DATA SECURITY

When Safeguarding Digital Communications,IT Security Leaders Come Across Continued Vulnerabilities

SafeGuard Cyber | July 13, 2021

The only SaaS platform dedicated to managing the entire lifecycle of digital risk protection, SafeGuard Cyber, has released conclusions from a survey of 100 IT security leaders about their safeguarding digital communications and digital risk processes. The finding of the survey indicates that cybersecurity leaders recognize what is required for adequate digital risk protection. But, they are still dealing with boundaries and susceptibilities in defending these communications, such asthird-party cloud application engagement.

The survey was conducted in June 2021 in coordination with the research community Pulse. The main point covered in the survey was uncovering how cybersecurity leaders are managing digital risks on third-party applications. In addition, the survey was also focused on recognizing who owns the responsibility for securing them and what all can be done to progress their administration's security posture for various cloud applications. 100 senior enterprise IT and security professionals from companies with over 5,000 employees were included in the survey.

The main findings from the survey include:

• The biggest challenge for security leaders, who targets to uphold security and compliance across all professional communications, is lack of visibility (39%)
• Security leaders are most concerned about data loss (46%) regarding digital communication risks, followed by malware and ransomware attacks (37%).
• Only 10% of cybersecurity leaders have a tech stack that provides complete visibility for detecting and responding to threats in cloud applications outside of their network.
• Security leaders often restrict access as a means of managing risk where they lack granular visibility. For example, to ensure security and compliance on social media, collaboration, and mobile chat applications, most security leaders (77%) turn to tools that restrict access to third-party communication apps.


About SafeGuard Cyber 

SafeGuard Cyber guards the human connections establishments need to flourish in a digital world. The cloud-native SafeGuard platform authorizes the secure and compliant acceptance of social, mobile, and cloud-based communication channels at the scale of worldwide corporate. With SafeGuard, customers gain business agility with better security and time to value. Current customers include small businesses, Global100 enterprises, municipalities, and various national governments.

Spotlight

Marcin Kleczynski tells the story behind how he and a small band of malware hunters have worked together to build cybersecurity software that can take on the threats traditional antivirus can't handle.


Other News
DATA SECURITY

ShardSecure® To Present at Black Hat Cybersecurity Conference

ShardSecure | August 09, 2022

ShardSecure, inventor of the innovative MicroshardTM technology that mitigates data security and privacy risks in the cloud, will be exhibiting at Black Hat 2022, the leading information security event, from August 6 to 11 in Las Vegas, Nevada. While at Black Hat, ShardSecure will showcase their patented microsharding solution at Booth #30 in the Business Hall's Innovation City. During the conference, ShardSecure will demonstrate how microsharding renders sensitive data unintelligible in the wrong hands, offering crucial protection in multi-cloud and hybrid-cloud environments. ShardSecure Lead Developer Anthony Whitehead will present "Microsharding, an Alternative to Encryption for Data at Rest" from 2:25 to 2:45 p.m. PT on August 10 in the Business Hall, Theater C. Additionally, VP of Marketing Marc Blackmer will be interviewed on microsharding and encryption by Chuck Harold of SecurityGuyTV at 9:20 a.m. PT on August 11. "We're looking forward to making new connections and sharing how we can help organizations strengthen their data resilience, maintain business continuity, and mitigate the impact of ransomware," said Marc Blackmer. "Black Hat is an excellent opportunity for ShardSecure to participate in key industry conversations, strengthen our brand, and grow our networking opportunities." Microshard technology works to desensitize sensitive data by digitally shredding it into tiny microshards. Those microshards are then mixed with poison data and distributed to multiple customer-owned storage locations of the customer's choosing. Its self-healing data also reverses unauthorized data deletion and tampering — including ransomware — for data at rest. Through its ability to reconstruct data impacted by storage service outages, ShardSecure also helps protect against the effects of data loss and allows business operations to continue unaffected during an outage. "We're pleased to be sharing Microshard technology with a wide audience of thought leaders and vendors at Black Hat. "Combined with several new partnerships and our recent availability in Azure Marketplace, Black Hat is allowing us to reach more organizations with our innovative data security and data resilience solution. We look forward to continuing the discussion about how we can help organizations maintain control of their sensitive data in the cloud while protecting it from outages and attacks." Bob Lam, CEO and Co-Founder of ShardSecure About Black Hat Now in its 25th year, Black Hat USA is a leading cybersecurity event. With trainings, briefings, and virtual and in-person events, Black Hat 2022 will present the latest research, development, and trends in the information security industry. About ShardSecure ShardSecure is changing the nature of data security. It believes that all organizations can easily and securely enjoy the benefits of cloud adoption without surrendering control of their data. Inventors of the patented Microshard technology, ShardSecure cloud-enables sensitive data by desensitizing it in multi-cloud and hybrid-cloud environments.

