DATA SECURITY

To prevent cyber attacks caused by compromised passwords, Enzoic and OneLogin partner

businesswire | November 18, 2020

Enzoic, a main supplier of bargained certification screening arrangements, today reported an association with OneLogin, a cloud-based character and access the board supplier. The joint effort will see Enzoic's qualifications screening administration incorporated into OneLogin's SmartFactor Authentication item, guaranteeing that accreditations uncovered in an earlier break can't be utilized.

Verizon's 2020 Data Breach Investigations Report distinguished that taken certifications are associated with 29 percent of information breaks and that 80% of hacking-related penetrates include bargained and feeble qualifications. These discoveries underscore that forestalling the utilization of uncovered qualifications is basic to diminish the probability of an effective assault.

The Enzoic and OneLogin association is intended to dispose of the danger of bargained accreditations. Through the arrangement, OneLogin will coordinate Enzoic's API so that each time a client makes a secret phrase, it will naturally be screened against Enzoic's live information base of different billions of uncovered username and secret phrase mixes. On the off chance that the qualifications are uncovered, it will request that the client make another exceptional secret phrase. This altogether decreases the danger of fruitful accreditation stuffing, account takeover or different types of information break occurring without adding superfluous contact.

“Preventing the use of exposed credentials is the key to shoring up password vulnerabilities,” said Josh Horwitz, COO, Enzoic. “As the number of breaches and cyber attacks show no sign of abating, it's critical that organizations take steps to protect against this threat by screening credentials. We are excited to partner with OneLogin to deliver this peace of mind to its customers that use SmartFactor Authentication."

“Cybersecurity threats are a part of our digital world,” said Venkat Sathyamurthy, Chief Product Officer OneLogin.“By integrating Enzoic’s intelligent technology, we’re preventing our users from inadvertently deploying credentials that have already been breached and exposed on the Dark Web. As a result, the risk of account takeover from compromised credentials is reduced while ensuring that the authentication process remains smooth for our customers.”

About Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Enzoic is a profitable, privately held company in Colorado.


About OneLogin
OneLogin is the number one value-leader in Identity and Access Management. Our Trusted Experience Platform provides everything you need to secure your workforce, customers, and partners at a price that works with your budget. Headquartered in San Francisco, OneLogin secures over 2,500 customers worldwide, including Airbus, Stitch Fix, and AAA.

Spotlight

Worldwide enterprise security spending is expected to reach $96.3 billion in 2018, an increase of 8 percent from 20171 . Organizations are spending more on security than ever before, but the number and severity of cyber attacks is on the rise, resulting in hundreds of millions of dollars in losses for businesses worldwide. Despite advancements in cybersecurity, malware is still getting through existing defenses. Ofen malware exploits legitimate business applications through a single compromised endpoint to gain a foothold on an entire organization before spreading laterally, resulting in catastrophic data breaches, damage, and destruction. The constantly shifing cybersecurity landscape and the growing sophistication of attackers are making it exceedingly dificult to build prevention systems that can detect the newest exploits. This is especially evident when zero-day attacks such as WannaCry2 first break out, rapidly infecting organizations through a previously undetected flaw in computer operating systems. Even when a fix becomes available, the ransomware continues to spread at an incredible speed through companies who have not yet patched their devices.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Upstream Deepens Investment in Michigan, US with a New Vehicle Security Operation Center

