- IT -

Last update 20.09.2017 20:11:46

Introduction  List  Kategorie  Subcategory 0  1  2  3  4  5  6  7  8



Cloud Security Firm Netskope Raises $168.7 Million
14.11.2018 securityweek
IT

Cloud security firm Netskope on Tuesday announced that it has raised $168.7 million in a Series F funding round, which brings the total raised by the company to date to over $400 million.

The latest funding round was led by Lightspeed Venture Partners with participation from Accel, Geodesic Capital, Iconiq Capital, Sapphire Ventures, Social Capital, and Base Partners, which is the only new investor.

Netskope says it will use the new funds to expand R&D and the global data center of its enterprise security cloud platform.Netskope raises $168 million

Founded in 2013, Netskope offers solutions designed to help organizations manage risk, protect data, and block threats by providing full visibility and control, data loss prevention (DLP), and threat protection capabilities for their web, SaaS, and IaaS assets.

Netskope recently opened a new headquarters and Santa Clara, California, as a result of a 50% increase in employee headcount. The company acquired Sift Security in July 2018.

“Simply put, without security transformation, digital transformation will fail,” said Sanjay Beri, founder and CEO of Netskope. “We have spent the last six years bringing the leading security cloud to enterprises to address this growing challenge as more and more companies embrace digital transformation. With this new round of funding, we are one step closer to helping all organizations match their security strategy with the pace of today’s cloud-first world.”


Intel Asks for Comments on Draft Federal Privacy Law
14.11.2018 securityweek
IT

Intel Proposes "Innovative and Ethical Data Use Act of 2018" to Improve Protection of Personal Privacy Through Nationwide Standards

The basic acceptance that personal privacy in a digital world can only be protected by legislation has been growing around the world. In Europe it led to the development of the General Data Protection Regulation (GDPR). An EU 'Regulation' can broadly be seen as similar to a U.S. federal law -- one that in Europe takes precedence over member-state national laws, and in the U.S. takes precedence over state laws.

In this sense the 'federal versus state' argument over privacy protection has been settled in Europe. It is only just beginning in the U.S. With no national-level federal law on privacy protection, individual states have implemented their own state laws -- culminating, one might say, in not the latest but probably the strongest: the California Consumer Privacy Act of 2018 (CCPA).

This in turn has led to a reversal in the position previously taken by the big tech companies. Personal data has become integral to digital commerce. It drives marketing and is seen as essential to business. Those companies that don't use it directly still collect it and sell it to those that do. This has been largely unencumbered by any federal privacy law -- but is now being restricted by state laws.

Big companies are beginning to lobby -- for the first time -- for a federal law to take precedence over state privacy laws. There are many reasons for this; but the bottom line is that they expect a federal law to be less restrictive on the gathering and use of personal data than, for example, CCPA.

Intel has now entered this debate. Its position, however, is not 'should there be a federal law?', but 'what should it include?'. It has developed and published a draft model federal bill that it calls the "Innovative and Ethical Data Use Act of 2018", and is inviting comments from businesses, privacy experts and the general public.

Intel rejects the idea of allowing individual states to develop individual state-level privacy laws. "The US needs a law that promotes ethical data stewardship, not one that just attempts to minimize harm. A non-harmonized patchwork of state legislation will cause companies to default to restrictive requirements and the result will decrease the likelihood of realizing technology's great potential to improve lives. Intel has drafted proposed legislation to realize that potential. It promotes innovative data use, while requiring organizations that process personal data to implement measures to demonstrate responsibility."

Since without a federal law companies are likely to default to the strongest state requirements -- effectively the California Consumer Protection Act -- the implication is that Intel is seeking a federal privacy law that is less consumer-centric and more business-friendly. "What the US needs is a privacy law that parallels the country's ethos of freedom, innovation and entrepreneurship. That law needs to protect individuals and enable for the ethical use of data." The clue is in the title: its primary purpose is to protect data use, not to protect consumer privacy.

Intel makes the case that business needs to be protected from restrictive consumer privacy to enable, for example, "technologies like artificial intelligence to help solve the world's greatest challenges. The combination of advances in computing power, memory and analytics create a possibility for technology to make tremendous strides in precision medicine, disease detection, driving assistance, increased productivity, workplace safety, education and more."

These are strong arguments, and define the difference between the European approach to personal privacy and the proposed U.S. approach. While Europe has focused privacy protection on the consumer, allowing business what is fair to them, the Intel approach is to focus on the free flow of data between business, allowing consumers what is fair to them.

This is not to say that there are no personal privacy protections within Intel's proposal. There are. For example, companies cannot collect personal data "that is not relevant and necessary to accomplish the specified purpose(s)", for which the consumer must provide "explicit consent". However, the proposed Act tries hard to make privacy protection compatible with business purposes.

For example, "Only the forms of processing or the specific processing activity that are prohibited by the requirements [of this Act] shall be prohibited. Processing activities that do not meet the requirements shall not be prohibited."

There is also a 'safe harbor' against civil sanctions, "if a corporate officer certifies in writing to the Federal Trade Commission that it has conducted a thorough review of compliance with this Act, and specifically of the accountability program required by Section 4(h), and such review does not reveal any material non-compliance with the requirements of this Act that have not been mitigated." Compliance with this act can be self-certified, and self-certification can be at least a partial defense against civil action.

