Charting the Challenging Seas While Cranking Out Client Coverage – Part 1
Cyber Security, High Technology, Public Relations, Technology Posted Jul 27, 2020 by Shannon Kelley
Saying the past few months have been challenging would be an understatement. To find balance in the craziness of it all, we CHENers have made a point to not overlook the positives that are all around us.
We have taken into consideration our continued good health and well-being along with that of our families and friends. When offered, we take in the warm, sunny days and take advantage of the beautiful parks, restaurants and outdoor venues as they open back up in phases and in a social-distancing-respecting manner.
Along with appreciating the good that is around us, we take an appreciation for the great news coverage that our clients have received. What prompted that coverage you may ask? The topics ranged from funding news and successes in cyber risk management platforms to data-infused company reports with insights for helping organizations avoid breaches or malware attacks. Others consisted of joining an alliance to combat security problems surrounding passwords and user login experiences, as well as sharing best practices on how to form and manage a red team.
Phew! That’s quite a spectrum. Since there’s so much coverage, we’re making this a two-part blog post. Enjoy the first segment now – and come back next week to catch the second one.
Until then, stay safe and stay healthy!
Cybersecurity remains an essential industry as frequent attacks targeting remote workers and healthcare organizations drive demand for increased defenses and new solutions. Jeff Elder at Business Insider rounded up 16 cybersecurity startups that are catching investors’ attention with innovation, despite the continued economic slowdown caused by the COVID-19 pandemic. Among the list is Beyond Identity, which received $30 million in Series A funding from Koch Disruptive Technologies and New Enterprise Associates.
Contributor Fahmida Rashid interviewed Beyond Identity CEO Tom Jermoluk and advisors, Martin Hellman, a core inventor of public-key cryptography, and Taher Elgamal, the “father of SSL,” about the future of authentication. In 10 years, Jermoluk hopes individuals will maintain full control over their identities as a result of recent technological development. The trio also discussed the advances in digital certificates that fueled Beyond Identity’s passwordless technology.
Dark Reading, Beyond Identity Joins FIDO Alliance
Beyond Identity announced it has joined the FIDO Alliance, a cross-industry coalition formed in 2012 to develop authentication standards that help solve today’s password problem. “We applaud FIDO’s mission to curtail the use of passwords – the bane of everyone’s existence and a major source of risk for CISOs – and look forward to collaborating with Alliance members on championing the adoption of authentication mechanisms that not only enhance the user’s login experience, but bolster enterprise security,” stated Tom (TJ) Jermoluk, Co-Founder and CEO of Beyond Identity.
Dark Reading: 7 Must-Haves for a Rockin’ Red Team
Steve Zurier interviewed experts across the security industry about ways to run the best red-team exercise. Tips included having a clear objective, understanding the costs and being able to use open source tools. Bishop Fox Associate Vice President of Consulting Dan Wood contributes his insights into how companies can best staff and manage their red teams, noting that red-team leads (RTLs) should “encourage disagreements and multiple perspectives on any one security issues.”
SC Media, The IoT Generation of Vulnerabilities
In an e-book released earlier this month, SC Media investigated the increase in IoT risks in correlation to the rise in internet-connected devices. Including contributor Evan Schuman’s article, IoT security: It is about context and correlation. His piece features commentary from Bishop Fox Senior Security Consultant Kelly Albrink who explains that IoT manufacturers often dismiss necessary security practices, making it easy for analysts such as herself to exploit the devices through reverse engineering. Sharing suggestions to enterprise security executives on best approaches to IoT security, she emphasizes asking IoT vendors about their most recent third-party security assessment and implementing IoT devices only where they can absorb the risk of being vulnerable.
The Cyberwire, Daily Briefing
If living in a pandemic wasn’t bad enough, cybercriminals are creating and deploying malware related to COVID-19 to take advantage of unsuspecting victims. Luckily, MISP, an open-sourced threat intelligence sharing platform by Microsoft, is allowing the cybersecurity community to work together during these tough times. An active member of this community, Devo allows its Security Operations customers to consume indicators from MISP and contribute if they wish. This gives Devo’s customers access to the latest hashes and signals coming from these malware threats to help avoid these attacks.
TechStrong TV, Live interview with Julian Waits
Devo’s General Manager of Cybersecurity Julian Waits sat down with Alan Shimel for a TechStrong TV interview, discussing the cybersecurity landscape and Devo’s second annual report, Security Operations Center (SOC) Performance Report. Teaming with the Ponemon Institute, Devo found that well-resourced SOCs can struggle with an incomplete view of all devices connecting to their networks, exacerbated by an overload of underused security tools that give out more data and alerts than they are able to handle. Devo’s report shows 40% of SOCs Mean Time to Respond (MTTR) can range between months and years. Only about 37% can resolve the incidents within weeks while just 24% can do so within hours or days.
MSSP Alert, Managed Security Services Provider (MSSP) News
Devo received a $9.5 million contract award from the U.S. Air Force for the Enterprise Cyberspace Security & Defense (CS&D) Global Security Information Event Management (SIEM) System. Now deploying Devo Security Operations as its new global SIEM, the Air Force selected Devo as part of the initiative driven by Air Forces Cyber Command known as “12N12”, which is intended to streamline the branch’s cyber weapon systems tools.
Dark Reading, Data Loss Spikes Under COVID-19 Lockdowns
Digital Guardian recently released its inaugural DG Data Trends Report detailing the risks in potential classified data loss facing companies, their customers and partners promoted by the wholescale shift to the Work from Home model since COVID-19 was declared a global pandemic in mid-March 11. Given the unprecedented rate of classified data movement monitored, report author Digital Guardian VP of Cybersecurity Tim Bandos advises organizations to consider implementing solutions that provide visibility into this behavior, and a means to control it, in order to avoid a potential data breach.
CPO Magazine, Risk of Data Loss Surges in the Era of Coronavirus
With the Work from Home approach remaining steadfastly in place due to the pandemic, coverage of Digital Guardian’s DG Data Trends Report continues. This article highlighted that employees have been copying company data onto USB drives more than twice as often as they’d done prior to the COVID-19 outbreak, with a majority of that data being classified.
Data Loss Prevention (DLP) ensures that an organization’s sensitive data remains available to authorized users in an organization and isn’t shared with or available to unauthorized users. Providing an overview of DLP, this feature closes by highlighting Digital Guardian as a prominent and unique leader in the DLP space.