Upstream | September 08, 2022

Upstream, the creator of industry-leading cloud-based cybersecurity and data management platform for connected vehicles and smart mobility, is opening its first U.S.-based vehicle security operation center (vSOC) in Ann Arbor, Michigan, to closely surveil and mitigate emerging cyber threats and risks for its U.S.-based automotive clients. Data and connectivity are the foundation of the automotive industry's transformation, unlocking new revenue streams and business opportunities for automotive stakeholders and users. But, connectivity and mobility applications bring a wide range of cyber risks. "Upstream enables OEMs to build trust into the connected vehicles ecosystem. "Our platform monitors over 12 million vehicles worldwide. We see new attack surfaces and threats on a regular basis, fueled by a wide variety of vulnerabilities, including EV charging networks, expanded use of smartphone apps that control basic car functions and infotainment systems. This is the right timing to open our U.S.-based vSOC, and Michigan is a natural choice." Yoav Levy, CEO and co-founder of Upstream "Companies continue to invest in Michigan because of our world-class talent, quality of life, low cost of doing business and culture of innovation," said Trevor Pawl, Michigan's Chief Mobility Officer. "Michigan remains committed to being the global epicenter of the next revolution of the automotive industry and we applaud Upstream's continued success and investment in Michigan's autonomous and electrified future." "Vehicles are benefiting from a wave of technology innovation, producing transportation that is safer and smarter thanks to connectivity," said Faye Francy, executive director of Auto-ISAC, a global information sharing community established by automakers to address cybersecurity risks. "The very technology that provides us with these new efficiencies also introduces potential cyber risk to the vehicle, and vSOC operations is an application for the automotive industry to proactively address the risk." In fact, Upstream found more than 50 percent of all reported automotive-related cybersecurity incidents took place during the past two years alone. "Customer experience applications, by OEMs and smart mobility providers, are one of the fastest growing attack surfaces and account for 6 percent of total attacks in 2022 so far compared to 2 percent in 2021, explains Yaniv Maimon, Upstream's director of vSOC. "Charging stations and infrastructure have also become a significant concern, especially given range anxiety concerns and the constant pressure to accelerate EV adoption." At the Michigan vSOC, Upstream is hiring and training experienced local cyber and automotive experts to operate the vSOC, offer cross-functional response and mitigate attacks in real time. "Southeast Michigan's emergence as a high-tech mobility hub and its proximity to our automotive customers, their Tier-1 suppliers and cybersecurity talent makes it a perfect setting for our new vSOC," Levy said, adding that traditional security operation centers focus on compliance and IT assets and lack the holistic and contextual view required to mitigate cybersecurity threats against vehicles, services and entire fleets. The Michigan-based vSOC is expected to be fully operational by the end of the year. It adds to Upstream's growing network of automotive-specific security centers already active in Israel, and coming soon in Japan. Additional vSOC investments are expected in Europe in the near future. About Upstream: Upstream provides a cloud-based data management platform purpose-built for connected vehicles, delivering unparalleled automotive cybersecurity detection and response (V-XDR) and data-driven applications. The Upstream Platform unlocks the value of vehicle data, empowering customers to build connected vehicle applications by transforming highly distributed vehicle data into centralized, structured, contextualized data lakes. Coupled with AutoThreat® Intelligence, the first automotive cybersecurity threat intelligence solution, Upstream provides industry-leading cyber threat protection and actionable insights, seamlessly integrated into the customer's environment and Vehicle Security Operation Centers (vSOC).

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Next DLP Announces Cybersecurity Industry Veteran, Constance Stack, as New CEO

Next DLP | November 03, 2022

Next DLP (“Next”), formerly Qush Security, today announced the appointment of Constance (“Connie”) Stack as its new chief executive officer. With Stack leading the way, Next expects to aggressively grow its market share and disrupt the legacy Data Loss Prevention (DLP) category. The DLP market is projected to reach 3.5 Billion USD by 2025 with the SaaS deployment model expected to dominate during the forecast period. Next’s “Reveal Cloud”, which was included in Gartner’s 2022 Market Guide for Data Loss Prevention, is an industry leading, user-centric, DLP solution, that uncovers risk, educates employees and fulfills security, compliance and regulatory needs. “This is an exciting time for all of us at Next DLP,. “We are pleased to have Connie lead Next and believe her leadership will further accelerate the company’s growth and deliver on our mission of reinventing data protection for today's distributed organization.” Fredrik Halvorsen, Chairman of Next’s board of directors and co-founder of Ubon Partners Most recently, Stack served as Managing Director/GM of the Data Protection Business Unit for HelpSystems, which included the Digital Guardian, Titus, Boldon James and Vera brands. Prior to acquisition by HelpSystems, Stack served as chief strategy officer and chief marketing officer of Digital Guardian. Earlier in her career, Stack was vice president of marketing at Veracode (acquired by CA Technologies) and chief revenue officer at WordStream (acquired by the Gannett Company). “Today’s most used DLP solutions came to market over twenty years ago; before the shift to cloud and SaaS really took off and well before the COVID-19 pandemic drove global knowledge workers to a remote working model. Put plainly, legacy DLP approaches are outdated and prone to failure,” said Constance Stack, Chief Executive Officer, Next DLP. “Next DLP offers a new and flexible approach to protecting data where it is most at risk. Its patent-pending endpoint agent and cloud platform were purpose-built for today’s IT environment and threat landscape. I look forward to this opportunity to work with Next’s incredibly talented team and to deliver DLP that works to our customers.” About Next DLP Next DLP (“Next”) is a leading provider of data protection solutions for organizations with valuable data who need to uncover risk, educate employees and fulfill security, compliance and regulatory needs. Next's mission is to reinvent data protection for today's distributed organization and it is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML powered solution built for today’s threat landscape. The company's leadership brings decades of cyber and technology experience from HelpSystems, DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco and Shopify. Next is trusted by organizations big and small, from Fortune 100 finance and retailers to fast growing healthcare and technology companies.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, ENTERPRISE SECURITY