Intel's draft model federal privacy act has only been online for a few days. The website invites comments -- which can only be good for democracy. At the time of writing this, there have been just 12 comments (including 4 replies from the Intel spokesperson, David Hoffman). On the whole, these are supportive. One stands out, however, as being highly critical. Lynne Taylor comments, "[Student] data is being constantly harvested to the point it's called 'student data rape'. Not once, in this proposed Bill were there clear enough parameters to halt the over 1400 data points being harvested every day. Many of these violate, not only the U.S. Constitution, but the Civil Rights of every single American. Not to mention the overreach by ANY federal agent, agency, or program with, by US Federal law was prohibited from becoming involved in education, including related services and programs."

This voice representing the consumer (here specifically the student) perhaps marks the beginning of the real debate. This is just the beginning, and it should be remembered that that European Union took many years in developing GDPR. Big tech has not yet added its voice -- and probably only will if it senses that business is losing the argument.

"It is a good baseline for discussion and of course goes beyond the protections in GDPR and California Consumer Privacy Act (CCPA) in the types of data covered," David Ginsburg, VP of marketing at Cavirin, told SecurityWeek. "However, we are already seeing a disconnect between what is proposed on the state level (i.e., CCPA) and what the major social platforms would like to see on the national level due to their monetization of user data. I expect this to be the major point of contention."

Dr. Bret Fund, founder and CEO at SecureSet, is supportive. "I applaud Intel's proactive approach to defining 'personal data' and 'privacy risk', drafting a bill and creating an open forum where all can comment and weigh in. From the interaction I am seeing from many in the industry on their site, it is surfacing the right questions, comments and debate. Intel's bill isn't going to solve the privacy concerns and debate single-handedly, but their approach goes a long way to move it forward in a very productive manner."

Whether Intel will adapt its draft in line with any of the comments it receives remains to be seen. Similarly, Congress, which many people feel is likely to develop a federal user privacy law in the very near future, may simply ignore every aspect of Intel's proposal. If it does not, this Intel project could develop into a rich source of arguments put forward by business interests, privacy advocates and the general public.


ForeScout Acquires Industrial Security Firm SecurityMatters for $113 Million in Cash
10.11.2018 securityweek
IT

Network access security firm ForeScout Technologies (NASDAQ:FSCT) announced on Thursday that has acquired operational technology (OT) network security firm SecurityMatters for approximately $113 million in cash.

The acquisition will help ForeScout provide deeper visibility into OT networks to help industrial firms mitigate threats and segment IT and OT environments, the company said.

Founded in 2009 by Damiano Bolzoni, Sandro Etalle and Emmanuele Zambon, SecurityMatters provides organizations with device visibility, continuous network monitoring, and threat and anomaly detection for industrial environments using passive network monitoring that doesn’t impact operations.

The two companies announced a technology integration partnership earlier this year.

ForeScout’s CounterACT visibility platform, combined with SecurityMatters’ technology, enables agentless device discovery, classification and assessment for a wide variety of devices across IT and OT infrastructure.

ForeScout has more than 2,900 customers in over 80 countries that use its solutions, which help accelerate incident response, automate workflows and optimize existing security investments.

Late last month ForeScout launched a partnership with industrial networking and security firm Belden.


The Starter Pistol Has Been Fired for Artificial Intelligence Regulation in Europe
8.11.2018 securityweek 
IT

Artificial Intelligence Regulation - It is needed?

Regulation of Artificial Intelligence Could Potentially be More Complex and Far Reaching Than GDPR

Paul Nemitz is principal advisor in the Directorate-General Justice and Consumers of the European Commission. It was Nemitz who transposed the underlying principles of data privacy into the legal text that ultimately became the European Union's General Data Protection Regulation (GDPR).

Now Nemitz has fired the starting gun for what may eventually become a European Regulation providing consumer safeguards against abuse from artificial intelligence (AI). In a new paper published in the Philosophical Transactions of the Royal Society, he warns that democracy itself is threatened by unbridled use of AI.

In the paper titled, 'Constitutional democracy and technology in the age of artificial intelligence', he warns that too much power, including AI research, is concentrated in the hands of what he calls the 'frightful five' (a term used by the New York Times in May 2017): Google, Apple, Facebook, Amazon and Microsoft, also known as GAFAM. His concern is that these and other tech companies have always argued that tech should be above the law because the law does not understand tech and cannot keep up with it.

Their argument, he suggests, is epitomized in Google's argument in the Court of Justice of the European Union (CJEU) disputing the applicability of EU law on data protection to its search engine, "basically claiming that the selection process of its search engine is beyond its control due to automation in the form of an algorithm."

The implication of this argument is that the working of AI should not be subject to national laws simply because the purveyors of AI don't understand how its decisions are reached. Nemitz believes this attitude undermines the very principles of democracy itself. While democracy and laws are concerned with the good of the people, big business is concerned almost exclusively with profit.

He gets some support from the UK's Information Commissioner Elizabeth Denham. In an unrelated blog published November 6, 2018 discussing the ICO's investigation into the Facebook/Cambridge Analytica issue, she writes, "We are at a crossroads. Trust and confidence in the integrity of our democratic processes risks being disrupted because the average person has little idea of what is going on behind the scenes."

"It is these powerful internet technology corporations which have already demonstrated that they cannot be trusted to pursue public interest on a grand scale without the hard hand of the law and its rigorous enforcement setting boundaries and even giving directions and orientation for innovation which are in the public interest," writes Nemitz. He continues, "In fact, some representatives of these corporations may have themselves recently come to this conclusion and called for legislation on AI."

