DATA SECURITY

NightDragon Closes $750M Growth Fund as Part of Next-Generation Cybersecurity, Safety, Security and Privacy Platform

NightDragon | August 02, 2021

NightDragon today announced the close of NightDragon Growth I, a new $750 million venture capital fund to invest in and advise late-stage and growth companies in the cybersecurity, safety, security and privacy industry. The fund will aim to advance the industry and close the gap between offense and defense amidst today's aggressive threat landscape.

The NightDragon team is led by Founder and Managing Director Dave DeWalt, a long-time cybersecurity veteran and the former CEO of FireEye, McAfee and Documentum. He is joined by Managing Director Ken Gonzalez and Partner Morgan Kyauk, bringing together decades of experience leading and operating some of cybersecurity and technology's most significant companies.

The fund comes at a time when physical and cybersecurity threats are significantly damaging businesses and government organizations around the world. The team plans to use its significant industry expertise, extensive network and government connections to identify the most critical gaps causing these challenges and invest in the companies that can solve them. 

"NightDragon is committed to investing and advising companies that we believe can help advance the state of security from silicon to satellite," said Dave DeWalt, Founder and Managing Director, NightDragon. "I could not be prouder to announce this NightDragon fund and work alongside this team, our partners and the broader NightDragon Network to support this critical mission."

NightDragon Growth I is part of the broader NightDragon Platform, which includes partnerships, people and programs at every stage of the startup journey from incubation to IPO and exit. This includes affiliations with leading incubators, early-stage investment firms, NightDragon Advisory, private equity companies, IPO experts and M&A firms. Partners in this platform include DataTribe, AllegisCyber Capital, Team8, YL Ventures and Momentum Cyber.

These partnerships add to a set of programs available exclusively to NightDragon portfolio companies under the NightDragon Network, including ND Talent, ND Government Services and ND Go-to-Market. These programs help give NightDragon companies the edge and expertise to break into new markets, recruit new talent, grow internationally, align with leading technology, service provider and systems integrator partners and more. Partners include Carahsoft, Macnica, Cyber Future Foundation and the Athena Alliance.

"At NightDragon, we know that growing a successful company is much more than investing capital. We have assembled a team that has the operational and industry expertise to help our portfolio companies thrive, not only for successful investment outcomes but also to achieve our broader security mission," said Ken Gonzalez, Managing Director, NightDragon.

"From widespread ransomware to supply chain attacks, it is clear we need a next generation of cybersecurity, safety, security and privacy companies to secure our digital ecosystem. Having worked with Dave, Ken, Morgan and the rest of the NightDragon team for many years, I have seen first-hand their industry and operational expertise and am confident they can help shape this industry for the better," said Admiral Michael Rogers, former Director of the NSA.

"The operational and industry expertise of the NightDragon team has been unparalleled in helping our company grow to new levels of success. We are honored to partner with them as a portfolio company and look forward to seeing their impact increase under this new fund," said Paul Martini, CEO, iboss, a NightDragon portfolio company.

"By partnering with NightDragon, we know we are helping our customers align with some of the most innovative companies in the cybersecurity, safety, security and privacy industry. We are proud to be part of the NightDragon Platform and contribute to the mission of better securing our nation's organizations and governments," said Craig P. Abod, President, Carahsoft.

About NightDragon
NightDragon is an investment and advisory firm focused on growth and late-stage investments within the cybersecurity, safety, security and privacy industries. Its platform and vast industry network provide unparalleled threat insights, deal flow, market leverage and operating expertise to drive portfolio company growth and increase shareholder value. The NightDragon team has more than 25 years of operational and market expertise and was founded by Dave DeWalt and Ken Gonzalez, who served as senior executives leading technology companies such as Documentum, EMC, Siebel Systems (Oracle), McAfee, Mandiant, Avast and FireEye.

Spotlight

The perimeter continues to dissolve, and the definition of endpoint is evolving, according to results of the SANS 2016 Endpoint Security Survey, now in its third year. In it, respondents say their organizations continue to connect new and different types of endpoints, including point-of-sale (POS) devices, printers, mobile devices, building security systems and even wearables to their networks. As we might expect, 90% or more consider desktops, servers, routers, firewalls and printers to be endpoints that need to be protected. After that, respondents include other less-typical devices in their definition of endpoints that warrant protection: 71% include building security (access/ surveillance), 59% include employee-owned mobile devices and 40% consider industrial control systems as endpoints that need to be protected. Some respondents also consider POS devices, smart cars, emulated endpoints in the cloud and wearables as endpoints needing protection, highlighting the diversity of thinking among respondents.


