DATA SECURITY

To prevent cyber attacks caused by compromised passwords, Enzoic and OneLogin partner

businesswire | November 18, 2020

Enzoic, a main supplier of bargained certification screening arrangements, today reported an association with OneLogin, a cloud-based character and access the board supplier. The joint effort will see Enzoic's qualifications screening administration incorporated into OneLogin's SmartFactor Authentication item, guaranteeing that accreditations uncovered in an earlier break can't be utilized.

Verizon's 2020 Data Breach Investigations Report distinguished that taken certifications are associated with 29 percent of information breaks and that 80% of hacking-related penetrates include bargained and feeble qualifications. These discoveries underscore that forestalling the utilization of uncovered qualifications is basic to diminish the probability of an effective assault.

The Enzoic and OneLogin association is intended to dispose of the danger of bargained accreditations. Through the arrangement, OneLogin will coordinate Enzoic's API so that each time a client makes a secret phrase, it will naturally be screened against Enzoic's live information base of different billions of uncovered username and secret phrase mixes. On the off chance that the qualifications are uncovered, it will request that the client make another exceptional secret phrase. This altogether decreases the danger of fruitful accreditation stuffing, account takeover or different types of information break occurring without adding superfluous contact.

“Preventing the use of exposed credentials is the key to shoring up password vulnerabilities,” said Josh Horwitz, COO, Enzoic. “As the number of breaches and cyber attacks show no sign of abating, it's critical that organizations take steps to protect against this threat by screening credentials. We are excited to partner with OneLogin to deliver this peace of mind to its customers that use SmartFactor Authentication."

“Cybersecurity threats are a part of our digital world,” said Venkat Sathyamurthy, Chief Product Officer OneLogin.“By integrating Enzoic’s intelligent technology, we’re preventing our users from inadvertently deploying credentials that have already been breached and exposed on the Dark Web. As a result, the risk of account takeover from compromised credentials is reduced while ensuring that the authentication process remains smooth for our customers.”

About Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Enzoic is a profitable, privately held company in Colorado.


About OneLogin
OneLogin is the number one value-leader in Identity and Access Management. Our Trusted Experience Platform provides everything you need to secure your workforce, customers, and partners at a price that works with your budget. Headquartered in San Francisco, OneLogin secures over 2,500 customers worldwide, including Airbus, Stitch Fix, and AAA.

Spotlight

Despite the need for effective document collaboration in the enterprise, many organizations are failing to provide their employees with the right tools to get the job done. Today's knowledge worker wants platform-agnostic, on-demand access to their files whenever and wherever they need them... and they'll bring this functionality into the organization whether IT approves of it or not. As a result, end-users are driving the adoption of cloud-based file sharing solutions such as Dropbox and Box, while corporate IT departments tend to dismiss these tools due to security concerns - both perceived and real.


Other News
DATA SECURITY

CloudCover Continues to Move Into a New Era of CyberSafety with the Launch of CloudCover’s Cyber Liability