Read More

PLATFORM SECURITY

Cerby Launches With World’s First Security Platform for Unmanageable Applications

Cerby | June 28, 2022

Cerby officially launched today with the world’s first security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity. The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million. “Our goal at Cerby is simple but sweeping: To increase productivity for enterprises by empowering employees to use the technologies they prefer while automating compliance and security,” said Co-Founder and CEO, Belsasar Lepe. “In this era of IT consumerization, employee choice and enterprise security are not mutually exclusive—with the right tools and strategies, they go hand-in-hand. When business professionals get real autonomy, security becomes everyone’s responsibility, rather than just one of many priorities for the IT department. The Cerby platform for unmanageable applications enables organizations to boost efficiency, comply with existing policies and reduce exposure to cyberattacks—it’s truly a win-win-win.” Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches. The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security. Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done. To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban. “We chose Cerby because we needed a secure and centralized place to manage access to our paid social accounts. “Because Cerby can seamlessly integrate with our organization’s single sign-on technology and also connect to the social platforms’ APIs, we are able to create organizational efficiencies by granting and removing access within one place. Additionally, the automated access removal of employees who have left the company provides a level of security we did not previously have.” Nina Donnard, AVP, Paid Social, L’Oreal The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time). Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings. “I love that Cerby solves a problem every CIO faces: unmanageable applications,” said Yousuf Khan, Partner at Ridge Ventures and former CIO. “When non-IT employees use unauthorized applications, they might be gaining productivity, but they are also unlocking a Pandora’s box of security vulnerabilities. The pandemic only made it worse: 71% of users in the US now acquire their own applications to do their jobs. Cerby is the first solution I’ve seen that significantly reduces the risk of these unmanageable applications by applying zero trust principles and automating the entire application lifecycle. The best part of it is that it’s not a top-down, managerial edict: Employees become an active and motivated part of the solution. Business professionals get the power to choose their applications, productivity gets a boost, and the company ensures security and compliance–everyone wins. Other cybersecurity products demand enforcement; Cerby encourages enrollment. This is the best way to enhance employee trust and increase productivity.” The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords. About Cerby Cerby delivers the world’s first platform built to positively guide employees' security behaviors no matter which applications they use. We protect brands around the world, including some of the most recognizable businesses, by taking an approach that empowers both employees and security teams, using Zero Trust principles. Our proprietary technology uses robotic process automation to understand applications in a business context and automatically enforces security best practices before misconfigurations turn into breaches. Cerby is a must-have for technology executives and their teams to protect the brand, stay secure and increase productivity.