Here he specifically refers to a Bloomberg article titled, 'Microsoft Says AI Advances Will Require New Laws, Regulations'. But what the article actually says is, "Over the next two years, Microsoft plans to codify the company's ethics and design rules to govern its AI work, using staff from [Brad] Smith's legal group and the AI group run by Executive Vice President Harry Shum. The development of laws will come a few years after that, Smith said."

In other words, Microsoft expects regulation to take account of what it decides to do in AI, not that AI needs regulation before Microsoft codifies what it wants to do. Again, this implies that big business believes -- and acts -- as if business is more important than government: that profit supersedes democracy.

Nemitz believes that this attitude towards early stage development of the internet has allowed the development of a lawless internet. "Avoiding the law or intentionally breaking it, telling half truth to legislators or trying to ridicule them, as we recently saw in the Cambridge Analytica hearings by Mark Zuckerberg of Facebook, became a sport on both sides of the Atlantic in which digital corporations, digital activists and digital engineers and programmers rubbed shoulders."

He does neither himself nor his argument any favors, however, in warning that the unregulated internet has evolved into a medium for populists to communicate their ideologies in a manner not suited to democratic discourse. "Trump ruling by Tweet is the best example for this." While he may be accurate in principle, this personalization opens his argument to the criticism of bias.

Nemitz believes that the long-standing attitude by big business towards privacy and the internet must not be allowed to embed itself into AI and the internet. The implication is that this can only be controlled by regulation, and that regulation must be imposed by law rather than reached by consensus among the tech companies.

Business is likely to disagree. The first argument will be that you simply cannot regulate something as nebulous as artificial intelligence, nor should you wish to.

"Is regulatory control necessary over the navigation algorithm in my Roomba vacuum cleaner?" asks Raj Minhas, VP and director of the PARC Interactions and Analytics Lab at PARC (a Xerox company). "Is regulatory control necessary over the algorithm in my camera that automatically determines the exposure settings? Market forces can easily take care of these and many other similar AI systems."

It should be noted, however, that Nemitz is not calling for the regulation of AI itself, but for regulation over the use of AI and its effect on consumers. Indeed, in this sense, the European Union already has some AI regulation within GDPR -- automatic data subject profiling is prohibited. So, if AI within a vacuum cleaner collects data on its user, or if AI in a camera collects information on user interests for either cleaning companies' or holiday companies' targeted advertising purposes, without consent, this is already illegal under GDPR.

So, it is the abuse of AI driven by big business' need for profit rather than AI itself that concerns him. GDPR does not attempt to regulate targeted advertising -- instead it seeks to regulate the abuse of personal privacy used in targeted advertising. Nemitz believes the same principle-based technology-neutral approach to regulating AI abuses, even though we do not yet know what these future abuses might be, should be the way forward.

His first principle is to remove the subjective elements of human illegality, such as 'intent' or 'negligence'. Then, "it will be important to codify in law the principle that an action carried out by AI is illegal if the same action carried out by a human, abstraction made of subjective elements, would be illegal."

But he believes the foundation for AI regulation could be required impact assessments. For government use of AI, theses assessments would need to be made public. They would underpin 'the public knowledge and understanding' of AI, which currently lacks 'transparency'. The standards for such assessments would need to be set in law. "And as in the GDPR, the compliance with the standards for the impact assessment would have to be controlled by public authorities and non compliance should be subject to sufficiently deterrent sanctions."

But perhaps the key requirement he proposes is that "the use of AI should have a right, to be introduced by law, to an explanation of how the AI functions, what logic it follows, and how its use affect the interests of the individual concerned, thus the individual impacts of the use of AI on a person, even if the AI does not process personal data."

In other words, the argument put forward by Google that it is not responsible for the automated decisions of its search algorithms should be rejected, and the same rejection applied to all algorithms within AI. This will force responsibility for the effect of AI onto the user of that AI, regardless of the outcome on the object.

Such ideas and proposals can be viewed as the starting gun for GDPR-style legislation for AI. Nemitz is not a European Commissioner, so this is not an official viewpoint. But he is senior adviser in the most relevant EC office. It would be unrealistic to think these views are unknown or contrary to current early thinking within the EC. The likelihood is that there will be some GDPR-like legislation in the future. It is many years off -- but the arguments start now.

One of the biggest problems is that it could be seen as a governing party issue. Whether Nemitz views it like this or not, it could be claimed that he is asserting the right of an unelected European Commission to rule over citizens who could directly impose their will against what they use by pure market forces without the interference of bureaucrats

It could also be claimed that it is more driven by politico-economic wishes than by altruism. The 'frightful five' are all non-EU companies (i.e. U.S. companies) dominating the market and suppressing EU companies by force of their success. In short, it could be claimed that AI regulation is driven by anti-American economic bias.

Such arguments are already being made. Raj Minhas, while accepting that some of the Nemitz arguments and conclusions are fair, thinks that overall Nemitz is being too simplistic. He points out that the paper makes no mention of the 'good' achieved by the internet. "Would even a small fraction of that have been realized if the development of the internet had been shackled?" he asked SecurityWeek.

