Press Releases

Cloudbrink claims first with firewall-as-service for the hybrid workplace

Moves firewall to the edge to improve security and performance for remote users; adds IPsec option for data center apps

Cloudbrink claims first with firewall-as-service for the hybrid workplace

SUNNYVALE, CA — DECEMBER 5, 2023 — Cloudbrink has added firewall-as-a-service (FWaaS) to its zero-trust access solution, the first vendor to provide granular security controls all the way to the user edge for the comprehensive protection of endpoint devices.

The company, which delivers high-performance zero-trust application connectivity to the hybrid workforce, says traditional and next generation firewalls fail to protect end users and their devices. 

Offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users, Cloudbrink claims.

Prakash Mana, chief executive officer of Cloudbrink, said: “Firewalls were designed to protect the data center, then the network, and now the cloud. But you have to deliver protection where data is consumed and curated, which is with your users – and increasingly users are everywhere.”

“Existing firewalls were never designed with a large work-from-anywhere workforce in mind. Our FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for – such as Layer 3 protection against DDoS attacks. If you’re only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.”

Cloudbrink’s FWaaS enables admins to set granular controls according to static and dynamic properties of the end-users and their devices. Static properties include rules about what resources or applications can be accessed by individuals. Soon to be released dynamic properties cover the compliance of the device – when a virus scan ran last, for example. 

Also scheduled for a future release are reporting capabilities enabling security and networking teams to spot anomalies based on user behaviour and opportunities to tune application performance.

Cloudbrink’s service already implements zero-trust access and moving target defense principles. It uses rotational mTLS (mutual Transport Layer Security) 1.3 to refresh user certificates automatically at short intervals. Certificates that can be set to expire every few minutes rather than after months or years mean that even when a device is compromised an attacker would only have a narrow window for an attack.

Mana said: “Firewalling for endpoints is an absolute requirement for security in distributed systems, which has become even more urgent with the growth of the hybrid workforce. 

“Our solution provides better management and control for IT teams without compromising the productivity of end-users. We already deploy best-in-class zero-trust security to control access at the user level. The FWaaS enables the service to be tailored more closely to the security needs of the enterprise.”

Separately, Cloudbrink announced that customers will be able to use the service to access data center applications using IPSec as an alternative to the Cloudbrink Connector. The IPsec capability will support connections through existing network firewalls, SD-WAN gateways, routers and other IPSec devices.

“The Cloudbrink Connector uses TLS 1.3, which is the gold standard for security, but we’ve listened to customers who want a migration path and aren’t ready to make changes at the data center just yet,” said Mana. 

FWaaS functionality and IPsec connectivity are bundled with the Cloudbrink service starting December 2023.

About Cloudbrink

Cloudbrink brings high-performance connectivity to the modern hybrid workforce anywhere in the world. The company uses AI and ML to provide edge-native hybrid access as a service (HAaaS). HAaaS delivers accelerated performance for cloud, SaaS, and data center applications.

Cloudbrink’s software-only solution includes the world’s first personal SD-WAN with high-performance zero-trust access (ZTA) and Automated Moving Target Defense (AMTD) security. With the ability to use thousands of dynamic PoPs called FAST edges, Cloudbrink provides an in-office experience with a 30x increase in application performance and reduced operational complexity for network, security, and IT administrators.

Based in Sunnyvale, California, the Cloudbrink team has decades of combined expertise in last-mile network connectivity, security, and distributed systems.

www.cloudbrink.com

Altronix Connects Users with Expanded Portfolio of Solutions At ISC East 2023

New York, NY (November 15, 2023) – Altronix, the leader in power and data transmission for the professional security industry, is showcasing a wide range of new solutions to ensure a safer, more efficient security system here at ISC East in booth #913. New products further demonstrate the dependability and effectiveness of Altronix products for a wide range of applications including extended range surveillance, fire and emergency communications power, access and power integration, remote network power management, and other mission critical environments.

“Reliable power is the foundation of any successful security system installation,” said Ronnie Pennington, Director of Sales for the Americas at Altronix Corporation. “We are showcasing a number of new products here at ISC East that provide integrators and their customers with the confidence to deploy our power and data solutions for their access control, video, and fire systems. These offerings are designed to extend range, provide power and control, while being more efficient than ever before.”

Trove™ Access and Power Integration Solutions now include high-capacity wall mount models that accommodate up to 36 doors and rackmount models that support 8 doors with integral power, with added accessories such as external wiring and battery backup options. Further simplifying system design and installation, pre-configured and pre-wired Trove kits are also now available with customized private labeling upon request. To meet high demand for pre-wired Trove kits, Altronix has ramped up manufacturing to deliver these highly integrated solutions in 15 days or less. The Trove Series continues to expand to support more of the industry’s leading access brands, recently adding pre-wired kits for Honeywell boards to its lineup.

The new COMMBATT Bi-directional Amplifier Power & Backup Solution (COMMBATT1) and complementary Annunciator (ANC1BBU) are available for shipment. These UL 2524 Listed solutions ensure seamless communications between emergency responders within and around commercial buildings.

Altronix’s new TempoA2 Occupancy Alert System (OA2) provides notifications when unauthorized activity or loitering occurs in up to two protected areas. This stand-alone solution is ideal for deployment in public facing areas such as restrooms in convenience stores, retail establishments, restaurants, universities, sports and recreation venues, etc.

Any security installation can be enhanced with Altronix’s powerful LINQ™ network management platform that enables advanced remote capabilities to control devices, monitor and report system power diagnostics from a single-pane platform, greatly increasing system reliability and ROI.

Additionally, a new version of the popular PT724A Annual Event Timer, the Tempo724Q Network Programmable Timer provides remote programming over the network. The Tempo724Q allows installers to remotely service, program and schedule events without the need to roll a truck.

Ideal for citywide surveillance, elevator communications, HVAC applications, and more, Pace™ Long Range Ethernet Adapters transmit power and data up to 500m over structured cable or 1000m over a single pair for deploying IP devices at longer distances. Joining the Pace lineup of products is the new Pace2KRT Long Range, SPE Adapter Kit, which enables multiple IP devices to be installed at greater distances over a single pair.

In keeping up with the latest industry technology trends and demand for new solutions to longstanding challenges, Altronix continues to develop innovative products that increase efficiencies and reduce overall costs. One such example is the DN200 DIN Rail Mount Power Supply providing up to 200W with a built-in battery charger, further streamlining installations to conserve valuable space.

For more information on Altronix’s extensive line of products e-mail [email protected], visit www.altronix.com, or visit booth #913 at ISC East.

Nerds On Site Protects SME Networks with SME Edge

Cybersecurity service ends threat of data breach for small and medium enterprises

Toronto, Ontario – October 12, 2023 – Nerds On Site Inc. (CSE: NERD), a cybersecurity and mobile IT solutions company servicing the small and medium enterprise (SME) marketplace in Canada and the U.S., has developed SME Edge, a complete cybersecurity package that provides small-to-medium businesses comprehensive protection from the threat of data breaches. SME Edge verifies all connections in and out of offices, disallows internet traffic that has not been approved for enterprise use, and closes all network traffic loopholes, protecting against phishing, social engineering, and zero-day attacks. In light of October being Cybersecurity Awareness Month, Nerds On Site wanted to showcase its SME Edge package.

SME Edge protects the Client’s traffic in real-time. Any connection not previously approved will immediately fail. With no way in or out for non-approved connections, data is protected from exfiltration. SME Edge Clients have never had an incident of phishing or ransomware while under the service’s network protection and enjoy a 0% breach rate of nearly three million devices globally. SME Edge also offers many verticals under its umbrella with specialized and tailored services, including LEGAL Edge and NFP Edge, and has even announced MUNICIPAL Edge, which provides a tailored version of the solution to town, city and metro regional government locations.

“Nerds On Site continues to focus on protecting our Clients from the ever-increasing number and types of cybercrime attacks,” said Charlie Regan, CEO of Nerds On Site. “We are especially proud of the comprehensive protection that we can offer all our small and medium enterprise Clients, including municipalities. With October being Cybersecurity Awareness Month, we think it is a great time for businesses of all types and sizes to assess and shore up their cyber protection.”

