New Security Challenges for Organizations Having Larger Remote Workforces

Tripwire | August 18, 2020

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger remote workforces.

Tripwire wanted to learn the specifics of these challenges, so it commissioned Dimensional Research to 345 IT security professionals about them in mid-April 2020. As reported by Business Wire, a majority of respondents (58%) indicated that employee home network security was one of their areas of higher concern followed by increased attacks (45%), difficulties in keeping remote systems configured securely (41%) and obstacles with keeping remote systems compliant (38%). Reflecting on the difficulties of keeping remote workers safe, 89% of survey participants said their job was harder as a result of the new work-from-home policy. Nearly half (49%) blatantly said they couldn’t effectively secure employees’ home offices, leading 65% of respondents to admit their belief that their security was worse because of COVID-19.

Spotlight

"The classic username+password authentication to an account is only as secure as the security and complexity of the password.Globalscape EFT Enterprise integrates with SMS PASSCODE® to provide mobile-based, two-factor authentication for added security. Download this whitepaper to learn:

The number one reason accounts are compromised;
How often weak or stolen user credentials are exploited;
Why many organizations have instituted two-factor authentication using hardware tokens."


Other News
DATA SECURITY,SOFTWARE SECURITY

Corelight Selects Normalyze As Its Primary Cloud and Data Security Platform

Normalyze | August 24, 2022

Normalyze, a data-first cloud security platform, today announced that Corelight, the leader in network detection and response (NDR) technology, has adopted the Normalyze data-first cloud security platform to automate data discovery and classification across all of its cloud data. Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's customers include Fortune 500 companies, major government agencies, and large research universities. Modern data security is so complex that even sophisticated security companies like Corelight require external support to remain diligent and comprehensive in their security strategies. Prior to implementing Normalyze, Corelight struggled with a lack of comprehensive visibility into the locations of their sensitive data and business-technology assets, as well as configurations of their cloud access points. To get this information, Corelight Chief Information Security Officer (CISO) Bernard Brantley and his team had to manually gather data from the engineering, operations, and application teams, and scour access logs and security and operations dashboards. With Normalyze, Brantley achieved a more comprehensive cloud data security posture. "Normalyze's data-centric vision mirrored my long-term data security vision perfectly," said Brantley. "That vision is to have comprehensive situational and structural awareness, specifically regarding context, about how that awareness supports better security decision-making. There are two critical questions that Normalyze solves: do I know where everything resides and how the systems are configured? And, do I clearly understand the risks facing that data and those systems? Normalyze gives me the confidence that we have that full visibility." Following the deployment of Normalyze, Corelight achieved the following: Identified the locations of Corelight's sensitive data in minutes, and spotted data in areas they did not anticipate. This utilizes the Normalyze Graph and one-pass scanner, which connects all enterprise data with its associated assets, identities, and their access to that data, as well as misconfigurations and vulnerabilities that place data at risk. Complete compliance profiles that detect personally identifiable information (PII), the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) to ensure sensitive data never leaves Corelight's cloud environments. Knowledge when a weakness surfaces that could lead to a data breach with an automatic dispatched service ticket to ensure that situations that place data at risk are fixed swiftly. "There is no doubt that Corelight is a leader in network detection and requires a reliable, comprehensive and agile infrastructure to scale with the company as it grows. "The Normalyze Platform has been able to go to-to-toe with Corelight's critical cloud infrastructure needs, with the ability to benefit the entire team - from the CISO, to the security engineer, analyst, and DevOps professionals - to discover data, classify its risk and attack paths, and remediate risks." Amer Deeba, co-founder and CEO at Normalyze About Normalyze Normalyze is a pioneering provider of cloud data security solutions helping customers secure their data, applications, identities, and infrastructure across public clouds. With Normalyze, organizations can discover and visualize their cloud data attack surface within minutes and get real-time visibility and control into their security posture including access, configurations, and sensitive data to secure cloud infrastructures at scale. The Normalyze agentless and machine-learning scanning platform continuously discovers resources, sensitive data and access paths across all cloud environments. The company is founded by security veterans Ravi Ithal and Amer Deeba and calls Corelight and Netskope to be customers. It is funded by Lightspeed Venture Partners and Battery Ventures.