"He portrays technology companies (e.g. Google, Apple, Facebook, Amazon, and Microsoft) as shady cabals that are working to undermine democracy. Of course, the reality is far more complex," he said. "The technologies produced by those companies has done more to spread democracy and individual agency than most governments. The fact that they make lots of money should not automatically be considered a nefarious activity."

These large corporations are described as monoliths that single-mindedly work to undermine democracy. "Again, the reality is far more complex. These companies face immense pressure from their own employees to act in transparent and ethical ways -- they push them to give up lucrative military/government contracts because they don't align with the values of those employees. The fact that all these companies have a code of ethics for AI research is an outcome of those values rather than a diabolical plot to usurp democracy (as alleged by the author)."

The implication is that regulation is best left to self-regulation by the companies and their employees. This is a view confirmed by Nathan Wenzler, senior director of cybersecurity at Moss Adams. He accepts that there will inevitably need to be some regulation to "at least define where liability will rest and allow businesses to make sound decisions around whether or not it's worth it to pursue the course." He cites the moral and ethical issues around driverless vehicles when AI might be forced to decide between who to injure most in an unavoidable collision situation.

But as to more general AI regulation, he suggests, "Government regulators aren't exactly known for responding quickly to changes in technology matters, and as rapidly as AI programs are moving into becoming integrated into nearly everything, we may quickly reach a point where it simply won't be possible to regulate it all effectively... In the meantime, the best course of action we have presently is for the businesses involved in developing AI-powered tools and services to make the ethical considerations an integral part of their business decisions. It may be the only way we see the advantages of this technology take flight, while avoiding the potentially devastating down sides."

Kenneth Sanford, analytics architect and U.S. lead at Dataiku takes a nuanced view. He separates the operation of AI from the environment in which it is made and deployed. AI itself cannot be regulated. "Algorithms such as deep neural networks and ensemble models create an infinite number of possible recommendations that can never be regulated.," he told SecurityWeek.

He doesn't think that AI-based decision-making is actually changing much. "We have had personalized suggestions and persuasive advertising for years derived from generalizations and business rules. The main difference today is that these rules are codified in more finely determined micro segments and are delivered in a more seamless fashion in a digital world. In short, the main difference between now and 20 years ago is that we are better at it."

Any scope for regulation, he suggests, lies in the environment of AI. "What data are collected and how these data are used are a more realistic target for guardrails on the industry," he suggests.

This, however, is already regulated by GDPR. The unsaid implication is that no further AI-specific regulation is necessary or possible. But if the EU politicians take up the call for AI regulation as put forward by Paul Nemitz -- and his influence should not be discounted -- then there will be AI regulation. That legislation will potentially be more complex and far reaching than GDPR. The bigger question is not whether it will happen, but to what extent will GAFAM be able to shape it to their own will.


Google Wants More Projects Integrated With OSS-Fuzz
8.11.2018 securityweek 
IT

Google this week revealed plans to reach out to critical open source projects and invite them to integrate with OSS-Fuzz.

Launched in December 2016, OSS-Fuzz is a free and continuous fuzzing infrastructure hosted on the Google Cloud Platform and designed to serve the Open Source Software (OSS) community through finding security vulnerabilities and stability issues.

OSS-Fuzz has already helped find and report over 9,000 flaws since launch, including bugs in critical projects such as FreeType2, FFmpeg, LibreOffice, SQLite, OpenSSL, and Wireshark.

Recently, Google has managed to consolidate the bug hunting and reporting processes into a single workflow, by unifying and automating its fuzzing tools, and believes that the OSS community should take advantage of this.

Thus, the Internet search giant has decided to contact the developers of critical projects and invite them to integrate with the fuzzing service.

“Projects integrated with OSS-Fuzz will benefit from being reviewed by both our internal and external fuzzing tools, thereby increasing code coverage and discovering bugs faster,” Google says.

Previously, the reporting process was a bit complex, as multiple tools were being used to identify bugs, while submissions were manually made to various public bug trackers, and then monitored until resolved.

“We are committed to helping open source projects benefit from integrating with our OSS-Fuzz fuzzing infrastructure. In the coming weeks, we will reach out via email to critical projects that we believe would be a good fit and support the community at large,” Google now says.

Projects that integrate are also eligible for rewards that range from $1,000 for initial integration to $20,000 for ideal integration. The rewards, Google says, should “offset the cost and effort required to properly configure fuzzing for OSS projects.”

Developers who would like to integrate their projects with OSS-Fuzz can submit them for review. Google wants to “admit as many OSS projects as possible and ensure that they are continuously fuzzed.” Contacted developers might be provided with a sample fuzz target for easy integration, the search company says.


VMware Unveils New Blockchain Service
8.11.2018
IT

One of the new technologies announced on Tuesday by VMware at its VMworld 2018 Europe conference is VMware Blockchain, which aims to provide enterprises a decentralized trust infrastructure based on permissioned blockchain.

The blockchain is a distributed database consisting of blocks that are linked and protected against unauthorized modifications using cryptography. Transactions are only written to a block after they are verified by a majority of nodes.

While blockchain is mainly known for its role as the public transaction ledger for cryptocurrencies, companies have been increasingly using blockchain for other purposes, including for identity verification and securing data and devices.

VMware launches VMware Blockchain

There are three types of blockchain networks: public, private and permissioned. Public blockchain is mainly used for cryptocurrencies such as bitcoin, where anyone can join and any participant can make changes. In the case of a private blockchain, only verified participants can contribute. Permissioned blockchain is a mix between public and private and it provides numerous customization options.

