SOFTWARE SECURITY

Zscaler Advances Cybersecurity and UX with New AI/ML Capabilities

Zscaler | June 23, 2022

Zscaler
Zscaler, Inc., the global leader in cloud security, unveiled today new breakthrough AI/ML innovations driven by the world's largest security cloud for unsurpassed user protection and digital experience monitoring. The new capabilities expand Zscaler's Zero Trust Exchange security platform, allowing companies to implement a Security Service Edge (SSE) that safeguards against the most advanced cyberattacks while providing an outstanding digital experience to users and easing zero trust architecture adoption.

Cyberattacks on encrypted internet traffic have increased 314%, ransomware has increased 80%, and double extortion attacks have increased roughly 120%. Phishing is also on the rise, with businesses such as finance, government, and retail experiencing yearly increases in assaults of more than 100% in 2021. Organizations must adjust their defenses to real-time risk changes in order to battle growing threats. However, lean IT and security teams are facing security alert fatigue as they become more exposed to real-time attacks, and they frequently lack the resources and capabilities to adequately analyze and respond to the rising amount of threats.

Zscaler is tackling these difficulties by offering one-click root cause analysis to rapidly identify the issues causing bad digital experiences, freeing up IT and security teams from debugging and allowing them to focus on preventing attacks. AI-powered security assists IT workers by automating threat detection in order to provide better and quicker protection.

“Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before. To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.”

Amit Sinha, President, Zscaler

“Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides. Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited.

“With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks. The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort.

Spotlight

The business has entrusted IT with revenue targets, employees' productivity, and the company's reputation. Now you must manage all of the hardware, networks, business data and internal and customer-facing applications to propel your company to its business goals successfully and reliably. Download this white paper to discover just how your business can meet these goals.


Other News
PLATFORM SECURITY

Cerby Launches With World’s First Security Platform for Unmanageable Applications

Cerby | June 28, 2022

Cerby officially launched today with the world’s first security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity. The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million. “Our goal at Cerby is simple but sweeping: To increase productivity for enterprises by empowering employees to use the technologies they prefer while automating compliance and security,” said Co-Founder and CEO, Belsasar Lepe. “In this era of IT consumerization, employee choice and enterprise security are not mutually exclusive—with the right tools and strategies, they go hand-in-hand. When business professionals get real autonomy, security becomes everyone’s responsibility, rather than just one of many priorities for the IT department. The Cerby platform for unmanageable applications enables organizations to boost efficiency, comply with existing policies and reduce exposure to cyberattacks—it’s truly a win-win-win.” Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches. The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security. Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done. To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban. “We chose Cerby because we needed a secure and centralized place to manage access to our paid social accounts. “Because Cerby can seamlessly integrate with our organization’s single sign-on technology and also connect to the social platforms’ APIs, we are able to create organizational efficiencies by granting and removing access within one place. Additionally, the automated access removal of employees who have left the company provides a level of security we did not previously have.” Nina Donnard, AVP, Paid Social, L’Oreal The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time). Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings. “I love that Cerby solves a problem every CIO faces: unmanageable applications,” said Yousuf Khan, Partner at Ridge Ventures and former CIO. “When non-IT employees use unauthorized applications, they might be gaining productivity, but they are also unlocking a Pandora’s box of security vulnerabilities. The pandemic only made it worse: 71% of users in the US now acquire their own applications to do their jobs. Cerby is the first solution I’ve seen that significantly reduces the risk of these unmanageable applications by applying zero trust principles and automating the entire application lifecycle. The best part of it is that it’s not a top-down, managerial edict: Employees become an active and motivated part of the solution. Business professionals get the power to choose their applications, productivity gets a boost, and the company ensures security and compliance–everyone wins. Other cybersecurity products demand enforcement; Cerby encourages enrollment. This is the best way to enhance employee trust and increase productivity.” The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords. About Cerby Cerby delivers the world’s first platform built to positively guide employees' security behaviors no matter which applications they use. We protect brands around the world, including some of the most recognizable businesses, by taking an approach that empowers both employees and security teams, using Zero Trust principles. Our proprietary technology uses robotic process automation to understand applications in a business context and automatically enforces security best practices before misconfigurations turn into breaches. Cerby is a must-have for technology executives and their teams to protect the brand, stay secure and increase productivity.

Read More

SOFTWARE SECURITY

Noetic Cyber Delivers Platform Update to Bring Data Science into Cyber Asset Management

