- IT -
Last update 20.09.2017 20:11:46
Home Analysis Android Apple APT Attack BigBrothers BotNet Congress Crime Crypto Cryptocurrency Cyber CyberCrime CyberSpy CyberWar Exploit Forensics Hacking ICS Incindent iOS IT IoT Mobil OS Phishing Privacy Ransomware Safety Security Social Spam Vulnerebility Virus
Introduction List Kategorie Subcategory 0 1 2 3 4 5 6 7 8
Qualys Acquires Container Security Firm Layered Insight
2.11.18 securityweek IT
Security and compliance solutions provider Qualys on Tuesday announced the acquisition of Layered Insight, a company that specializes in protecting container-native applications.
Layered Insight was acquired for $12 million. The deal also includes another $4 million that is tied to an earn-out, and $4 million for the employment of key employees through 2019.
Similar to earlier acquisitions made by Qualys, the company will keep Layered Insight’s employees. Co-founders Asif Awan and John Kinsella will join Qualys as CTO of Container Security and VP of Engineering in Container Security, respectively.
Qualys unveiled a new product designed for securing containers across cloud and on-premises deployments in June 2017.
With the acquisition of Layered Insight, the company hopes to further improve its solutions, including with deeper visibility into containers, the ability to detect and prevent breaches during runtime, and extended visibility, compliance and protection for serverless container-as-a-service (CaaS) installations.
Qualys expects to complete integration of Layered Insight technology into its cloud platform by the second quarter of 2019.
“By integrating Layered Insight’s unique technology into the Qualys Container Security App, we will add the ability to provide dynamic analysis of running containers, and automated enforcement of the container environment,” said Philippe Courtot, chairman and CEO of Qualys.
“Layered Insight's unique technology brings transparent orchestration to container security. The ability to instrument images pushes automated deployment deep into the DevOps CI/CD pipeline, thus removing the resistance at deployment. This instrumentation provides real-time visibility into containers at run-time complementing our current capabilities of accessing container images in the build system for vulnerabilities and configuration issues,” Courtot added.
VPN Company AnchorFree Raises $295 Million
6.9.18 securityweek IT
AnchorFree, the company that makes the popular Hotspot Shield virtual private network (VPN) software, on Wednesday announced that it raised $295 million in a new funding round.
The latest funding brings the total raised by the California-based company to nearly $358 million, which represents a significant amount for a VPN services provider. These types of services have become increasingly popular following the numerous privacy-related scandals involving governments and private firms.
The round was led by media and tech investment group WndrCo with participation from Accel, 8VC, SignalFire, Green Bay Ventures and other investors and executives. Representatives of WndrCo and Accel have joined the company’s board of directors.
According to AnchorFree, the newly secured funds will be used to “further product development and market expansion and drive M&A activity.”
AnchorFree claims its products provide enterprise-level privacy and security for consumers’ mobile devices. This includes protection against ISPs and websites collecting identity data, compromised public Wi-Fi connections, phishing attacks, and malware.
The company, led by CEO and co-founder David Gorodyansky, says its products have been downloaded over 650 million times by users across 190 countries, with 250,000 new downloads each day.
AnchorFree also offers a VPN solution for small and medium-sized businesses, Hotspot Shield for Business. Its VPN technology, called Hydra, has been widely adopted by app developers and licensed by many of the world’s cybersecurity and telecoms companies.
“Anyone who accesses the Internet is vulnerable to data theft and an invasion of online privacy which has real, impactful consequences, and David and the AnchorFree team are deeply mission-driven to address this,” said WndrCo Founding Partner Sujay Jaswa.
“AnchorFree has the two most-downloaded mobile security products, including the #1 mobile VPN product, because they have the fastest most robust technology and they work for the needs of consumers, protecting against phishing, malware, and spam in addition to providing secure Internet access. This growth will only accelerate as the world’s Internet security problems continue to grow, and we look forward to supporting David and his team as they further AnchorFree’s global success in tackling this outstanding market opportunity,” Jaswa added.
AnchorFree was accused last year by the Center for Democracy & Technology (CDT), a nonprofit technology advocacy organization, of collecting user data through Hotspot Shield and sharing it with advertisers. The CDT filed a complaint with the U.S. Federal Trade Commission (FTC) over these allegations. AnchorFree has denied the accusations.
Earlier this year, a researcher disclosed the details of a vulnerability that exposed the names and locations of Hotspot Shield users. The expert made his findings public after claiming that the vendor ignored his attempts to report the flaw. A patch was released a few days later.
What Happens to Whistleblowers After They Blow the Whistle?
31.8.18 securityaffairs IT
Whistleblowers are a controversial subgroup of the modern workforce. What Happens to Whistle Site after they reveal uncomfortable truths?
Whistleblowers are a controversial subgroup of the modern workforce. Although their intentions are often pure and they frequently uncover wrongdoings or shortcomings in their particular niche, there are usually some consequences too.
Complicating matters even further is the relative ease of reporting suspected misdeeds in the 21st century. Uncovering wrongdoings in the past often stemmed from hands-on experience with a company — and it usually took years to build a case.
With the popularity of the internet, whistleblowers are now emerging in the most unlikely of places. Now it only takes seconds to spread the word about a company’s misdeeds — whether they’re true or not.
Immediate Consequences
Although whistleblowers are guarded in the United States by the Whistleblower Protection Act of 1989, the amount of protection is minimal — and it doesn’t provide any coverage for the potential fallout of blowing the whistle.
Per a 1990 survey by McMillan, 90 percent of U.S.-based whistleblowers lost their jobs or received demotions, and 27 percent faced legal issues — including defamation. On the darker side, 10 percent eventually attempted suicide as a result of their actions. Another survey, conducted by Whistleblowers Australia (WBA) in 1993, revealed similar numbers.
According to the WBA’s survey, companies often use informal or subversive tactics to punish a whistleblower who remains a part of their organization after the fact. Common strategies include isolation from workplace or industry peers, removal of normal work duties and responsibilities and other disciplinary actions.
Most states have also enacted laws and anti-retaliation clauses for whistleblowers, but these protections only go so far. They also require the whistleblower to prove that the retaliation is a direct result of their whistleblowing, and that’s not always an easy task.
The amount of potential retaliation also depends on the whistleblower’s status as a public or private sector employee. It’s much safer to report wrongdoings and misdeeds in the public sector, as these issues often affect public health or safety and are almost always covered by local laws. Those in the private sector don’t always have such protection.
Long-Term Effects
Smaller, localized incidents tend to disappear after some time. While there are some famous cases and prominent names that are forever cast as whistleblowers — like Erin Brockovich and Edward Snowden — those cases are the exception.
Most whistleblowers have to leave their current job — especially if the issue involves their employer. Others accept a demotion or reassignment within the same organization, but these new positions typically don’t last very long.
Some whistleblowers go bankrupt during the process. It takes a lot of time to build a case and shed light on a company’s misdoings. Presenting the issue in a court of law adds weeks — and sometimes months or years — to the otherwise straightforward task of whistleblowing. Making matters worse is the fact that most court cases are not settled in the complainant’s favor.
Others have to relocate to another state or, in the most extreme cases, another country entirely. Edward Snowden, a U.S.-born citizen and former member of the CIA, currently lives under asylum in the Russian city of Moscow. Their government recently decided to extend his right to asylum until 2020 at the earliest.
Living Productively After Blowing the Whistle
The act of whistleblowing sometimes has unintended consequences that reach beyond the individual complainant, the offending company and the local community.
While it often addresses the misdeeds of corporations and governments around the world, the individuals who shed light on these shady acts are often targeted — legally or illegally — by those who don’t agree with their tactics for one reason or another.
Whether they’re seen as martyrs or miscreants, their lives are usually changed after the fact.
Hacktivist Drama 'Mr. Robot' to End With 4th Season in 2019
30.8.18 securityweek IT
LOS ANGELES (AP) — The hacktivist thriller "Mr. Robot" is coming to an end.
USA Network said Wednesday the drama series starring Emmy Award-winner Rami Malek will air its fourth and final season in 2019.
In a statement, "Mr. Robot" creator Sam Esmail says he decided that it was time to bring the story to a close next season.
"Mr. Robot" will conclude the way he'd envisioned it since it began, Esmail says.
Malek plays Elliot, a troubled cyber-security engineer and hacker who's drawn into a revolutionary movement.
Christian Slater also stars in the Peabody Award-winning drama.
An air date for the final season of "Mr. Robot" was not announced.
What the Blockchain Taught Us about IT Security
30.8.18 securityaffairs IT
It is not just about security, but in utilizing Blockchain to secure your company and your information.
With how fast technology is improving and being included in everyday activities or jobs to make them fast and efficient, it is important to make sure you are secured, especially when on the internet. You can have your own internet security installed, but if you are planning on running a reliable business you will need a strong and trusted company to provide secure IT systems and support. But it is not just about security, but in utilizing Blockchains to secure your company and your information.
What Does IT Stand For?
IT stands for Information Technology and it is basically all the technological advances we have made as a society. At first, IT was slow to start and no one believed that it would go far. But with how much IT has helped and made things easier for people, it is not a wonder why it has become a need for social progress. IT helps the American economy create new products, find the full potential in their employees, participate in global events and company offers, and even manage their own companies.
Without the improvement or advances of IT, we as a society would not be the high functioning one that we are now. But no matter how advanced our technology becomes, IT is ever the more prone of being abused and used to access private and sensitive information. That is why it is vital to have some sort of protection on the company’s system. It cannot be just any simple protection, it has to be a strong form of protection in order to protect the vital and important information. That is where blockchains come in.
What is a Blockchain?
Blockchains can be hard to understand, especially if you do not know many technological terms. Blockchains were originally used as a type of online currency, such as Bitcoin, the original blockchain. But as of recent, large scale companies are starting to use blockchains as a type of database that stores, shares, and maintains data across other businesses. There are different types of databases that blockchains can create and maintain and it is up to the company to decide on which ones work for them. They types of Blockchains are:
Public Blockchains
Blockchain-Inspired Cryptocurrencies
Private Blockchains
Public blockchains are openly available to the public and anyone with a computer can go on, see the data, and update it without needing any special permissions.
Blockchain-Inspired cryptocurrencies record ledgers that anyone can access, but it does need some connection to a business or company.
Private blockchains are secure and personal and are only meant to be shared among a certain group of computers and are not available for the public to access.
Each type of blockchain has its own benefits and security levels, so it is up to the company to decide just how secure they want their information to be.
What Type of Blockchain Technologies are there?
There are five types of blockchain technologies that you should look out for if you are considering adding blockchain technology to your business or company.
Smart Contracts
Blockchain-as-a-Service
Energy Efficiency
Permissioned blockchains
Tangle
Smart contracts do exactly as you direct them to based on an input of coded instructions. They are reliable if you require certain business actions to be completed at certain times in a specific way.
Blockchains-as-a-Service offers everything businesses need in order to start a blockchain in case the businesses are unable to start one themselves.
Energy efficiency tries to reduce the amount of energy needed in order to create and maintain blockchains by operating on a recycled or proof-of-work energy cycle.
Permissioned blockchains are used mainly by banks and governments to provide control over who can make transactions and who can create changes.
Tangle is a blockchain without being a blockchain. It takes all of the advances blockchains have and tries to improve on the limitations.
It is a lot of information to take in, especially when first starting out on trying to use blockchains. But it can become relatively simple with the right help and understanding of how blockchains can be an ideal form of security on the web.
How are Blockchains Helping in Online Security?
Blockchains and crypto currencies are rising in usage more and more each year with every technological advance. As businesses start to rely more on technology and online use, they have to be careful to make sure that they are safe and their information does not fall into the wrong hands. Blockchains work to make businesses and companies feel secure about storing their information online to make it easier to access and be used by others within the company. Blockchains work to create strong, impregnable walls that are hard to break through without the proper permissions.
Is this a Worthwhile Job?
Companies should invest in learning how to use blockchains or to train others in the skill since it seems like blockchains will be in high demand within the next year or so. It is still a relatively new concept, so while it is still starting out companies will be looking for the best blockchain engineers. The great thing about learning the blockchain skill is how versatile it is. Almost every type of company could use and benefit from the security blockchains offer. It has the potential to change lives just like the internet originally did when it first came out.
Blockchains are still a new concept that not everyone has heard about or fully understand the potential that it has. It will take some time for companies to start using blockchains instead of their previous security systems, but the change is expected to happen in around a year. You can be assured that blockchains will soon become normality when it comes to online security. It is best to start researching on blockchains, what they can be used for, and what you can do to make the transition easier.
Lacework Raises $24 Million to Expand Cloud Security Business
29.8.18 securityweek IT
Mountain View, Calif-based Lacework has closed a $24 million Series B funding round with Sutter Hill Ventures, bringing the total raised, including Series A early stage venture funding, to $32 million.
The company was founded in 2015 by Sanjay Kalra (chief strategy officer) and Vikram Kapoor (CTO). Stefan Dyckerhoff, MD at Sutter Hill Ventures, is CEO.
The new funding will be used to accelerate Lacework's sales and marketing efforts. "The product became available about a year ago," Dyckerhoff told SecurityWeek; "and with minimal sales and marketing we have achieved thirty happy customers with more in the pipeline. It's time to rev up our sales and marketing efforts."
Lacework is a SaaS platform designed to enable security in public cloud implementations "automatically, at speed, end-to-end, and with scale," he explained. "So, just like you're doing DevOps and automation on the development side in the public cloud, we think we have built a platform that can achieve the same thing on the security side while maintaining a very high degree of efficacy."
As soon as the product is deployed, it starts to automatically discover the customer's environment. It tells the customer what parts of the environment are in compliance and what is out of compliance. It detects things that shouldn't be happening, and helps the customer to remediate them.
It is not a complete security product in itself, but a platform that enables the customer to do security properly and at scale. For example, it doesn't operate like a CASB -- it doesn't locate rogue storage accounts operated by staff on shadow IT. It does, however, monitor and record everything that happens on the client's cloud account. "We do see is misuse or rogue use of existing S3 buckets," explained Dyckerhoff.
Sometimes, this can include employees using what's available just because it's easy. "For example," he continued, "if developers know an account exists, would you really know if they fired up a new AWS Region in Japan over the weekend? The answer is probably 'no' -- unless you use a tool like Lacework."
Lacework sees everything that happens within the cloud account. "We have found attacks in this same category," said Dyckerhoff. "We detected live instances of bitcoin mining in one of our customers where the compromised credential of a developer was used to fire up a different Region to do bitcoin mining. With conventional tools there would have been no way to catch that. So, we don't help with small accounts set up by the employee with his own funds; but for misuse of the corporate account, we absolutely catch everything."
It is the ability to see everything that happens that gives Lacework the capacity to monitor compliance. Where regulations are mature -- such as PCI and HIPAA-- it is able to deliver traffic-light compliance reports immediately. GDPR is a little different because the regulation is so new and enforcement practices are still unknown. Nevertheless, Lacework's ability to continuously monitor the entire cloud account can highlight moments when the company does or is in danger of slipping out of GDPR compliance.
"Right now," he suggests, "the key questions for GDPR compliance are 'where is my data?' and 'who accessed it?'. These are questions that can absolutely be answered by Lacework."
Assuming the company knows where its GDPR-sensitive data is stored, Lacework will discover every API call made within the account. "We know every S3 bucket and which API called it," explained Dyckerhoff. "We keep that data over time. But we also map out the applications. So, once we are fully deployed we will know exactly which process talked to which other process, how that relates to an API call, and whether it resulted in an S3 transaction or a network transaction."
The customer gets all these records, and can see if there is an API call to a location storing EU PII that did not come from another EU location. "For GDPR," he continued, "you must not miss a single transaction -- and that's what we provide. The customer still needs to know what is his GDPR data and where it is stored; but from then on, we can show all legitimate and illegitimate access to that data, demonstrating whether his storage data is in compliance or out of compliance with GDPR."
Dyckerhoff believes that the cloud marketplace is accelerating rapidly. "Over the last 12 months," he said, "cloud has progressed from early adopters to early mainstream adopters. A better understanding of the 'shared responsibility' security model is emerging. Our platform assumes the cloud is there. We have all the APIs and data sources that allow us to do automated discovery and analysis and gives the customer the tools to use the cloud securely.
"The cloud is certainly no less secure than on-prem; but it's very different. The cloud is secure if you make it secure; but you have to think about it in a new way. Lacework helps to do that."
In May 18, Gartner include Lacework in its '5 Gartner Cool Vendors in Cloud Security -- 18.' It said, "Lacework addresses the challenges enterprises face via their Polygraph technology. Polygraph combines cloud resource monitoring, data collection and correlation, and strong visualization. Lacework also provides threat insights into cloud environments as well as security automation tools."
FireEye: Tech Firms' Secret Weapon Against Disinformation
28.8.18 securityweek IT
NEW YORK (AP) — This week has seen major social media sites step up their policing of online disinformation campaigns.
Google disabled dozens of YouTube channels and other accounts linked to a state-run Iranian broadcaster running a political-influence campaign.
Facebook removed 652 suspicious pages, groups and accounts linked to Russia and Iran.
Twitter took similar action shortly thereafter.
What did they have in common? The security firm FireEye.
Best known for its work on high-profile cyberattacks against companies including Target, JPMorgan Chase and Sony Pictures, FireEye is emerging as a key player in the fight against election interference and disinformation campaigns.
Founded in 2004, FireEye is based in Silicon Valley and staffed with a roster of former military and law-enforcement cyberexperts.
"They've really become the Navy SEALs of cybersecurity, especially for next-generation cybersecurity threats," said GBH Insights analyst Dan Ives.
