DATA SECURITY

Use NetSPI's New Ransomware Attack SimulationTo Improve Ransomware Attack Resiliency

NetSPI | June 18, 2021

The leader in attack surface management and enterprise penetration testing, NetSPI,  has announced its new service for ransomware attack simulation., In collaboration with its ransomware security experts, the new service enables organizations to emulate ransomware families of real-world to find and fix dangerous susceptibilities in their defenses for cybersecurity.

Major cybersecurity gaps were exposed globally in the recent ransomware attacks. The Biden administration in the U.S. urges all business leaders to take enough precautions to get away from ransomware. Deputy national security advisor for emerging and cyber technology, Anne Neuberger, recommends various companies in a recent memo to use third-party pentester to test the security of the systems and the ability to defend a sophisticated cyber-attack effectively.

NetSPI closely collaborates during a ransomware attack simulation engagement with companies to simulate sophisticated ransomware techniques, tactics, and procedures (TTPs) utilizing its tailor-made technology for breach and attack simulation. Following each engagement, organizations get access to NetSPI's technology to run custom plays independently and unceasingly assess how well their cybersecurity platform will hold up to a ransomware attack.

About NetSPI

NetSPI, the leader in attack surface management and enterprise security testing, has a partnership with the most significant global cloud providers, nine of the top 10 U.S. banks, many of the Fortune® 500, and three of the world's five largest healthcare companies. NetSPI experts perform deep dive manual penetration testing of network, application, and cloud occurrence surfaces, historically testing over 1 million resources to find 4 million specific vulnerabilities. NetSPI is headquartered in Minneapolis, MN, and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures.

Spotlight

Businesses today are experiencing a problem with managing information security. This is so not only because of increased reliance of individuals and businesses on information and communication technologies, but also because the attempts to manage information security have been rather skewed towards implementing increasingly complex technological controls. The importance of technological controls should not be underplayed, but evidence suggests that the violation of safeguards by  trusted personnel of an organization is emerging as a primary reason for information security concerns. Between 61 and 81% of computer related crimes are being carried out because of such violations (see Dhillon [5]; Dhillon and Backhouse [6] for a detailed discussion). These insiders could be dishonest or disgruntled employees who would copy, steal, or sabotage information, yet their actions may remain undetected.


Other News
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Next DLP Announces Cybersecurity Industry Veteran, Constance Stack, as New CEO

Next DLP | November 03, 2022

Next DLP (“Next”), formerly Qush Security, today announced the appointment of Constance (“Connie”) Stack as its new chief executive officer. With Stack leading the way, Next expects to aggressively grow its market share and disrupt the legacy Data Loss Prevention (DLP) category. The DLP market is projected to reach 3.5 Billion USD by 2025 with the SaaS deployment model expected to dominate during the forecast period. Next’s “Reveal Cloud”, which was included in Gartner’s 2022 Market Guide for Data Loss Prevention, is an industry leading, user-centric, DLP solution, that uncovers risk, educates employees and fulfills security, compliance and regulatory needs. “This is an exciting time for all of us at Next DLP,. “We are pleased to have Connie lead Next and believe her leadership will further accelerate the company’s growth and deliver on our mission of reinventing data protection for today's distributed organization.” Fredrik Halvorsen, Chairman of Next’s board of directors and co-founder of Ubon Partners Most recently, Stack served as Managing Director/GM of the Data Protection Business Unit for HelpSystems, which included the Digital Guardian, Titus, Boldon James and Vera brands. Prior to acquisition by HelpSystems, Stack served as chief strategy officer and chief marketing officer of Digital Guardian. Earlier in her career, Stack was vice president of marketing at Veracode (acquired by CA Technologies) and chief revenue officer at WordStream (acquired by the Gannett Company). “Today’s most used DLP solutions came to market over twenty years ago; before the shift to cloud and SaaS really took off and well before the COVID-19 pandemic drove global knowledge workers to a remote working model. Put plainly, legacy DLP approaches are outdated and prone to failure,” said Constance Stack, Chief Executive Officer, Next DLP. “Next DLP offers a new and flexible approach to protecting data where it is most at risk. Its patent-pending endpoint agent and cloud platform were purpose-built for today’s IT environment and threat landscape. I look forward to this opportunity to work with Next’s incredibly talented team and to deliver DLP that works to our customers.” About Next DLP Next DLP (“Next”) is a leading provider of data protection solutions for organizations with valuable data who need to uncover risk, educate employees and fulfill security, compliance and regulatory needs. Next's mission is to reinvent data protection for today's distributed organization and it is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML powered solution built for today’s threat landscape. The company's leadership brings decades of cyber and technology experience from HelpSystems, DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco and Shopify. Next is trusted by organizations big and small, from Fortune 100 finance and retailers to fast growing healthcare and technology companies.