CloudCover | December 27, 2021

The cybersecurity insurance market is in trouble, fueled by a rapid increase in cyber attacks – up 486% from the beginning of 2018 through the end of 2021, according to Aon. As a result, insurers have little choice but to raise rates and scrutinize policy terms and conditions, as there’s no historical data to set policies and premiums like traditional insurance products. CloudCover, the company Reimagining CyberSecurity, is making strides to improve cyber safety by creating the first end-to-end cyber security technology and insurance platform. Today, the company announces the continued rollout of its suite of CloudCover insurance products with the launch of a new insurance offering: CloudCover Cyber Liability (CCCL) and Information Systems Business Interruption (ISBI) insurance. The release of the cybersecurity insurance coverage brings forward an entirely new market category: cybersecurity network and data insurance cover that utilizes the CC/B1 PlatformTM to obtain the data analytic set required to efficiently underwrite and set accurate premiums. CloudCover’s $1 Million Ransomware Warranty was launched in September 2021. Through its CCCL insurance, CloudCover will issue a $1 million cover per occurrence and a $10 million aggregate policy. This insurance option covers: First-party response costs, including any costs associated with the investigation and remediation of cybersecurity breaches, as well as payment for costs associated with notifying affected parties of the breach, Third-party liability and regulatory costs, including any costs associated with the defense of lawsuits, regulatory fines, and penalties in addition to the costs associated with any judgements rendered from those activities, and Cover for any ransom demanded by cyber criminals who have locked the insured company’s network or computer systems. Similar to the CCCL coverage, CloudCover will also issue $1 million coverage per occurrence and a $10 million aggregate policy for its ISBI coverage. The insurance policy provides payment for lost revenue in the event that a Distributed Denial of Service (DDoS) attack disrupts or compromises the insured party’s network. Both insurance covers are powered by CloudCover’s CC/B1 Platform, an advanced Intelligent Threat ManagementTM security solution. The CC/B1 relies on a patented AI/ML (automated intelligence/machine learning), X-NDR (extended network detection and response), SOAR (security, orchestration, automation and response) technology that empowers risk awareness, risk control, and risk transfer in near real time. The platform operates as a Firewall EverywhereTM, collecting data from all corners of an organization’s network, streamlining and utilizing machine learning to detect, analyze, and stop suspicious activity – all while using the collected network patterns with risk scoring and building actuarial models for incremental cybersecurity network insurance. “This marriage of cybersecurity technology and cyber insurance represents the creation of a new market,No other security vendor is able to provide cybersecurity risk scoring, risk event mitigation and mediation, accurate identification and threat stopping, and cyber risk insurance underwriting and auto-adjudication for claims in one platform. Using cybersecurity technology to learn about a company’s network and utilizing that data to create more accurate premiums and better coverage gives our industry the opportunity to better control cybersecurity insurance losses in the future, as we’ll be able to detect threats and issue micro-policies in a fraction of a second.” Stephen Cardot, founder and CEO of CloudCover In the months ahead, CloudCover plans to debut the final product in its initial CyberSafety Insurance Coverage portfolio: Cybersecurity Network Data Insurance, which will be the first insurance policy to insure data in motion with both first- and third-party liability coverage. This insurance, which will launch in February 2022, makes it possible for organizations to insure and thereby value their intangible assets, i.e., data, just as they would other company assets – something that’s been long seen as impossible in the FASB/GAAP industry. In order to purchase CloudCover’s insurance offerings, a company will need to have the CC/B1 Platform installed on its network in addition to completing CloudCover’s CyberSafety Registry. About CloudCover CloudCover is an AI-driven, virtual machine-learning cybersecurity platform. CloudCover has reimagined cybersecurity as a risk-predictive CyberSafety Platform – delivering real-time extended network detection and response through a patented, math-based security orchestration automated response risk aware/control solution. The CloudCover SOAR capability accumulates data between an organization’s diverse security technologies and environments and streamlines them into holistic actions on potential risks. The CC/B1 Platform provides an ever-evolving, protective security layer to your existing cybersecurity tech stack – meaning network threats are detected in near zero-second speed with near zero-threat accuracy. With CloudCover, the elusive “single pane of orchestration” capability of an organization’s network security isn’t a myth – it’s reality.

Read More

ENTERPRISE SECURITY

CyberRes Completes Acquisition of Debricked to Further Expand Software Supply Chain Security

CyberRes | March 15, 2022

CyberRes, a Micro Focus line of business, today announced the acquisition of Debricked, a developer-centric open source intelligence company aimed at innovating how organizations secure their software supply chain for today and the future. The addition of the cloud-native software composition analysis platform and AI/ML capabilities further drive CyberRes' strategy in the future of software resilience and DevSecOps. These aligned capabilities, combined with their vision of how developers evaluate, consume, and secure open-source components customized to their organization's need, make Debricked an extremely valuable addition to CyberRes' application security portfolio. "Nearly 90 percent of companies are developing software using open source components to accelerate their development speed to keep pace with business demands, which comes with accelerated risk," said Tony de la Lama, VP Product Management. "Our aim is to invest in and build solutions that allow organizations to secure their applications while maintaining the speed of development. Debricked is uniquely positioned in the market with their portfolio of solutions to address open source security and adds to an already robust portfolio in CyberRes to secure the software supply chain." Debricked's SaaS solution enables more intelligent selection of open source while drastically reducing the risks typically associated with it, both core requirements of modern DevSecOps programs. The service runs on state-of-the-art machine learning which enables the data quality to be extremely accurate as well as instantly updated whenever a new vulnerability is discovered. High precision, combined with developer focused UX and unique abilities to customize the service to your company's needs, makes Debricked unique in the world of open source security and positioned for accelerated growth. "We are excited at becoming a part of Micro Focus and CyberRes. Combining our team with such an industry-leading organization enables us to accelerate Debricked's journey toward our vision of making it easier for companies to use open source securely. We are also excited at the opportunity to present our customers with a full scale, robust security offering." Debricked CEO and co-founder Daniel Wisenhoff Key attributes of Debricked technologies include: Open Source Intelligence: With their latest innovation, Open Source Select, Debricked aims to make searching and comparing open source packages faster. By providing an in-depth analysis of the community health and offering contextualization, developers can make much more informed decisions. Security Vulnerabilities: Continuously and automatically identify, fix and prevent vulnerabilities in open source dependencies. Scan at every commit and get notified when new vulnerabilities appear. License Compliance: Ensure and maintain open source compliance with automated and enforceable pipeline rules, along with enabling creation of software bill of materials (SBOMs). Calculate risk levels for your repositories based on intended use. CyberRes is aimed at building the most complete portfolio that helps enterprises prepare for, respond to, and recover from cyber threats. With this acquisition, Micro Focus continues to show strong commitment and continued investment to Security and the ability to help customers and partners improve their cyber resilience posture. This additional investment includes a series of acquisitions made over the last two years, which strengthen our robust portfolio of security solutions, all focused on delivering business and technical outcomes to support cyber resilience. The latest example of how these investments come together is the recent launch of Galaxy, an immersive cyber threat experience built for CISOs and analysts. About CyberRes CyberRes is a Micro Focus line of business. We bring the expertise of one of the world's largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow's opportunities.