Lee Foster, manager of information operations analysis at FireEye, said his team works within the company's intelligence outfit, which researches not only "info-ops" — like the Iran-linked social media activity it recently uncovered — but espionage, financial crime and other forms of vulnerability and exploitation. Specialist teams at FireEye focus on particular areas of cyberthreats, each with their own expertise and language capabilities.
"We kind of operate like a private-sector intelligence operation," he said.
FireEye was founded by Ashar Aziz, who developed a system for spotting threats that haven't been tracked before, unlike older companies that sold firewalls or anti-virus programs that block known malware.
Aziz, a former Sun Microsystems engineer, created a system that uses software to simulate a computer network and check programs for suspicious behavior, before allowing them into the network itself.
FireEye raised its profile in 2014 by acquiring Mandiant, known for expertise in assessing damage and tracing the source of cyberattacks. Mandiant founder Kevin Mandia, a former U.S. Air Force investigator, is now FireEye's CEO.
While businesses are spending more on information security, FireEye itself has spent heavily on research, development, sales and marketing. That has led to struggles to remain profitable, as heavy investments offset revenue growth.
Mandia said that during the three months ended June 30, FireEye's email security found 6 million spear-phishing attacks, a type of hacking, and its security products alerted companies of attempts to breach security 29 million times. That's important, Mandia said, because most of FireEye's products are deployed behind their client's existing firewalls or antivirus software, so everything FireEye catches has already evaded other defenses, he said.
"We are the investigators called in when the processes, people, and technology fail to prevent a security breach or incident," he said. "We find the gaps in the security fabric and we find the needle in the haystack."
FireEye Inc.'s second-quarter revenue rose 6 percent to $203 million but it lost $72.9 million, or 38 cents per share. That met Wall Street's expectations, but its shares fell as investors expected more.
That's a common problem in the white-hot cybersecurity sector, which includes competitors like Palo Alto Networks, CloudFlare and Check Point. The companies are facing high expectations as the cybersecurity market booms, fueled by heightened cyberattacks and hacking fears.
"As the space has become more competitive ... profitability and growth has been a challenge for (FireEye)," Ives said.
Still, FireEye's stock jumped 6 percent on Thursday when news broke of its role in uncovering the fake accounts on YouTube, Facebook and Twitter. It was up another 3 percent Friday.
FireEye shares hit their all-time peak of $95.63 on March 5, 2014, a few months after they went public, but began a long decline after that, hitting an all-time low of $10.40 almost exactly three years later on March 14, 2017. In the past month the stock has traded between $14.38 and $16.69.
And the company's reputation continues to grow.
"There are many vendors that play in cybersecurity when you look at some of the very sophisticated threats facing enterprise and governments," Ives said. "FireEye many times gets that first phone call when it comes to assess threat environment for companies."
Wickr Partners with Psiphon to Improve Network Availability
24.8.18 securityweek IT
Despite government demands for backdoors into end-to-end encryption, it remains a legitimate requirement for business. Political tensions affect, but don't stop, international commerce; and business teams visiting foreign countries need to know that their communications are secure and delivered. The problem is domestic as well as international -- staff are increasingly mobile and work from any hotspot or free WiFi location they can find.
Such internet users need to know that their data remains secure from whatever location they use. This is a requirement solved by Wickr. It provides encrypted communication from source to destination whatever the location. Traveling staff can use any internet cafe or hotspot confident that their content cannot be sniffed.
But there remains a problem. Some of those source locations impose local restrictions on traffic -- it could be anything from traffic management controls to ISP restrictions, or simply a flakey network. The result is that Wickr content may be secure, but delivery can become problematic. To solve this problem Wickr has partnered with Psiphon to create WOA -- Wickr Open Access.
"Wickr already solves the crypto part," Joel Wallenstrom, president and CEO of Wickr told SecurityWeek. It triple-encrypts every bit of streaming data and applies perfect forward and perfect backward secrecy. "But a really critical part of enterprise communication is availability. That's why we've partnered with Psiphon. Together, we've developed something unique in the market, combining our encryption with how Psiphon ensures a robust and always-available network."
Psiphon can be described as a smart VPN. WOA combines Wickr's cryptography with Psiphon's network availability to provide consistent deliverable security, anywhere.
Chris Lalonde, Wickr's COO, explains. "Global enterprises have teams all over the world and they have people traveling all the time. The challenge that you face is that in many cases you are on an unpredictable network -- whether that's a coffee shop in Soho, a cafe in Paris, or some place in Hong Kong. What happens in a lot of those cases is users end up getting frustrated. They tend to think that it is the application when really it's the network they're using."
Enterprises have two problems. Mobile workers traveling locally, using local coffee shops with poor network connectivity and the potential for industrial espionage; and international business teams visiting nations with what we might term repressive governments. Wallenstrom describes the first. "If you're in a local coffee shop with free wifi it may have certain protocols restricted in order to maximize web-serving traffic. What that means for an end user trying to get on a call for a business meeting is it just doesn't work. This happens anywhere where the coffee shop is trying to optimize its free stuff -- to the end user, it just feels like the application is crappy."
Michael Hull, president of Psiphon Inc (which grew out of a Citizen Lab project) provides the international perspective. "There are probably 30 to 40 countries in the world where governments, ISPs and security agencies are all colluding together to control the local population and economy," he told SecurityWeek. "This is the problem that Psiphon was founded to solve. We've been providing an anti-censorship solution to the big international broadcasters for the last ten years or so. The BBC uses us, the Voice of America, Radio Free Europe and more use us to make sure that when governments try to intervene to prevent people from accessing information in contravention of Article 19 of the UN Declaration of Human Rights, we have a very sophisticated smart VPN that is capable of getting around large scale filtering systems and so on. We've honed our technology in the classic regions like China, Iran and Russia. The internet is being regularly disrupted by different ISPs for various reasons, some of them human rights related, some are business related."
Wickr has integrated the technology developed by Psiphon to ensure reliable network routing through the vagaries of both the local coffee shop and intrusive foreign governments. Psiphon operates 3500 servers, hosted on third party cloud providers, throughout the world -- ensuring that Wickr's encrypted traffic can get from anywhere in the world to anywhere in the world safely, securely and predictably.
"We're enabling users to simply put their application to work all the time, anywhere," said Lalonde. "Combining with Psiphon, WOA enables users to have a one-two punch to not only secure their data end-to-end but to make sure it gets to where it needs to go."
This gives it another practical enterprise application: incident response. "Let's say that my corporate network has been hacked," explained Wallenstrom, "and I don't know what to trust and what not to trust on my infrastructure. An attacker could be doing all sorts of things to my network traffic in order to see what the incident response team is doing. This happens -- it happened in the Sony hack. WOA gives the CISO and incident response team assurance that not only are the messages encrypted, but they are getting through to the destination when they need to."
"In today’s world," says Chris Lalonde, Wickr's COO, "end users are rarely aware of the networks across which their data is transmitted. Sometimes networks are restricted, other times they are degraded or monitored. With WOA, users can be certain that their data is secure in transit, their critical communications make it to the intended recipients and no service provider -- including Wickr -- has access to end user data."
Psiphon describes its product as a circumvention tool that utilizes VPN, SSH and HTTP Proxy technology to provide uncensored access to Internet content. But it is more than a VPN that gives access to Pirate Bay when the local ISP blocks it. Wickr is using Psiphon to not just bypass the local ISP, but to bypass problematic local networks to ensure that traveling teams can maintain secure communications from even the most far-flung locations.
The enterprise version is available today. It will be rolled out to other versions of Wickr, including the free version, in the future.
Code Analysis Firm Semmle Launches With $21 Million in Funding
22.8.18 securityweek IT
Semmle, a company whose software engineering analytics platform is already used by several major companies, on Tuesday announced its global launch, along with a $21 million Series B funding round.
This funding round, led by Accel Partners with participation from Work-Bench, brings the total raised by the company to date to $31 million. The newly acquired funds will be used to accelerate Semmle’s go-to-market efforts serving large tech and financial services companies worldwide.
Semmle offers two products designed to help organizations find coding errors that can introduce critical vulnerabilities. One of the products, QL, is a software analytics engine that treats code as data so that it can be quickly and accurately analyzed by developers and security response teams.Semmle launches globally
“The same kinds of logical coding mistakes are made over and over again, sometimes repeatedly within a single project, and sometimes across the whole software ecosystem. These mistakes are the source of many of today’s critical software vulnerabilities,” Semmle explained on its website. “Using QL, you can codify such mistakes as queries, find logical variants of the same mistake elsewhere in the code, and prevent similar mistakes from being introduced in the future by automatically catching them before code gets merged.”
QL powers Semmle’s second product, LGTM, whose name stems from “Looks Good to Me,” which programmers use to express approval when reviewing software.
LGTM is a software engineering analytics platform that combines deep semantic code search and data science insights from a community of hundreds of thousands of developers. The platform, which Semmle claims is easy to integrate into the developer workflow, provides feedback, coding recommendations, and benchmarking insights.
Semmle’s platform has already been used in the past years by Microsoft, Google, Capital One, Credit Suisse, Nasdaq and NASA, which has helped the company perfect its product, said Oege de Moor, CEO and co-founder of Semmle.
The commercial product is now being made available to the rest of the world.
“On August 21, for the first time, any company can have access to our enterprise product and benefit from the work of leading technology companies like Google and Microsoft. Every customer benefits from the work that these security researchers report back to our vulnerability analysis repository — we are pioneering security as a public good,” de Moor told SecurityWeek.
“The LGTM community is our security research team, and this is one of the most powerful aspects of our platform. The leading companies using our tools have now made insights available to the rest of our customers, who might not have the resources or scale to invest in product security teams to hunt for vulnerabilities,” he added.
Semmle is the company that last year reported CVE-2017-9805, an Apache Struts vulnerability that ended up being exploited in the wild.
Container Security Firm Twistlock Raises $33 Million
15.8.18 securityweek IT
Twistlock, a provider of solutions to protect cloud containers, today announced that it has raised $33 million in Series C funding, bringing the total raised to-date by the Portland, Oregon-based company to $63 million.
The company’s flagship Twistlock platform provides protection for containers, serverless functions, and container-as-a-service platforms like AWS Fargate into a single full stack security platform.
The latest version of the platform brings cloud native forensics capabilities to help during the incident response process.
Twistlock“The Twistlock platform replaces multiple outdated layers of security – from standalone vulnerability assessment tools that force developers to read CVEs in CSVs, to application firewalls that require static configuration and updates with every build,” CEO Ben Bernstein explained in an associated blog post.
Founded in 2015, Twistlock says it has grown its customer base over 350 percent each year, and counts 25 percent of Fortune 100 companies as customers, including McKesson, Walgreens, Aetna and USAA. The company also said it has grown its employee headcount 200 percent year over year, and has opened five offices across the globe.
Led by ICONIQ Capital, existing investors YL Ventures, TenEleven, Rally Ventures, Polaris Partners and Dell Technologies Capital all participated in the round.
Twistlock is one of several companies looking to lead in the container security space that has raised funding in recent years. Israel-based Aqua Security has raised more than $38 million, NeuVector has raised $7 million, Capsule8 has raised $23.5 million, and Tigera received $23 million. Container security firm StackRox announced in April that it had secured $25 million in a Series B funding round, bringing the total raised by the company to more than $39 million.
While several security startups have emerged with a focus on containers, veteran security firms are also targeting the sector. In June 2017, cloud-based security and compliance solutions provider Qualys launched a product designed for securing containers across cloud and on-premises deployments.
According to a 2015 survey of 272 IT decision makers in North America conducted by Twistlock, 91 percent of the respondents said they were concerned about the security of containers.
SIEM Platform Provider Exabeam Raises $50 Million
15.8.18 securityweek IT
Exabeam, a San Mateo, California-based provider of a next-gen security information and event management (SIEM) platform, announced on Tuesday that it has closed $50 million in Series D funding.
Exabeam was founded in 2013 by Nir Polak, CEO, Sylvain Gil, vice president of products, and Domingo Mihovilovic, chief technology officer. Before launching the company, Polak and Gil worked for Imperva, while Mihovilovic occupied a founding leadership role at Sumo Logic.
While SIEMs are sometimes outed as a dying tool for security teams, Exabeam's Security Intelligence Platform(SIP) includes more features than legacy SIEMs, including powerful data collection, threat identification and response capabilities.
"We started," Polak told SecurityWeek in early 2017, "as a SIEM-helper." The intention was always to be more, but the route to a complete platform was designed to be in steps. SIEMs, he suggested are broken, difficult to use and no longer fit for today's needs; and a SIEM-helper was the obvious starting point. "SIEMs were born some 20 years ago, before the age of big data and before the skills gap became as severe as it is today. So, we used machine language and analytics to help find the threats for the SIEMs."
"We're moving to the next phase, ready to take on the incumbents -- Splunk, ArcSight and QRadar -- head on," Polak said at the time.
“Built on open source, big data technology, including Elasticsearch and Hadoop, it provides unlimited secure data collection, indexing and search but without volume-based pricing,” the company explains. “Advanced machine learning capabilities provide rapid insights into all events, including attacks and vulnerabilities so subtle and precise that humans simply cannot see them.”
According to the company, the additional funding will be used to grow its cloud portfolio and support global sales efforts.
Led by Lightspeed Venture Partners, the Series D round was supported by Aspect Ventures, Cisco Investments, Icon Ventures, Norwest Venture Partners and cybersecurity investor Shlomo, all which are existing investors.
North Dakota Guard Unit Alerted of Potential Deployment
15.8.18 securityweek IT
BISMARCK, N.D. (AP) — A North Dakota Army National Guard unit based in Bismarck has been notified it could be mobilized.
Detachment 1, 174th Cyber Protection Team has about seven soldiers on an alert status. The unit is led by 1st Lt. Charles Werner of Upham.
The Bismarck Tribune reports the decision to mobilize this unit has not yet occurred.
If mobilized, the unit would provide network security and cyber defense operations in support of the Department of Defense early next year at Fort Meade, Maryland.
North Dakota's adjutant general, Maj. Gen. Al Dohrmann, says the unit's potential mission would mark a new era for the North Dakota National Guard "as it engages in cutting-edge cyber operations technology."
Currently, about 45 North Dakota Guardsmen are mobilized for stateside and overseas missions.
Tech Giants Face Hefty Fines Under Australia Cyber Laws
15.8.18 securityweek IT
Tech companies could face fines of up to Aus$10 million (US$7.3 million) if they fail to hand over customer information or data to Australian police under tough cyber laws unveiled Tuesday.
The government is updating its communication laws to compel local and international providers to co-operate with law enforcement agencies, saying criminals were using technology, including encryption, to hide their activities.
The legislation, first canvassed by Canberra last year, will take into account privacy concerns by "expressly" preventing the weakening of encryption or the introduction of so-called backdoors, Cyber Security Minister Angus Taylor said.
Taylor said over the past year, some 200 operations involving serious criminal and terrorism-related investigations were negatively impacted by the current laws.
"We know that more than 90 percent of data lawfully intercepted by the Australian Federal Police now uses some form of encryption," he added in a statement.
"We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm."
The laws have been developed in consultation with the tech and communications industries and Taylor stressed that the government did not want to "break the encryption systems" of companies.
"The (law enforcement) agencies are convinced we can get the balance right here," he told broadcaster ABC.
"We are only asking them to do what they are capable of doing. We are not asking them to create vulnerabilities in their systems that will reduce the security because we know we need high levels of security in our communications."
The type of help that could be requested by Canberra will include asking a provider to remove electronic protections, concealing covert operations by government agencies, and helping with access to devices or services.
If companies did not comply with the requests, they face fines of up to Aus$10 million, while individuals could be hit with penalties of up to Aus$50,000. The requests can be challenged in court.
The draft legislation expands the obligations to assist investigators from domestic telecom businesses to encompass foreign companies, including any communications providers operating in Australia.
This could cover social media giants such as Facebook, WhatsApp and gaming platforms with chat facilities.
The Digital Industry Group (DIGI), which represents tech firms including Facebook, Google, Twitter and Oath in Australia, said the providers were already working with police to respond to requests within existing laws and their terms of service.
DIGI managing director Nicole Buskiewicz called for "constructive dialogue" with Canberra over the adoption of surveillance laws that respect privacy and freedom of expression.
Canadian Industrial Security Firm iS5Com Raises $17 Million
8.8.18 securityweek IT
iS5 Communications (iS5Com), a Canadian provider of networking and cybersecurity solutions for industrial systems, announced on Tuesday that it has raised roughly $17 million (CDN $22 million) in funding.
iS5Com RaptorAccording to the company, the funding will be used to enhance its flagship RAPTOR platform and to develop additional solutions for securing critical infrastructure communications and networks.
Designed to protect Smart Cities and various critical infrastructure systems, including those in harsh environments, RAPTOR is compliant with IEC 61850 Ed. 2, IEEE 1613, and EN50155 standards. The flexible platform allows the customers to connect various plug‐in modules to meet functional requirements, the company says.
Additionally, the company says that all of its products have the ability to transmit data efficiently without the loss of any packets under harsh environments and EMI conditions.
Phoenix Contact Innovation Ventures GmbH led the round with participation from new investors, existing shareholders and management.
Cisco to Acquire Duo Security for $2.35 Billion in Cash
3.8.18 securityweek IT
Cisco announced on Thursday that it will pay $2.35 billion in cash to acquire cloud-based identity and access management solutions provider Duo Security.
Ann Arbor, Michigan-based Duo raised $70 million in Series D funding in October 2017, which valued the company at $1.17 billion at the time.