SME Edge utilizes advanced AI built on Zero Trust protocols, delivering proven ransomware and phishing protection, even in the event that a phishing link is clicked. SME Edge protects against even the most sophisticated cyber attacks on systems and data and features Sovereign Data Custody, ensuring that the sensitive and critical data of the Client remains secure.

About Nerds On Site Inc. (NERD):

A leading provider of cyber security and IT services to SME and corporate Clients in North America. Established in 1995 and serving Clients across the USA and Canada for decades, Nerds On Site stands out as one of the most highly regarded and reputable IT service organizations of its kind. The NERDs team is a collegial network of cyber security and technology experts and strategic partners across North America. Their ability to liberate Clients with technology solutions that optimize organizations and exceed expectations is the stand-out results Nerds On Site regularly delivers, as Client testimonials reflect – (reviews.nerdsonsite.com)

https://www.nerdsonsite.com/cybersecurity/sme-edge/

Forward-Looking Statements

The letter of intent is non-binding and there is no guarantee that this transaction will happen.

Certain information set forth in this material may contain forward-looking statements that involve substantial known and unknown risks and uncertainties. All statements other than statements of historical fact are forward-looking statements, including, without limitation, statements regarding future financial position, business strategy, use of proceeds, corporate vision, proposed acquisitions, partnerships, joint ventures and strategic alliances, and co-operations, budgets, cost and plans and objectives of or involving the Company. Such forward-looking information reflects management’s current beliefs and is based on information currently available to management. Often, but not always, forward-looking statements can be identified by the use of words such as “plans,” “expects,” “is expected,” “budget,” “scheduled,” “estimates,” “forecasts,” “predicts,” “intends,” “targets,” “aims,” “anticipates” or “believes” or variations (including negative variations) of such words and phrases or may be identified by statements to the effect that certain actions “may,” “could,” “should,” “would,” “might” or “will” be taken, occur or be achieved. A number of known and unknown risks, uncertainties, and other factors may cause the actual results or performance to materially differ from any future results or performance expressed or implied by the forward-looking information. These forward-looking statements are subject to numerous risks and uncertainties, certain of which are beyond the control of the Company, including, but not limited to, the impact of general economic conditions, industry conditions, and dependence upon regulatory approvals. Readers are cautioned that the assumptions used in the preparation of such information, although considered reasonable at the time of preparation, may prove to be imprecise, and, as such, undue reliance should not be placed on forward-looking statements. The Company does not assume any obligation to update or revise its forward-looking statements, whether as a result of new information, future events, or otherwise, except as required by securities laws.

Neither the Canadian Securities Exchange nor its Regulation Services Provider (as that term is defined in the policies of the Canadian Securities Exchange) accepts responsibility for the adequacy or accuracy of this release.

DigitalAPICraft partners with Google for API marketplace growth and hires HSBC veteran as CTO

London, UK and Austin, Texas – 27th September 2023; Organisations around the world are rushing to build API (application programming interface) marketplaces to foster greater connectivity between them and their partners and users. Global spend on API marketplaces is set to reach $50b by 2030 and helping organizations make them a success, DigitalAPICraft is today announcing their partnership with Google and the appointment of HSBC exec Marco Tedone as CTO as they scale the business.

APIs form the connection points between platforms and ecosystems. Every connected mobile app, every website and every application deployed on a cloud service uses APIs and the number of APIs within organizations is growing rapidly. This has led to the prominence of API marketplaces which provide numerous benefits to developers and organizations. They simplify the process of designing and developing new applications and integrating and managing existing ones.

A major advantage of the API marketplace is improved collaboration, as APIs facilitate seamless communication among various cloud applications and platforms. This allows for automated workflows and enhanced collaboration in the workplace, bridging the gaps between disconnected systems and preventing information silos that can hamper productivity.

Bharath Kumar, CEO and founder of Digital API Craft: “Large organizations often operate in isolated silos, each composed of numerous factory teams. One recurring challenge faced by these enterprises is the need for standardization of tools and the consolidation of platforms and runtimes. This issue is compounded by the growing complexity of APIs, including various types such as Rest, GraphQL, AsyncAPI, gRPC, SOAP and others. Enterprises grapple with multiple API platforms such as Apigee, Kong, Mulesoft, Azure, AWS spanning the multi-cloud and On-Premises environments. This diversity poses API security risks, with numerous unmanaged and unsecured APIs, as well as ad-hoc API development practices, further complicated by irregular developer and partner onboarding processes.”

“An API Marketplace would serve as a unified platform to consolidate existing tools and API platforms used by various teams and groups, providing a consolidated API catalog view and fostering collaboration and standardization throughout the enterprise.”

To address these challenges businesses, DigitalAPICraft’s One API product suite is an Enterprise-grade, white labeled API Marketplace to efficiently publish, consume, collaborate, govern and monetize internal and external APIs for developers, product owners, and 3^rd Party Partners & developers.

Today, DigitalAPICraft is partnering with Google Cloud as an ISV (Independent Software Vendor) partner and the DigitalAPICraft white-labeled enterprise API Marketplace is now available on Google Cloud marketplace. This partnership presents Google Cloud customers to quickly integrate with DigitalAPICraft and underlines the strength and depth of the offer. It offers a unique scale-up opportunity for the company.

DigitalAPICraft has also appointed Marco Tedone as CTO. He joins the company with nearly two decades banking experience, the last 12 of which while working for HSBC, where he led the API Strategy and Governance as well as Modern Architectures for the group. He brings extensive experience in running successful API Programmes and knows the dynamics that power API programmes in large and successful enterprises.

DigitalAPICraft was founded in 2017 by Bharath Kumar. He and the core technical team were part of the team that built the Apigee Edge API platform (part of Google Cloud). Today, they are a global team of over 100 spread across the US, UK and India.

Bharath Kumar added: “APIs play a crucial role in enabling digitization. They provide the foundation for modernization and help organizations build successful business ecosystems. Software engineering leaders must develop a systematic approach to manage and govern the use of APIs across their organization”.

About DigitalAPICraft

DigitalAPICraft is a leading provider of white-labeled private API Marketplace products. With its products in the API and cloud engineering space, helping organizations worldwide to optimize their API adoption and scalability. With its comprehensive Suite of APIMarketplace Products, DigitalAPICraft enables enterprises to publish, consume, collaborate, govern and monetize APIs effectively, ensuring seamless integration and enhanced customer experiences.

For more information please visit: https://digitalapicraft.com/ or follow via LinkedIn, X or YouTube.

SpecterOps Introduces Purple Team Assessments Service to Help Customers Understand the Efficacy of their Detection Capabilities

New service tests security controls more comprehensively and in ways that better match real-world conditions than most current red team assessments

Seattle, WA – Sept. 27, 2023 – SpecterOps, a provider of adversary-focused cybersecurity solutions born out of unique insights of advanced threat actor tradecraft, today announced new Purple Team Assessment Services. This two-week assessment evaluates how well an organization’s security controls can detect and prevent common attack techniques using a novel proprietary approach from SpecterOps for classifying variations of attack techniques combined with a deep understanding of how adversaries modify techniques to avoid detection. This approach allows SpecterOps to evaluate security controls in a way that both mimics a real-world adversary and covers the full spectrum of possible attack techniques.

SpecterOps’ Purple Team Assessments Services gives organizations actionable results that drive immediate improvements to security controls and educates security operations staff in adversary tradecraft. It also develops roadmaps for customers to increase detection coverage, provides a better understanding of the ROI of security initiatives, and gives a more accurate understanding of an organization’s cyber risk acceptance.

“A common question security teams are trying to answer with red team assessments or penetration testing is ‘Do our security controls actually detect and prevent what they’re supposed to?’ But these engagements are usually too limited in scope to provide a good answer,” said Jared Atkinson, Chief Strategist at SpecterOps. “Our Purple Team Assessments answer this core question overlooked by red team assessments and pentesting, replacing vendor promises and educated guesses with real-world data and testing.”