Other News
ENTERPRISE SECURITY

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience. As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies. "We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture." "Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses." Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

PLATFORM SECURITY

LogicBoost Labs' Latest Investment Enhances Cybersecurity Validation

LogicBoost Labs | March 09, 2022

LogicBoost Labs, a startup accelerator focused on promoting the growth of early-stage B2B SaaS startups, announced today an investment into Information Shield, a provider of products and services that help automate the process of building and validating a robust cyber security program. The investment package includes putting cash on the balance sheet for growth and expert advice in sales, marketing, customer success, and tech development from the in-house team of LogicBoost Labs experts. Supported by a panel of leading information security experts, Information Shield and its ComplianceShield software solution allow organizations to quickly validate cyber security readiness to customers, regulators, and insurance providers. Clients can save thousands of dollars and weeks of effort when addressing third-party risk assessments and preparing for external certifications for compliance frameworks, including ISO 27002, NIST-CSF, HIPAA, CMMC, among many others. "Having spent 15 years working in cybersecurity, I've seen firsthand how difficult it can be for companies and their IT teams to meet compliance mandates. Information Shield dramatically reduces the amount of time it takes to build, roll out, and validate your modern cybersecurity program to meet internal requirements and your client's needs." Jonathan Cogley, Founder and CEO of LogicBoost Labs David Lineman is president and CEO of Information Shield, Inc., a global provider of information security leading practices. Lineman has more than 25 years of software, security, and information technology management experience, and holds 3 patents on software technology, and has consulted on information security policy development for over 50 organizations. "If your business is handling information, you need to have a defensible cyber security program in place that addresses key industry standards," said Lineman. "Using our Security Wizard and Common Control Library (CCL), we have dramatically simplified the process by helping organizations quickly build programs that address key regulations and frameworks. Built-in security policy templates enable rapid documentation and key supporting evidence to support external audits, such as SOC II or ISO Certification. We have leveraged our experience with over 8000 customers in 100 countries to create a tool that is both robust and affordable." About LogicBoost Labs LogicBoost Labs is a startup accelerator designed to advance the growth for pre-revenue and early-stage B2B SaaS startups. As such, LogicBoost Labs offers a full-service line-up of resources and capabilities to further increase the likelihood of a young company's success. Each portfolio company has full access to LBL's talented pool of experienced executives whose sole job is to guide and mentor the start-ups on such matters as staffing, sales, marketing, technical support, and customer success. The ultimate goal: take the start-up from early revenue or pre-revenue to 1 million ARR. About Information Shield Information Shield provides customers with time-saving products and services to help build, update, and maintain a defensible information security and data privacy program. Based in Houston, Texas, Information Shield has over 10,000 satisfied customers in 100 countries, covering a variety of markets including financial services, healthcare, non-profits, government, and retail.

Read More

WEB SECURITY TOOLS

Indusface Enhances its Web Application & API Protection (WAAP) platform AppTrana with Industry's First Risk-Based Protection to APIs

Indusface | May 19, 2022

Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana. APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications. Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same. "AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs." Ashish Tandon, Founder and CEO, Indusface As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs. With Indusface AppTrana's Risk-based API Protection, you get: To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected. Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern Behavioral-based protection against BOT attacks Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application About Indusface Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine. Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.

Read More

DATA SECURITY

Security Tops Retailers’ Wish Lists this Holiday Season

Futurex | November 17, 2021

Record sales expected in 2021, along with hackers; Futurex recommends point-to-point encryption for retailers to protect cardholder data BULVERDE, Texas, November 17, 2021 — As we enter the biggest retail season of the year, transactions are increasing, as are the numbers of hackers and skimmers — targeting shoppers’ cardholder data. The last thing retailers need to worry about is cyber threats that lead to ransomware or data breaches, as they welcome shoppers and juggle supply chain disruptions. Futurex, a leader in hardened, enterprise-class data security solutions, recommends retailers implement point-to-point encryption (P2PE) to encrypt cardholder data at the point of sale to keep it safe from malware that might be spying on network traffic and capturing credit card numbers. Futurex secures transactions for several of the nation’s largest retailers, protecting shoppers’ sensitive cardholder data and payment information. U.S. retail sales now through December are expected to grow 10.5% to a record $859 billion, compared to 2020, according to the National Retail Federation. Meanwhile, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned about the increase of cyber threats, including ransomware, around the holidays. “Behind every gift, every purchase, and every payment, retailers and consumers depend on secure transactions to protect payment information,” said Ryan Smith, vice president, global business development, at Futurex. “As the critical security backbone of the global financial ecosystem, we work with the world’s largest retailers and financial institutions to safeguard data in transit and at rest." The use of hardware security modules (HSMs) in transaction processing is critical, as payment HSMs provide the cryptographic functions needed to support end-to-end data security, including encryption and cryptography key management. In a compliant P2PE environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated HSM. Learn more about point-to-point encryption. About Futurex For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Read More

Spotlight

The perimeter continues to dissolve, and the definition of endpoint is evolving, according to results of the SANS 2016 Endpoint Security Survey, now in its third year. In it, respondents say their organizations continue to connect new and different types of endpoints, including point-of-sale (POS) devices, printers, mobile devices, building security systems and even wearables to their networks. As we might expect, 90% or more consider desktops, servers, routers, firewalls and printers to be endpoints that need to be protected. After that, respondents include other less-typical devices in their definition of endpoints that warrant protection: 71% include building security (access/ surveillance), 59% include employee-owned mobile devices and 40% consider industrial control systems as endpoints that need to be protected. Some respondents also consider POS devices, smart cars, emulated endpoints in the cloud and wearables as endpoints needing protection, highlighting the diversity of thinking among respondents.

Resources