Through its flagship two-factor authentication (2FA) app, Duo's "Trusted Access" product suite helps verify the identity of users, and the health of their devices, before granting them access to applications. The platform supports Macs, PCs and mobile devices, and gives administrators visibility into end user devices accessing the corporate network.
Duo Security Logo“Integration of Cisco's network, device and cloud security platforms with Duo Security's zero-trust authentication and access products will enable Cisco customers to easily and securely connect users to any application on any networked device,” Cisco said.
Overall, Cisco says that by getting its hands on Duo’s technology, it will be able to extend intent-based networking into multi-cloud environments, simplify policy for cloud security, and expand endpoint visibility coverage.
The acquisition is expected to close during the first quarter of Cisco's fiscal year 2019, subject to customary closing conditions and required regulatory approvals.
Duo said previously that it has doubled its annual recurring revenue for the past four years, and currently has more than 500 employees globally, after doubling its headcount in 2016.
Duo serves more than 10,000 paying customers and said protects more than 300 million logins worldwide every month. Customers include Facebook, Etsy, Facebook, K-Swiss, Paramount Pictures, Toyota, Random House, Yelp, Zillow and more.
In addition to its Ann Arbor, Michigan headquarters, Duo currently maintains offices in Austin, Texas; San Mateo, California; and London, England.
Duo Security, which will continue to be led by Dug Song, Duo Security's co-founder and chief executive officer, will join Cisco's Networking and Security business led by EVP and GM David Goeckeler.
Cisco has acquired several emering security companies over the years. In June 2015, it announced its acquisition of OpenDNS for $635 Million. The move followed other acquisitions by Cisco in the security sector, including its acquisition of Porcullis, ThreatGRID, Neohapsis, Virtuata, and its $2.7 billion acquistionof Sourcefire in 2013. In June 2016, it agreed to pay $293 million to acquire cloud access security broker (CASB) CloudLock.
Mimecast Acquires Threat Detection Startup Solebit for $88 Million
1.8.18 securityweek IT
Email and data security firm Mimecast (NASDAQ: MIME) announced on Tuesday that it has acquired threat detection firm Solebit for approximately $88 million net of cash acquired.
Founded in 2014 by cybersecurity experts from the Israel Defense Forces (IDF), Solebit announced that it had raised $11 million in Series A funding in March 18.
Solebit’s technology helps detect and protect against zero-day malware and unknown threats in data files and links to external resources/URLs.
“Security methods like signature-based antivirus and sandbox detonation are too limited when it comes to today’s most advanced threats,” said Peter Bauer, chief executive officer at Mimecast.
“Solebit has developed a differentiated approach that is engineered to preclude the need for signatures and sandboxes,” the company explains. “It is designed to help customers find advanced threats by recognizing when there is malicious code embedded within active content and data files.”
Mimecast says that Solebit’s threat detection tools are already integrated into Mimecast Targeted Threat Protection products.
London, UK-based Mimecast announced earlier this month that it had acquired Bethesda, Md-based security training company Ataata.
“Combined with the recent acquisition of Ataata in the security awareness and training space, and the recently previewed early adopter web security program, Solebit brings another important set of microservices to the Mime|OS platform that all of Mimecast’s unified services are built upon,” the company says.
Research by Mimecast and Vanson Bourne in May 18 highlighted the extent to which humans are the targeted weakness in cybersecurity. From a pool of 800 IT decision makers and C-level executives, 94% had witnessed untargeted phishing attacks, 92% had witnessed spear-phishing attacks, 87% had witnessed financially-based email impersonation attacks (BEC), and 40% had seen an increase in trusted third-party impersonation attacks.
Founded by Bauer and CTO Neil Murray in 2003, Mimecast went public in late 2015 at $10 per share, raising $78 million in gross proceeds. After the IPO, share value fell as low as $6.20 in January 2016. Since July 2016, however, share price has risen steadily, sitting at $36.37 at the time of writing.
Investors in Solebit include ClearSky Security, MassMutual Ventures and Glilot Capital Partners.
Tenable Soars on IPO Day
28.7.18 securityweek IT
Tenable Holdings, parent of veteran cybersecurity firm Tenable Network Security, celebrated its much-anticipated initial public offering (IPO) by raising roughly $250 million through the sale of 10.9 million shares at $23 per share.
The Columbia, Md.-based company began trading on the Nasdaq Global Select Market on Thursday under the ticker symbol “TENB”.
Joe Brantuck of Nasdaq with Tenable CEO Amit YoranShares of the company jumped more than 45% in early trading, reaching nearly $34 per share at the time of publishing, pushing the company’s market cap above $3 billion.
Founded in 2002, Tenable is known for its vulnerability scanners and software solutions that help find network security gaps. The company has more than 24,000 customers across 160 countries, including more than 50 percent of Fortune 500 companies and nearly 30 percent of Global 2000 firms.
In late 2017, Tenable announced a partnership with Siemens that aims to provide asset discovery and vulnerability management solutions for industrial networks.
Before going public, Tenable had raised more than $300 million, including $250 million in November 2015 and $50 million in September 2012.
Currently led by CEO Amit Yoran, former President of RSA and former National Cybersecurity Director at the U.S. Department of Homeland Security, Tenable had revenue of $187.7 million in 2017 and reported a net loss of $41 million for the year.
Customer Identity and Access Management Firm LoginRadius Raises $17 Million
26.7.18 securityweek IT
Vancouver, Canada-based customer identity and access management (cIAM) firm LoginRadius has raised $17 million Series A funding led by ForgePoint Capital and Microsoft's venture fund, M12.
Founded in 2012 by Rakesh Soni (CEO) and Deepak Gupta (CTO), LoginRadius has concentrated on cIAM -- initially as a social login provider, but now the provider of a multi-faceted, cloud-based, full-function cIAM platform. In its six years it has grown largely without external capital funding (previously raising a total of $2.3 million in initial and seed funding); and it has achieved triple digit growth in its last two years.
LoginRadius LogoWith the demand for customer (as opposed to enterprise) identity and access management growing rapidly, the new funding is designed to ensure that the firm can expand to meet potential requirements. Driving this growth is the ongoing digital transformation of business. Commercial enterprises are no longer satisfied with identity alone, but seek complete identity profiles of their customers in order to provide a more personalized service.
This makes cIAM a very different requirement to enterprise IAM. While enterprise IAM is concerned with validating the identity of a relatively small and finite number of known company employees, cIAM needs to handle the identity and profile of an infinite number of potentially worldwide internet customers.
"In customer identity you do not control the identity," Soni told SecurityWeek: "you just define it. Control remains with the customers who decide whether they want to keep the identity, destroy the identity, whether they want to access 20 of your brands or just one. And because the system faces outwards rather than inwards, the compliance requirements that are absent in employee identity becomes extremely critical -- especially, for example, with GDPR and the other privacy regulations popping up throughout the world."
The scale is very different. "While most companies have a maximum of a few hundred thousand employees," he continued, "one of our biggest clients has 50 million identities. Those people can access the client from anywhere on the planet, and they need the system to be up and running 24/7. For employee IAM, if the system is down for ten or 15 minutes (especially out of business hours) the impact is minimal. But in the case of cIAM even small downtimes can damage revenue and impact brand satisfaction."
These requirements, he suggests, demand a cloud-based solution. "With increasing customer experience expectations and growing cybersecurity threats, enterprises need a modern cloud-based identity platform that can be the foundation for digital transformation and provide peace of mind when it comes to security. This funding is a testament to LoginRadius' ability to deliver on this promise to our customers and sets the foundation for our future growth."
The firm already has offices in London, San Francisco, Sydney, and Jaipur; and plans to double its workforce over the next 12 months.
"Customer identity is at the intersection of security, digital business and compliance. This requires significant expertise to build and maintain in-house, resulting in extended go-to market time," said Deepak Gupta. "LoginRadius provides the answer to this critical challenge with its out-of-the-box solution."
The LoginRadius cloud platform is built with RESTful APIs and open sourced SDK libraries to allow developers to implement authentication, login interfaces and web SSO without worrying about back-end capabilities such as data management, disaster recovery, performance, system availability and scalability. It already serves more than 700 million identities, and handles 7.5 billion API calls per month.
"Forward-thinking companies are looking for secure, cloud-based identity solutions that can serve a global customer base and handle complex scenarios," commented Nagraj Kashyap, corporate vice president at Microsoft and global head of M12. LoginRadius is "delivering on their promise to simplify customer identity management, which allows enterprise companies to more easily achieve their digital transformation ambitions."
Big Tech Firms Agree on 'Data Portability' Plan
26.7.18 securityweek IT
Facebook, Google, Microsoft and Twitter unveiled plans Friday to make it easier for users to take their personal data and leave one online service for another.
The "Data Transfer Project" revealed by the companies responds to concerns about the growing influence of internet platforms and internet user concerns about control of their personal information shared online.
"Users should be in control of their data on the web, part of this is the ability to move their data," the companies said on the project website.
Data portability has been a goal of many privacy activists, and is enshrined in some country regulations including Europe's new General Data Protection Regulation.
Currently, people can download their data from an online service, without a guarantee it will be possible or feasible to upload the information to a new service.
The situation can result in people feeling anchored to a service or app, even if they are unhappy with it or an enticing option arises, because of photos, contacts, posts and other accumulated data.
"Making it easier for individuals to choose among services facilitates competition, empowers individuals to try new services and enables them to choose the offering that best suits their needs," the project said at its website.
"There are many use cases for users porting data directly between services, some we know about today, and some we have yet to discover."
Reasons for shifting personal data could include abandoning an old service, trying a new one, or simply backing up information to keep it safe.
The project was formed two years ago and remains in a development phase.
Disclosure of the effort comes amid heightened scrutiny over the potential of internet companies to abuse positions of power and the right of people to control their online data.
Gigamon Acquires Network Visibility Startup ICEBRG
24.7.18 securityweek IT
Network traffic analysis firm Gigamon on Tuesday announced plans to acquire network security startup ICEBRG.
Founded in 2014, Seattle, Washington-based ICEBRG provides a Security-as-a-Service (SaaS) solution designed to help organizations detect threats and gain and leverage network visibility for security operations.
Gigamon's flagship GigaSECURE platform provides visibility into network traffic, users, applications and suspicious activity.
The ICEBRG platform uses sensors deployed at customer locations that stream network traffic metadata to a cloud-based system that helps Security Operations Center (SOC) teams quickly identify threats and act to remediate them.
Gigamon says it will combine the two platforms to help enterprises leverage various security tools.
“The combination of the high-quality network data from the GigaSECURE Security Delivery Platform and the ICEBRG cloud-based platform will power the next generation of security capabilities. Together, our expertise in networking and security will help SOC teams focus on defending against the most severe threats in their environments,” William Peteroy, co-founder and CEO of ICEBRG, said.
The terms of the deal were not disclosed.
Security Orchestration Firm Siemplify Raises $14 Million
24.7.18 securityweek IT
Siemplify, a New York, NY-based provider of security orchestration, automation and response (SOAR) tools, today announced that it has raised $14 million in a Series B funding round led by Jump Capital.
This latest funding brings the total amount raised by the company to $28 million.
Designed to help security operations teams work more efficiently, Siemplify’s platform assists with tasks ranging from incident triage and investigation to collaboration and remediation.
“SOAR enables the management of disparate cybersecurity tools - including SIEM, endpoint protection, threat intelligence and more - through a single platform that helps security operations teams respond to threats faster and more effectively,” the company explains.
Jump Capital was joined by the company’s existing investors G20 Ventures and 83North in the Series B round.
Siemplify is yet another cybersecurity startup founded by former Israeli Defense Forces (IDF) security experts.
Okta Acquires Access Control Startup ScaleFT
19.7.18 securityweek IT
Enterprise identity management firm Okta this week announced that it has acquired ScaleFT, a company that offers a Zero Trust access control platform.
Okta provides a Single Sign-On (SSO) solution to help customers efficiently manage user accounts across the enterprise and eliminate passwords while simplifying access. With Multi-factor Authentication (MFA), it provides strong authentication various services, with over 5,500 pre-built integrations to applications and infrastructure providers.
Okta Logo
Founded in 2015, ScaleFT’s access management platform was inspired by Google’s BeyondCorp security model, which provides remote access without the use of a VPN (virtual private network).
With this acquisition, publicly traded Okta (NASDAQ:OKTA), which already helps over 4,700 organizations both secure and manage their extended enterprise, plans to bring Zero Trust to corporations with a framework to protect sensitive data without compromising on experience.
By combining ScaleFT’s Zero Trust platform with its own Identity Cloud, Okta aims to help organizations easily validate users, devices, application and network information while also securing access to data from cloud to ground.
“Companies have realized they can no longer trust their network and have to understand device security — instead of trusting everyone behind a firewall, now IT and security leaders must trust no one, inside or outside the organization,” Frederic Kerrest, Chief Operating Officer and co-founder, Okta, said.
“To help our customers increase security while also meeting the demands of the modern workforce, we’re acquiring ScaleFT to further our contextual access management vision — and ensure the right people get access to the right resources for the shortest amount of time,” Kerrest continued.
The Zero Trust security paradigm requires organizations to move away from the traditional approach of perimeter-based security that included static credentials and access controls, and to focus on adaptive and context-aware controls instead, for making continuous access decisions.
Following the acquisition, ScaleFT CEO and co-founder Jason Luce will manage the transition, while CTO and co-founder Paul Querna will lead strategy and execution of Okta's Zero Trust architecture. Marc Rogers, CSO, will join Okta as Executive Director, Cybersecurity Strategy.
Compliance-Focused Cybersecurity Firm A-LIGN Raises $54.5 Million
19.7.18 securityweek IT
A-LIGN, a provider of cybersecurity and compliance solutions, announced this week that it has raised $54.5 million from growth equity firm FTV Capital.
Tampa, Florida-based A-LIGN provides assessments, audits and cyber risk advisory and testing services for companies of all sizes. Using its flagship platform, A-SCEND, the company helps organizations address third-party risks, security controls, and privacy concerns, with a focus in four core areas:
• Compliance Assessments: SSAE 18, SOC I, II, III audits, and assessments;
• Industry Specific Audits such as ISO, PCI, HITRUST, HIPAA;
• Cybersecurity Services: Penetration testing, vulnerability scanning; and
• Cyber Risk and Privacy: GDPR, CCPA, related privacy and incident planning services.
“Evolving security frameworks and the continual release of new regulations and compliance requirements, such as GDPR, SOC I/II/III, and the recently-passed California Consumer Privacy Act, require that company executives constantly examine their data privacy practices,” Scott Price, CEO of A-LIGN, said in a statement. “Organizations across all industries are conducting critical assessment and audits not only for mandated compliance but also to deepen trust among customers and users which has a direct impact on the bottom line.”
A-LIGN is a licensed CPA firm, Qualified Security Assessor Company (QSAC), accredited ISO 27001 certification body, certified HITRUST Assessor firm, and accredited FedRAMP 3PAO. The company’s tools help customers streamline the audit and certification process through workflow automation, document management, and auditing history.
As part of the transaction, FTV Capital partner Liron Gitig and managing partner Richard Garman will join the company’s board of directors.
Symantec Launches Email Threat Isolation Solution
19.7.18 securityweek IT
Symantec on Tuesday unveiled a new solution designed to help protect enterprises against email-based attacks using threat isolation.
According to the security firm, the new Email Threat Isolation technology can block advanced email attacks, including spear phishing, credential theft and account takeover attempts, and ransomware.
The solution creates what Symantec describes as a secure remote execution environment between the user and the potentially malicious content.
Specifically, Email Threat Isolation sends traffic from the links included in suspicious emails to this secure environment. All potentially malicious elements remain confined in this isolated environment while the user is only shown a safe visual representation of the content.
The solution can also render websites in read-only mode, which helps prevent employees from entering sensitive information, such as corporate credentials, on a phishing website.
Email Threat Isolation is available as a cloud-based or on-premises service, and it can be used with Symantec Email Security or third-party email security solutions.
“Despite significant efforts by our industry to detect and block email-borne threats, messaging remains the primary vector for malware and scams within the enterprise. The industry requires a paradigm shift to properly secure messaging, and we are excited to be bringing the innovation of integrated isolation technology to email,” said Greg Clark, CEO of Symantec.
“This revolutionary technology helps enterprises to quickly and easily isolate all malicious email content – both internal and external – to substantially reduce inherent risks within messaging applications. Further, because the technology is cloud-based, organizations can be up and running quickly and easily, reducing stress on already taxed IT teams,” Clark added.
Security Instrumentation Firm Verodin Raises $21 Million
19.7.18 securityweek IT
Verodin, a Virginia-based company that helps organizations assess the effectiveness of their cybersecurity controls, on Tuesday announced that it has raised $21 million in a Series B funding round.
The round was led by TenEleven Ventures and Bessemer Venture Partners (BVP), with participation from Capital One Growth Ventures, Citi Ventures and all existing investors. As part of the deal, TenEleven Ventures founder Mark Hatfield will join the company’s board of directors.
The company says it will use the funds to continue the development of its Security Instrumentation Platform (SIP), increase hiring in all functional areas, and expand global sales.
“Boards and C-level executives increasingly want evidence that the dollars and effort they spend on cyber defenses are actually working,” said TenEleven Ventures’ Hatfield. “Verodin is leading a revolutionary shift in cybersecurity, delivering organizations the evidence they need to measure, manage and improve their cybersecurity effectiveness.”
The latest funding round brings the total raised by Verodin to $34 million. The company secured $10 million in a Series A funding round in June 2016.