Permissioned blockchain is fast and it’s increasingly used for enterprise applications, which is why the virtualization giant wants to help its customers by providing a hybrid, scalable and managed blockchain service.

“VMware Blockchain will provide the foundation for decentralized trust while delivering enterprise-grade scalability, reliability, security and manageability. The service will be integrated into existing VMware tools to help protect the network and compute functions that underlie a true enterprise blockchain,” said Mike DiPetrillo, blockchain senior director at VMware.

VMware Blockchain is being developed in collaboration with Dell Technologies, Deloitte and WWT, and it will be supported by both VMware products and IBM Cloud.

According to VMware, the new platform allows enterprises to deploy nodes across different cloud environments, it provides a central management interface, along with monitoring and auditing capabilities, and offers developers the tools and guidance they need.

VMware Blockchain is currently in beta. Organizations interested in testing it have been instructed to contact VMware.


Symantec Acquires Appthority, Javelin Networks
6.11.2018 securityweek
IT

Symantec on Monday announced the acquisition of mobile application security firm Appthority and Active Directory protection company Javelin Networks.

With the acquisition of Appthority, Symantec wants to provide customers the technology needed to analyze mobile applications for malicious capabilities and unwanted behavior, including vulnerabilities, exposure of sensitive data, and privacy risks.

According to Symantec, the technology obtained from Appthority will be built into Symantec Endpoint Protection Mobile (SEP Mobile), which the security firm launched following the acquisition of Skycure last year.

Appthority was a Symantec Ventures portfolio company before the acquisition. The mobile security firm’s employees and technology have now become part of Symantec’s endpoint security business.

“Mobile apps are a critical threat vector that every company must address to protect their enterprise security,” said Adi Sharabani, Sr. Vice President for Modern OS Security at Symantec. “The Appthority technology extends SEP Mobile’s capabilities in limiting unwanted app behaviors, supporting regulatory compliance, and assessing vulnerabilities.”

Employees and technology of Javelin Networks have also joined Symantec’s endpoint security business.

Symantec believes that its acquisition of Javelin technology will protect customers against threats abusing Microsoft’s Active Directory (AD) service. The security firm pointed out that malicious actors, including advanced persistent threats (APTs), have increasingly abused AD for reconnaissance and lateral movement.

Javelin’s AD security solutions are designed to detect misconfigurations and backdoors, and protect commonly used domain resources, such as credentials, controllers and identities.

Symantec has not disclosed financial terms for either of the acquisitions.


Thoma Bravo Buys Veracode From Broadcom for $950 Million

6.11.2018 securityweek IT

Private equity investment firm Thoma Bravo on Monday announced that it has entered an agreement to acquire application security testing company Veracode from Broadcom.

Thoma Bravo is prepared to pay $950 million in cash, with the transaction expected to close in the fourth quarter of 2018.

The investment firm says it will support Veracode’s operational and product development plans. Sam King, current senior vice president and general manager of Veracode, will become the CEO of Veracode once the acquisition is completed.

Veracode offers an application security testing platform that helps developers and security teams find and fix vulnerabilities in the software they use, including their own and third-party applications. The company claims to have over 2,000 customers, including nearly one-third of Fortune 100 firms and more than 20 of the Forbes 100 Most Valuable Brands.

“Partnering with Thoma Bravo, a proven security software investor, is expected to extend our market reach and further fuel our innovation so that we can offer the broadest software security platform and empower us to accelerate growth — all to allow us to transform the way companies achieve their software security goals,” King said.

Broadcom sold Veracode just as it completed the acquisition of CA Technologies, for which it paid nearly $19 billion. CA Technologies bought Veracode for $614 million in cash in 2017.

Now that the acquisition has been completed, CA will operate as a wholly owned subsidiary of Broadcom and its common stock will no longer be traded on NASDAQ.

Thoma Bravo has acquired more than 30 enterprise security companies over the past years, including SailPoint, Barracuda Networks, Imperva, Crossbeam Systems, Centrify, LogRhythm, and Imprivata.


Qualys Acquires Container Security Firm Layered Insight
2.11.2018 securityweek
IT

Security and compliance solutions provider Qualys on Tuesday announced the acquisition of Layered Insight, a company that specializes in protecting container-native applications.

Layered Insight was acquired for $12 million. The deal also includes another $4 million that is tied to an earn-out, and $4 million for the employment of key employees through 2019.

Similar to earlier acquisitions made by Qualys, the company will keep Layered Insight’s employees. Co-founders Asif Awan and John Kinsella will join Qualys as CTO of Container Security and VP of Engineering in Container Security, respectively.

Qualys unveiled a new product designed for securing containers across cloud and on-premises deployments in June 2017.

With the acquisition of Layered Insight, the company hopes to further improve its solutions, including with deeper visibility into containers, the ability to detect and prevent breaches during runtime, and extended visibility, compliance and protection for serverless container-as-a-service (CaaS) installations.

Qualys expects to complete integration of Layered Insight technology into its cloud platform by the second quarter of 2019.

“By integrating Layered Insight’s unique technology into the Qualys Container Security App, we will add the ability to provide dynamic analysis of running containers, and automated enforcement of the container environment,” said Philippe Courtot, chairman and CEO of Qualys.