SyncDog Announces Partnership with 3Eye Technologies to Expand Access to Mobile Endpoint Security Technology

SyncDog Inc. | October 28, 2022

SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced a partnership with 3Eye Technologies to develop a smarter, more advanced offering for its mobility and cloud strategy to accelerate sales initiatives. SyncDog's Secure.Systems™ Workspace offers companies and government organizations a more secure and scalable solution for addressing all the challenges that go along with enabling employees on mobile devices—with immediate opportunities around helping to bring organizations into compliance with the federal government's CMMC 2.0 framework and other security & privacy regulatory standards. The rising popularity and rapid adoption of hybrid work models means that employees are empowered to conduct their work from wherever they are and on whatever device they have on hand–even personally owned (BYOD) devices. However, hybrid and remote work policies emphasize the importance of having robust data protection and endpoint security solutions. Now, more than ever, the ability for both private and public sector institutions to achieve compliance and adopt the cybersecurity and data protection standards outlined in industry frameworks is more critical than ever, as evidenced by the federal government's push to implement CMMC 2.0. In accordance with CMMC and other federally regulated requirements, SyncDog's unified Trusted Mobile Workspace provides a holistic, zero-trust approach that helps bring organizations into compliance with the federal government's CMMC framework along with other broadly recognized regulatory standards. "We are excited to partner with 3Eye to offer even more organizations a smarter and more efficient approach to a secure mobility architecture. A particularly compelling opportunity will be in enabling government employees and federal contractors to collaborate in real-time outside the office in a secure way – even while using BYOD/Personal devices – and still complying with CMMC 2.0 regulations. "This partnership will help broaden the range of organizations securely transferring data between the device and organization's secure network and provide reassurance that devices and processes they are following and implementing adhere to necessary regulations." Brian Egenrieder, Chief Revenue Officer at SyncDog "The prevalence of hybrid and remote work has IT and security teams grappling with ever evolving and complex cybersecurity challenges. This widespread workforce shift has made the need for enterprise mobility more important than ever, but these challenges are only exacerbated by the lack of robust mobile security strategies," said Conor MacFarlane, President and CEO of 3Eye Technologies. "SyncDog technology protects sensitive data no matter what device it is on, making it easier for people to conduct business securely. It's a terrific addition to our portfolio of highly advanced mobility and security technologies." 3Eye Technologies is a mobile-first distributor, who partners with best of breed vendors to provide the highest quality mobility, security, and identity solutions to deliver cutting-edge technologies through its reseller database. SyncDog will leverage 3Eye Technologies' distribution capabilities to build upon their growing market presence and connect SyncDog with more customers across new commercial markets and regions. About SyncDog Inc. SyncDog is the leading ISV for building mobile frameworks that extend app functionality to devices while securing corporate and government networks from mobile-endpoint threats. SyncDog's flagship solution, Secure.Systems, delivers a rich and unimpeded mobile experience for employees working remotely, and supports a multitude of enterprise productivity apps within a NIST-certified (FIPS 140-2 cert. #2687) workspace. Secure.Systems is ideal for organizations that want to deliver a rich mobile app experience across BYOD, CYOD (choose your own device), or other endpoint device policy. Secure.Systems is a natural complement to security and compliance auditing initiatives to satisfy the mandates of CMMC, HIPAA, GDPR, PCI DSS, GLBA, FISMA, and other laws/standards for data security. About 3Eye Technologies 3Eye Technologies is a value-added distributor of mobility, security, and identity solutions, committed to helping our partners identify, configure, and deliver solutions that enable seamless and secure work, wherever work gets done.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Datadog Launches Cloud Security Management to Provide Cloud Native Application Protection