“The clarity with which SpecterOps explains the intricacies of complex subjects is nothing short of legendary,” said Patrick Davidson Tremblay, Directeur DSOSA, Desjardins.

Attackers have many ways to modify an attack technique so it won’t be detected by defenses – in fact, there can be thousands or even millions of variants of a single technique. Testing against all or most of them is impossible and testing only a few gives a false sense of security. SpecterOps has developed a novel system for classifying the variants of attack techniques that lets them create a diverse, representative sample of test cases for each technique. These test cases allow SpecterOps to test each technique in much greater depth and better recreate what an organization might face in real-world scenarios. Overall, this measures the effectiveness of their defenses more accurately.

Furthermore, customers receive tactical and strategic recommendations for short-term and long-term improvements to their security controls, full technical details allowing them to recreate the test cases and findings independently, and summary reports for executives and senior management. SpecterOps is fully transparent with customers throughout testing and the engagement is designed to be an educational experience for any members of the customer’s IT staff to learn more about adversary tradecraft.

To build these Purple Team Assessments, SpecterOps leverages both their adversary simulation and detection expertise. This includes experience across hundreds of government, defense industry, financial, and healthcare environments, and a deep understanding of adversary tradecraft. SpecterOps employees have made more than 400 security community contributions, created 93 open-source security tools (which have been recommended by Microsoft, the Department of Homeland Security, PricewaterhouseCoopers, and many more), trained more than 6,900 students in their adversary-focused training courses, and helped over 185 customers with adversary simulation and detection assessments.

SpecterOps Purple Team Assessments are available now. For more information, visit https://specterops.io/services/#purple-team-assessments.

SpecterOps recently raised a $33.5M Series A funding round from Decibel and Ballistic Ventures. This launch is one of many projects that funding has enabled or accelerated.

About SpecterOps

SpecterOps is a cybersecurity solutions and services provider specializing in deep knowledge of adversary tradecraft to help clients detect and defend against sophisticated attackers. The company releases numerous widely used free and open-source security toolsets, including BloodHound, a penetration testing solution which maps attack paths in Active Directory and Azure environments. BloodHound has been recommended by the Department of Homeland Security, PricewaterhouseCoopers and many more. BloodHound Enterprise is the company’s first defense solution for enterprise security and identity teams. For more information on the company and its solutions, visit https://specterops.io/.

TrustFour Scan of Fortune 500 Uncovers Seven Deadly Sins of TLS Configuration Non-Compliance Against NIST 800-52R

San Diego (September 26, 2023) – TrustFour, the first TLS control plane, announced today the results of its first semi-annual reports of Transport Security Layer (TLS) boundary configuration compliance for the Fortune 500. In its report titled, “State of TLS Boundary Compliance Report,” TrustFour uncovered several trends that makeup the “seven deadly sins” of TLS configuration non-compliance” against the National Institute of Standards and Technology (NIST) 800-52 R2 standard. NIST 800-52 R2 is the de facto configuration standard that is used by regulators to audit TLS implementation compliance in the finance, utilities, government and healthcare industries, among many others.

“TLS configuration is a mission-critical aspect of reducing the attack surface for any organization, ensuring data-in-transit data integrity and privacy. Frankly we were surprised by several of our findings, when we scanned Fortune 500’s domains and sub-domains North-South boundary against the NIST 800-52R standard,” said Robert Levine, CEO of TrustFour, Inc. “After scanning more than 115,000 domains and sub-domains, we were surprised at the number and types of vulnerabilities. The good news is that these are issues that can mainly be addressed quickly and will significantly lower the organizations’ threat profiles. We will scan the Fortune 500 twice a year and provide the public with the results.”

The Research and Findings
TrustFour’s State of TLS Boundary Compliance Report, analyzed the security and compliance of nearly 120,000 domains across Fortune 500 companies. Inspecting those domains showed a median of 56 subdomains and an average of 1.6 servers per subdomain. TrustFour’s research found 12.5% of those servers still accept connections using TLS 1.0 and 1.1. The IETF deprecated these protocol versions in March 2021, in response to significant security vulnerabilities.

NIST defines standards to guide proper implementation of TLS, including acceptable versions, ciphersuites, key lengths and handshake details. Less than 1% of all Fortune 500 servers are presently NIST compliant, exposing companies to data privacy risk, data integrity vulnerabilities, and man-in-the-middle attacks. Keep in mind, these are the most protected domains on the planet. The biggest risk factors included the use of old versions of TLS, old cipher suites, and incorrect or under configured TLS extensions designed to address known vulnerabilities.

The good news is 80% of the Fortune 500 can achieve NIST compliance with just 7 straight forward configuration changes. TrustFour offers a free service that helps organizations visualize and prioritize configuration changes and boost TLS compliance in just minutes. Simply scan your domains, generate the report, and see your domain’s compliance score at https://www.tlscompliance.com/.

The Seven Deadly Sins of TLS Non-Compliance

The Fortune 500 were scanned using TrustFour’s recently released Amundsen, a part of TrustFour’s TLS Control Plane that provides detection, control and protection. As the most advanced tool for monitoring external transport security layer TLS connection compliance, TrustFour’s Amundsen gives businesses unmatched actionable intelligence to fortify their defenses and safeguard their most valuable assets. TrustFour Amundsen leverages its patented technology, for the first time allowing businesses to scan and monitor an organization’s North-South boundary against the NIST 800-52R standard, the de facto configuration standard that is used by regulators to audit TLS implementation compliance in the finance, utilities, government and healthcare industries, among many others.

As the most widely used security protocol, when configured correctly, TLS provides effective privacy and data integrity for communications. Amundsen examines an organization’s domains and sub-domains, providing a detailed weekly report of the enterprise boundary that includes specific recommendations for helping businesses maintain compliance, ensuring that TLS is configured optimally, significantly increasing data integrity and privacy.

The State of TLS Boundary Compliance Report is available for free at https://trustfour.com/white-papers.

About TrustFour, Inc.
Founded in 2022, TrustFour is the first TLS Control Plane, enabling organizations to effectively monitor and manage their transport security layer implementation. By enabling organizations to detect, control and protect their transport security layer implementations, TrustFour helps organizations ensure data integrity and privacy in today’s dynamic, interconnected digital landscape. For more information, please visit www.trustfour.com.

57% of SMEs Have Experienced a Cybersecurity Breach According to Survey by Cybersecurity Company Guardz

The survey conducted by the cybersecurity company securing and insuring small and medium-sized businesses demonstrates alarming gaps in cybersecurity preparedness

[TEL AVIV, Israel, September 19, 2023] – Guardz, the cybersecurity company securing and insuring SMEs, today shared that a staggering 57% of SMEs have experienced a cybersecurity breach, with 31% of respondents stating that their business had been targeted by a breach in the past 12 months alone. Meanwhile, 29% of small and medium-sized businesses reported currently having no cyber insurance. This is according to a survey by Guardz of hundreds of SME owners across various industries, which highlights the growing threats facing SMEs, the misconceptions their owners and managers have about their preparedness, and the potential role of MSPs in both securing and insuring these businesses.

With cyberattacks targeting SMEs on the rise, it is crucial for business owners and managers to be properly prepared. However, the survey findings highlight a glaring disparity between businesses’ perceived readiness and the actual state of their cybersecurity protection: An overwhelming 70% of respondents are confident that their businesses are adequately prepared and resilient enough to withstand a cyber-attack. However, 44% of respondents believe that their current antivirus solution fully protects their business, employees, and data, and a quarter (25%) of businesses admit to not regularly training their employees on cybersecurity best practices or never have.

“These survey findings reinforce the critical and urgent need to prioritize cybersecurity preparedness within the SME community,” said Dor Eisner, CEO and Co-Founder of Guardz. “Understandably, not all small business owners have the resources to obtain in-house cybersecurity experts – but that doesn’t mean these companies should be left in the lurch. There are immediate and proactive actions SMEs can take to bolster their defenses in the face of growing threats, including working with certified MSPs who have the potential to not only offer comprehensive cybersecurity protection, but vital cyber insurance coverage as well.”