While the Series B round was officially announced only on Tuesday, the funding was actually revealed in late June when a SEC filing showed that the company had raised roughly $20.7 million from 14 investors. The company refused to make any comments at the time.
Verodin SIP is deployed in an organization’s IT environment and it continuously tests the effectiveness of endpoint, cloud, email and network controls. The solution helps enterprises ensure that the products they have purchased and deployed are actually protecting business-critical assets.
Data Privacy Automation Provider Integris Software Raises $10 Million
19.7.18 securityweek IT
Integris Software, a Seattle-based provider of data privacy automation tools, today announced that it has raised $10 million through a Series A financing round led by Aspect Ventures.
The oversubscribed round brings the total funding raised by the company to $13 million.
The company explains that its flagship data privacy automation platform automates the process of “identifying, classifying and continuously monitoring sensitive data that enables a defensible compliance strategy for enterprises.”
"Global CTOs are realizing that complying with privacy law is essentially a data problem and that without an automated discovery mechanism for sensitive information, they’re flying blind on what data is important to secure and why,” Kristina Bergman, CEO of Integris Software, said in a statement.
The company will help customers comply with emerging and changing data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and the upcoming California state law AB375.
Other investors participating in the funding round include Workday Ventures, Madrona Venture Group, and Amplify Partners.
“Integris is a unique vendor that, through automation, can discover data at rest or in motion, structured or unstructured, on premise or in the cloud,” said Mark Peek, managing director and co-head, Workday Ventures. “Companies need to be able to produce evidence that shows what sensitive information has been deleted or rectified.”
PE Firm Thoma Bravo Buys Majority Stake in Centrify
18.7.18 securityweek IT
Private equity investment firm Thoma Bravo said it will acquire a majority interest in identity and access management (IAM) solutions firm Centrify.
Financial details of the transaction were not disclosed, and the transaction is expected to close in the third quarter of this year.
Founded in 2004, Centrify has raised a total of $94 million in funding to date, and offers a unified platform that provides Privileged Identity Management (PIM) and Identity-As-A-Service (IDaaS).
The Santa Clara, California-based company serves over five thousand customers around the world in industries including defense, banking, energy, retail, manufacturing and health care.
Thoma Bravo has made several large investments in the cybersecurity space over the years. In May 18, it announced that it would acquire a majority interest in Security Information and Event Management (SIEM) solutions vendor LogRhythm. Other cybersecurity investments include SonicWall, SailPoint, Hyland Software, Deltek, Blue Coat Systems, Imprivata, Bomgar, Barracuda Networks, Compuware and SolarWinds.
“With Thoma Bravo’s extensive sector experience and insight in the enterprise security software space, Centrify is in a strong position to provide our products, services and unique expertise to meet the rising need for identity-based cybersecurity technology in today’s global environment,” Tom Kemp, co-founder and CEO of Centrify, said in a statement.
Israeli Firm Radiflow Raises $18 Million to Grow Industrial Cybersecurity Business
18.7.18 securityweek IT ICS
Israeli cyber security firm Radiflow, which provides cybersecurity solutions for industrial control systems (ICS) and Supervisory control and data acquisition (SCADA) networks, announced on Wednesday that it has raised $18 million in venture funding through an investment round led by Singapore-based engineering company ST Engineering.
Radiflow’s product offerings include risk assessment, threat detection and secure remote access tools with industrial asset visibility and anomaly detection.
Under a strategic partnership, ST Engineering has integrated Radiflow’s detection and prevention tools with its SCADA system.
Radiflow logoMore specifically, Radiflow said that its tools would be integrated with ST Engineering’s Rail Command, Control and Communications (C3) Systems (SCADA) to offer an end-to-end cybersecurity solution for the rail transport industry.
Radiflow says the investment will be used to expand its sales team to support growing market demand, strengthen its brand globally and support product development.
Radiflow also recently announced partnerships with Palo Alto Networks and RSA, to make field deployments easier and help ensure compliance with new regulations, including NERC CIP and the EU NIS Directive.
Radiflow will demonstrate its technology at SecurityWeek’s 18 ICS Cyber Security Conference, taking place October 22-25, 18 in Atlanta.
Radiflow is one of several cybersecurity startups targeting the industrial space that have raised funding. Some others include Dragos, Indegy, Bayshore Networks, CyberX, SCADAfence and Nozomi Networks. Veteran industrial software firm PAS raised $40 million in April 2017. Darktrace, which has an offering targeted to the industrial sector, raised $75 million at a valuation of $825 million in July 2017. Just last month, New York-based Claroty announced that it had raised $60 million in a Series B funding round, bringing the total amount raised by the company to date to $93 million.
AT&T to Acquire Threat Management Firm AlienVault
18.7.18 securityweek IT
AT&T on Tuesday said it would acquire San Mateo, Calif.-based threat management and intelligence firm AlienVault for an undisclosed sum.
AlienVault offers its Unified Security Management platform and Open Threat Exchangeintelligence community, which will be integrated into AT&T’s cybersecurity suite of services.
Both companies have approved the agreement but the terms of the deal haven’t been disclosed. The acquisition, which is subject to customary closing conditions, is expected to complete in the third quarter of 18.
AlienVault had raised more than $118 million in funding prior to agreeing to be acquired by the telecom giant.
With the acquisition of AlienVault, AT&T aims at expanding its portfolio of enterprise-focused security solutions to target small and medium-sized businesses.
“Regardless of size or industry, businesses today need cyber threat detection and response technologies and services. The current threat landscape has shifted this from a luxury for some, to a requirement for all,” Thaddeus Arroyo, CEO, AT&T Business, commented.
After the transaction is completed, AT&T will provide business customers with a unified security management platform that aims at helping organizations detect and respond to threats more effectively. According to AT&T, AlienVault will become a key part of its Edge-to-Edge Intelligence capabilities.
Although the two companies did not provide details on the transaction, AT&T did say the deal is not “expected to have a material effect on AT&T’s results.”
Broadcom Buys Business Software Firm CA for $18.9 Billion
18.7.18 securityweek IT
Semi-conductor giant Broadcom, which recently failed in a bid to buy US rival Qualcomm, on Wednesday announced a cash deal to buy software and services firm CA Technologies for $18.9 billion.
Broadcom described CA as a major provider of information technology management software, in an acquisition that would help the chip maker diversify its offerings.
"This transaction represents an important building block as we create one of the world's leading infrastructure technology companies," Broadcom chief executive Hock Tan said in a release.
The deal was approved by the boards of both companies.
Broadcom will pay $44.50 per share of CA stock; about 20 percent over the closing price for common shares at the end of formal market trading on Wednesday, according to the company.
"We are excited to have reached this definitive agreement with Broadcom," CA Technologies chief Mike Gregoire said in the joint release.
"This combination aligns our expertise in software with Broadcom's leadership in the semiconductor industry."
The companies expected the acquisition to close in the final quarter of this year. The merger must be approved by shareholders and regulators.
Broadcom in April transferred its headquarters from Singapore to the US as promised when it tried to buy Qualcomm.
The prior month, President Donald Trump issued an order barring the proposed $117 billion hostile takeover of Qualcomm, citing what he called "credible evidence" such a deal "threatens to impair the national security of the United States."
It would have been the biggest-ever deal in the tech sector.
Trump's order made no mention of China, but an earlier letter from the US Treasury Department warned that a takeover might hurt US leadership in 5G, super-fast fifth-generation wireless networks now being deployed, and consequently pose a threat to US security.
The presidential action was allowed because Broadcom is a foreign entity, but would not have been possible had it completed its move to Silicon Valley.
On March 14, Broadcom said it was withdrawing its offer for Qualcomm.
Broadcom was founded in California but moved its headquarters after a 2015 deal that merged it with Avago Technologies.
UK Financial Authorities Publish Paper On Operational Resilience
12.7.18 securityweek IT
UK Financial Authorities' Paper on Resilience Potentially Silos Continuity from Data Protection
The Bank of England (BofE), the UK's Prudential Regulation Authority (PRA), and the UK's Financial Conduct Authority (FCA) -- together known as the financial supervisory authorities -- have jointly published a discussion paper (PDF) on building operational resilience into the financial sector. While cyber is a major risk, the concept is to build resilience to all risks including cyber.
Regulated firms, financial market infrastructures (FMIs), consumers, industry bodies, auditors, specialist third-party providers, professional advisors and other regulators are invited to comment on the paper by 5 October 18. The paper notes that there is currently no global framework for resilience, and says that the authorities "will share our insights with the global regulatory community."
While the paper does not differentiate between the types of risk to continuity, it nevertheless reflects a great deal of current thinking about cyber risk. It suggests that relevant companies should plan on the assumption that disruption will occur, as well as seeking to prevent it. Current cyber advice is that companies should assume they either are currently breached or will be breached in the future.
Consequently, the key to resilience is for the board to define "the level of disruption that could be tolerated" (CISOs call this the 'risk appetite'); and for the risk managers (CISOs for the cyber aspect) to put in place the means to confine any disruption within those bounds. This is the thinking behind cyber advice to concentrate on incident response.
The paper takes the view that concentrating on resilience is consistent with the Bank of England's Financial Policy Committee's (FPC) work on cyber risk. "The FPC identifies, monitors and takes action to remove or reduce systemic risks with a view to protecting and enhancing the resilience of the UK financial system. The FPC has been considering whether testing the financial system for disruption from cyber incidents is warranted for the purpose of enhancing and maintaining UK financial stability. While the FPC has been doing this in the context of cyber, the concepts are relevant to operational resilience regardless of the specific cause of disruption."
Indeed, the recommended process for evaluating and reducing the risk to resilience is similar to the recommended process for evaluating and reducing cyber risk.
But where the paper digresses from current cyber thinking is the view "that managing operational resilience is most effectively addressed by focusing on business services, rather than on systems and processes." It's a question of emphasis, and is similar in concept to the ongoing difficulties between operational technology and information technology. OT frequently prioritizes continuity over data protection. While few cyber experts believe that security can be obtained by technology alone, even fewer believe it can be obtained without it.
In the financial sector it is feasible that risk management might conclude that maintaining legacy systems is more important to operational continuity than the cyber risk to those same legacy systems; or that the introduction of new cyber security technologies might be operationally disruptive. Neil Costigan, CEO at BehavioSec, sees a danger here. "This is less about appropriate technology than practices and thinking," he told SecurityWeek. "It does, I guess, offer solid support for CISOs to lobby their boards about the threats and expectations; but I see it as recommendations/guidelines/advice for silos."
While current cyber thinking is that OT and IT need to merge, there is a danger that this emphasis on continuity and processes might maintain and even promote the separation. Costigan goes further, suggesting the UK might be missing an opportunity here. The paper discusses individual bank responsibility, where possibly sector resiliency is a shared responsibility.
"If you look at Sweden and Norway," he said, "you'll see that the banks do not operate in isolation -- security is viewed as a collective responsibility." He gives the example of BankID -- a single identity system that operates across multiple financial institutions, and has been recognized as a legally binding signature in other areas.
Dan Sloshberg, director product marketing at Mimecast, suggests that concentrating on resilience will automatically include cyber issues. "WannaCry was a wakeup call and highlighted the disruptive power and scale cyber-attacks can have on our critical national infrastructure," he says. "Organizations can also learn from the new NIS Directive. This legislation clearly signals the move away from pure protection-based cybersecurity thinking. Robust business continuity strategies have never been more important to ensure organizations can continue to operate during an attack and get back up on their feet quickly afterwards."
Dave Ginsburg, VP of marketing at Cavirin, sees the paper as a reasonable attempt to improve resiliency in a changing world. He notes that since the London bombing threat going back to the IRA and The Troubles last century in the UK, and 9/11 in the U.S., banks in both countries have effective disaster recovery operations in place.
"However," he told SecurityWeek, "financial interconnections and interdependencies are much more complicated than they were 17 years ago. What the UK is getting at is putting in place the mechanisms to preserve the financial ‘supply chain' if the worst occurs due to physical or cyberattack. Everyday approaches to physical security and user training don't necessarily address this, and one would hope that institutions in the US, if not implementing such an approach already, may use this as a template. And, it need not only apply to finance, but to the cyber posture of other critical systems such as telecommunications, transportation, electricity, and water supply, to name a few."
"The concept of impact tolerance is core to the supervisory authorities' thinking," comments the paper, "and may challenge firms and FMIs to think differently. It encourages them to assume operational disruptions will occur. This means that attention can be directed towards minimizing the impact of disruption on important business services. Impact tolerance focuses firms, FMIs and the supervisory authorities on the potential vulnerabilities in business and operating models. The work they do to increase the resilience of these need not be tied to specific threats, rather an important business service should be made resilient to a wide variety of threats."
The paper highlights an unpalatable truth for consumers: in critical industries such as the financial sector, operational continuity is more important than data protection -- including PII. Concentrating resources on continuity could feasibly leave customer data more exposed to cyber-attack. Having PII stolen does not normally directly impinge on continuity, and could conceivably be considered of lesser importance (at least as far as the financial regulators are concerned).
The problem for individual firms within such critical industries is that any ensuing resilience regulations will not excuse them from existing data protection regulations. By treating resiliency as a separate issue to data protection, it merely complicates an already complicated regulatory environment.
Email Security Firm Mimecast Buys Staff Training Startup Ataata
12.7.18 securityweek IT
London, UK-based email archiving and security firm Mimecast has acquired Bethesda, Md-based security training company Ataata. Financial terms of the acquisition have not been disclosed
Mimecast, founded by CEO Peter Bauer and CTO Neil Murray in 2003, offers a SaaS-based email platform providing email security and management. Ataata was founded in 2016 by CEO Michael Madon. It offers a continuous training platform that analyzes results and predicts which staff may be security risks.
Research by Mimecast and Vanson Bourne in May 18 highlighted the extent to which humans are the targeted weakness in cybersecurity. From a pool of 800 IT decision makers and C-level executives, 94% had witnessed untargeted phishing attacks, 92% had witnessed spear-phishing attacks, 87% had witnessed financially-based email impersonation attacks (BEC), and 40% had seen an increase in trusted third-party impersonation attacks.
Mimecast LogoDespite this, only 11% of the respondents claimed to use continuous staff training to help employees detect and respond to such email attacks. "Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn't work," commented Bauer.
"As cyberattacks continue to find new ways to bypass traditional threat detection methods, it's essential to educate your employees in a way that changes behavior," he continued. "According to a report from Gartner, the security awareness computer-based training market will grow to more than $1.1 billion by year-end 2020. The powerful combination of Mimecast's cyber resilience for email capabilities paired with Ataata's employee training and risk scoring will help customers enhance their cyber resilience efforts."
Ataata brings humor to staff training. "Every module is drafted by professional television comedy writers who understand the reality of security in the enterprise," it explains. "Yes, such people exist. We hired 'em. So our content is funny, deeply knowing about the contemporary workplace and driven by characters your employees will recognize all too well." Ataata was founded on the principle that training should not be a compliance tool imposed by management, but a commitment enjoyed by staff.
Human error is involved in the majority of all security breaches, and casual mistakes can cost organizations money, their reputation -- and employees, potentially their job. "Organizations need to understand that employees are their last line of defense," says Madon. "Cybersecurity training and awareness doesn't need to be difficult or boring. Training and awareness is needed to help mitigate these internal risks. Our customers rely on engaging content at the human level, which helps to change behavior at the employee-level. We're excited to join forces with Mimecast to help customers build a stronger cyber resilience strategy that includes robust content, risk scoring and real-world attack simulation -- going way beyond basic security awareness capabilities."
Mimecast told SecurityWeek that teams from both firms will be working to integrate the products "to create the most advanced, sophisticated and effective cyber awareness training product on the market." Over time, the two platforms will become more tightly integrated, but, says Mimecast, "the offering is immediately relevant and valuable to all of Mimecast's target audiences."
Ataata has not operated from a central office. Existing staff will be maintained as employees of Mimecast, and remain based where they currently live -- with the exception of Madon. Madon, Mimecast told SecurityWeek, will relocate to Boston, where he "will now be leading up the newly established Mimecast Learning Labs, a training and certification program for Mimecast customers looking to achieve role-based excellence around security best practices."
Mimecast went public in late 2015 at $10 per share, raising $78 million in gross proceeds. After the IPO, share value fell as low as $6.20 in January 2016. Since July 2016, however, share price has risen steadily to $42.99 at the time of writing. Ataata raised $3 million in a Series A funding round in December 2017.
Former Equifax Manager Charged With Insider Trading
29.6.18 securityweek IT
US securities regulators announced insider trading charges on Thursday against a former Equifax manager who sold shares in the company before it disclosed a giant data breach.
Sudhakar Reddy Bonthu, a product development manager at Equifax, allegedly netted more than $75,000 after placing orders on September 1, 2017 betting that Equifax shares would fall, according to a complaint by the US Securities and Exchange Commission.
Six days later, the company announced one of the biggest data breaches ever, sending shares sharply lower.
"As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit," said Richard Best, director of the SEC's Atlanta Regional Office.
"Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves."
Bonthu, 44, a resident of Georgia, settled the SEC civil charges and agreed to return his ill-gotten gains plus interest, the agency said.
Bonthu has also been charged in a parallel US criminal case by the Department of Justice, the SEC said.
Bonthu is the second Equifax defendant in an insider trading case after authorities in March brought criminal and civil charges against former Equifax executive Jun Ying.
Key personal data, including names, social security numbers and dates of birth, were pilfered from more than 140 million Americans in the Equifax hack.
On Wednesday, the company agreed to new oversight requirements under a consent order with eight state regulators, including financial regulatory bodies in New York, Georgia and California.