“Layered Insight's unique technology brings transparent orchestration to container security. The ability to instrument images pushes automated deployment deep into the DevOps CI/CD pipeline, thus removing the resistance at deployment. This instrumentation provides real-time visibility into containers at run-time complementing our current capabilities of accessing container images in the build system for vulnerabilities and configuration issues,” Courtot added.


IBM buys Red Hat for $34 Billion, it is largest software transaction in history
29.10.2019 securityaffairs
IT

IBM announced it is going to buy the open source company Red Hat for $34bn with the intent to enhance its cloud offerings.
This is the biggest tech merger in history involving a software company. Red Hat was founded in 1993, it currently operates in 35 countries and employs some 12,000 people. The company achieved a net profit of $259 million in the fiscal year 2018 on a turnover of $ 2.9 billion (up 21 percent on 2017).

At the same time, IBM has seen revenue decline by almost a quarter since 2012, when Rometty took the CEO role,

IBM is going to acquire all common shares of Red Hat for $190.00 per share in cash, consider that each share was traded on Friday at $116.68.

“The acquisition of Red Hat is a game-changer. It changes everything about the cloud market,” explained Ginni Rometty, IBM’s chairman, president and CEO.

“IBM will become the world’s number one hybrid cloud provider, offering companies the only open cloud solution that will unlock the full value of the cloud for their businesses.”

Cloud computing is today a primary business for IBM, it is definitely shifting from original computer hardware trading to analytics, mobile, and cybersecurity.

The Red Hat acquisition will give IBM an immediate cloud revenue boost growth and will allow the tech giant to increment its offering and make upsell on a large number of enterprised that already use Red Hat solution.

“We will scale what Red Hat has deeply into many more enterprises than they’re able to get to,” Rometty told Bloomberg in a phone interview.

Red hat

Red Hat will continue to operate in total autonomy and it will be led by its current president and CEO Jim Whitehurst along with the same management team.

“Today is a banner day for open source,” said Paul Cormier, Red Hat’s vice president and president of products and technologies.

“The largest software transaction in history and it’s an open source company. Let that sink in for a minute. We just made history.”

The deal will be completed once received the Red Hat shareholder approval as well as regulatory approvals, the operation will be completed in H2 2019.


SOC-as-a-Service Firm Arctic Wolf Networks Raises $45 Million
27.10.2019 securityweek
IT

Arctic Wolf Networks, a Sunnyvale, Calif.-based company that offers outsourced security operations center (SOC) services, announced this week that it has raised $45 million in series C funding led by Future Fund. The company has raised a total of $91.2 million to-date.

The company offers a turnkey “SOC-as-a-Service” that includes what the company calls a “Concierge Security Engineer” (CSE) that serves as a single point of contact for a customer and an extension of a customer’s internal security team.

Founded in 2012, Arctic Wolf eliminates the need to build a SOC and also helps companies combat the cyber-security skills shortage. The company provides customers with 24×7 monitoring, tailored alerts, and incident investigation and response.

With no hardware or software purchase needed, Arctic Wolf’s end-to-end service installs in minutes to immediately provide threat detection.

The new funding round saw participation from Adams Street and Unusual Ventures, which joined existing investors, Lightspeed Venture Partners, Redpoint Ventures, Sonae Investment Management and Knollwood Investment Advisory LLC.

The company plans on using the new funding to accelerate growth and meet demand for its SOC-as-a-service offering.

The company more than doubled its workforce over the past year, and currenty employs 166 people across four North American offices.

“Our growing team of security engineers is redefining the economics of security to protect companies of all sizes. In addition to supporting continued company growth, the funding will accelerate expansion of our service offering, as we continue to scale and expand to meet our customers’ individualized needs,” Brian NeSmith, CEO and co-founder of Arctic Wolf, said.


Check Point Acquires Dome9 for $175 Million
25.10.2018 securityweek
IT

Enterprise cybersecurity solutions provider Check Point Software Technologies on Wednesday announced the acquisition of Dome9, a company that specializes in cloud security infrastructure.

Check Point representatives told SecurityWeek that Dome9 was acquired for $175 million in cash, along with restricted stock units (RSUs) and stock options.

By acquiring Dome9, Check Point hopes to enhance its Infinity architecture and cloud security offering by adding advanced active policy enforcement and multi-cloud protection capabilities.

Founded in 2011, Israel-based Dome9 provides security and compliance solutions for multi-cloud deployments across Microsoft Azure, AWS, and Google Cloud. The company’s platform includes capabilities such as security posture visualization, identity protection, compliance and governance automation, and cloud traffic and event analysis.

The company says its customers include many Fortune 1000 enterprises, global system integrators, and managed service providers.

“Dome9 and Check Point’s CloudGuard together provide the best cloud security solution in the industry. Dome9’s platform will add rich cloud management and active policy enforcement capabilities to Check Point’s Infinity Architecture, particularly complementing the CloudGuard security product family and make our broad solution even more differentiated in the rapidly moving Cyber Security environment,” said Gil Shwed, CEO of Check Point.

“As 5th generation cyber attacks increasingly target enterprise cloud environments, so our Gen V cyber security solution must effectively protect this vector. This acquisition will enhance our ability to deliver the benefits of Cloud with the critical security that must extend from the networks, endpoints and data centers to the Cloud and Mobile enterprise-wide,” Shwed added.