Guardz’s survey results also highlight SMEs’ concerns around the aftermath of a cyber-attack and the potential resulting financial strain: 59% of respondents reported financial loss as their primary concern in the wake of a cyber-attack, while 53% were concerned about a breach of data privacy. Reputational damage, operational disruption, temporary loss of business, and business termination were also cited as significant concerns by the respondents, further underscoring the potential devastating impact of the cyber threats facing SMEs.

In addition to the 29% of respondents who stated that they do not have any cyber insurance coverage, 11% believe they do not even need it. Simultaneously, the survey revealed the significant role that Managed Service Providers (MSPs) could play in enhancing SMEs’ cybersecurity posture on this front: 78% of respondents indicated that they would be more likely to hire an MSP if they offered both comprehensive cybersecurity protection and cyber insurance.

Visit here to access the full infographic report and here to view the blog post delving into the survey results.

About Guardz

Guardz is a holistic cyber security and insurance solution designed for SMEs. Its all-in-one, affordable platform is on guard 24/7, and is easy to use for both in-house IT personnel and MSPs. With cutting-edge technologies stacked into a robust platform, Guardz’s solution continuously monitors businesses’ entire range of digital assets, enables them to react to cyber risks in real time with swift remediations, and provides cyber insurance for peace of mind. Guardz was founded in 2022 by Dor Eisner and Alon Lavi along with a team of cyber and insurance experts who combine innovation, experience, and creativity to create a safer digital world for small businesses.

Tech Mahindra and Surance.io Partner to Deliver Global Tech Support and Cyber Protection Solutions for Insurance Industry

Collaboration will bolster cyber resilience for the global insurance industry with multilingual tech support and an AI-based end-to-end cyber security solution

Plano, TEXAS – Sept. 14, 2023: Tech Mahindra, a leading provider of digital transformation, consulting, and business re-engineering services and solutions, today announced a strategic partnership with Surance.io, an innovative personal cyber insurance platform. The strategic partnership will provide international multilingual tech support and enhance cybersecurity solutions to reinforce secure digital transformation in the insurance sector.

Surance.io will leverage Tech Mahindra’s multilingual support to communicate with global customers in more than 20 languages and provide seamless services to foster enhanced customer experiences. The partnership aims to protect insurance customers by providing round-the-clock expert support, best-in-class call center services, advanced AI-based threat detection tools, and customized guidance to prevent cyber attacks.

“The partnership with Surance.io will fuel the new era of cyber protection standards and solidify our dedication to digital transformation and innovation within the global insurance industry. Together, we will redefine the benchmark for tech support excellence and spearhead a global revolution in cyber protection that will set a powerful precedent for the entire tech sector and insurance industry,” said Vivek Agarwal, president – APJI (Enterprise), Corporate Development, Tech Mahindra. “The personal cyber insurance market is growing rapidly and remains relatively untapped, presenting a significant opportunity for us to create a strong presence in this market. Our offering of comprehensive end-to-end products in this domain places us in a favorable position for cross-selling and appealing to new market segments.”

With Tech Mahindra’s digital and domain expertise and Surance.io’s cutting-edge insurance platform, the partnership creates a powerful synergy to elevate customer experiences and drive business growth in the rapidly evolving cyber insurance landscape. Key services that insurance customers can leverage from this partnership include protection and recovery for social accounts, devices, smartphones, networks and data. The partnership will also provide anti-phishing verification and validation tools, social account assessment and protection against account hijacking, and Wifi and WAN network threat discovery and prevention plan.

“In 2022, cyber-attacks caused $10.3 billion in financial damage in the US, compared with $2.7 billion in 2018. In the world of cybersecurity, consumers’ end-to-end solutions are largely ignored and underserved due to lack of personalized and efficient solutions, timely responses, and effective communication,” noted Saar Bar, co-founder and CEO of Surance.io. “To address this, with Tech Mahindra’s multilingual expertise, Surance.io is ready to provide seamless services to a diverse global clientele. Surance.io can now partner with any insurance company in almost any language, making cyber protection accessible to all.”

In 2022, Tech Mahindra acquired 25% of equity shareholding in Surance.io to support the global expansion in the insurtech industry. The partnership it is in line with Tech Mahindra’s DigitALL philosophy for comprehensive business transformation as it focuses on investing in emerging technologies and solutions that enable digital transformation and meet the evolving needs of insurance customers.

About Surance.io

Surance.io is a groundbreaking personal cyber insurance platform. The InsurTech startup offers individuals an end-to-end solution that protects their digital lives from cyber-attacks. Surance.io provides 24/7 cyber expert support and works closely with insurance companies and warranty providers to ensure comprehensive coverage. Surance.io is dedicated to innovation and prioritizes customer needs, aiming to transform the way individuals are safeguarded in the digital era.

About Tech Mahindra 

Tech Mahindra offers innovative and customer-centric digital experiences, enabling enterprises, associates, and society to Rise for a more equal world, future readiness, and value creation. It is a USD 6.5+ billion organisation with 148k+ professionals across 90 countries helping 1250+ global customers, including Fortune 500 companies. It is focused on leveraging next-generation technologies including 5G, Metaverse, Blockchain, Quantum Computing, Cybersecurity, Artificial Intelligence, and more, to enable end-to-end digital transformation for global customers. It is the only Indian company in the world to receive the HRH The Prince of Wales’ Terra Carta Seal for its commitment to creating a sustainable future. It is the fastest growing brand globally in ‘brand value rank’ and among the top 7 IT brands globally in brand strength with AA+ rating. With its NXT.NOW^TM framework, Tech Mahindra aims to enhance ‘Human Centric Experience’ for its ecosystem and drive collaborative disruption with synergies arising from a robust portfolio of companies. It aims at delivering tomorrow’s experiences today and believes that the ‘Future is Now’.

Tech Mahindra is part of the Mahindra Group, founded in 1945, one of the largest and most admired multinational federations of companies with 260,000 employees in over 100 countries. It enjoys a leadership position in farm equipment, utility vehicles, information technology, and financial services in India and is the world’s largest tractor company by volume. It has a strong presence in renewable energy, agriculture, logistics, hospitality, and real estate. The Mahindra Group has a clear focus on leading ESG globally, enabling rural prosperity and enhancing urban living, with a goal to drive positive change in the lives of communities and stakeholders to enable them to Rise.

Connect with us at www.techmahindra.com || Our Social Media Channels        

For more information on Tech Mahindra, please contact:

Abhilasha Gupta, Global Corporate Communications and Public Affairs

Email: [email protected]; [email protected]

Anura and University of Delaware Release White Paper on Ukraine Invasion’s Influence on Global Online Ad Fraud

Built with Google Cloud: Google and Acalvio partner to deliver Active Defense to protect customers from advanced threats

September 12, 2023

Dr. Sreenivas Gukal, Chief Product Officer, Acalvio Technologies

Dr. Ali Arsanjani, Director, Cloud Partner Engineering, Google

Security is a top priority for all customers on Google Cloud, whether beginner, intermediate, or advanced users. Through our partnership with Acalvio, we are able to offer Active Defense to Google Cloud customers, providing automated deception management and deployment capabilities, with a simple onboarding experience.

Read more: https://cloud.google.com/blog/topics/partners/built-with-google-cloud-google-and-acalvio-partner-to-deliver-active-defense-to-protect-customers-from-advanced-threats

Ciphertex Showcases SecureNAS® Series Portable Servers at Techno Security & Digital Forensics Conference

Industry-leading SecureNAS Forensic CX-160KSSD-X storage unit and portable SecureNAS® Forensic FIPS Rack CX-2400K NVMe-R the perfect solutions for data forensics operations

Netwrix Is Recognized as a Visionary in the 2023 Gartner® Magic Quadrant™ for Privileged Access Management

Netwrix Privilege Secure ensures end-to-end security for privileged access by eliminating privilege sprawl, providing just-in-time access and enabling least privilege on endpoints.