Threat Detection Firm Cynet Raises $13 Million
28.6.18 securityweek IT
Threat detection and response company Cynet on Wednesday announced that it raised $13 million in a Series B funding round, which brings the total raised to date to $20 million.
The funding round was led by Norwest Venture Partners, with participation from Shlomo Kramer and Ibex Investors. The firm previously raised $7 million in a Series A funding round in 2016.
Cynet says it will use the new funds to continue its growth and keep fueling the development of its products.Cynet secures $13 million investment
The company’s Cynet 360 platform, which is said to be used by organizations worldwide to protect millions of endpoints, is designed to prevent, detect and remediate any threat on the internal network, including malware, zero-day attacks, ransomware, lateral movement, and malicious insiders.
Cynet says its solution can be deployed in less than two hours and it provides security teams complete visibility into traffic and communications across tens of thousands of endpoints.
“Almost all cybersecurity solutions are built to address one vertical in the complex enterprise defense architecture,” said Dror Nahumi, general partner at Norwest Venture Partners. “However, small to medium size enterprises do not have the resources to define, select, integrate and manage dozens of products from different vendors. We are impressed with Cynet’s vision and proven customer success to enable a complete defense solution from a single platform, addressing this huge market demand.”
Identity-based Threat Detection Preempt Raises $17.5 Million
28.6.18 securityweek IT
San Francisco, Calif (HQ) and Ramat Gan, Israel (R&D) threat prevention firm Preempt has raised $17.5 million in a Series B funding round supported by ClearSky, Blackstone, Intel Capital and General Catalyst. The total raised by Preempt now stands at $27.5 million, having raised $2 million as seed funding in 2014, and $8 million in a Series A round in 2016.
Preempt was founded in 2014 by Ajit Sancheti, and Roman Blachman. It is another innovative cybersecurity firm with roots into the Israeli Defense Forces, where Blachman spent almost ten years -- with four as a research and development manager.
Preempt focuses on providing security by preventing malicious transactions. It does this by identity, behavior, risk and context at the point of the transaction rather than just the point of log-in. It allows, says the company, for control over who can access what resources and in what context without network segmentation or application development.
"Our mission," explains Preempt CEO and co-founder Ajit Sancheti, "is to provide a more holistic approach around securing and protecting identity within the enterprise and to make it easier for enterprises to preempt threats before they impact the business."
In a blog published Wednesday (June 27), ClearSky's operating partner and CISO, Patrick Heim wrote, "We believe that Preempt's approach -- identity as the new perimeter, identity as a cybersecurity problem-solver -- is the future."
The idea of identity being the true perimeter is a growing concept. It is no longer the firewall nor even the endpoint that should be considered the security perimeter -- it is each individual human. Earlier this month, Tessian co-founder and CTO Ed Bishop told SecurityWeek, "Our belief is that organizations' security has moved on from perimeter firewalls, and even endpoint security. I think we are in a third phase here, where humans are the real endpoints of the organization."
While Tessian concentrates on email security, Preempt concentrates on real-time network threat prevention -- but both do so based on user identity and behavior.
Preempt further allows tool and protocol containment. The misuse of network tools can be controlled, and the use of hacking tools prevented. It can deeply inspect authentication protocols such as Kerberos, NTLM, RPC and LDAP, and detect known issues such as pass-the-hash.
At the same time, all user activity can be viewed in one place, including access, behavior, history, profile, changes, locations, device, role, password strength, privileges, VPN, SSO, and more.
ClearSky's Patrick Heim is joining Preempt's board of directors. "It was exciting to see Preempt take a radical new approach to solving vulnerabilities that lie at the core of virtually all enterprises and are commonly leveraged by attackers in major breaches," he said; while adding in his blog, "It's rare that [I] get truly excited about a new security technology."
Preempt already counts Fortune 500 enterprises among its customers. The new funding is intended to help the company expand operations to accelerate product innovation and its go-to-market strategy.
BitSight Raises $60 Million in Series D Funding Round
28.6.18 securityweek IT
Security ratings firm BitSight today announced that it has closed a $60 million Series D funding round that brings the company’s total funding to $155 million.
Founded in 2011, BitSight's Security Ratings SaaS platform is currently used by more than 1,200 customers around the world to manage third party risk, benchmark performance, underwrite cyber insurance policies and conduct M&A due diligence.
BitSight plans to use the funding to continue its global expansion and extend its portfolio of security risk management solutions.
According to BitSight, demand for its product is increasing rapidly. In fact, cyber-security ratings are expected to become “as important as credit ratings when assessing the risk of business relationships” within the next four years, the company notes, citing a Gartner report.
Cybersecurity rating services are also expected to impact the degree to which organizations engage with other companies and should also influence the cost and availability of cyberinsurance.
“When BitSight introduced the first Security Ratings Platform in 2011, we set out to transform how businesses evaluate risk and security performance. […] there is still more work to do in continuing to establish a global standard for cyber security risk decisions,” said Tom Turner, CEO of BitSight.
“We believe there is tremendous opportunity for BitSight globally, and we look forward to working with Tom and the rest of the talented management team in the company’s next phase of growth,” Davis said.
Led by Warburg Pincus, BitSight’s new funding round received participation from existing investors Menlo Ventures, GGV Capital and Singtel Innov8. Cary Davis, Managing Director of Warburg Pincus, will join BitSight's Board of Directors.
Ping Identity Acquires API Security Firm Elastic Beam
28.6.18 securityweek IT
Identity management solutions provider Ping Identity on Tuesday announced the acquisition of Elastic Beam, a company that specializes in detecting and blocking attacks aimed at application programming interfaces (APIs).
Ping Identity has been around since 2002 and it has raised more than $128 million. It previously acquired two other companies, UnboundID in 2016 and Accells Technologies in 2014.
The Ping Identity Platform allows enterprise users to securely access mobile, cloud and on-premises applications, while providing developers the possibility to enhance their apps with access management, single sign-on, multi-factor authentication, and data governance capabilities.
Elastic Beam emerged from stealth mode last year with a hybrid cloud software product that uses artificial intelligence (AI) to detect and neutralize threats that leverage APIs, including data exfiltration, unauthorized changes or removal of data, distributed denial-of-service (DDoS) attacks, code injections, brute force attempts and authentication via stolen credentials, API memory attacks, and WebSocket attacks.
Along with the acquisition of Elastic Beam, Ping Identity announced the launch of a new AI-driven solution designed for securing APIs.
The new product, named PingIntelligence for APIs, is currently in private preview and is expected to become generally available in the second half of 18.
According to the company, PingIntelligence for APIs is designed to provide organizations deep visibility into how APIs are used or misused, and it delivers extensive information that can be useful for audit, compliance, and forensic reports.
“PingIntelligence for APIs applies AI models to continuously inspect and report on all API activity. It automatically discovers anomalous API traffic behavior across the enterprise. Bad actors are well versed in circumventing static security policies, so PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code,” Ping Identity described the product on its website.
Window Snyder Joins Intel as Chief Software Security Officer
26.6.18 securityweek IT
Intel on Monday announced that Window Snyder has joined the company’s Software and Services Group as chief software security officer, vice president and general manager of the Intel Platform Security Division.Window Snyder joins Intel
The decision, effective July 9, comes after Intel was forced to rethink its cybersecurity strategy following the disclosure of the Spectre and Meltdown vulnerabilities early this year, and less than one week after the chip giant announced the resignation of Brian Krzanich as CEO and member of the board of directors.
Snyder has worked in the cybersecurity industry for two decades, including as senior security strategist at Microsoft, co-founder of Matasano, security chief at Mozilla, and security and privacy product manager at Apple. Prior to joining Intel, she was Fastly’s chief security officer for three years.
“In this role with Intel, Window will be responsible for ensuring the company maintains a competitive security product roadmap across all segments in support of business group objectives and continues to engage with the external security ecosystem to apply industry trends and sensing to Intel roadmap differentiation,” said Doug Fisher, senior vice president and general manager of the Software and Services Group at Intel.
Specifically, according to Fisher, Snyder will be responsible – among other things – for working with operating system developers and the security industry to ensure that the company is informed on attacks, to help guide its response, to deliver differentiated security capabilities for data and workloads, and to “drive scale for security.”
Cyber Intelligence Firm Intsights Raises $17 Million
22.6.18 securityweek IT
Israel-born startup Intsights Cyber Intelligence has raised $17 million in a Series C funding round led by Tola Capital. It brings the total capital raised by the firm to $41.3 million ($1.8 million seed funding in 2015; $7.5 million Series A in 2016; and $15 million Series B in 2017).
"This new round of funding," commented CEO Guy Nizan, "will fuel further investment in our cyber reconnaissance capability and global expansion, allowing us to bring the power of tailored intelligence to enterprises around the globe."
The firm was founded in Israel in 2015 by Alon Arvatz, Gal Ben David, Guy Nizan. All three are veterans of the elite cyber-warfare and intelligence services of the Israel Defense Forces (IDF). Intsights is now headquartered in New York, NY.
Intsights Cyber Intelligence is predicated on the idea that effective defense begins before an attack is launched. By definition, most traditional security controls are reactive. They attempt to recognize an attack at the perimeter and block it, or an existing incursion and mitigate it. But also by definition, reactive controls are after the event: the attack is in progress or has already succeeded.
Intsights seeks to be proactive -- to recognize and mitigate an attack before it occurs. It does this by crawling both the surface and dark web looking for indications that an attack is being planned by a hacker or criminal gang. Clues can include actions like scouting targets, using suspicious tools, and collaborating with other hackers on underground forums. The Intsights platform then goes further by integrating with many of the most popular security controls, automatically updating the security infrastructure to block or mitigate the budding attacks it discovers.
Intsights has 15 strategic partners, including firms like Splunk, Check Point, Palo Alto, Carbon Black, Fortinet, IBM, Microsoft, LogRhythm (now majority-owned by investment firm Thoma Bravo), and Symantec.
"Cyber-attacks are driven by humans who leave footprints and breadcrumbs as they plan their attack," explains Nizan. "Enterprises need tailored intelligence that looks beyond the firewall to see the indicators of attack their cyber adversaries leave and understand how, why and when they plan to attack."
Sheila Gulati, managing director of investment firm Tola Capital, expands: "Traditional threat intelligence solutions have failed to deliver the advantage promised to enterprise customers and their security teams. Today, CISOs want to understand what risks are coming and take a proactive stance, as well as determine what sensitive assets are already exposed. By leveraging a data and software enabled approach, security teams can prepare for upcoming attacks and prevent future attacks."
Of course, corporate risk isn't limited to the attack itself. Risk also comes from fake mobile applications, phishing sites, pastebin posts, social media pages, and malicious domains. These can be discovered by Intsight's web-crawling algorithms -- and the platform allows them to be remediated with a single click. "This is done," says Intsights, "via integration with social media platforms, app stores, and registrars by engaging with the IntSights External Remediation team."
The firm already has 20 of the Fortune Global 500 enterprises among its customers, from the financial services, automotive, telecom, apparel, and gaming industries. This customer base is growing at more than 200%. Intsights has offices in Amsterdam, Tokyo, Singapore, Dallas, and Boston and 40 reseller partners worldwide.
CrowdStrike Raises $200 Million at $3 Billion Valuation
20.6.18 securityweek IT
Sunnyvale, California – based endpoint security firm CrowdStrike today announced that it has secured over $200 million through a Series E round of financing, valuing the company north of $3 billion.
Founded in 2011, CrowdStrike takes a cloud-based approach to endpoint security and has more than doubled both its revenue and headcount over the past year. The company says it is currently serving more than 16% of Fortune 1000 companies and 20% of Fortune 500 companies.
According to the company, the newly secured funds will be used to accelerate the global demand for its CrowdStrike Falcon endpoint protection platform.
The company also says it has seen impressive year-over-year growth in various areas, including: 500% increase in number of $1 million or greater annual contract value (ACV) transactions, 167% increase in the number of subscription customers, 172% growth in new subscription bookings ACV, and 140% increase in annual recurring revenue.
In early June, the company launched its next-generation endpoint security breach prevention warranty, offering up to $1 million if a breach occurs within a customer’s protected environment, as part of its Falcon EPP Complete offering.
In July 2017, CrowdStrike teamed with Dragos, a company that specializes in protecting industrial control systems (ICS), on a strategic partnership to allow joint customers to benefit from a combination of CrowdStrike’s assessment, preparedness and incident response services and Dragos’ expertise in protecting ICS.
The Series E funding round was led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG.
Cylance Announces $120 Million in Funding
20.6.18 securityweek IT
Endpoint security firm Cylance announced Tuesday afternoon that it has closed a $120 million funding round led by funds managed by Blackstone Tactical Opportunities and including other investors.
The announcement was made hours after endpoint security rival CrowdStrike announced that it had raised more than $200 million in a Series E round of funding at a $3 billion valuation. Given the timing of the announcement—just after 1PM ET—it is likely that Cylance had been preparing to announce its funding in the near future, but scrambled to get the news out as soon as possible to follow CrowdStrike. The company did not immediately respond to a request for comment on the timing of the announcement.
Cylance’s flagship endpoint security product, CylancePROTECT, takes a mathematical and machine learning approach to identifying and containing zero day and advanced attacks. The company has been utilizing artificial intelligence and machine learning as part of its core marketing message since the company was founded in 2012.
The company claims that it has prevented over 23 million attacks worldwide, including more than four million previously unidentified attacks.
According to Cylance, the additional cash will be used to support sales, marketing and development efforts to increase market share, and further expand its footprint across Europe, the Middle East, and Asia Pacific, and expand product offerings.
“With annual revenues over $130 million for fiscal year 18, over 90% year-over-year growth, and more than 4,000 customers, including over 20% of the Fortune 500, we have demonstrated market success, scale and traction,” said Brian Robins, Chief Financial Officer at Cylance. “We are honored to have Blackstone Tactical Opportunities expand its commitment to Cylance by leading this round of financing. The investment supports our growth strategy and will enable us to continue on the path to becoming cash flow positive.”
In April 2017, Ars Technica published an article detailing a test that used 48 Cylance-provided malware samples, which showed 100% detection by Cylance, but somewhat less from competing products, leading some to some suggestions that Cylance had been gaming the system. In response, Chad Skipper, Cylance's vice president of product testing and industry relations, explained that Cylance doesn't simply use known malware for tests, but alters them via the mpress and vmprotect packers so they effectively become unknown malware. Cylance also claimed at the time, that the majority of independent third-party tests are biased in favor of the incumbent vendors that use malware signature databases (as well as other techniques, including their own use of machine learning).
Cylance is not alone in disputes over competitive testing methods. CrowdStrike sued testing firm NSS Labs in 2017 to seek a temporary restraining order to prevent publication of CrowdStrike comparative test results. CrowdStrike explained that it filed suit to hold NSS accountable for unlawfully accessing its software, breaching its contract, pirating its software, and improper security testing.
Osquery Management Firm Uptycs Emerges from Stealth With $10 Million Funding
19.6.18 securityweek IT
Waltham, Mass-based Uptycs has emerged from stealth today with the announcement of $10 million Series A funding. The investment was led by ForgePoint Capital and Comcast Ventures.
Uptycs provides security analytics to the huge amounts of data that can be provided by the Osquery open source endpoint agent. The new funds will be used to expand staff levels and further product development.
Osquery Solutions from UptycsOsquery is an operating system instrumentation framework for Windows, OS X, Linux and FreeBSD developed by Facebook. It effectively turns the operating system of individual endpoints into a relational database, allowing system data, such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes, to be explored via SQL queries.
This has huge potential for security. For example, a query could be used to return all currently executing processes, but refined to list only those where the original launching binary no longer exists on the filesystem. This could indicate stealthy malware.
"By itself," explained Uptycs director of security in a blog posted last week, "Osquery is a really neat project that allows you to virtualize an endpoint as if it were a SQL database of information, instead of having to run and remember hundreds of different system utilities. You can ask questions with queries, and schedule questions with query packs. However, what you really need is a way to deploy and manage Osquery at scale."
This is Uptycs. The Uptycs security analytics platform, said the firm in a statement today, stores and transforms Osquery telemetry into context-rich dashboards, reports and alerts that help teams detect intrusions, discover vulnerabilities and manage compliance all from a comprehensive, common dataset. And it doesn't matter whether it is 50 or 50,000 endpoints involved.
"Organizations aren't Windows-centric anymore. There is an increasing mix of Windows, Linux, Mac and containers running across the enterprise, especially in cloud and hybrid environments," said Uptycs CEO and founder, Ganesh Pai. "Security solutions have not kept pace to serve the needs of today's modern computing environments. There are growing blind spots especially for cloud workloads and macOS that Osquery is uniquely capable of covering. Uptycs is helping companies leverage the benefits of Osquery quickly, and at scale."
"A challenge in the modern enterprise is juggling the numerous point security solutions -- each with their own data collection strategy -- especially across a diverse ecosystem of IT assets. Uptycs combines the universality of Osquery with meaningful views of data." explained Andy Ellis, CSO at Akamai. "A team of any size or maturity benefits, taking action across a range of needs from compliance to incident response. As organizations grow, they will continue to benefit from the continuous monitoring and analytics Uptycs provides."
Google Increases Visibility Into Endpoints Accessing G Suite Data
19.6.18 securityweek IT
A newly added “Endpoint Verification” feature in G Suite provides administrators with increased visibility into the computers that have access to corporate data.
Released for ChromeOS, macOS, and Windows, the new feature requires a Chrome extension to be installed. On macOS and Windows, the feature also requires a native application that works with the extension.