Read More

SOFTWARE SECURITY

BlackBerry Helps Channel Partners Tap Exploding Managed Security Service Market

BlackBerry | June 09, 2022

BlackBerry Limited today announced a number of enhancements to the BlackBerry Partner Program to help Managed Security Service Providers (MSSPs) capture the exploding demand among small and medium-sized businesses (SMBs) for 24x7x365 Managed Extended Detection and Response (XDR) services, a market which industry experts expect will grow from $22.45 billion in 2020 to $77.01 billion by 2030. BlackBerry's 2022 Threat Report found SMBs experience 11-13 attacks every day. Amidst this growing threat landscape, the company has significantly increased its MSSP focus, launching new marketing incentives, a global hiring campaign to boost partner support and a revamped curriculum of training, tools and enablement resources to aid overall go-to-market efforts. Enhancements include: Greater Cybersecurity Protection for Customers & More to Sell – New products and services now available to MSSPs include CylanceGUARD®, CylancePERSONA™, and CylanceGATEWAY™. This will enable new service opportunities and help MSSPs secure their client environments. Increased Support & Field Seller Alignment – Commitment to significantly increase the size of BlackBerry's channel team, doubling employee headcount in roles such as partner management, customer success and channel enablement to ensure partners have the technical and sales support to compete and win in the crowded EDR/XDR market. BlackBerry has also introduced seller compensation on MSSP deals to encourage field alignment and to embrace MSSPs as a critical route to market. More Comprehensive Training – New BlackBerry Cyber Security Administrator (BCSA) technical training – aimed at MSSPs who will be configuring, managing, and troubleshooting BlackBerry UES products. Representing the next-generation evolution of the popular Cylance Security Professional Certification, the new program includes a blend of videos, instructor-led training, and online assessments on BlackBerry's industry-leading, AI-based, prevention-first solutions focused on preventing breaches before they happen. Lucrative Marketing Incentives – Expanded the generous 'Protect and Earn' partner incentive program that rewards MSSPs for uncovering and closing net-new BlackBerry logos. Partners earn cash-based rewards which are determined by the qualifying closed deal's Total Contract Value, with no limits. New Pricing – New flexible licensing and pricing options built to match the way MSSPs do business with customers. New MSSP-focused aid in partner business development including demand generation & sales support via proposal-based marketing funds, case studies, strategic Go-To-Market engagement and access to inside sales resources. The expanded investment and support for MSSPs comes following last month's joint warning from the Five Eyes Alliance of security authorities from the United Kingdom, Australia, Canada, New Zealand and the United States, highlighting an increase in malicious cyber activity targeting managed service providers (MSPs) and urging them to protect the IT supply chain with a fresh set of cybersecurity measures. "With headline-grabbing hacks and a cybersecurity talent gap showing no signs of letting up, SMBs have never been more under-staffed or ill-prepared to meet the challenges posed by the continuously evolving threat landscape. "Our top 20 MSSPs have grown more than 50 per cent year over year and demand for human threat experts is through the roof. To that end, BlackBerry is doubling down and increasing our focus on our MSSP partners to ensure they're set up for success." Colleen McMillan, VP, Global Channel Sales at BlackBerry About BlackBerry BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including over 195M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.

Read More

SOFTWARE SECURITY

UL Launches New SafeCyber™ Solution and Platform Features to Address Mounting Security Threats

UL | June 07, 2022

UL, a global safety science leader, today announced the latest enhancements to its product security and compliance life cycle management platform, SafeCyber. Launched last year, SafeCyber aims to democratize product security and empower device manufacturers, suppliers and system integrators to take charge of their connected ecosystems and mitigate growing threats from chip to cloud. Amid an uptick in supply chain attacks, a shortage of security expertise and a dynamic regulatory environment, UL's new SafeCyber dashboard provides users with a comprehensive view of their product security maturity and projects in one place. SafeCyber also provides an easy-to-use portal to help users discover available device life cycle solutions to better manage and secure their ecosystems. Through this new dashboard, users can view all their product security testing and evaluation activities in a single, central location. The new feature provides visibility on the security maturity of their product lines and certification readiness to industry standards, including ISA/SAE 21434 and IEC 62443 4-1, among others. Additionally, UL formally announced Binary Check™, a new SafeCyber platform solution. Binary Check allows users to perform continuous, automated binary code analysis to ensure ongoing security and compliance readiness of connected devices and systems. This new solution includes the ability to generate a software bill of materials (SBOM), detect and manage vulnerabilities for faster remediation and obtain compliance readiness analysis. "The skyrocketing adoption of connected devices creates countless benefits and opportunities but also leads to an increasingly large and attractive attack vector for bad actors. "As devices become progressively connected, it's challenging for businesses to keep up with growing device and security system complexities, making them vulnerable to ransomware and firmware attacks. Hardening security requires a proactive approach. At UL, we are committed to enabling organizations to innovate and bring products to the marketplace safely and securely. With SafeCyber, customers benefit from a 360-degree view of their security governance and processes to better manage and mitigate product security risks." David Nosibor, platform solutions lead, Identity Management Security and head of UL's SafeCyber project About UL UL is a global safety science leader. We deliver testing, inspection and certification (TIC), training and advisory services, risk management solutions and essential business insights to help our customers, based in more than 100 countries, achieve their safety, security and sustainability goals. We believe our deep knowledge of products and intelligence across supply chains make us the partner of choice for customers with complex challenges.

Read More

Spotlight

Marcin Kleczynski tells the story behind how he and a small band of malware hunters have worked together to build cybersecurity software that can take on the threats traditional antivirus can't handle.

Resources