FRISCO, Texas, September 11, 2023 – Netwrix, a cybersecurity vendor that makes data security easy, has been recognized as a Visionary in the 2023 Gartner Magic Quadrant for Privileged Access Management.

Netwrix Privilege Secure reduces an organization’s attack surface and prevents lateral movement by replacing risky privileged accounts with ephemeral ones that grant the minimum access required and exist only as long as needed. Additionally, Netwrix Privilege Secure, with its real-time account visibility, helps eliminate privilege account sprawl and ensure a least privilege approach for endpoints, enabling end-to-end security for privileged access. Alternatively, the solution can enrich an existing PAM vault.

“Netwrix’s recent annual security report revealed that more than a third (36%) of organizations with cyber insurance had to have a PAM solution in order to qualify for the policy and reduce the chance of a data breach,” says Michael Tweddle, Chief Product Officer at Netwrix. “We believe that the recognition of Netwrix as a Visionary by Gartner in its Magic Quadrant for Privileged Access Management demonstrates our commitment to addressing the pressing security concern of locking down privileged access.”

To learn more about PAM trends and solutions, download a complimentary copy of the 2023 Gartner Magic Quadrant for Privileged Access Management here.

Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, James Hoover, Michael Kelley, Brian Guthrie, Abhyuday Data, 5 September 2023

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Netwrix 

Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

For more information, visit www.netwrix.com.

Traceable AI Releases 2023 State of API Security Report:  A Global Study on the Reality of API Risk

Findings expose the true scale of API-related data breaches,
top API security challenges, and the profound impact on global cybersecurity

SAN FRANCISCO, CA., SEPTEMBER 6, 2023 — Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk. 

Despite APIs being critical to the modern enterprise, until now, there has not been an extensive, global study offering a panoramic view of the API security landscape. Traceable believed that it was time to fill this gap and embarked on this research journey with the Ponemon Institute.

Engaging 1,629 cybersecurity experts across the United States, the United Kingdom, and the European Union, this exhaustive study presents a unique perspective into the dark reality of API-related data breaches and their impact on organizations. Download the full report for in-depth insights and recommendations.

The report critically analyzes API-related data breaches, API sprawl, the use of traditional solutions such as Web Application Firewalls, API governance and the emerging role of Zero Trust Security in fortifying API security. These global findings provide profound insight into the challenges and security practices of organizations around the world, assessing their awareness and strategies for addressing API security risks.

Findings from the survey underscore the urgency of API security:

1. 74% Reported at Least Three API-Related Breaches in the Past Two Years: Within the last two years, 60% of organizations faced an API-related breach. Disturbingly, 74% of these endured three or more incidents, revealing a relentless threat landscape with 23% undergoing six or more breaches.

2. DDoS Tops the List with 38% as the Primary API Attack Vector: Alongside fraud and known attacks, DDoS stands out as the primary API breach method. Compounding this, 58% agree that APIs substantially expand the technology stack’s attack surface.
3. Only 38% Understand Unique Context of APIs; 57% Doubt Traditional Security: Only 38% can discern intricate context between API activity, user behaviors, and data flow. Plus, a significant 57% of respondents feel traditional security solutions, including Web Application Firewalls, can’t effectively distinguish genuine from fraudulent API activity.
4. 61% Foresee Escalating API Risks; 48% Grapple with API Sprawl: With a considerable 61% anticipating rising API-related risks in the next two years, organizations are also wrestling with challenges like API sprawl (48%) and keeping an accurate inventory (39%).

5. Organizations Juggle an Average of 127 Third-Party API Connections, Yet Only 33% Feel Secure: While dealing with an average of 127 third-party API connections, a mere 33% express confidence in managing these external threats. This is exacerbated by uncertainties regarding the volume of data their APIs transmit, emphasizing an urgent call for advanced breach detection solutions.

“In an era where digital ecosystems are intrinsically entwined with our operational fabric, this report brings to light the hidden iceberg beneath the API landscape. It’s alarming to see that the majority of businesses are navigating these treacherous waters with a significant blind spot, unprepared and underestimating the very real threats associated with APIs. As a security community, we must address this glaring disconnect, prioritizing API security as a cornerstone of our cyber defense strategy. It’s time that API security is elevated from the server room to the boardroom. Only by doing so can we hope to stay ahead of the evolving threat landscape,” said Richard Bird, Chief Security Officer of Traceable.

Join the Conversation on the 2023 State of API Security: Global Findings

To help organizations make sense of these findings, Traceable is hosting an exclusive webinar on Wednesday, Sept. 27 at 12 p.m. E.T./9 a.m. P.T. to interpret the results and to arm security professionals with the information they need to shape their organization’s cybersecurity strategy.

The webinar features Larry Ponemon of the esteemed Ponemon Institute, and Richard Bird, Chief Security Officer of Traceable. Together, they will unpack the intricate findings of the State of API Security report. This is a rare opportunity to gain insights directly from industry leaders, and engage in meaningful dialogue about the impact of API security on global cybersecurity initiatives. Reserve your seat here.

About Traceable 

Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.

Xcitium partners with AquaOrange to cut cyber crime in Pakistan

Karachi, Pakistan – 1st September, 2023 — Xcitium, the industry’s only provider of zero dwell security, has named AquaOrange as its sole distributor for Pakistan, one of the fastest growing markets in Asia.

Thailand based AquaOrange specialises in cloud migration and application development in healthcare, financial services and marketing.

AquaOrange will be responsible for training, support and development of the reseller network in Pakistan for Xcitium’s ZeroDwell Containment security portfolio.

ZeroDwell Containment is the industry’s first endpoint security solution for the problem of eliminating dwell time – the time malware spends in enterprise networks before causing harm.

Shahan Farid, AquaOrange CEO, said: “Xcitium brings a truly unique capability to the table with ZeroDwell Containment. Pakistan businesses have huge challenges with cybersecurity and Xcitium’s solution promises massively to reduce their exposure to the risk posed by malware. No other system that I’ve seen is as effective against ransomware.

“The second thing that will make its solution appealing during a global cybersecurity skills shortage is that businesses don’t need big security teams to manage Xcitium deployments. If they want to manage their own security they can use Xcitium’s open source EDR solution for free or they can choose an affordable MDR managed service or a complete enterprise solution in the shape of Xcitium’s XDR.”

The partnership is launching two years after the launch of Pakistan’s national cyber crime policy, which was approved the country’s parliament in late July 2021. The policy was developed to strengthen Pakistan’s cybersecurity infrastructure against a background of soaring internet and cloud use that left many businesses to attack.

Syed Aminul Haque, IT Minister of Pakistan, remarked “Online services are critical to economic growth, but as their value grows we’ve also seen a steady rise in cyber-related crime. Technology makes it easier for businesses to innovate and grow but it should also help them defend themselves against online attackers. The partnership being launched today is another example of the tech industry working together to make that happen.”

Xcitium’s ZeroDwell Containment enables any suspicious code entering the network to run safely in a virtualised environment until it can be investigated. While traditional methods rely on detecting known threats, Xcitium’s approach keeps out the unknown threats that may lurk in networks for weeks before activating.

Xcitium CEO, Ken Levine said: “Pakistan is seeing huge innovation in business and technology but enterprises are also having to fight off growing attacks from cyber criminals. We’re delighted to be working with AquaOrange and its partners to create a safer business environment.”

About Xcitium

Xcitium, formerly known as Comodo Security Solutions, is used by more than 5,000 organizational customers and partners around the globe. Xcitium was founded with one simple goal – to put an end to cyber breaches. Our patented ZeroDwell technology uses CPU-Virtualization to isolate and remove threats like zero-day malware and ransomware before they cause any damage. ZeroDwell is the cornerstone of Xcitium’s endpoint suite, which includes preemptive endpoint containment, endpoint detection & response (EDR), managed detection & response (MDR), and extended managed detection & response (XDR). Since its inception, Xcitium has a track record of zero breaches when fully configured.