Users can install the extensions and the apps individually and admins can deploy them centrally, if needed, Google reveals.
Once it has been set up on user devices, Endpoint Verification provides admins with access to an inventory of desktop and laptop devices within the enterprise environment that can access corporate data. Additionally, it offers information such as screen lock, disk encryption, and OS version.
Through said Chrome extensions and native apps, Endpoint Verification collects information on the users’ systems, and displays the information in a new report that becomes accessible via the Admin console.
All that an admin should do to access the available reports is to open the Admin console and visit the Device management > Endpoint Verification section.
When the Endpoint Verification extension is installed on a user’s system, a notification is displayed and the user needs to click “Agree” before the data from their device appears in the admin’s Endpoint Verification report. No data will be shown in the admin console if the user doesn’t click “Agree.”
“[Endpoint Verification is] a lightweight and easy solution for desktop and laptop device reporting, and we hope this visibility empowers admins to maintain a strong security posture for their organization,” Google notes.
The search company is launching the new feature to both Rapid Release and Scheduled Release, for all G Suite Editions. The rollout, however, will be gradual, meaning that it might take up to 15 days for the functionality to become available in some cases.
F-Secure Acquires MWR InfoSecurity for $106 Million
18.6.18 securityweek IT
Finland-based F-Secure announced on Monday that it has entered an agreement to acquire cybersecurity consultancy MWR InfoSecurity for over €91.6 million ($106 million) in cash and the promise of a significant earn-out if business objectives are achieved until the end of 2019.
Specifically, in addition to the €91.6 million ($106 million), which is subject to adjustments, F-Secure has agreed to pay up to €28.6 million ($33 million) if the agreed business target is achieved between July 1, 18, and December 31, 2019.
The acquisition is expected to be completed in early July. F-Secure is still evaluating the impact of the acquisition on the company’s financial outlook for 18.
MWR has nearly 400 employees across offices in the UK, the US, South Africa and Singapore. The company estimates that its revenue for the financial year ending on June 30 will be €31.1 million ($36 million).
The deal is part of F-Secure’s growth strategy, allowing the company to expand its services offering to global markets. The acquisition of MWR also results in the addition of the Countercept threat hunting platform to F-Secure’s detection and response offering. The company’s portfolio will also be enhanced by MWR’s managed phishing protection services.
“The acquisition brings MWR InfoSecurity’s industry-renowned technologies to F-Secure making our detection and response offering unrivaled. Their threat hunting platform (Countercept) is one of the most advanced in the market and is an excellent complement to our existing technologies,” said F-Secure CEO Samu Konttinen.
“I’m thrilled to welcome MWR InfoSecurity’s employees to F-Secure. With their vast experience and hundreds of experts performing cyber security services on four continents, we will have unparalleled visibility into real-life cyber attacks 24/7. This enables us to detect indicators across an incredible breadth of attacks so we can protect our customers effectively. As most companies currently lack these capabilities, this represents a significant opportunity to accelerate F-Secure’s growth,” Konttinen added.
UK Email Threat Firm Tessian Secures $13 Million Series A Funding
18.6.18 securityweek IT
London, UK-based start-up Tessian has raised $13 million in a Series A funding round led by Balderton Capital. Existing investors Accel, Amadeus Capital Partners, Crane, LocalGlobe, Winton Ventures and Walking Ventures also participated. It brings Tessian's total funding, including initial Angel investments and seed funding, to $16.8 million.
Tessian uses machine learning artificial intelligence to prevent sensitive data leakage via email. It was founded in 2013 by Tom Adams, Ed Bishop and Tim Sadler, who first met as students at Imperial College, London before moving on to careers in investment banking. It was here they realized the extent and danger of accidental data leakage via email -- and saw a market gap for a preventative product.
Data from the UK's data protection regulator, the Information Commissioner's Office (ICO) shows the single greatest category of reported data security incidents in the UK during the first quarter of 18 was data sent by email to the wrong person. With the likelihood of such incidents attracting more attention and potentially greater fines under GDPR (effective from May 18), it is a simple business error that needs to be addressed.
"It's human nature to fear scary things like hackers or malware," explains Sadler, "but we often don't think twice about the dangers behind something as familiar and ingrained as sending an email. In reality that's where an overwhelming threat lies."
"What Tessian has done," comments Balderton Capital partner Suranga Chandratillake, "is apply machine intelligence to understand how humans communicate with each other and use that deeper understanding to secure enterprise email networks." As an investor he sees great potential for expanding the approach into other forms of human business communication. "The genius of this approach," he continues, "is that while the product focus today is on email -- by far the most used communication channel in the corporate enterprise -- their technology can be applied to all communication channels in time. And, as we all communicate in larger volumes and on more channels, that represents a vast opportunity."
Both Chandratillake and Accel partner Luciana Lixandru will join the Tessian board. "Since our seed investment just over a year ago," she said, "the company's ability to address a fundamental data security risk has been reflected in its strong growth and a string of blue chip client wins."
That growth has seen annual recurring revenue increase by 400% in the last twelve months, with staff levels increasing from 13 to 50 people. Clients include Schroders, Man Group and Dentons and over 70 UK law firms.
Chris White, global CIO at international law firm Clyde & Co LLP, commented, "Misaddressed emails are a major cybersecurity problem that all organizations have to deal with, but trying to train human error out of employees is near impossible. Tessian's machine intelligence plays a vital role in helping mitigate these kinds of errors and ensure that customer data remains secure and private. The speed and ease of deployment of Tessian," he added, "has been unparalleled by any other solution we've dealt with, and has been our quickest GDPR win to date."
Tessian uses machine learning to understand normal email communication patterns and automatically identify email security threats in real time. It analyzes enterprise email networks to understand normal and abnormal email sending patterns and behaviors, detects anomalies in outbound emails and warns users about potential mistakes, before the email is sent.
"Our belief at Tessian," co-founder and CTO Ed Bishop told SecurityWeek, "is that organizations' security has moved on from perimeter firewalls, and even endpoint security. I think we are in a third phase here, where humans are the real endpoints of the organization." If you look at how hackers try to break into a company, they're not so much hacking devices as hacking the humans.
"We are focused on building security for the human endpoint," he continued. "In short, we are thinking not just about outbound email threats, but also inbound email threats; and in going beyond that to understand what are the other ways in which humans leak data within an enterprise."
The new funding will be used to expand its product offering and increase its sales and marketing teams. It is likely that the product will be expanded to directly address the BEC and phishing threats before the firm moves on to other forms of business communication.
India-based Network Intelligence Raises for $4.8 Million for Expansion
16.6.18 securityweek IT
Bengaluru, India-based security services and products firm Network Intelligence Inc (NII) has raised Rs 33-crore funding (approximately $4.8 million) from private equity firm Helix Investments. The money will be used for product development and to expand operations in the U.S. and Europe. The investment values the firm at $22.7 million.
NII was founded in 2001, and provides information security services, consultancy and products. It offers assessment, advisory, remediation, training, and managed services; and is an Indian VAR for leading global security firms and products -- such as McAfee, Imperva, Cyber-Ark and FortiGate. NII also sells its own products, Firesec and Insight.
Firesec delivers an analysis of firewall rules for medium to large enterprises. It can purge redundant rules, group similar rules, and find vulnerable rule patterns. Insight is a vulnerability management suite that can manage assets, assess vulnerabilities, and determine compliance status.
"We are going to deploy the funds for two purposes," said KK Mookhey, CEO of NII: "expanding to the US and Europe and to enhance product development initiatives. Around 60% of our revenues are from the banking, financial services and insurance (BFSI) sector and the rest from critical infrastructure like oil and gas and also from IT."
NII employs around 450 people, primarily in India and the Middle East. Its operations centers are in Mumbai and Dubai, and it has recently established operations in the U.S. and Singapore.
Helix Investment is an India-focused private equity fund that aims to invest around $20 million annually in India -- typically at around $5 million to $15 million at a time. The fund is sponsored by Culbro LLC, the private equity investment vehicle of the Cullman family of New York and by Bloomingdale Properties, a US based investment and real estate company.
Australia Agrees Solomons Internet Cable After China Concern
13.6.18 securityweek IT
Australia will help fund and build an underseas communications cable to the Solomon Islands, it was agreed Wednesday, after the Pacific nation was convinced to drop a contract with Chinese company Huawei.
The impoverished country and Huawei inked a deal in late 2016 to construct the fibre-optic cable from Australia to Honiara to improve its often unreliable internet and phone services.
But Solomon Islands Prime Minister Rick Houenipwela said last week there had been a change of heart following "some concerns raised with us by Australia", without elaborating.
The move comes with Australia refocusing its foreign aid programmes to win hearts and minds in the island nations of the Pacific, as China flexes its muscle in the region.
It pledged more than Aus$1.3 billion (US$970 million) in its national budget last month to fund projects such as the communications cable, which will also link-up with Papua New Guinea.
Canberra and other regional capitals have become increasingly alarmed at Beijing's push into the Pacific through "soft diplomacy", which could potentially upset the strategic balance in the region.
Australian Foreign Minister Julie Bishop refused to detail what concerns Canberra had with telecom giant Huawei.
"I would not elaborate on security issues, that's not appropriate," she told reporters.
"What we have offered the Solomon Islands, and they have accepted, is an alternative to the offer, and ours is cheaper. It's likely to be a faster result for them, and technically superior."
Huawei was blocked from bidding for contracts on Australia's ambitious national broadband project in 2012, reportedly due to concerns about cyber-security.
Huawei has long disputed claims of any links to the Chinese government.
According to broadcaster ABC, Australia's spy boss Nick Warner and other senior officials visited the Solomons last year and returned with concerns about Huawei being permitted to plug into the country's telecommunications infrastructure.
They reportedly believed that while Huawei was an independent company, it retained links to the Chinese government and could pose a threat to Australian infrastructure in the future.
After meeting Houenipwela in Canberra Wednesday, Prime Minister Malcolm Turnbull said Australia will also jointly fund a domestic telecommunication cable network linking remote provinces in the Solomons to the capital Honiara.
"As we step up our engagement in the Pacific, we are working as partners with Solomon Islands more closely than ever to ensure stability, security and prosperity in the region," he said.
Splunk to Acquire DevOps Alert Firm VictorOps for $120 Million
12.6.18 securityweek IT
Machine data solutions firm Splunk announced Monday that it has agreed the acquisition of alert management start-up VictorOps for approximately $120 million. The acquisition is expected to close during Splunk's FQ2, subject to customary closing conditions, and will be funded by cash out of Splunk's balance sheet.
The acquisition makes sense. Splunk uses data analytics and artificial intelligence to locate alert incidents within masses of log data. VictorOps manages the delivery of alerts to the right on-call technical staff. Together, they combine data analytics with DevOps practices.
"The world is changing," explains VictorOps' CEO and co-founder Todd Vernon in an associated blog. "Companies are increasingly relying on software for their competitive advantage in business. Software that historically changed a few times a year, now changes hourly or even by the minute in progressive, market-savvy companies."
VictorOps was founded to provide a collaborative way to quickly resolve software incidents. "By combining VictorOps incident management capabilities and the Splunk platform," Vernon continued, "organizations will be able to quickly resolve and even help prevent issues that degrade customer engagement. We look forward to joining Splunk and working together to help solve these complex challenges facing every Development and DevOps team."
"The combination of machine data analytics and artificial intelligence from Splunk with incident management from VictorOps creates a 'Platform of Engagement' that will help modern development teams innovate faster and deliver better customer experiences," added Doug Merritt, president and CEO at Splunk. The intention is the integration of Splunk Enterprise with VictorOps will deliver monitoring, event management, on-call management and ChatOps.
'Platform of engagement' is also the term used by VictorOps. "Modern Incident Management," wrote Vernon, "is in a period of strategic change where data is king, and insights from that data are key to maintaining a market leading strategy. We look forward to working together to create a 'Platform of Engagement' that uses the most actionable information available and correlates monitoring and incident management data to foster shared understanding, speed resolution, and leverage AI to recommend solutions."
The acquisition of VictorOps builds on the earlier $350 million acquisition of Phantom. While Phantom also helps automate IT teams' responses to alerts, it lacks VictorOps' team collaboration capabilities.
VictorOps was founded in 2012 by Bryce Ambraziunas, Dan Jones and Todd Vernon. In 2016 it raised $15 million in Series B funding, bringing the total funding raised to $33.7 million. Investors include Silicon Valley firms Shea Ventures and Costanoa Ventures.
San Francisco, CA-based Splunk was founded in 2003. VictorOps is its seventh acquisition, including Phantom earlier this year, and SignalSense in October 2017. Both Phantom and VictorOps had a year-long product integration partnership with Splunk prior to acquisition.
"Upon close," wrote Vernon, "VictorOps will join Splunk's IT Markets group and together will provide on-call technical staff an analytics and AI-driven approach for addressing the incident lifecycle, from monitoring to response to incident management to continuous learning and improvement."
Splunk plans to retain VictorOps approximately 90 employees after the acquisition.
Industrial Cybersecurity Firm Claroty Raises $60 Million
11.6.18 securityweek IT
New York-based industrial cybersecurity firm Claroty announced on Monday that it raised $60 million in a Series B funding round, bringing the total amount raised by the company to date to $93 million.
The funding round was led by Temasek, with participation from several industrial giants, including Rockwell Automation, Schneider Electric’s investment arm Aster Capital, and Siemens-backed venture capital firm Next47. Envision Ventures, Tekfen Ventures and original Claroty investors Bessemer Venture Partners, Innovation Endeavors, Team8, and ICV also contributed.
The company will use the new funds to further advance the technology powering its products, grow the Claroty brand, and extend global sales and customer support.
Claroty has been working with Rockwell Automation for nearly two years and in 2017 the companies announced that they had teamed up to combine their security products and services. Claroty also struck a deal last year with Schneider Electric to market its network monitoring solutions through Schneider’s Collaborative Automation Partner Program (CAPP).
Siemens has also entered a partnership with Claroty. A recently introduced anomaly detection capability added by Siemens to its service offering involves Claroty software running on Siemens hardware – initially on ruggedized PCs and, in the future, on switches.
Claroty was founded in 2014 and it emerged from stealth mode in 2016 with $32 million in funding. The company claims it has recorded a 300% year-over-year growth in bookings and customer base, which includes organizations all around the world in the electric utilities, oil and gas, chemical, manufacturing, mining, food and beverage, and real estate sectors.
Claroty’s ICS security platform continuously monitors operational technology (OT) networks in search of potential threats. The product enables organizations to control remote employee and third-party access to critical systems, and helps them create a detailed inventory of industrial network assets and identify configuration issues.
“Protecting the critical automation systems our customers operate against cyberattacks remains a top priority for the company,” said Frank Kulaszewicz, SVP, Architecture & Software at Rockwell Automation. “Claroty has been a partner since 2016 and their advanced technology is a key element of our real-time threat detection and monitoring service. Our investment in Claroty is a logical extension of our ongoing strategic partnership.”
“A perimeter defense to cybersecurity in today’s connected world is not enough. An end-to-end approach, with solutions that provide deep visibility into operational technology and industrial control systems, is critical for the security of heavy processing environments,” said Hervé Coureil, Chief Digital Officer at Schneider Electric. “Leading the digital transformation of energy management and automation, Schneider Electric takes cybersecurity very seriously and the partnership with Claroty complements the cybersecurity layer of our IoT-enabled EcoStruxure architecture.”
Capgemini to Acquire Leidos Cyber
9.6.18 securityweek IT
French IT consultancy firm Capgemini announced Thursday an agreement to acquire Leidos Cyber from the U.S.-based Leidos. The acquisition is subject to anti-trust and Committee of Foreign Investment in the United States (CFIUS) approvals, and is expected to complete before the end of 18. Financial terms have not yet been disclosed.
Founded in 1967, the Capgemini Group employs more than 200,000 people in more than 40 countries. It focuses on consulting, technology services and digital transformation; and reported global revenue of EUR 12.8 billion in 2017.
In terms of its heritage, a Capgemini spokesperson told SecurityWeek, "Leidos Cyber was formed through the mergers, since 2011, of Lockheed Martin’s corporate division, Industrial Defender and Leidos’ own commercial cybersecurity business."
Leidos was formerly known as Science Applications International Corporation (SAIC), which changed its name in 2013. A new SAIC was then spun off Leidos, retaining the original name. Leidos Cyber is the cybersecurity arm of Leidos Holdings, employing almost 500 cybersecurity professionals across the North America. Leidos reported 2017 revenues of $10.2 billion.
The products and services of the two organizations complement each other. Capgemini gives a global market to Leidos Cyber's services; while Leidos Cyber will give Capgemini a much stronger footing in the U.S.
"Leidos Cyber is a pioneer in the field of cybersecurity. It defined the market in protecting the industrial control ecosystem for the mission critical infrastructure needs of global enterprises," comments Paul Hermelin, Chairman and CEO, Capgemini. Leidos' core market comprises government and highly regulated industries.
"Its world class security expertise and status as a trusted advisor to many Fortune 500 leaders," continued Hermelin, "makes it totally complementary to Capgemini's global cybersecurity practice. It is the perfect fit to reinforce our cybersecurity practice in North America, to help meet the security requirements of our international client base."
Robert Meindl, president of Leidos Cyber, is also confident, calling Capgemini 'a natural home for our commercial cybersecurity team'. "Not only will we be able to play our part in augmenting the North America cybersecurity practice," he said, "but we also look forward to adding value to the global security provisions of Capgemini's clients around the world."
Angie Heise, president at Leidos Civil Group, added, "Capgemini's commitment to engaging a broad set of commercial markets makes it an ideal fit for the Leidos Cyber business."