Read More

SOFTWARE SECURITY

GTT Launches Secure Connect to Enhance Enterprise Cloud Security

GTT | March 23, 2022

GTT Communications, Inc., a leading global cloud networking provider to multinational clients, has announced its new Secure Connect offering to extend and strengthen the protection of the enterprise network connecting to the internet and accessed by users from any location. The new service is based on the SASE framework and integrates with GTT Managed SD-WAN. GTT Secure Connect leverages a single cloud platform for agile and ubiquitous delivery of network security, offering a range of features that include CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), ZTNA (Zero Trust Network Access) and FWaaS (Firewall as a Service) capabilities. GTT Secure Connect addresses the growing requirement for secure access to enterprise resources in an environment characterized by the widespread use of digital technologies, broad adoption of cloud applications and a remote workforce. GTT Secure Connect utilizes a cloud delivery model that provides centralized policy control at a site and user level for improved scalability and extends the security perimeter to any network endpoint. Additionally, the integration of security with the functionality of GTT Managed SD-WAN improves performance and simplifies network management. The comprehensive SASE-based feature set can be tailored to meet individual enterprise requirements for anti-virus, firewall and anti-malware protections, more effective blocking of malicious sites, augmented cloud security monitoring, and prevention of unauthorized access to network resources in a work-from-anywhere model. With GTT Secure Connect, network access is based on user, device and application identity — rather than the physical location or IP address — enabling seamless and secure networking between users, private, SaaS and public clouds, and the enterprise data center. “In an enterprise environment where digital business and the use of cloud applications has become more critical, coupled with the challenge of supporting a hybrid workforce and an intensifying cyber-threat landscape, customers are demanding network integrated security solutions that are comprehensive with an improved user experience. GTT Secure Connect has been designed to meet these customer requirements, leveraging our industry-leading SD-WAN capability combined with state-of-the-art, cloud-based security technologies, delivering a more effective and efficient solution that provides next-generation connectivity and protection managed all in one place.” Don MacNeil, GTT COO According to industry research firm Omdia, only 15 percent of enterprises globally have a fully developed approach to cybersecurity and digital risk. Further research by the firm shows that when SD-WAN is combined with security, enterprises report an extra boost in perceived value over just SD-WAN. “Omdia finds securing networks a consistent area of enterprise concern and investment. Enterprise network transformation needs to address the complexity of securing internet VPNs, cloud applications and a remote workforce,” said Cindy Whelan, practice leader, enterprise network services at Omdia. “GTT’s new Secure Connect brings together network and security, supported by professional services, to help enterprises with their security and performance needs in a period of rapid digital transformation and an intensifying cyber-threat landscape.” The underlying technology platform of GTT Secure Connect is Prisma® Access provided by Palo Alto Networks, an industry leader in global cybersecurity. GTT Secure Connect integrates Prisma Access with GTT’s software-defined networking solutions and global Tier 1 IP network. GTT Secure Connect is complemented by GTT Professional Services, which offers the technical expertise and operational experience to support the complete solution from initial design to installation and ongoing service management. This includes project management, technical management and incident management support. Through EtherVision, GTT’s unified customer management portal, GTT Secure Connect provides customers with the insights and control they need to operate their network and manage their security environment. About GTT GTT provides secure global connectivity, improving network performance and agility for your people, places, applications and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced software-defined networking and security technologies. We serve thousands of businesses with a portfolio that includes SD-WAN and other WAN services, internet, security and voice services. Our customers benefit from a customer-first service experience underpinned by our commitment to operational excellence.