For more information, visit xcitium.com.

About AquaOrange

AquaOrange Software is a complete IT systems provider focused on computer systems, network systems, e-mail systems, software, and IT Consulting in the AMEA and APAC Regions. AquaOrange is relentless about delivering the technology-enabled solutions customers need to thrive in today’s digital economy. Born in the digital age, AquaOrange embraces the four superpowers of technology, enabling our customers to not only improve their current performance but to rethink their business in entirely new ways.

For more information, visit https://www.aquaorange.io

Press Contact: 

Zonic Group

George Rickman

[email protected]

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

08/30/2023 03:00 PM EDT

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.

Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.

CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections. To report incidents and anomalous activity, please contact one of the following organizations:

• CISA, either through the agency’s online tool (cisa.gov/report) or the 24/7 Operations Center at [email protected] or (888) 282-0870.
• FBI via a local field office.

Organizations are also encouraged to visit CISA’s Malware, Phishing, and Ransomware and StopRansomware.gov pages—StopRansomware provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware, and contains an updated Joint #StopRansomware Guide.

viisights Debuts Next-Gen Proactive and Preemptive Behavioral Recognition Video Analytics at GSX 2023

Proven ROI with Reduced False Alarms and Lower Costs Per Stream 

New York, NY (August 31, 2023) – viisights, Inc., a global leader in behavioral recognition video analytics, is providing GSX 2023 attendees with a first-hand look at its latest advancements in proactive intelligence, including updates to its flagship viisights wise™ video analytics and viisights IQ™ auto-learning technology. Together, these new developments set new benchmarks in video analytics performance for professional security and safety intelligence applications.

“With wise 3.0 and viisights IQ, we’re ushering in a new era of proactive security intelligence through the use of advanced behavioral recognition video analytics,” said Asaf Birenzvieg, CEO, viisights. “These solutions mark a quantum leap forward in harnessing the power of AI and machine learning to detect critical events through the context and nuances of how humans and inanimate and dynamic objects behave. Our goal is to empower organizations with unprecedented insights and actionable intelligence, ultimately creating safer and more efficient environments.”

wise 3.0 behavioral recognition video analytics provides detection, analysis, and notification of violent activity, suspicious activity, individual and crowd behavior, perimeter and protection control, traffic monitoring, and personal and environmental safety. New detection capabilities included in wise 3.0 include person-tailgating, person-abandon-bag/ abandoned-bag, personal protective equipment (PPE), and more. This new release also provides significant improvements in processing throughput and speed impacting overall performance, specifically in high recall and low false positive rates. Harnessing the full potential of GPU computing power, wise 3.0 delivers lower costs per stream for unparalleled cost-efficiency.

Click here for more information about wise 3.0.

Also featured at GSX 2023 is viisights IQ™, an innovative new auto-learning technology that enhances viisights powerful behavior recognition video analytics to reduce false alarms, increase event precision capabilities, and improve overall operational efficiency. viisights IQ™ enhances system operation by adding a powerful new auto-learning function that implements autonomous training to learn what is, and what is not, an event of interest within a scene. viisights IQ™ makes periodic adjustments based on the unique situation of each camera, thereby improving precision performance for every camera, significantly reducing the number of false alarms. In doing so, overall operational efficiency is improved by allowing operators to focus on real events of interest that warrant their attention.

Click here for more information about viisights IQ.

viisights intelligent behavioral recognition video analytics are currently deployed in critical applications around the world to help create safer and smarter cities, enterprises, campuses, banks, financial institutions, critical infrastructure, transportation hubs, manufacturing facilities, and other virtual and public areas.

Experience viisights innovative behavioral recognition video analytics solutions at GSX 2023. To schedule a demo, email [email protected] or visit Milestone booth #4421 or Genetec booth #3315.

 For more information on viisights, visit https://www.viisights.com/

Fasoo Announces Strategic Partnership with CyberKnight for its Next Phase of Global Expansion into the Middle East Market

Fasoo aims to increase its presence in the rapidly growing data security market in the Middle East and by choosing CyberKnight as a value-added distributor (VAD), Fasoo will strengthen its position as a leading global data security company.

BETHESDA, Md., Aug. 29, 2023 — Fasoo, a leader in data-centric security, is excited to announce a strategic technology partnership with CyberKnight as a value-added distributor (VAD) as a part of its global expansion. CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD), headquartered in Dubai, covering the Middle East with on-the-ground presence in all key Middle East markets and is on the verge of reaching $100 million in sales this year.

“CyberKnight is the leading cybersecurity VAD in the Middle East. Our partnership will not only enhance the data security capabilities of our customers in the Middle East but will also serve as a strong bridgehead for Fasoo to strengthen its position as a leading global data security company” said Colter Carambio, Chief Revenue Officer at Fasoo.

This partnership will help support the Middle East’s enterprise and government organizations to better protect sensitive data while minimizing AI risks and cyber threats. As an industry pioneer of Enterprise Digital Rights Management, Fasoo combines the most advanced data security and management technologies to safeguard sensitive data throughout its lifecycle, regardless of location. The Fasoo Data Security Platform is purpose-built for sensitive unstructured data.

“Clearly setting themselves apart from other DRM players in the market, the Fasoo Data Security Platform uses zero-trust principles to enable a unified and highly automated capability to discover, classify, protect, govern, and monitor sensitive files. We are thrilled to partner with Fasoo to offer our regional customers a better, more consolidated platform that enables universal control of data at rest, in transit, and especially in use, while continuously validating whether a user should have access to that data,” said Wael Jaber, Chief Strategy Officer at CyberKnight.

Due to the increasing incidence of data breaches and high-profile data theft, organizations are deploying Digital Rights Management solutions (DRM) and based on a recent Coherent Market Insights report, the global DRM market is expected to reach US$ 9 billion by 2027. The Fasoo Data Security Platform is purpose-built for sensitive unstructured data. For more information, please visit https://en.fasoo.com/strategies/data-security-platform-and-data-centric-security/.

About Fasoo

Fasoo provides unstructured data security, privacy, and enterprise content platforms that securely protect, control, trace, analyze and share critical business information while enhancing productivity. Fasoo’s continuous focus on customer innovation and creativity provides market-leading solutions to the challenges faced by organizations of all sizes and industries. For more information, please visit www.fasoo.com or contact Sonia Awan, PR for Fasoo at [email protected].

About CyberKnight

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD), headquartered in Dubai, covering the Middle East with on-the-ground presence in all key Middle East markets. Our ZTX (Zero Trust Security) methodology, based on the Forrester framework, incorporates emerging and market-leading cybersecurity solutions that protect the entire attack surface, by leveraging AI, to help security teams at enterprise and government customers fortify breach detection, accelerate incident response & remediation, while addressing regulatory compliance. CyberKnight’s Art of Cybersecurity Distribution methodology enables strategic partners to achieve greater market penetration, return-on-investment, and time-to-value. For more information, please visit https://cyberknight.tech/.

Veridas Voice Biometrics Now Available on Genesys AppFoundry

Veridas Voice Biometric solution combined with Genesys Cloud CX™ provides customers with a secure and streamlined authentication experience while reducing fraud and improving operational efficiency in your contact center, both in IVR and live-agent interactions.

Pamplona, Spain, 29th August – Veridas, a Spanish technology company specializing in digital identity and biometrics, today announces its Voice Biometrics Solution is now available on the Genesys AppFoundry™, a marketplace of solutions offering a curated selection of applications and integrations that elevate customer and employee experiences.

With Veridas Voice Biometrics, Genesys customers can easily identify their users in as little as 3 seconds. No questions. No friction.

As a 100% proprietary solution, Veridas Voice Biometric revolutionizes call center authentication with real-time voice recognition. Swift and secure, and powered by top-class NIST-rated algorithms, Veridas replaces lengthy knowledge-based verification methods with passive identity verification, utilizing a text and language-independent solution that provides a seamless customer experience.