Read More

PLATFORM SECURITY, SOFTWARE SECURITY

Netpluz strengthens cybersecurity offerings for SME customers across the Asia Pacific

Netpluz | October 12, 2022

Netpluz, a one-stop Managed Communications Service Provider in the region, has teamed up with two leading security platforms, Stellar Cyber and Ridge Security, to provide more comprehensive cybersecurity services for Small and Medium-sized Enterprises (SMEs) across the Asia Pacific. Netpluz eSentinel™ is a cloud-based, all-in-one managed cybersecurity platform that offers comprehensive protection of confidentiality, integrity, and availability of computer systems and networks against cyber-attacks and unauthorized access. The partnerships with Stellar Cyber and Ridge Security will significantly enhance the cyber defence capabilities of eSentinel™ in two main areas, namely Managed SOC (Security Operations Centre) and VAPT (Vulnerability Assessment and Penetration Testing). With the adoption of Stellar Cyber's Open XDR platform and ingestion of data from multiple different sources, eSentinel™ Managed SOC service will offer high-fidelity threat detection and incident correlation through AI, automated threat hunting and response. MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) will also improve tremendously by more than eight and twenty times, respectively. Ridge Security's pioneering product, RidgeBot®, is an intelligent risk-based vulnerability management and automated pentest robot that value-adds to eSentinel™ VAPT service. RidgeBot® acts like human attackers, relentlessly locating exploits and documenting the findings. Unlike humans, RidgeBot® comes armed with dynamic attack strategies to exploit before moving on to the next target. "With digitalization accelerated by the pandemic, adopting technology as part of strategic growth is now at the forefront of many organizational agendas, even for SMEs. In fact, we see SMEs looking at digitalization for business and growth opportunities in the long term – driving stronger demand for managed cybersecurity services. "Responding to this demand, we are thrilled to work with Stellar Cyber and Ridge Security to deliver enterprise-grade and cost-effective managed cybersecurity services to businesses in the Asia Pacific." Mr Lau Leng Fong, Chief Executive Officer of Netpluz Such collaborations extend Netpluz's comprehensive selection of business-focused solutions and align with the company's vision to be the top Managed Communications Service Provider in the Asia Pacific. With the evolving digital landscape, cybersecurity is now an integral part of communication services and an even more significant concern for SMEs. Unlike large enterprises, SMEs are often more vulnerable to cyber-attacks due to the lack of strong technological defences, less awareness of threats, and a shortage of talents and resources to invest in cybersecurity. This is where Netpluz comes in. With an increasing focus on offering managed cybersecurity services, Netpluz has established a high-availability Security Network Operation Centre (SNOC) spanning its regional operations, to provide round-the-clock monitoring, detection and response of its customers' IT devices, systems, and network infrastructure. To further strengthen its cybersecurity capabilities and processes, Netpluz has also attained certifications, including CREST Certification, CSA Cyber Trust mark (Advocate), ISO/IEC: 27001:2013, and MTCS Standard. Netpluz is also a Cybersecurity Service Provider (CSP) licensed by the Cyber Security Agency of Singapore (CSA), enabling the company to provide secure and reliable services to customers in Singapore and across the Asia Pacific region. About Netpluz Netpluz is a transforming Managed Communications Service Provider that helps clients become more agile by simplifying their Information and Communications Technology (ICT) needs. With humble beginnings in 2015 serving business internet connectivity, acquisition of MediaRing business assets and merger of Y5Zone Singapore in 2016, Netpluz has evolved from an Internet Service Provider (ISP) to providing Managed Data, Cloud, Cybersecurity, Voice, Video, and Mobility services to over 2,000 clients over a single, converged network with uncompromising availability, scalability and service standards. Backed by decades of industry expertise, experience and global technology partners, Netpluz managed services are designed and operationalized with cost efficiency to fit business needs. With an unwavering dedication to delivering quality services to its clients, Netpluz aspires to become the top Managed Communications Service Provider in the Asia Pacific. About Stellar Cyber Stellar Cyber's Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Its XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. The company is based in Silicon Valley. About Ridge Security Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems. The management team has years of networking and security experience. Ridge Security's robotic security validation system RidgeBot, fully automates the penetration testing process and emulates adversary attacks to validate an organization's cybersecurity posture.