Open Source Security Management Firm WhiteSource Raises $35 Million
18.10.2018 securityweek
IT

WhiteSource, a company that specializes in open source security management, on Wednesday announced that it raised $35 million in a Series C funding round.

The round was led by Susquehanna Growth Equity, with participation from existing investors 83North and M12 - Microsoft Ventures. The latest funding brings the total raised by the company to date to $46 million.

The company says the money will be used to further increase its reach by opening new sales, marketing and customer support operations in San Francisco and London, along with other locations that will help its global expansion. The firm currently has offices in New York, Boston, and Tel Aviv, Israel.

Founded in 2011, WhiteSource helps organizations use open source software without slowing development or making compromises on security. The company says its Effective Usage Analysis product reduces open source vulnerabilities by 70%.

WhiteSource says its solutions are used by more than 500 organizations of all sizes and from all industries, including nearly a quarter of Fortune 100 companies. Customers include Microsoft, IBM, Comcast and KPMG.

“We are now at a stage where the question is not whether or not to use open source components, but how to put in place the solutions and policies to manage them well,” said Rami Sass, co-founder and CEO of WhiteSource. “Microsoft’s acquisition of GitHub for $7.5B showcases that companies have accepted open source as crucial to the software development process, but incidents such as the Equifax data breach underscore the necessity for all companies to protect their products from attacks that would exploit the open source components they are using.”


Web Isolation Firm Garrison Technologies Raises $30 Million
18.10.2018 securityweek
IT

London, UK-based Garrison Technologies has raised £22.9 million (approximately $30 million) in Series B funding, bringing the total raised £34.9 million (around $50 million at current exchange rates). The funding was led by Dawn Capital, with participation from existing investors IP Group plc, BGF and NM Capital.

This is one of the largest ever funding rounds for a UK cybersecurity firm from UK venture capital, and the largest since Digital Shadows raised $26 million in September 2017. It continues a growing trend for London to be Europe's focus for tech investments. In 2017, UK firms raised £2.45 billion, almost four times more than Germany (£694m) and more than France, Ireland and Sweden combined.

Garrison provides hardware-based web isolation that allows users free and unrestricted -- but secure -- access to the internet. Its product, Silicon Assured Video Isolation technology (Garrison SAVI) converts potentially dangerous web content to a stream of harmless pixels.

"Organizations today recognize the ever-growing threat to their most sensitive data and systems posed simply by allowing employees to browse the web, but until now they've faced an unhappy choice: restrict web access and allow productivity to suffer, or run the risk of exposure to hackers," comments Garrison CEO David Garfield.

"We've designed the world's first truly secure web browser to solve this problem, applying national-security-grade levels of protection to the commercial environment -- at an accessible price point -- in a way that doesn't destroy the user experience as employees go about their work," the company claims.

'National-security-grade', like 'military-grade encryption', is one of those meaningless marketing terms used to impress potential customers. In this case, Garfield could be excused. Garrison was founded in 2014 by David Garfield and Henry Harrison, who previously worked together at national-security specialist Detica plc and subsequently established the Cyber Security business unit at BAE Systems plc. Garrison also includes the UK government among its customers.

"The security industry has long suffered from overblown claims and overinflated prices, without ever ensuring organizations remain truly protected from even some of the most basic threats -- this is particularly true of web browsing security," continued Garfield. "From day one our mission has been developing practical security tools that actually do what they're supposed to."

SAVI is already in use by employees within global blue-chip organizations across the banking, insurance, media, telecoms and legal sectors. "This funding round," said Garfield, "marks a key milestone for our business and will help us to transform the day-to-day security of many thousands more organizations worldwide." The firm says the funds will be used "to expand Garrison's sales and marketing activities, to grow the company's engineering team and to enhance the company's ësafe web browsing as a service' cloud offering."


Security Automation Firm Demisto Raises $43 Million
12.10.2018 securityweek
IT

Security Orchestration, Automation and Response (SOAR) firm Demisto has raised $43 million in a Series C funding round led by Greylock partners. It brings the total raised by the Cupertino, California-based firm to date to $69 million, following a Series B round ($20 million) in February 2017.

The purpose of the new funding is to continue development of the SOAR product, and to help the firm expand into the EMEA and APAC markets. Sarah Guo, a general partner at Greylock, joins the Demisto board.

Demisto was founded in 2015 by Dan Sarel, Guy Rinat, Rishi Bhargava, and Slavik Markovich. They had decided that the market needed, not so much a new security control product, but a new product able to maximize use of existing products. "We asked a bunch of security executives and analysts, 'What is your biggest problem today?" Bhargava told SecurityWeek. "All of them replied that the problem is operational -- they simply do not have the staff to handle the volume of alerts generated by existing products. This is the problem we decided to solve through automation and orchestration."

SOAR is a relatively new product category -- but its value is already recognized. At the end of 2017, Gartner published a report suggesting that the share of organizations with security teams larger than five people that will leverage SOAR tools for orchestration and automation will rise from less than 1% today to 15% in 2020. A few months later, in May 2018, Gartner listed Demisto as one of its 'cool' vendors for 2018.

"It is clear," continued Bhargava, "that security teams are focused on deploying the next best technology product -- whether that's at the perimeter, or in the cloud, or on the endpoint. But few security teams focus on the operational side of security." With an increasing number of attacks, a growing number of products, and an increasing volume of alerts, analyst teams are simply overwhelmed be their workload. The result, he suggested, is that for many firms the operational side of security is in disarray.