“Veridas brings a paradigm shift to the contact center industry,” says Ignacio del Castillo, Head of Strategic Partnerships, Veridas. “Our clients benefit from reducing Average Handling Time (AHT) by 60-90 seconds while increasing client satisfaction and Net Promoter Score (NPS). In today’s digital landscape, ensuring the security of customer interactions is paramount. From just a simple, 3-second conversation, Veridas can accurately address customers by name, guaranteeing their true identity and mitigating the risk of fraudulent activities. With Veridas’ breakthrough capabilities, businesses can confidently embrace a new era of contact center operations, combining efficiency, customer satisfaction, and enhanced security.”

Veridas developed an integration of its Voice Biometrics solution in Genesys Cloud CX to provide customers with a secure and streamlined authentication experience while reducing fraud and improving operational efficiency in contact centers, both in IVR and live-agent interactions. In 2021, BBVA, a global financial giant, successfully integrated Veridas voice biometrics through Genesys to authenticate customers. According to Miguel Villaumbrales, Head of Digital Identity at BBVA, “People readily embrace biometrics when it addresses their needs – something Veridas’ technology has accomplished.”

Veridas application is now available with Genesys Cloud CX, an all-in-one composable solution that helps organizations offer frictionless and connected customer and employee experiences. As a modern, API-first experience orchestration platform, Genesys Cloud CX enables organizations to coordinate every interaction and touchpoint through a full suite of omnichannel options, built-in employee experience, turnkey AI and end-to-end journey optimization.

To learn more about the specific features and benefits of Veridas Voice Biometrics solution, visit our AppFoundry listing.

About Veridas

Veridas is a technology company that was founded in 2017 as a joint venture with BBVA. Since then, it has become a leading global player in the identity industry, serving over 250 clients across 25 countries in sectors such as banking, insurance, telecommunications, and public administration. Veridas’ success is built on its commitment to technology, talent, and hard work. Its mission is to enable secure and reliable identity verification and authentication through its cutting-edge biometric solutions.

Veridas focuses on the “Phygital” identity concept, combining physical and digital identity verification for a seamless user experience. Its modular solutions, which include fully proprietary facial biometrics, voice biometrics, and identity document verification technologies, can be tailored to any scenario.

Veridas was born with the purpose of guaranteeing people’s right to use their real identities in the digital and physical worlds, envisioning a passwordless and keyless future where people are recognized privately, securely, and voluntarily for who they are.

Cypago raises $13M and unveils its revolutionary Cyber GRC Automation (CGA) platform to simplify GRC processes

Cypago empowers organizations with a SaaS-Based Cyber Governance, Risk, Compliance (GRC) Automation platform that provides advanced automation enabling visibility, enforcement, and reduction in costs and risks of GRC initiatives.

[Tel Aviv, 24th August, 2023] – Cypago announced the release of its Cyber GRC Automation (CGA) platform today, revolutionizing the GRC space by bridging the gap between management, security, and operations teams. This announcement follows the company’s $13M in total funding led by Entrée Capital, Axon Ventures, and Jump Capital, including prominent angel investors such as Ariel Maislos, Prof. Ehud Weinstein, and Ofir Shalvi.

As the frontrunner in GRC, the company was founded by Arik Solomon, a former EY executive and Yahav Peri, a former officer in the IDF Intelligence Corps and a cybersecurity expert. Cypago’s CGA platform is designed to enable organizations to automate and streamline the increasingly unwieldy Governance, Risk, and Compliance (GRC) processes that organizations need to maintain.

The growing number of cybersecurity regulations designed to keep business and customer data protected have created an onslaught of standards and certifications that companies struggle to keep up with. In 2022, more than 40 US states introduced 250 bills focused on cybersecurity alone, and this number will only increase over time, especially as the White House continues to outline its vision for a cybersecurity implementation plan.

The revolutionary Cypago Cyber GRC Automation (CGA) platform combines SaaS architecture and advanced analysis and correlation engines, GenAI, and NLP-based automation, delivering complete coverage across all security frameworks and IT environments, including cloud-based and on-premises systems. Cypago CGA increases security and GRC maturity through intuitive cross-functional workflows. The Cypago CGA platform offers hundreds of out-of-the-box automation templates for frameworks such as NIST CSF, NIST 800-53, SOC 2, and ISO 27001, as well as the ability to implement custom frameworks.

Furthermore, the Cypago CGA platform offers customizable no-code automated workflows for evidence collection, continuous control monitoring, gap discovery, and mitigation, leveraging easy integrations to existing tech stacks for centralized visibility, management, and enforcement of IT and security requirements. This enables GRC management, security, and operations teams to reduce operational friction and enhance the Cyber GRC program efficiently, all while reinforcing trust with their customers and stakeholders.

“Traditionally, running cyber GRC processes has been a manual, fragmented, and time-consuming process,” said Arik Solomon, Co-Founder & CEO of Cypago. “As the risk of cyber threats continues to rise, the volume and complexity of security-related GRC obligations grow, adding to the burden over time. This diverts valuable attention from cybersecurity teams, which should be focused on enhancing their business’ security. Non-compliance with GRC mandates can result in costly fines, erode customer trust, and even major data breaches. We’re excited to lead the way in cyber GRC automation, saving organizations countless hours of manual work, improving collaboration with adjacent teams and stakeholders, and allowing them to focus on their core strengths.”

“The Cypago CGA platform is transforming the way companies approach GRC processes,” said Adi Gozes, a partner at Entrée Capital. “By automating and streamlining the implementation of security standards, Cypago liberates enterprises from the cumbersome and resource-intensive nature of these processes, paving the way for a safer future where GRC requirements transcend mere checkbox compliance. We are delighted to be partnering with Cypago as they drive forward improvements in GRC practices, ensuring organizations can navigate the complex landscape of compliance with ease and confidence.”

Cypago is already helping leading companies like Check Point, Hippo, Operative, MTX, and Trigo navigate the choppy waters of GRC processes.

“Cypago simplified and streamlined our compliance process. We are able to stay up-to-date with the latest regulations thanks to its powerful integration capabilities,” said Itay Semel, Head of Security & Compliance at Check Point.

With the closing of its recent funding round, Cypago will grow its R&D and product teams and expand its go-to-market team as it further develops its presence in North America and the EU.

For more information about Cypago, visit https://cypago.com/.

Cyemptive Technologies Names Former United States Air Force Cyberspace Officer Retired Lt. Col. Jason Huff as Chief Operating Officer, Security Operations

SNOHOMISH, Wash. (August 24, 2023) – Cyemptive Technologies, an award-winning provider of preemptive cybersecurity solutions for business and government, today announced that it has named former United States Air Force cyberspace officer retired Lt. Col. Jason Huff as Chief Operating Officer, Security Operations.

Huff brings with him a track record of operational excellence and leadership as a cyberspace officer throughout a 23-year career with the US Air Force. In his new position with Cyemptive, Huff will be responsible for the company’s Network Operations Center, Security Operations Center and compliance, as it scales up for the next level of growth.

“Huff’s background in cyberspace for the military, along with his passion for cybersecurity, will be invaluable to Cyemptive in our mission to make the world safer through cybersecurity, as well as help guide us as we move up to our next level of growth and beyond,” said Rob Pike, founder and CEO of Cyemptive.

Prior to joining Cyemptive, Huff served in many executive leadership roles within the United States Air Force. He has staff experience sustaining and modernizing the Nation’s Nuclear Command, Control and Communications Enterprise, served as Chief Information Officer for NATO Special Operations Forces Headquarters and held command positions over the course of his extensive Air Force career.

“I chose to work for Cyemptive to be a part of a company that values innovation, appreciates the skill sets and character that veterans can provide and seeks to make the world a safer place through cybersecurity,” said Huff. “I’m very impressed by the experience and knowledge of Cyemptive’s employees and am excited to be a part of the team that is creating premier cyber solutions operated by today’s most talented cybersecurity professionals.”