Nikesh Arora Takes Over as New CEO of Palo Alto Networks
9.6.18 securityweek IT
Nikesh Arora became the new CEO of Santa Clara, CA-based Palo Alto Networks (PAN) on Wednesday, June 6. He replaces existing CEO Mark McLaughlin, who will continue with PAN as vice chairman of the PAN board.
"Over the course of several quarters, I have been discussing succession planning with the Board and I couldn't be more pleased that we have found a leader in Nikesh," said McLaughlin, who has served as CEO since 2011.
Share price dipped slightly since the news became known at the beginning of the month, but at $197.07 (at the time of writing) it is still considerably up on the firm's 52-week low of $126.56. It has been suggested that the market is slightly wary of Arora's lack of cybersecurity experience. He is, however, a big business player with big business experience.
Nikesh Arora - chairman and CEO of Palo Alto NetworksArora's former positions include chief business officer at Google (Fortune claims that Eric Schmidt once described him as "the finest analytical businessman I have ever worked with"); and COO at SoftBank (where he was 'heir apparent' to founder Masayoshi Son). He left SoftBank when Son decided to stay on for another decade. At Google, Fortune claims, "He helped instill discipline into the quirky Internet upstart, focusing its untamed energy into unstoppable commercial force."
Arora is not concerned about his personal lack of cybersecurity experience. "The good news is I knew nothing about advertising or ad sales when I joined Google in 2004 and I think that worked out," he told CNBC. In 2012, he was Google's highest paid executive. He expects to work closely with both McLaughlin and PAN founder and CTO, Nir Zuk. "I may not have a background in security, but with my background as an engineer, I can sit down with Zuk to help guide the next generation of products we can offer," he told recode.net.
Arora's pay package is impressive -- especially if he provides impressive growth to the company. His base salary is around $1 million per year, with a further $1 million as target bonus; plus $40 million of restricted stock vesting over seven years, and stock options valued at $66 million vesting in increments. "If the stock quadruples," reports Business Today, "he is in for a windfall -- he gets all of them." BT calculates this will amount to $128 million.
"We wanted to make sure that Nikesh, as the new leader of the company, has strong skin in the game," Asheem Chandna, a member of Palo Alto Networks' board of directors and investor at Greylock Partners, told Fortune. "And we wanted to make sure Nikesh is rewarded if he creates multiples of value for shareholders."
That leaves the question of how Arora will seek such dynamic growth for PAN. McLaughlin claims the transition from him to a new CEO has been planned for some time. He told CNBC that PAN is already focused on the new developing markets: cloud, machine learning and new-age software, and suggested that PAN will look very different in five years' time.
"In looking for the perfect person to do that, we wanted somebody who is a very demonstrated business executive at scale and would bring those key attributes to the table to take us where the company's going to be in five years."
"I'm hoping, as we go forward," added Arora, "we'll strike partnerships not just with Alphabet and Google but also with the other big players in the space, be it Microsoft or Amazon or many of our partners in the cybersecurity space." His intention is to apply the same principles of scale that he learned from his time at Google to Palo Alto Networks.
U.S. in Deal to Ease Sanctions on China's ZTE: Top Official
8.6.18 securityweek IT
US officials reached a deal Thursday to ease sanctions which threatened to cripple Chinese smartphone maker ZTE, Commerce Secretary Wilbur Ross said.
Ross told CNBC television the deal includes a $1 billion fine levied on the Chinese firm and a requirement that it change its board of directors.
In April, the Chinese group was cut off from US technology products for violating US sanctions against North Korea and Iran -- measures which threatened to put ZTE out of business.
Ross said the agreement calls for "embedding a compliance department" chosen by Washington to monitor company conduct.
"They will pay for those people but the people will report to the new chairman," Ross said.
"This is a pretty strict settlement. The strictest and largest settlement fine that has ever been brought by the Commerce Department against any violator of export controls."
Ross said the plan calls for ZTE to create a $400 million escrow account in case of future violations, and a requirement to overhaul the board of directors and executive team within 30 days.
Several US lawmakers have warned against easing sanctions on ZTE, citing national security concerns.
But President Donald Trump last month said he was looking at options to prevent a shutdown of ZTE.
The news comes amid increasing trade tensions between Washington and Beijing, with Trump threatening to impose tariffs of Chinese technology products to reduce a large trade deficit.
Data Classification Firm DocAuthority Raises $10 Million
7.6.18 securityweek IT
Israeli startup firm DocAuthority has raised $10 million in a Series A funding round led by Raine Ventures, with the participation of Greycroft, ffVC, Differential VC in the US, and 2B Angels and Plus Ventures in Israel. The finance will be used to accelerate growth and market reach.
DocAuthority brings artificial intelligence to the classification problem for unstructured data. Security and compliance require that company secrets, intellectual property and personal information be adequately secured; but business efficiency requires ready access to and use of non-confidential data. This requires accurate document classification, specifying what level of security control should be applied to different documents.
This data classification is traditionally performed manually. If applied historically it can take many months, and is subject to both false positives and false negatives in the application of classification labels. If done in real time, there is a frequent tendency for individuals to over-classify -- to assume a particular document is more sensitive than it actually is.
The result is often both an unnecessary burden on staff efficiency (through over-classification), and a failure to adequately protect instances of personal data (through under-classification). The need to locate and protect all instances of PII is increasingly important with the rapid growth of severe personal privacy legislation, such as GDPR.
DocAuthority's AI-based platform will scan documents and apply classification without human error, and at machine rather than human speed. "DocAuthority's revolutionary BusinessID technology," claims cofounder and CTO Ariel Peled, "is a new branch in data science, offering a novel take on AI that solves a major problem in data management and protection. With full automation and an accuracy level of 1:10,000, both business and security can agree and safely rely on policies for data classification, access management, DLP, encryption and as importantly, retention."
The funding "is an important milestone for DocAuthority," commented CEO Steve Abbott. "DocAuthority enables organizations to manage data based on both risk profile and business value, offering a common language across an organization. Assigning data management policies, based on business category, easily aligns security controls with business usage of data."
DocAuthority was founded in 2013 by Ariel Peled (CTO) and Itay Reved (VP R&D). It is based in Ra'anana, HaMerkaz, in central Israel.
Microsoft to Acquire GitHub for $7.5 Billion
6.6.18 securityweek IT
Microsoft on Monday announced that it has agreed to acquire software development and collaborateion platform GitHub in a deal valued at $7.5 billion.
Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock. The dal is expected to close by the end of 18, subject to customary closing conditions and regulatory review.
GitHub is a cloud-based repository for source code, offering hosting, version control management and code collaboration capabilities. It is thought to have 27 million developers using its services in nearly every country in the world, and to host 80 million code repositories. Microsoft is already a major user of GitHub, reportedly with more than 1,000 employees pushing code to GitHub repositories.
GitHub was valued at $2 billion dollars at its most recent funding round in 2015.
The acquisition makes sense for Microsoft with its increasing involvement with Linux and open source projects. There is, however, concern among many of the independent developers using the service, pointing to a perceived performance reduction from both LinkedIn and Skype following earlier acquisition by Microsoft.
"LinkedIn has turned into a slow-loading junk after the Microsoft acquisition. I can only imagine what awaits GitHub," tweeted Catalin Cimpanu.
A further concern is that ownership could give Microsoft access to the source of potentially competitive or disruptive projects. "This is not all about Microsoft," was another tweet. "This is about the independence of what has become the de-facto home of open source. It shouldn't be owned by any company that has any agenda other than host that home."
Robert Graham of Errata Security has a different concern. GitHub has a history of national censorship attempts -- a DDoS out of Russia in 2014; blocked in India in 2014; a DDoS apparently out of China in 2015; and blocked in Turkey in 2016. On February 28, 18, GitHub was hit by a world record DDoS peaking at 1.35 Tbps.
His concern now is that China would be able to censor GitHub via Microsoft. It cannot currently censor individual pages (such as those about the Tiananmen Square massacre in 1989) because GitHub forces the use of SSL/TLS, so the China Firewall cannot see which pages are being accessed. "The only option," he tweeted "would be to block the entire site, all access to http://GitHub.com, but China can't do that either, because so much source code is hosted on GitHub -- source code their industry needs in order to build products."
As an independent organization he believes that GitHub is too important to be blocked by the Chinese government. "When Microsoft buys GitHub, however, China will now have leverage, threatening other Microsoft interests in China in order to pressure Microsoft into censoring some GitHub pages."
In the meantime, with few details of the terms and conditions, users' reactions have been largely emotional. There was widespread concern that Microsoft's motive in buying LinkedIn was to gain access to the personal details of the world's business management. There is similar concern now that Microsoft is seeking to gain some form of control over the world's open source software.
This is unlikely. SecurityWeek spoke to Robin Wood (aka DigiNinja), an independent penetration tester who uses GitHub to host the tools he develops for his trade. Assuming the purchase is finalized, "I think the important thing to look at is the exact details of the terms and conditions and any changes they decide to make to it," he told SecurityWeek. "There may be clauses in there about ownership or use without license that currently don't mean much but could mean a lot with the change of ownership."
For the moment, he is not worried by the takeover. "There are a number of established alternatives, so they can't do much to mess up actual usage otherwise people will just move away. So probably no real change for most users of the service but some with tools that Microsoft are interested in may be hit."
For himself and his own repositories, "I won't be moving my tools unless there are any specific negative changes that affect me, but I reckon there will be a bunch of people jumping ship early just in case, and another bunch fear-mongering about all the nasty stuff that might happen, most of it just guess work."
Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub’s current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives, Microsoft said.
Cyber Range Developer Cyberbit Raises $30 Million
6.6.18 securityweek IT
Israel-based Cyberbit Ltd., a provider of cyber range training and simulation platforms, announced on Monday that it has received a $30 million investment from Claridge Israel.
Cyberbit offers a cyber range for simulated cyber training, and a detection and response platform to help protect an organization’s attack surface across IT, OT and IoT networks.
Founded in 2015, Cyberbit is a subsidiary of Elbit Systems and has offices in Israel, Unites States, Europe, and Asia.
With the funding, Cyberbit says it will expand sales and marketing, primarily in North America, boost product development, and enhance customer and partner support.
“Cyberbit’s growth in just three years has been remarkable,” said Rami Hadar, Managing Director at Claridge Israel. “This growth is driven by a unique product portfolio that addresses several of the most pressing industry problems, a solid go-to-market strategy and a highly capable team that is executing successfully and creating a leadership position in several markets.”
Cyber Range Developer Cyberbit Raises $30 Million
6.6.18 securityweek IT
Israel-based Cyberbit Ltd., a provider of cyber range training and simulation platforms, announced on Monday that it has received a $30 million investment from Claridge Israel.
Cyberbit offers a cyber range for simulated cyber training, and a detection and response platform to help protect an organization’s attack surface across IT, OT and IoT networks.
Founded in 2015, Cyberbit is a subsidiary of Elbit Systems and has offices in Israel, Unites States, Europe, and Asia.
With the funding, Cyberbit says it will expand sales and marketing, primarily in North America, boost product development, and enhance customer and partner support.
“Cyberbit’s growth in just three years has been remarkable,” said Rami Hadar, Managing Director at Claridge Israel. “This growth is driven by a unique product portfolio that addresses several of the most pressing industry problems, a solid go-to-market strategy and a highly capable team that is executing successfully and creating a leadership position in several markets.”
IBM Adds New Features to MaaS360 with Watson UEM Product
6.6.18 securityweek IT
IBM announced on Monday that it has added two new important features to its “MaaS360 with Watson” unified endpoint management (UEM) solution.
UEM solutions allow enterprise IT teams to manage smartphones, tablets, laptops and IoT devices in their organization from a single management console.
IBM has improved its MaaS360 with Watson UEM product with two capabilities the company says can be highly useful for IT departments: app intelligence and reporting, and security policy recommendations.
Business Dashboards for Apps is designed to provide administrators information on mobile applications and how they are used by employees. This can help them get a better understanding of which apps require attention and investment and which ones can be removed.
IT teams can obtain information on the number of installs (by platform, manufacturer and ownership), usage (popularity and session length), performance (crashes and data usage), and trend information (crashes, network requests and data consumption over a period of six months). Admins can also apply filters to make analysis easier and more useful.
The second new feature, the Policy Recommendation Engine, helps IT teams by dynamically providing recommendations when configuring security policies. Recommendations are provided based on the organization’s profile and common practices observed at similar companies in the MaaS360 community.
“Imagine a way to configure your policies with guidance that is dynamically presented every step of the way, catered to your organization and the size of your deployment. Whether you’re new to the game — or have been managing policies for years — a little confidence in your configurations goes a long way,” IBM Security’s John Harrington Jr. said in a blog post.
IBM also announced this week the launch of Guardium Analyzer, a new tool that uses a specialized data classification engine and data patterns to identify and classify GDPR-relevant information across cloud and on-premise systems. The tool can also identify the databases most likely to fail a GDPR-focused audit, the company said.
Fortinet Acquires Bradford Networks to Extend Security to the Edge
6.6.18 securityweek IT
Fortinet has acquired Boston-based network security firm Bradford Networks. The purpose is to extend Fortinet's micro segmentation to the new perimeter: that is, the IoT and mobile edge.
A Fortinet spokesperson told SecurityWeek that it paid approximately $17 million in initial consideration, net of cash acquired and subject to certain adjustments. It may pay an additional $2 million as an earn-out, subject in certain performance conditions. According to Crunchbase, Bradford had raised roughly $14 million in funding.
Gartner predicts that the currently estimated 4 billion enterprise connected devices will grow to 7.5 billion in the next two years. Making sure that every one of those devices is both known and secure is difficult. It is, suggests Fortinet in a blog, a 'classic' example of the asynchronous security problem: "Security managers need to secure every single device every single time, while criminals only need one open port, one compromised or unknown device, or one uncontained threat to circumvent all of the effort going into securing the network."
"As large organizations continue to see high growth in network traffic and the number of devices and users accessing their networks," explains Ken Xie, founder, chairman of the board and CEO at Fortinet, "the risk of breach increases exponentially. According to a recent Forrester study, 82 percent of companies surveyed are unable to even identify all devices accessing their networks. The integration of Bradford Networks' technology with Fortinet's security fabric enables large enterprises with the continuous visibility, micro-segmentation and access control technology they need to contain threats and block untrusted devices from accessing the network."
Bradford Networks enhances Fortinet's Security Fabric by providing agentless visibility of endpoints, users, devices, and applications that access the complete corporate network including headless devices and IoT. It brings security to IoT through device micro segmentation and automatic policy assignment, allowing granular isolation of unsecure devices.
Once visibility of all devices that connect to the network is attained, the next step is to make sure they are authenticated or authorized, and are subject to a context driven policy that defines who, what, when, and where connectivity is permitted.
"Such an approach -- where no unknown devices ever gain access to the corporate infrastructure, permitted devices are automatically segmented based on policies and roles, and connected devices that begin to behave badly are immediately quarantined from the network," says Fortinet, "becomes the foundation for a comprehensive positive security posture."
Fortinet's share price has grown steadily, from $35.83 in September 2017 to $62.48 at the start of 4 June 18. A slight dip occurred with the Bradford Networks announcement (down to $61.70), but the share price has already risen above the pre-acquisition price to its highest ever value at $62.92, at the time of writing.
Fortinet does not expect the transaction to have a material impact on the company's second quarter or full year 18 financial guidance disclosed on May 3, 18.
Rob Scott, CEO at Bradford Networks, said, "We are excited to join with Fortinet, the leader in network security to deliver exceptional visibility and security at scale to large enterprise organizations. Bradford Networks' technology is already integrated with Fortinet's Security Fabric including FortiGate, FortiSIEM, FortiSwitch and FortiAP products to minimize the risk and impact of cyber threats in even the toughest security environments such as critical infrastructure - power, oil and gas and manufacturing."
Bradford Networks, the Fortinet spokesperson said, "will become part of the Fortinet brand and will enrich Fortinet’s IoT offering. The majority of Bradford Networks employees will transfer to Fortinet and be integrated across multiple functions based on areas of responsibilities."
Updated: Microsoft reportedly acquires the GitHub popular code repository hosting service
6.6.18 securityaffairs IT
Microsoft has reportedly acquired the popular code repository hosting service GitHub, but at the time of writing there is no news about how much Microsoft paid for the platform.
Microsoft has reportedly acquired the popular code repository hosting service GitHub.
GitHub was last valued at $2 billion in 2015, but at the time of writing there is no news about how much Microsoft paid for the platform.
“The software maker has agreed to acquire GitHub, the code-repository company popular with many software developers, and could announce the deal as soon as Monday, according to people familiar with the matter.” reported a post published by Bloomberg.
GitHub board decided to sell to Microsoft because of the leadership of Microsoft’s CEO Satya Nadella and his vision on the open source technology.
Github currently hosts more than 80 million code repositories, it has a privileged position in the software development community, the company that owns this platform could have strategic benefits from the knowledge of the projects that are hosted on the platform.
Of course, part of the open source community disagrees with Github move and is opting to switch to competitor services such as BitBucket or GitLab.
Bryan Lunduke
@BryanLunduke
To those that have @GitHub accounts:
If @Microsoft buys GitHub... would you continue to use it? Or would you move your repositories to a different service?
6:21 PM - Jun 2, 18
32%Stick with GitHub
68%Move to another service
632 votes • Final results
56
95 people are talking about this
Twitter Ads info and privacy
Many development teams fear Microsoft could abuse its position after the acquisition gaining full access to the millions of private projects hosted on GutHub.
