) workflow within Okta, locking the account until the user re-authenticates with a valid MFA token for identity verification. “Compromising identities and moving laterally to exploit an organization’s ‘crown jewels’ is the blueprint of modern attacks,” said Yonni Shelmerdine, Vice President of Product Management, SentinelOne. “Organizations need robust endpoint protection and visibility into user sessions to respond effectively to malicious activity. With SentinelOne and Okta, enterprises gain enterprise-grade context for effective security operations.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

PLATFORM SECURITY

Evo Security Announces the Launch of Evo Partner Identity Cloud for MSPs

Evo Security | June 21, 2022

Evo Security today announced the launch of Evo Partner Identity Cloud or EPIC. Evo Partner Identity Cloud is the first all-in-one identity and access management (IAM) solution designed exclusively with the needs of managed service providers (MSPs) and their business customers in mind. The enterprise-grade cloud platform is a comprehensive identity and access management solution that gives MSPs an easy and highly secure way to protect small and medium-sized businesses and enterprises from the most common types of cybersecurity attacks that frequently exploit login and access vulnerabilities to penetrate network and cloud assets. Evo Partner Identity Cloud includes multi-factor authentication (MFA), single sign-on (SSO), privileged access management (PAM), technician elevated access, secrets management, and unified directory services, among other critical security capabilities. Evo Partner Identity Cloud is the easiest and most complete way for MSPs to simultaneously protect login credentials and apply least-privilege access across applications, networks, and infrastructure for themselves and their customers in a single scalable, multi-tenant solution. "Traditional enterprise identity and access management solutions are built for 1:1 administration, which means they cannot adequately support the MSP and the MSP's customers simultaneously. Point solutions have helped bridge the gap, but don't provide the enterprise-grade security and platform approach required by MSPs seeking to build a sound security practice" said Evo Security's CEO and Founder, Mike Roth. "We built Evo Partner Identity Cloud with a multi-tenant architecture to provide MSPs an enterprise-grade level of security that they can use to protect themselves and all of their SMB and SME customers at scale with purpose-built platform that means business." said Evo's CEO and Founder, Michael Roth. "What's great about Evo Security's Partner Identity Cloud is that it works with our existing MSP managed technology stack to provide comprehensive identity and access management capabilities for us and our customers. It helps keep our internal systems secure, while providing cloudIT with new ways to generate revenue and enforce best security hygiene practices in our customers' networks." Vince Kent, CEO of managed service provider cloudIT The Evo Partner Identity Platform supports MSPs by providing the ability to: Turn identity and access management (IAM) into a highly profitable revenue center that can immediately produce new revenue with industry-leading margins; Replace multiple point solutions, including password vaults, password rotation tools, multi-factor authentication (MFA) tools, and privileged access management (PAM) tools, with a comprehensive identity and access management platform that reduces overhead expenses, provides enterprise-grade protection, and simplifies application and security administration for the MSP and its customers; Deploy login security at scale across customers for web applications, workstations, Macs, servers, VPNs, firewalls, switches, and other network devices; Establish least-privilege and exceed-compliance controls in managed and co-managed scenarios using granular permissions and security groups; Completely eliminate sharing of customer passwords and MFA codes, while simultaneously streamlining technician access across all customer endpoints and apps; Migrate from Microsoft to Evo as the sole Identity Provider (IdP) or build a hybrid IdP scenario based on customer configuration needs; Connect to common MSP tools, such as ConnectWise, Datto, and Microsoft, and improve internal management efficiencies; Gain visibility and real-time security intelligence across customer infrastructure to improve value of services delivery and stop attacks before they start. Evo Security CEO Michael Roth said "Evo Partner Identity Cloud isn't just an all-in-one MSP identity and access management platform. It's an all-in-one MSP business solution." About Evo Security Based in Austin, Texas, Evo Security is an identity and access management cybersecurity company that builds enterprise-grade security products with the MSP in mind. Evo Security's solutions are designed to protect MSPs and their SMB and enterprise customers with comprehensive, multi-tenant security solutions. They are easy to implement and help manage security across managed service providers' internal and external users, while providing MSPs new ways to generate new and highly profitable revenue streams.