Cyemptive has created next generation layers of cybersecurity that are essential add-ons for businesses to achieve cyber safety. Cyemptive’s preemptive solutions, when added to the customer’s existing capabilities, eliminate damage from occurring even from previously unknown attack techniques, and are the only ones on the market today guaranteed to protect computing environments before or immediately following a compromise.

Today’s announcement is the fourth senior management team hire the company has made since June of this year, including the appointment of former Hitachi Data Systems Executive Ray McCay as Chief Revenue Officer, and is part of a continuing series of strategic moves it is taking as it scales up for the next level of growth.

About Cyemptive Technologies
Headquartered in Snohomish, Wash., Cyemptive has been on a mission to make large organizations cyber safe since 2014. Today, Cyemptive’s award-winning software, services and support are used by businesses and government entities worldwide. It is the winner of the Department of Homeland Security’s Border Security Technology Consortium (BSTC) competition for most innovative border security-related solution in the market, as well as 10 ‘ASTORS’ Homeland Security Awards from American Security Today at the 2022 competition alone – more than any other company in the history of the awards. The company’s leadership team is comprised of executives from several of the world’s most powerful technology and security organizations, including the former CIO of Microsoft and the former Chief Computer Architect for the National Security Agency. More information about Cyemptive Technologies is available at www.cyemptive.com.

Detectify Improves Attack Surface Risk Visibility With New IP Addresses View

Best-in-Class EASM Player Launches Platform Enhancements for Asset Discovery and Regulatory Compliance

STOCKHOLM & BOSTON – August 10, 2023 – Detectify, the leading External Attack Surface Management platform powered by elite ethical hackers, today announced enhancements to its platform that can significantly help to elevate an organization’s visibility into its attack surface. Many organizations need help gaining visibility into the IP addresses across their whole environment. Detectify’s new capabilities enable organizations to uncover unauthorized assets and ensure regulatory compliance.

The attack surface has grown exponentially, not least in how decentralized organizations have become. Over 10% of Detectify customers are hosting data across three continents, illustrating how their products and services are more global than ever. Detectify also notes that 30% of their customer base is leveraging more than five service providers, which reflects the growing trend in vulnerabilities as a result of human errors, like server misconfigurations. Moreover, organizations are quickly expanding their digital footprint, with 73% of Detectify customers using IPv6 addresses.

With the introduction of the new IP Addresses view, Detectify users gain seamless access to a comprehensive list of all IPs associated with their domains, accompanied by valuable insights, including hosting provider details, geographical locations, and Autonomous System Numbers (ASNs). This update is further complemented by interactive charts, enabling users to detect outlier countries or providers, and streamlining the process of identifying potential security concerns.

“It’s not uncommon for our customers to encounter instances where unauthorized geolocations are used to spin up new machines or witness sudden spikes in hosting activities from approved countries,” said Danwei Tran Luciani, Interim VP of Product at Detectify.

“These anomalies can expose organizations to risk, particularly when traditional automated detection methods fall short. Our new IP Addresses view empowers security teams to proactively address these challenges, strengthening their overall cybersecurity posture.”

Danwei Tran Luciani, Interim VP of Product at Detectify

Detectify’s new IP Addresses view provides security teams with tangible benefits to navigate complex attack surfaces, such as:

Uncovering unauthorized assets: For organizations with large attack surfaces, this capability allows users to identify unauthorized assets hosted by unapproved vendors. By instantly detecting an asset being hosted by a non-approved provider, security teams can take swift action and mitigate potential threats.

Ensuring regulatory compliance: For businesses operating in highly regulated environments where compliance is paramount, the new view is critical in determining the hosting locations of specific customer data. This enhanced visibility ensures adherence to regulatory requirements and fortifies data privacy measures.

The new IP Addresses view is now available to all Detectify customers, reinforcing the company’s commitment to empowering security teams with cutting-edge solutions to safeguard organizations’ ever-evolving attack surfaces. For more information visit www.detectify.com

About Detectify

Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. Product security and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks crowdsourced through its global community of elite ethical hackers, exposing critical weaknesses before it’s too late. Go hack yourself: detectify.com.

Picus Security analysis of 14m attack simulations reveals organizations only prevent 6 out of every 10 attacks

Blue Report highlights four “impossible trade-offs” security teams make with threat exposure management

San Francisco US, 8th August 2023 – Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, has released The Blue Report 2023. Based on an analysis of more than 14 million cyber attacks simulated by The Picus Platform*, the report highlights four “impossible trade-offs” limiting modern security teams’ ability to manage their organization’s threat exposure.

“Like a short blanket that covers either someone’s head or feet, not both, security teams can only dedicate their time, money, and resources to so many problems at once,” said Picus Co-founder and VP of Picus Labs, Dr Suleyman Ozarslan. “They deploy their budgets and resources to cover one exposed spot, but this leaves other areas out in the cold. The Blue Report shines a light on these impossible trade-offs and how they hinder organizations’ readiness to defend themselves against the latest threats.”

According to the report, security teams make four trade-offs in deciding:

Which attacks to prioritize

Picus’ Blue Report data shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) only prevent 6 out of every 10 attacks. However, some attack types are prevented far more effectively than others. For instance, organizations can prevent 73% of malware downloads but only 18% of data exfiltration attacks.

Organizations also prevent complex, multi-stage attacks less than half the time. This is particularly concerning given the findings of The Red Report 2023, a previous research study by Picus, which found that over a third of malware samples exhibit 20 or more attacker tactics, techniques and procedures (TTPs).

The Blue Report also reveals wide variations in organizations’ ability to prevent specific threats. For example, over a third of organizations can prevent Black Basta and BianLian ransomware attacks but only 17% can prevent Mount Locker. This is despite Mount Locker’s emergence in 2021 before the other two malware attacks.

Which vulnerabilities to remediate

The Blue Report also reveals the limitations of security teams’ approach to managing common vulnerabilities and exposures (CVEs). Analysis of the simulated attacks shows that the list of top 10 CVEs to which they remain most exposed includes mainly critical and high risk vulnerabilities as well as CVEs that have been known for years. Some CVEs discovered in 2019 remain a threat to more than 80% of organizations.

Whether to optimize prevention or detection controls 

Generally speaking, the better an organization is at preventing threats, the weaker it is at detecting them, and vice versa. For instance, globally healthcare is the least effective sector at preventing attacks but is twice as successful as the average organization when it comes to detecting them. North American organizations are almost twice as successful at preventing attacks as they are at triggering alerts to detect attacks in progress.

What to log and alert on

Organizations leveraging security event and incident management (SIEM) solutions also face decisions about how much to invest in attack detection. In most cases, organizations routinely prioritize logging over alerting but do neither very well. Simulation data shows that, on average, organizations log 4 out of 10 attacks but only generate alerts for 2 in 10 attacks.

“Since preventing and detecting every threat is practically impossible, security teams will always have to prioritize some aspects of security more than others,” said Dr Ozarslan. “Fortunately, there is an approach that can help them improve their performance. By adopting a more unified approach that incorporates insights from attack simulations combined with attack surface and vulnerability data, security teams can allocate resources efficiently and effectively to address their most critical exposures. As a result, they can simultaneously improve their ability to prevent and detect attacks, rather than making trade-offs between them, and sleep better at night.”

Picus Security will discuss the findings of The Blue Report at Black Hat USA 2023 in Las Vegas on August 9^th and 10^th. Visit booth #2700 to learn more and discover the benefits of using attack simulations to reduce threat exposure.

Notes

* Picus Labs analyzed over 14 million attack simulations executed by The Picus Complete Security Validation Platform between January and June 2023.

About Picus Security

Picus Security helps security teams of all sizes to continuously validate and enhance organizations’ cyber resilience. Our Complete Security Validation Platform simulates real-world threats to automatically evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities.

As the pioneer of Breach and Attack Simulation, we specialize in supplying the actionable insights our customers need to be threat-centric and proactive.

Picus has been named a ‘Cool Vendor’ by Gartner and is recognized by Frost & Sullivan as a leader in the BAS market.

* Frost Radar^™:: Breach and Attack Simulation 2022, Frost & Sullivan

Press Release Archive