The code hosting service GitLab has seen a massive traffic spike after news of the deal, with thousands of projects and code repositories are being transferred from GitHub.
At the time of writing, neither Microsoft nor GitHub has commented on the acquisition deal.
Updated on June 4
In a blog post published today, Microsoft confirmed that will acquire GitHub for $7.5 billion in Microsoft stock.
“GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects — and will still be able to deploy their code to any operating system, any cloud and any device.” reads the blog post.
“Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub’s current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives.”
PE Firm Thoma Bravo Buys Majority Stake in LogRhythm
1.6.18 securityweek IT
Private equity firm Thoma Bravo announced on Thursday that it will acquire a majority interest in Security Information and Event Management (SIEM) solutions vendor LogRhythm.
Terms of the deal, which is expected to close in Q3 18, were not disclosed.
Founded in 2003, LogRhythm is veteran security firm that has raised more than $110 Million in funding, and has more than 2,500 customers around the world that use its platform that combines traditional SIEM capabilities with user and entity behavior analytics (UEBA).
“Thoma Bravo has long admired the work of Andy, Chris, Phil Villella and the entire LogRhythm team,” said Seth Boro, a managing partner at Thoma Bravo. “The company’s impressive track record of growth shows the continued demand for LogRhythm’s differentiated offerings. With Thoma Bravo’s investment, we look to further accelerate product innovation and drive continued customer success.”
Thoma Bravo has made several large investments in the cybersecurity space over the years. Its portfolio of investments include SonicWall, SailPoint, Hyland Software, Deltek, Blue Coat Systems, Imprivata, Bomgar, Barracuda Networks, Compuware and SolarWinds.
Fraud Protection Firm Signifyd Raises $100 Million
31.5.18 securityweek IT
Signifyd, a San Jose, CA-based company that specializes in fraud protection solutions for e-commerce businesses, on Wednesday announced that it raised $100 million in a Series D funding round.
The round was led by Premji Invest, with participation from existing investors Bain Capital Ventures, Menlo Ventures, American Express Ventures, IA Ventures, Allegis Cyber and Resolute Ventures.
This brings the total raised by the company to date to $187 million, including $56 million secured in 2017 and $20 million in the previous year. Bloomberg reported that the company has been valued at roughly $400 million following the latest funding round.
Signifyd says it will use the funds to further accelerate its growth. The company claims the number of global e-commerce businesses it protects has doubled to more than 10,000. Signifyd customers include Build.com, Helly Hansen, iRobot, Walmart-owned Jet, Lacoste, Luxottica, Stance, Tous and Wayfair.
The company recently partnered with Magento, the open-source e-commerce platform, which Adobe agreed to buy for $1.68 billion.
Signifyd provides a solution that helps organizations identify fraudulent online orders by using a combination of machine learning, data science research and behavior technology. The solution should help reduce the risk of chargebacks and fraud without having a negative impact on customer experience.
Last month, the company opened its first European office in Barcelona, Spain.
“The fraud detection and prevention market is estimated to reach nearly $42 billion by 2022,” said Raj Ramanand, CEO and co-founder of Signifyd. “However, while fraud remains a serious concern, transactions wrongly declined due to suspected fraud represents a bigger problem of more than $150 billion a year. A wrong decline can push consumers to abandon the merchant and thereby erode customer lifetime value. With this funding, we’re looking to continue to enable friction-free e-commerce for enterprise and omnichannel retailers globally.”
FireMon to Acquire Cyber Situational Awareness Firm Lumeta
30.5.18 securityweek IT
Network security policy management solutions provider FireMon announced on Tuesday that it has entered an agreement to acquire Lumeta, a company that specializes in cyber situational awareness.
The financial terms of the deal, expected to be completed in the second quarter of 18, have not been disclosed.
Lumeta’s products provide organizations real-time network and device visibility and security monitoring, including for IoT and industrial control systems (ICS). The company also helps customers identify and remediate leak paths and segmentation violations.
Lumeta technology can continuously identify new devices and cloud connectivity, allowing FireMon to extend the capabilities of its own platform to previously unknown network and cloud elements. This should help reduce attack surface and expose activity that may represent a security risk, FireMon said.
“Lumeta and FireMon share a vision for deeper integration across the security industry. For example, Lumeta built Spectre with two-way RESTful APIs, which has resulted in proven integrations with leading security vendors, including McAfee ePO, IBM QRadar, Carbon Black, Cisco, Tenable, InfoBlox and Qualys. This pairs well with FireMon’s vendor-agnostic approach to solving customers’ problems,” said Satin Mirchandani, CEO of FireMon. “Additionally, Lumeta’s history, which dates back to the legendary innovation center Bell Labs, perfectly complements FireMon’s business model and technology strategy.”
FireMon says Lumeta will remain a standalone business, and its current president, Reggie Best, will continue to fill the position. FireMon also plans on investing into the development of Lumeta’s technology and integration with its own products.
Lumeta is not the first company acquired by FireMon. It bought Immediate Insight in 2015 and in 2016 it acquired cloud security firm FortyCloud.
Vulcan Cyber Emerges From Stealth With $4 Million Seed Round
30.5.18 securityweek IT
Vulcan Cyber is the latest Israel-based cybersecurity startup to emerge from stealth mode. The company, whose main product is a vulnerability remediation platform, announced on Wednesday that it raised $4 million in seed funding.
The funding round was led by YL Ventures with participation from other investors. Vulcan Cyber will use the seed funds to build its Israeli R&D office, which will develop and deliver its product, and kickstart operations in the U.S., with a focus on sales, marketing, support and professional services.
A beta version of the platform is already available to qualified customers and is expected to become generally available in late 18.Vulcan Cyber emerges from stealth
Studies have shown that it can take organizations a long time to patch vulnerabilities in the software they use and it’s not uncommon for known flaws to be exploited in high profile attacks that end up costing companies millions of dollars.
Vulcan cyber aims to address the vulnerability remediation gap by providing a platform that integrates with existing security assessment, DevOps and IT tools, allowing organizations to detect vulnerabilities and automate the remediation process. The list includes tools from AWS, Nessus, WhiteHat, Qualys, IBM, BlackDuck, Tripwire, Checkmarx, Rapid7, Veracode, Google, Microsoft, GitHub, Slack and many others.
The solution provides an orchestration engine that helps coordinate the teams, tasks and tools needed to address vulnerabilities, the company says.
Vulcan says its goal is to build the largest vulnerability remediation database, including patches, automated scripts and signatures.
The company claims that unlike competitors, whose products assess and prioritize flaws strictly based on threat intelligence, its platform also leverages DevOps and IT data.
The product is aimed at CIOs and CISOs who want to get a clear picture of the risk level across their organization, and individuals responsible for vulnerability management programs, as it allows them to better manage the remediation process and improve efficiency by automating certain tasks.
Vulcan says its cloud-based platform is easy to deploy – it does not require any agents or tapping into network traffic, and organizations only need to provide the API and credentials for their vulnerability assessment, DevOps and IT tools.
Symantec Shares More Information on Internal Investigation
16.5.18 securityweek IT
Symantec shares gained nearly 10 percent on Monday in anticipation of a conference call that promised to provide more information regarding the internal investigation announced by the company last week.
Along with its financial results for the fourth quarter and full year, Symantec told investors last week that the Audit Committee of the Board of Directors had launched an investigation as a result of concerns raised by a former employee.
The company initially did not share any additional information, except that the Securities and Exchange Commission (SEC) had been notified and that the probe would likely prevent it from filing its annual 10-K report with the SEC in a timely manner.
Symantec shares dropped roughly 20 percent to less than $24 after the announcement was made on Thursday, and on Friday shares dove 33 percent, reaching just over $19.
A conference call announced for Monday afternoon helped the company gain nearly 10 percent, closing at $21.40.
While many expected Symantec to provide details on its internal probe, the company did not answer any questions on the matter. A statement published by the company does, however, reveal that the investigation is related to “concerns raised by a former employee regarding the Company’s public disclosures including commentary on historical financial results, its reporting of certain Non-GAAP measures including those that could impact executive compensation programs, certain forward-looking statements, stock trading plans and retaliation.”
The company says it cannot predict the duration of the investigation or the outcome, which could have an impact on financial results and guidance.
The cybersecurity firm says it does not anticipate a material adverse impact on its historical financial statements.
In response to news of the internal probe, investor rights law firm Rosen Law Firm announced the preparation of a class action to recover losses suffered by Symantec investors. Rosen says it’s investigating allegations that Symantec “may have issued materially misleading business information to the investing public.”
Symantec Shares More Information on Internal Investigation
15.5.18 securityweek IT
Symantec shares gained nearly 10 percent on Monday in anticipation of a conference call that promised to provide more information regarding the internal investigation announced by the company last week.
Along with its financial results for the fourth quarter and full year, Symantec told investors last week that the Audit Committee of the Board of Directors had launched an investigation as a result of concerns raised by a former employee.
The company initially did not share any additional information, except that the Securities and Exchange Commission (SEC) had been notified and that the probe would likely prevent it from filing its annual 10-K report with the SEC in a timely manner.
Symantec shares dropped roughly 20 percent to less than $24 after the announcement was made on Thursday, and on Friday shares dove 33 percent, reaching just over $19.
A conference call announced for Monday afternoon helped the company gain nearly 10 percent, closing at $21.40.
While many expected Symantec to provide details on its internal probe, the company did not answer any questions on the matter. A statement published by the company does, however, reveal that the investigation is related to “concerns raised by a former employee regarding the Company’s public disclosures including commentary on historical financial results, its reporting of certain Non-GAAP measures including those that could impact executive compensation programs, certain forward-looking statements, stock trading plans and retaliation.”
The company says it cannot predict the duration of the investigation or the outcome, which could have an impact on financial results and guidance.
The cybersecurity firm says it does not anticipate a material adverse impact on its historical financial statements.
In response to news of the internal probe, investor rights law firm Rosen Law Firm announced the preparation of a class action to recover losses suffered by Symantec investors. Rosen says it’s investigating allegations that Symantec “may have issued materially misleading business information to the investing public.”
Behind the Scenes in the Deceptive App Wars
14.5.18 securityweek IT
All is not well in the app ecosphere. That ecosphere comprises a large number of useful apps that benefit users, and an unknown number of apps that deceive users. The latter are sometimes described potentially unwanted programs, or PUPs. Both categories need to make money: good apps are upfront with how this is achieved; deceptive apps hide the process.
In recent years there has been an increasing effort to cleanse the ecosphere of deceptive apps. The anti-virus (AV) industry has taken a more aggressive stance in flagging and sometimes removing what it calls PUPs; the Clean Software Alliance (CSA) was founded to help guide app developers away from the dark side; and a new firm, AppEsteem, certifies good apps and calls out bad apps in its ‘Deceptor’ program.
One name figures throughout: Dennis Batchelder. He is currently president of the AV-dominated Anti-Malware Testing Standards Organization (AMTSO); was a leading light in the formation, and until recently a member of the advisory board, of the CSA; and is the founder of AppEsteem.
But there has been a falling out between the CSA and AppEsteem.
The CSA
The CSA was officially launched in the Fall of 2015, although it had already been on the drawing board for over a year. Batchelder was instrumental in getting it started while he was working for Microsoft, where he was director, program management until April 2016.
The CSA was introduced during VB2015 with a joint presentation from Microsoft and Google, demonstrating early support from the industry’s big-hitters.
“As a 501(c)(6) nonprofit trade association,” writes the CSA on its website, “the CSA works to advance the interests of the software development community through the establishment and enforcement of guidelines, policies and technology tools that balance the software industry’s needs while preserving user choice and user control.”
In other words, it seeks to develop an app ecosphere where honest developers can be fairly recompensed, via monetization, for their labor. However, it provides very little information on its website. It does not, for example, list the members of the trade association, nor give any indication on how it will enforce its guidelines and policies on recalcitrant apps.
AppEsteem
Founded by Batchelder in 2016, AppEsteem is primarily an app certification organization – it certifies clean apps. However, since a carrot works best when supported by a stick, AppEsteem also calls out those apps it considers to be deceptive and therefore potentially harmful to users.
Batchelder hoped that the CSA and AppEsteem could work together (he was on the advisory board of the former and is president of the latter). The CSA could provide recommendations and industry support on classification criteria, and AppEsteem – at one step removed – could provide the enforcement element apparently missing in the CSA.
AppEsteem maintains what it calls the ‘deceptor list’; a list of apps that in its own judgement use deceptive means to increase their monetization potential. At the time of writing, there are more than 300 apps on the deceptor list. It also actively encourages AV firms to use this list in their own attempts at blocking PUPs.
There is a difficult balance. Deceptive app developers will object to being included on a public shaming list. Apps that get clean need to be removed in a timely fashion. New methods of deception need to be recognized and included in the bad behavior criteria.
It is, in short, a process wide open for criticism from app developers who are called out.
CSA criticizes AppEsteem
Criticism came last week from an unexpected source – from the CSA. On 10 May 18, the CSA published a remarkably negative report on AppEsteem’s ‘deceptor’ program titled, CSA Review of AppEsteem Programs. It was, said the CSA, “triggered by a groundswell of complaints and expressions of concern received by the CSA from industry members regarding this program.”
The report is largely – although not entirely – negative. It raises some interesting points. The ‘groundswell of complaints’ is to be expected; particularly from the apps and the app developers called out for being deceptive.
However, concern over some other elements seem valid. AppEsteem does not seem keen to call out AV products, even when they appear to use ‘deceptive’ practices (consider, for example, the ease with which the user can download one product and find that McAfee has also been downloaded).
Furthermore, if certification is annual, a certified app could introduce deceptive practices immediately after certification that would go undetected (would effectively be allowed) for 12 months. “There is no more deceptive or risky behavior than that,” notes the report.
The CSA report makes four proposals. AppEsteem should: refocus efforts on certification; work with the CSA to devise consensus‐built ‘minbar’ criteria; balance violator identification and remediation; and embrace oversight and dispute resolution.
‘Oversight’ implies external management. Refocusing on certification implies abandoning the deceptor app listing. And ‘work with the CSA’ implies that AppEsteem should take its direction from the CSA. If not quite a power grab, the report attempts to neutralize the enforcement element of AppEsteem.
AppEsteem’s response
AppEsteem’s first response was for Batchelder to resign from the CSA advisory board. “I unable to figure out how to remain on the CSA Advisory Board in good conscience,” he wrote to the CSA. “Which sucks, as I’ve pushed for CSA to get operational and remain relevant, sent potential members its way, and worked hard to help it succeed. But being an advisor of an incorporator-status organization who is conducting a ‘confidential’ investigation into AppEsteem’s certification program without involving AppEsteem makes no sense at all.”
AppEsteem’s second response was to establish CleanApps.org; which is effectively an alternative to the CSA. “AppEsteem needs CSA,” comments one source who asked to be anonymous, “or at least some organization that can provide guidelines and some kind of oversight of what AppEsteem is doing… It seems that this new player is in fact a company created by Dennis trying to get rid of CSA.”
That partly makes sense. If AppEsteem cannot work with the CSA, it must find a similar organization it can work with. “After I disengaged from CSA, Batchelder told SecurityWeek, “we realized that AppEsteem had to find a way to get the vendor voice and to reassure them that we’re doing things fairly (the stuff we had hoped CSA would do). So, I incorporated CleanApps.org and recruited its first board from some of our customers (I know, it’s like a soap opera), and then resigned/handed it over once the board launched. Our goal is that once CleanApps.org launches, we’ll give them insight into our operations.”
To the CSA, he wrote in February, “I wanted to let you know that we have determined that it’s in best interests of both ourselves, our customers, and the vendor community if we had oversight and a ‘voice’ specifically representing the vendor community… We won’t become a member or hold any position in CleanApps.org; they will self-govern.” (He has since made it clear that he does not mean ‘oversight’ in any controlling manner.)
AppEsteem’s position seems to be that the app ecosphere requires three organizations: AppEsteem to enforce good behavior among the app developers; the CSA to represent the market in which apps operate; and CleanApps to represent the apps and app developers.
But it is clearly concerned over the current relevance of the CSA. “I think the biggest hole with CSA,” Batchelder told SecurityWeek, “is that they never finished forming: it’s still just… as the only member, and what we felt was that when [that member] had an issue with us, CSA went negative… it’s problematic to us that they’re not formed after four years.”
If AppEsteem needs something like the CSA to be effective, the CSA needs something like AppEsteem to be relevant.
AppEsteem’s third response is a short blog posted on the same day as CSA published its report – Thursday, 10 May 18. There is no indication of any rapprochement with the CSA. “But we also want to be clear,” writes the author: “if you think it’s fine to treat consumers as exploitable targets for deceptive and aggressive software, we totally understand your desire for us to leave you alone. We strongly suggest you either get on board or find something else to do with your time, as we’re going to continue to tune our Deceptor program to find even more effective ways to disrupt your ability to hurt consumers.”
The way forward
It is hard to see how any outright deceptive app produced by developers simply out to get as much money as possible will ever be persuaded by force of argument alone to abandon deceptive practices. This seems to be the approach of the CSA; and it appears – on the evidence of its website – to have achieved little in its three to four years of existence.
Indeed, the one and only report the CSA has published is the report criticizing AppEsteem. Before that, the previous publication seems to be ‘update #7’, probably written around March 2016.
If the CSA has achieved anything, it is not saying so. At the very least, it could be urged to be more transparent in its operations and achievements – even a list of members would be useful.
Meantime, if the new CleanApps.org gathers pace and support, the CSA itself will become increasingly irrelevant in the battle against deceptive apps; that is, potentially unwanted programs.