Read More

DATA SECURITY,ENTERPRISE IDENTITY

Keeper Security's Cybersecurity Census Finds U.S. Businesses are Unprepared for Escalation in Cyberattacks

Keeper Security | September 15, 2022

Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released findings from its second annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses and organizations across the U.S., revealing that most respondents expect the onslaught of cyberattacks to intensify over the next year, yet 32% lack a management platform for IT secrets–posing a significant risk to organizational security. The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually—between three to four each month. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management. IT leaders reveal a lack of preparedness for cyberattacks U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the total number of attacks will increase over the next year, with 39% predicting the number of successful cyberattacks will also rise. Most organizations in the U.S. believe they're prepared to fend off cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale and 28% rating themselves as a 10/10. At the same time, the majority of respondents (57%) say it is taking longer to respond to attacks and only 8% say responses are getting faster. Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools. Nearly one-third of respondents (32%) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials. 84% are concerned about the dangers of hard-coded credentials in source code but 25% don't have software to remove them. More than one-quarter of respondents (26%) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap. This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed. Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information. 18% of organizations experienced theft of money, with the average amounting to more than $75,000, while 37% lost $100,000 or more. 23% experienced the inability to carry out business operations. In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28%) suffered reputational damage due to a successful cyberattack and 19% reported losing business or a contract. "The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties," said Darren Guccione, CEO and co-founder of Keeper Security. "Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical." U.S. businesses must take immediate action against cyber threats Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71%) of respondents have made new hires in cybersecurity over the past year and 58% say they've increased cybersecurity training. A devastating cyberattack is one stolen password away, but despite this threat, fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats or infrastructure secrets management. Only 44% of respondents provide their employees with guidance and best practices governing passwords and access management. 30% of respondents allow employees to set and manage their passwords and admit that employees often share access to passwords. A mere 26% have a highly sophisticated framework for visibility and control of identity security. Many organizations are considering future investments with 73% of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses. Cybersecurity in company culture Employees understand the dangers of both external and internal threats. An overwhelming 79% of IT professionals are concerned about a breach from within their organization and 47% have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments in order to maintain security. In fact, 40% of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39%. IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48%) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization's culture. Keeper's 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals. Methodology The report yielded results from 516 IT leaders and decision-makers in businesses across the U.S. About Keeper Security Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Titan Security Group Announces Acquisition of Prudential Security, Inc.

Titan Security | September 06, 2022

Titan Security Group, LLC , a leading provider of security solutions headquartered in Chicago, IL, announced today that it has completed the acquisition of the security staffing operation of Prudential Security, Inc. ("Prudential"), a security solutions provider based in Taylor, Michigan. Titan is a portfolio company of Quad C Management, Inc. "We are very excited to welcome the Prudential team to the Titan family. "Our organizations are very complementary, with shared values, culture, and focus on providing a high level of service to our clients and team members. Together, we are better positioned to be a leading regional provider of high-end security services." Dave Pack, CEO of Titan Titan's acquisition of Prudential adds over 700 team members to the Titan brand and expands their existing service area to 14 states including Illinois, Michigan, Wisconsin, Indiana, Alabama, Kansas, Mississippi, North Carolina, New York, Ohio, Pennsylvania, South Carolina, Tennessee, and Texas. "This is an exciting collaboration," said Pack. "Our acquisition strategy is to identify like-minded companies, such as Prudential. Applying our combined talent and resources will lead to new opportunities for our clients and team members." Terms of the acquisition were not disclosed. Security ProAdvisors LLC represented Prudential Security Inc. in the transaction. About Titan Security Titan Security is one of the largest security services firms in the U.S. providing security staffing, consulting, and systems integration of enterprise security solutions including video surveillance, electronic access control, turnstiles, biometrics, visitor management, alarm monitoring and other solutions throughout the Chicago metropolitan area, Northern Indiana and Southern Wisconsin. About Prudential Prudential Security is a recognized leader in the security industry, providing a full range of security solutions to its clients in a wide range of industries. Prudential has built its business with a strong foundation of customer service and responsiveness. Prudential's longtime management team responds attentively to client concerns and issues, developing relationships with all clients, and forming a longstanding base of business, allowing Prudential to grow into one of the most sought-after security providers in the country. About Quad-C Founded in 1989 and headquartered in Charlottesville, Virginia, Quad-C is a middle market private equity firm focused on investing in well-established business and consumer services, food & beverage and consumer products, healthcare, industrials, specialty distribution and transportation/logistics companies. In its three-decade history, Quad-C has invested over $4.0 billion of capital in 80 platform companies. The Quad-C team is committed to partnering with entrepreneurs and management teams to accelerate growth and create long-term value.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform

SaaS Alerts | September 12, 2022

SaaS Alerts, the cybersecurity company purpose-built for Managed Service Providers (MSPs) to protect and monetize their customers' core business SaaS applications, announced today that it has secured a $22 million growth investment from global software investor Insight Partners to accelerate the growth of its SaaS Security monitoring and response platform. The accelerated rate of SaaS Application adoption by businesses, driven by the need to provide collaboration and productivity tools to remote workforces and for more centralized and tightly controlled business data resources, has elevated awareness and critical concern for major threat vectors and security gaps that exist in SaaS Application security. These security concerns present opportunities for MSPs to better safeguard their clients while offering SaaS security services that drive profitable new revenue streams. SaaS Alerts was designed to help MSPs monitor and protect their customers' usage of today's most popular SaaS applications such as Microsoft 365, Google Workspace, Salesforce, Dropbox and more – and to safeguard against security threats to a business' SaaS environment such as data theft, data that's at risk due to unintentional employee mishaps and actions taken by bad actors. "We couldn't be more excited to partner with Insight Partners and we see their investment in SaaS Alerts as a monumental endorsement for what we have built and what we intend to build as we collaborate going forward. "I'm very proud of our team for reaching this milestone and look forward to working with Insight to continue to build value for our MSP partners and stakeholders." Jim Lippie, CEO of SaaS Alerts "SaaS applications have become essential for businesses of every size and MSPs need the ability to better protect those applications on behalf of their customers. SaaS Alerts has pioneered SaaS security for MSPs and has a clear vision for how detecting and correlating abnormal user behavior can greatly impact the MSP industry," said Philine Huizing, Principal at Insight Partners. "We're excited to partner with SaaS Alerts as the company scales to address this unique opportunity." About SaaS Alerts SaaS Alerts is the cybersecurity company purpose-built for MSPs to protect and monetize customers' core SaaS business applications. SaaS Alerts offers a unified, real-time monitoring platform for MSPs to protect against: data theft, data at risk and bad actors and integrates with the most popular SaaS Applications. Learn more at www.saasalerts.com. About Insight Partners Insight Partners is a global software investor partnering with high-growth technology, software, and Internet startup and ScaleUp companies that are driving transformative change in their industries. As of June 30, 2022, the firm has over $80B in regulatory assets under management. Insight Partners has invested in more than 700 companies worldwide and has seen over 55 portfolio companies achieve an IPO. Headquartered in New York City, Insight has offices in London, Tel Aviv, and Palo Alto. Insight's mission is to find, fund, and work successfully with visionary executives, providing them with practical, hands-on software expertise to foster long-term success. Insight Partners meets great software leaders where they are in their growth journey, from their first investment to IPO.

Read More

Spotlight

"The classic username+password authentication to an account is only as secure as the security and complexity of the password.Globalscape EFT Enterprise integrates with SMS PASSCODE® to provide mobile-based, two-factor authentication for added security. Download this whitepaper to learn:

The number one reason accounts are compromised;
How often weak or stolen user credentials are exploited;
Why many organizations have instituted two-factor authentication using hardware tokens."

Resources