Datadog | October 20, 2022

Datadog, Inc., the monitoring and security platform for cloud applications, today announced the general availability of Cloud Security Management. This product brings together capabilities from Cloud Security Posture Management (CSPM), Cloud Workload Security (CWS), alerting, incident management and reporting in a single platform to enable DevOps and Security teams to identify misconfigurations, detect threats and secure cloud-native applications. As organizations' cloud architectures become more complex, assessing security risks and collaborating across teams to mitigate them has become increasingly difficult. While security engineers are responsible for identifying threats and misconfigurations, DevOps teams are responsible for remediating them. DevOps and security teams often use multiple point solutions and tools to report on and resolve issues, but these tools provide an incomplete view of security risks and create silos between teams. Datadog's Cloud Security Management brings together observability and security insights across an organization's entire cloud environment—without the need to deploy additional agents. This shared context provides security engineers with deeper insights to collaborate with DevOps teams and more quickly remediate security issues. "Tight collaboration between security and DevOps teams is required to mitigate security risks in today's environments. This change has been brought on by the move to the cloud. Security teams today cannot take countermeasures alone without potentially impacting the performance and reliability of production systems. "Datadog Cloud Security Management helps these teams work together to remediate issues quickly by providing a single platform—as opposed to multiple point solutions—that delivers a complete view of an organization's infrastructure and risk exposure." Prashant Prahlad, VP of Product at Datadog "Using Cloud Security Management was like having a member of the InfoSec team embedded within our DevOps team," said Chad Upton, Vice President of Infrastructure at FirstUp. "All the security metrics were front and center so they could easily see the number of misconfigured resources in a single view and they didn't have to wait for someone from InfoSec to reach out and let them know there was an issue." "Because Datadog Cloud Security Management shows observability and security data together, alongside the resource relationship graph, we were able to remove cloud resources that were no longer in use and easily understand the impact of misconfigured cloud resources by visualizing all dependencies," said Ben Collen, Senior Director of Engineering and CISO at Vertex. Cloud Security Management expands on the foundational capabilities of cloud security posture management and cloud workload security of a CNAPP solution through: Resource Relationship Graph: By providing a visual risk assessment of misconfigured resources and vulnerabilities across an organization's cloud infrastructure, DevOps teams can take remedial actions based on the impact of the risk. Custom Detection Rules: Teams can now create fine-grained threat detection rules across all cloud resources—including their associated logs and security incident events. Resource Catalog (Beta): Engineers can access a comprehensive visual representation of all security risks associated with each cloud resource in a customer's environment and identify the owners of every cloud infrastructure resource to remediate vulnerabilities and misconfigurations. About Datadog Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.

Read More

Spotlight

Worldwide enterprise security spending is expected to reach $96.3 billion in 2018, an increase of 8 percent from 20171 . Organizations are spending more on security than ever before, but the number and severity of cyber attacks is on the rise, resulting in hundreds of millions of dollars in losses for businesses worldwide. Despite advancements in cybersecurity, malware is still getting through existing defenses. Ofen malware exploits legitimate business applications through a single compromised endpoint to gain a foothold on an entire organization before spreading laterally, resulting in catastrophic data breaches, damage, and destruction. The constantly shifing cybersecurity landscape and the growing sophistication of attackers are making it exceedingly dificult to build prevention systems that can detect the newest exploits. This is especially evident when zero-day attacks such as WannaCry2 first break out, rapidly infecting organizations through a previously undetected flaw in computer operating systems. Even when a fix becomes available, the ransomware continues to spread at an incredible speed through companies who have not yet patched their devices.

Resources