Read More

SOFTWARE SECURITY

Windfall Recognized for Its Commitment to Data Security with Renewed SOC 2 Type 2 Certification

Windfall | September 02, 2022

Today, Windfall Data, Inc. , the most trusted and accurate provider of insights and democratized intelligence on people, announced that it has once again successfully completed the Service Organization Control (SOC) 2 Type 2 audit. This certification validates the company’s ongoing commitment to data protection and security. An industry recognized technical audit for technology & service organizations, SOC 2 Type 2 requires companies to establish and follow strict information security policies and procedures. The independent audit was conducted by Boulay PLLP, and has assessed internal controls involving security, availability, processing integrity, and confidentiality. The assessment applies to internal controls within the organization and encompasses the processing of data on behalf of its customers. As defined by the Trust Services Criteria set forth by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type 2 certification report is generally recognized as the gold standard for data security and re-validates Windfall’s commitment to protecting both company and customer data. “Security and privacy have always been core company values at Windfall. “By re-completing our SOC 2 Type 2 certification, we are demonstrating to our customers that Windfall is accountable to the highest standards of data protection and requirements.” Windfall CEO and Co-Founder, Arup Banerjee Windfall analyzes vast amounts of data with advanced technologies like artificial intelligence and machine learning in order to give organizations deep insights into their data, and to activate those insights into business workflows. Because this data is sensitive, Windfall has top security measures in place to protect critical data from being lost or stolen and developed detailed policies to safeguard customer data, as demonstrated through SOC 2 Type 2 re-certification. “We are intent on providing a platform that organizations can trust,” said Cory Tucker, CTO and Co-Founder of Windfall. “We’re excited to have achieved this security milestone for the second year in a row as it demonstrates the strength and seriousness of our commitment to privacy and security.” ABOUT WINDFALL: Windfall is a people intelligence and AI company that gives go-to-market teams actionable insights. By democratizing access to people data, organizations can intelligently prioritize go-to-market resources to drive greater business outcomes. Powered by best-in-class machine learning and propensity modeling, Windfall activates insights into workflows that engage the right people for each respective organization. More than 800 data-driven organizations use Windfall to power their business.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform

SaaS Alerts | September 12, 2022

SaaS Alerts, the cybersecurity company purpose-built for Managed Service Providers (MSPs) to protect and monetize their customers' core business SaaS applications, announced today that it has secured a $22 million growth investment from global software investor Insight Partners to accelerate the growth of its SaaS Security monitoring and response platform. The accelerated rate of SaaS Application adoption by businesses, driven by the need to provide collaboration and productivity tools to remote workforces and for more centralized and tightly controlled business data resources, has elevated awareness and critical concern for major threat vectors and security gaps that exist in SaaS Application security. These security concerns present opportunities for MSPs to better safeguard their clients while offering SaaS security services that drive profitable new revenue streams. SaaS Alerts was designed to help MSPs monitor and protect their customers' usage of today's most popular SaaS applications such as Microsoft 365, Google Workspace, Salesforce, Dropbox and more – and to safeguard against security threats to a business' SaaS environment such as data theft, data that's at risk due to unintentional employee mishaps and actions taken by bad actors. "We couldn't be more excited to partner with Insight Partners and we see their investment in SaaS Alerts as a monumental endorsement for what we have built and what we intend to build as we collaborate going forward. "I'm very proud of our team for reaching this milestone and look forward to working with Insight to continue to build value for our MSP partners and stakeholders." Jim Lippie, CEO of SaaS Alerts "SaaS applications have become essential for businesses of every size and MSPs need the ability to better protect those applications on behalf of their customers. SaaS Alerts has pioneered SaaS security for MSPs and has a clear vision for how detecting and correlating abnormal user behavior can greatly impact the MSP industry," said Philine Huizing, Principal at Insight Partners. "We're excited to partner with SaaS Alerts as the company scales to address this unique opportunity." About SaaS Alerts SaaS Alerts is the cybersecurity company purpose-built for MSPs to protect and monetize customers' core SaaS business applications. SaaS Alerts offers a unified, real-time monitoring platform for MSPs to protect against: data theft, data at risk and bad actors and integrates with the most popular SaaS Applications. Learn more at www.saasalerts.com. About Insight Partners Insight Partners is a global software investor partnering with high-growth technology, software, and Internet startup and ScaleUp companies that are driving transformative change in their industries. As of June 30, 2022, the firm has over $80B in regulatory assets under management. Insight Partners has invested in more than 700 companies worldwide and has seen over 55 portfolio companies achieve an IPO. Headquartered in New York City, Insight has offices in London, Tel Aviv, and Palo Alto. Insight's mission is to find, fund, and work successfully with visionary executives, providing them with practical, hands-on software expertise to foster long-term success. Insight Partners meets great software leaders where they are in their growth journey, from their first investment to IPO.

Read More

Spotlight

Businesses today are experiencing a problem with managing information security. This is so not only because of increased reliance of individuals and businesses on information and communication technologies, but also because the attempts to manage information security have been rather skewed towards implementing increasingly complex technological controls. The importance of technological controls should not be underplayed, but evidence suggests that the violation of safeguards by  trusted personnel of an organization is emerging as a primary reason for information security concerns. Between 61 and 81% of computer related crimes are being carried out because of such violations (see Dhillon [5]; Dhillon and Backhouse [6] for a detailed discussion). These insiders could be dishonest or disgruntled employees who would copy, steal, or sabotage information, yet their actions may remain undetected.

Resources