Read More

ENTERPRISE SECURITY

Confluera Cloud Research Finds Cybersecurity Concern as Biggest Obstacle to Cloud and Multi-Cloud Adoption

Confluera | February 19, 2022

Confluera, the leading provider of next-generation cloud cyber attack detection and response, today released the findings of their latest research report, which explores how IT leaders detect, evaluate, and act against cybersecurity threats in today's cloud environment. The study, 2022 Cloud Cybersecurity Survey Report, showcases the perspective of 200 U.S. IT leaders at medium to large sized organizations and how they are tackling the increasingly complex remote, cloud-centric IT security landscape. The majority of organizations are accelerating their cloud adoption with 97% of IT leaders surveyed stating that their strategy includes the expansion of cloud deployments. The strategy includes expansion in scale and in many cases, the adoption of multiple platforms such as AWS, Google Cloud and Azure. This strategy is not without its challenges, however. Approximately, 63% of IT professionals identified cyberthreats designed to target cloud services as the top obstacle to their cloud strategy. Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive. IT teams spend 54% of their time investigating security alerts, with over half of those alerts turning out to be false or benign alarms. As threats within the cloud proliferate, IT leaders are looking for solutions to help them quickly separate the signal from the noise so they can act on the real threats promptly. Some key findings of the survey as it relates to cloud deployments are below. More than 65% of IT leaders said cloud IaaS adoption (AWS, Azure, Google Cloud, etc.) was the primary contributor to their increased workload in 2021 When asked what challenges were associated with adopting multiple cloud platforms, 69% said maintaining consistent cybersecurity coverage across all cloud infrastructures Nearly 50% said securing the resources to manage different cloud infrastructures Nearly 45% identified the difficulty detecting threats progressing from one cloud infrastructure to another "While accelerated cloud adoption continues to be a critical element in adapting to the new way of doing business, it has strained IT leader's ability to manage their workload, Organizations need to ensure proper people, processes, and tools are in place for the team to expand the complex cloud environments without sacrificing their attention to security." John Morgan, CEO of Confluera Morgan continued, "To make matters worse, the Great Resignation has demonstrated the burnout that workers across the U.S. economy are feeling, and nowhere is this burnout more obvious than in the cybersecurity teams. Organizations must ensure frequent conversations between executives and cybersecurity managers to ensure they are well equipped to adequately manage alerts, maintain systems, and avoid burnout within their teams. Other key findings include the following: 85% of IT leaders said that they experienced increased workload due to shift in work model including remote workers Nearly 70% of IT leaders said that the change in work model has made it more difficult to keep company resources secure Nearly 59% of all alert investigations turn out to be false alarms or benign activities 90% of IT leaders said they create threat storyboards but close to 60% rely on third-party services to create storyboards after the incident Not all findings in the report were so glum, however. In a positive sign, 84% of IT leaders were optimistic about their cybersecurity readiness for 2022. The majority of respondents note the availability of new cybersecurity tools as the reason for their positive outlook, with 59% saying that a Detection and Response solution for the cloud, or CxDR, is the innovation they are most excited about for future deployment. "2021 was a tough year for many IT leaders, but the market is now providing organizations with the tools they need to effectively manage the infrastructures they have and even expand them further," added Morgan. "Given proper resources and effective communication, IT leaders have every right to be positive as we move into the new year." About the Study Confluera commissioned an independent research firm to survey U.S. IT leaders using a national network of verified panel providers. A total of 200 respondents completed the survey, which was conducted between December 3-7, 2021. Those surveyed included those with senior titles, including Manager, Director, and VP/C-level. The margin of error for this study is +/-5.9% at the 95% confidence level. About Confluera Confluera is the leading provider of next-generation Cloud eXtended Detection and Response (CxDR) solutions. Recognized by Forbes as one of the Top 20 Cybersecurity Startups to Watch in 2021, Confluera's storyboard technology automates cyber attack analysis making small and large security teams more efficient. The solution has unprecedented visibility of attacks in the cloud and modern application architectures, reveals threats in real-time, and will shut down advanced multistage attacks.

Read More

Spotlight

Despite the need for effective document collaboration in the enterprise, many organizations are failing to provide their employees with the right tools to get the job done. Today's knowledge worker wants platform-agnostic, on-demand access to their files whenever and wherever they need them... and they'll bring this functionality into the organization whether IT approves of it or not. As a result, end-users are driving the adoption of cloud-based file sharing solutions such as Dropbox and Box, while corporate IT departments tend to dismiss these tools due to security concerns - both perceived and real.

Resources