Read More

ENTERPRISE SECURITY

DTEX Systems Named to the Enterprise Security Tech Cyber Top 20 List

DTEX Systems | June 18, 2022

DTEX Systems, the Workforce Cyber Intelligence & Security Company™, today announced that it has been named to the Enterprise Security Tech Cyber Top 20 List. The list recognizes the top cybersecurity companies providing the most value to market based on technical product/service innovation, industry analyst recognition, customer testimony, diversity and inclusion initiatives, talent development initiatives, and contributions to the cyber community. “The future of data loss prevention and protection is human-centric, not data-centric. “We’re thrilled to be named to this inaugural list of top cybersecurity companies by Enterprise Security Tech, as it is further testament to the success of DTEX’s innovative, human-centric approach to enterprise security and our team’s continued efforts to expand beyond the capabilities of legacy cybersecurity solutions.” Jonathan Daly, Chief Marketing Officer at DTEX Systems As the first and only Workforce Cyber Intelligence and Security platform to put humans at the center of an organization's cybersecurity matrix, DTEX InTERCEPT offers an innovative approach to data collection and analysis that centers around human activity and intent, providing organizations with the context needed to escalate and remediate an event before malicious insiders attack, or data exfiltration occurs. The InTERCEPT platform brings together the capabilities of Insider Threat Management, User and Entity Behavior Analytics, Digital Forensics, and Behavioral DLP in an all-in-one lightweight, cloud-native platform. Only DTEX InTERCEPT delivers the behavioral context and activity intelligence that answers the Who, What, When, Where, Why and How related to any potential insider threat situation, compromised account event or data loss scenario without invading personal privacy. “The cybersecurity industry is going through an evolution right now,” said Jack Campbell, Editor, Enterprise Security Tech. “The threat landscape is growing at a faster pace than organizations can keep up with - so companies need innovative tools and services that leverage automation and simplification to combat threats at scale. We’re honored to be able to recognize these leaders for the value that they are bringing to the market and their contributions to the fight against cyber threats.” This accolade comes on the heels of two notable industry recognitions from Cyber Defense Magazine (CDM), which named DTEX ‘Most Innovative Data Loss Prevention’ and ‘Publisher's Choice Insider Threat Prevention’ in the 10th annual Global InfoSec Awards. About DTEX Systems DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data, and make human-centric operational investments. Its Workforce Cyber Intelligence & Security platform brings together next-generation DLP, UEBA, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss, enabling SOC enrichment with human sensors and empowering enterprises to make smarter business decisions quickly. About Enterprise Security Tech Enterprise Security Tech is a specialized cyber media company with a global presence. The Enterprise Security Tech blog is a cybersecurity blog written for CISOs, CIOs, and security-minded CEOs that brings together critical news, expert insights, and product information to help security leaders make informed business decisions. Enterprise Security Tech is also home to The Cyber Jack Podcast, which brings listeners the latest cybersecurity insights via security experts from around the industry.

Read More

PLATFORM SECURITY

Cerby Launches With World’s First Security Platform for Unmanageable Applications

Cerby | June 28, 2022

Cerby officially launched today with the world’s first security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity. The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million. “Our goal at Cerby is simple but sweeping: To increase productivity for enterprises by empowering employees to use the technologies they prefer while automating compliance and security,” said Co-Founder and CEO, Belsasar Lepe. “In this era of IT consumerization, employee choice and enterprise security are not mutually exclusive—with the right tools and strategies, they go hand-in-hand. When business professionals get real autonomy, security becomes everyone’s responsibility, rather than just one of many priorities for the IT department. The Cerby platform for unmanageable applications enables organizations to boost efficiency, comply with existing policies and reduce exposure to cyberattacks—it’s truly a win-win-win.” Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches. The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security. Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done. To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban. “We chose Cerby because we needed a secure and centralized place to manage access to our paid social accounts. “Because Cerby can seamlessly integrate with our organization’s single sign-on technology and also connect to the social platforms’ APIs, we are able to create organizational efficiencies by granting and removing access within one place. Additionally, the automated access removal of employees who have left the company provides a level of security we did not previously have.” Nina Donnard, AVP, Paid Social, L’Oreal The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time). Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings. “I love that Cerby solves a problem every CIO faces: unmanageable applications,” said Yousuf Khan, Partner at Ridge Ventures and former CIO. “When non-IT employees use unauthorized applications, they might be gaining productivity, but they are also unlocking a Pandora’s box of security vulnerabilities. The pandemic only made it worse: 71% of users in the US now acquire their own applications to do their jobs. Cerby is the first solution I’ve seen that significantly reduces the risk of these unmanageable applications by applying zero trust principles and automating the entire application lifecycle. The best part of it is that it’s not a top-down, managerial edict: Employees become an active and motivated part of the solution. Business professionals get the power to choose their applications, productivity gets a boost, and the company ensures security and compliance–everyone wins. Other cybersecurity products demand enforcement; Cerby encourages enrollment. This is the best way to enhance employee trust and increase productivity.” The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords. About Cerby Cerby delivers the world’s first platform built to positively guide employees' security behaviors no matter which applications they use. We protect brands around the world, including some of the most recognizable businesses, by taking an approach that empowers both employees and security teams, using Zero Trust principles. Our proprietary technology uses robotic process automation to understand applications in a business context and automatically enforces security best practices before misconfigurations turn into breaches. Cerby is a must-have for technology executives and their teams to protect the brand, stay secure and increase productivity.

Read More

Spotlight

Disparate systems and data strategies within an organisation are creating problems for many businesses across Asia Pacific. Region-wide, the rapid growth and complexity of data, as well as demands for fast and easy data retrieval, were the top two challenges in data management. If organisations adopt an integrated business application they can potentially change the way people and processes work. Time and budget constrained CIOs, and IT departments can take control of critical business data, and move core apps for human resources/pay roll to the cloud, and free up budget and time to focus on core IT projects.  Read more to learn how you can address the main challenges associated with cloud services, ERP, applications, analytics and reporting.

Resources