Noetic Cyber | June 06, 2022

Noetic Cyber, an innovator in Cybersecurity Asset Attack Surface Management (CAASM), today announced the availability of a new version of its Continuous Cyber Asset Management and Controls platform. The latest version of the Noetic platform is focused on delivering immediate time to value for security teams by identifying high priority security gaps and exploitable vulnerabilities, using innovative data science techniques. Since its public launch in July 2021, Noetic has been working with security leaders in the United States and the United Kingdom to help them reduce their growing attack surface and improve their cybersecurity posture. The challenge these cyber leaders often face is to understand cyber risk across complex environments, where assets can exist for a short period of time in public or private cloud platforms, as well as having to manage legacy on-premises workloads. To gain the insights needed to be effective, they need confidence in their data quality, full visibility across all assets and contextual intelligence to help prioritize decision making. "The continued innovation we are delivering reflects the expanding use cases we see across our customer base. "Security teams are putting cyber asset intelligence at the heart of their security programs and our ability to continuously adapt and respond to changing environments is critical to their success." Paul Ayers, CEO and co-founder, Noetic Cyber Delivering Immediate Time to Value Security teams need to know what assets they have, and understand which ones are creating the most cyber risk. Noetic is delivering innovative cyber asset intelligence to help customers assess their current cyber posture readiness and focus the security team's efforts on the highest priority activities. The Noetic platforms helps customers successfully do this with: External Cyber Asset Intelligence – Mapping industry data including CISA's Known Exploited Vulnerabilities catalog, MITRE ATT&CK® mitigations and others to provide greater context on asset risk and exposure. Coverage Gap dashboards –Helping security teams quickly identify common and easily resolved security coverage gaps. Support for ad-hoc security data – Many organizations keep important information on critical applications or security risks in spreadsheets. Noetic's new data ingestion capability supports importing ad-hoc data into the model. Simplifying and Extending Cyber Asset Management use cases The Noetic platform uses Graph database technology to map cyber relationships between assets. This innovative technology approach enables Noetic to navigate deep hierarchies and find hidden connections, providing the context to help security teams to make more informed decisions. The latest release of the Noetic platform builds on native Graph capabilities to deliver additional value such as: Understanding & improving data quality –Noetic's new data analytics feature automatically and continuously analyzes data for each different source for completeness and accuracy, providing a data quality score. Simplifying Graph queries – Noetic has adopted openCypher, a widely used open query language. Noetic has developed a graphical point-and-click UI to guide security analysts through the steps of creating powerful relationship-based queries with little or no training. Supporting Cloud and On-premises applications – Organizations need to protect assets across public and private clouds, as well as traditional on-premises networks. Noetic Outpost supports secure ingestion from behind the corporate firewall, and private clouds. "The challenge of identifying and managing assets in the context of cybersecurity has grown considerably in recent years," said Dr. Ed Amoroso, CEO of TAG Cyber. "Noetic's innovations are important as their ability to prioritize and automate helps security teams to focus on critical areas of cyber risk." About Noetic Cyber Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, fix and improve their security posture and enterprise ecosystem. Our goal is to improve security tools and control efficacy by breaking down existing siloes and improving the entire security ecosystem. Founded in 2019, Noetic is based in Boston and London.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

WEB SECURITY TOOLS

Star Atlas Launches Initiative to Establish Web3 Security Framework

Star Atlas | May 25, 2022

Star Atlas, a next-gen metaverse with triple-A game design and Unreal Engine 5 graphics built on the Solana blockchain, today announced an expanded focus on security to ensure consumer protection and digital safety in the metaverse. This multi-pronged initiative includes signing Kudelski Security, the cybersecurity division of the Kudelski Group - the world leader in digital security, and the forefront leader in providing security solutions for major blockchain-based applications, exchanges, and ecosystems - as its security partner. Kudelski Security will perform ongoing audits and analysis to help ensure the integrity of the Star Atlas metaverse is maintained and both partners will work together to explore setting standards for web3 security. "We are pleased to partner with the team at Kudelski Security to advance the digital security of our fast-expanding metaverse," said Michael Wagner, Co-Founder and CEO of ATMTA, Inc., the principal development studio of Star Atlas. "We understand there is a lot of skepticism when it comes to web3 and security, so we want to be proactive by partnering with one of the top cybersecurity firms to help make sure our community feels safe. Protection of assets is paramount, and we look forward to working with Kudelski Security to establish the best practices for security when it comes to web3 gaming." As security auditor of record, Kudelski Security will increase the safety and security of the Star Atlas metaverse by testing the protocols and looking for potential vulnerabilities to be addressed. Star Atlas players will have greater assurance that the metaverse has been built securely and tested rigorously, and that Star Atlas has taken the necessary action to become the leader in the web3 space when it comes to security. The relationship with Kudelski Security goes beyond the hardening of the Star Atlas environment. Star Atlas is looking to expand collaborations with the wider Group to focus on new standards that can help to transition companies and projects into web3, including security standards, tokenization, and best practices in web3 gaming. By developing standard technology and processes that enable safe and secure on-chain gaming, players will be protected from the hacks that currently plague web3 and some of the main barriers to wider stakeholder adoption will be lowered. "Web3 is growing rapidly, and we are seeing more need for developing a security standard that is adopted across the industry to act as a framework. This is why we are excited to partner with a native web3 leader like Star Atlas and to come together to solve potential security issues before they arise." Andrew Howard, CEO of Kudelski Security In addition to Kudelski Security's blockchain and cybersecurity experience, the Kudelski Group is recognized as global leaders in digital security – with specialized expertise in encryption, anti-piracy, watermarking, cryptography, and digital rights management. Executives from Star Atlas, the Kudelski Group, Kudelski Security, and NAGRA Kudelski are meeting during the World Economic Summit in Davos, Switzerland, to further discuss establishing a framework for securing the web3 ecosystem. ABOUT STAR ATLAS Star Atlas is a next-gen gaming metaverse emerging from the confluence of state of the art blockchain, real-time graphics, multiplayer video game, and decentralized financial technologies. Real-time graphics technology using Unreal Engine 5's Nanite allows for cinematic quality video game visuals. Blockchain technology using the Solana protocol establishes a largely serverless and secured gameplay experience. Non-fungible tokens obtained and traded within Star Atlas creates an economy that replicates the tangibility of real world assets and ownership.

Read More

Spotlight

The business has entrusted IT with revenue targets, employees' productivity, and the company's reputation. Now you must manage all of the hardware, networks, business data and internal and customer-facing applications to propel your company to its business goals successfully and reliably. Download this white paper to discover just how your business can meet these goals.

Resources