"We decided that first of all we needed to develop a robust automation and orchestration platform that can enable workflows (whether manual or automated or a combination) to automate the analyst's response; and that the platform needs to integrate with hundreds of security products. We currently integrate with around 220 different security products. Secondly, we needed a component that would provide a very strong ticketing, or case management, system, designed to manage the workload of the security teams. This would include clear escalation and assignment processes -- and would need to tie in with the response workflow. Thirdly, we wanted a collaboration workbench able to give analysts the ability to work with their peers; because most security teams in large organizations are distributed across different locations."

The key to the Demisto platform is the playbooks. These automate a consistent method, or progression of steps, needed to handle the different types of alert generated by the security control products. "The playbooks are not built around specific threats or exploits, but on the methods of exploitation," explained Bhargava. "So, if you get a new type of threat -- say ransomware -- you need to check the malware playbook to see if it handles the new threat. If the answer is no, then you need to tweak the playbook."

Tweaking can be done in-house or remotely via Demisto. "If a customer improves a playbook, it gets shared to the rest of the Demisto community of customer analysts. The playbook is defined as content and kept separate from the product. If the product gets updated by Demisto, the playbooks remain unchanged."

What this means is that the alert handling process is not merely automated, it is continually improved -- and perhaps most pertinently, that expertise doesn't walk out the door when the analyst moves on to a different company (which is currently about every two years).

"SOAR products," suggests Roland Cloutier, Global CSO at ADP. "occupy a unique place in the security, risk, and privacy landscape because they weave an actionable and operational thread across the incident management, security, and even business process workflows. Business Protection and Assurance Data without action is incomplete, and SOAR tools fill that gap by ingesting aggregated alerts and instantiating workflows that automate security and business actions across the product stack. This frees up analyst time, investigative time, reporting time, and helps security, risk, and privacy teams leverage their existing business protection and management technology investments, ensuring their business is more prepared."

In measurable terms, Bhargava pointed to one customer (ESRI) that used the SOAR platform and reduced the alerts needing human intervention from a high of 100,000 per week, to roughly just 500 per week.


Imperva to be Acquired for $2.1 Billion by Thoma Bravo
11.10.2018 securityweek
IT

Cybersecurity solutions firm Imperva today announced that it has agreed to be acquired by private equity firm Thoma Bravo for roughly $2.1 billion in cash.

Imperva, which provides solutions such as DDoS protection, Web Application Firewall (WAF), and database security tools, said the company’s Board of Directors unanimously approved the agreement and believes the transaction will maximize stockholder value.

Under the terms of the agreement, Imperva stockholders will receive $55.75 per share in cash.

Upon the close of the transaction, Imperva will operate as a privately-held company and will maintain its corporate headquarters in Redwood Shores, California and continue to be led by its current executive team.

While Thoma Bravo is hopefull that the deal will close, the merger agreement provides for a 45-day “go-shop” period, during which Imperva’s Board and advisors may actively solicit alternative acquisition proposals and enter into negotiations with other parties.

“During this period, Imperva will have the right to terminate the merger agreement to enter into a superior proposal subject to the terms and conditions of the merger agreement. There can be no assurance this 45-day “go-shop” period will result in a superior proposal. Imperva does not intend to disclose developments about this process unless and until its Board has made a decision with respect to any potential superior proposal,” Imperva said.

Thoma Bravo has placed several large bets through investments in cybersecurity space in recent years.

In May, it announced that it would acquire a majority interest in Security Information and Event Management (SIEM) solutions vendor LogRhythm. In June, the firm acquired a majority interest in identity and access management (IAM) solutions firm Centrify.

Other investments in the sector include SonicWall, SailPoint, Hyland Software, Deltek, Blue Coat Systems, Imprivata, Bomgar, Barracuda Networks, Compuware and SolarWinds.

“Thoma Bravo has an excellent track record of supporting and adding value to leading cybersecurity companies, and we are delighted to bring on a partner with their caliber of strategic expertise,” said Chris Hylen, President and CEO of Imperva. “This transaction will provide immediate and substantial value to Imperva stockholders. The company will have greater flexibility to focus on executing our long-term strategy. We are excited to begin our partnership with Thoma Bravo.”


CloudKnox Raises $10.8 Million to Help Manage Cloud Privileges
5.10.2018 securityweek
IT

Cloud Security Company Raises $10.75 Million in Funding From ClearSky Security, Dell Technologies Capital and Foundation Capital

Losing control of accounts with elevated privileges is a major concern for all organizations, and can only be solved by enforcing a strict policy of least privilege. That is not easy, but even harder in hybrid cloud environments. It has been estimated that there are almost 8,000 separate actions -- or privileges -- available across AWS, Azure, Google Cloud and vSphere. Managing privilege to this amount of actions is almost impossible manually.

This is the argument behind startup firm CloudKnox Security. Founded in 2016 by Balaji Parimi and headquartered in the San Francisco Bay Area, CloudKnox has now raised $10.8 million in venture funding led by ClearSky Security with participation from Dell Technologies Capital and Foundation Capital. Dell Technologies Capital had been an investor in RedLock, which had raised a total of $12 million. Palo Alto Networks yesterday announced that it had agreed to acquire RedLock for approximately $173 million.

CloudKnox LogoCloudKnox delivers a platform that enables customers to manage the risk of over-provisioning privileges. "Enterprises today are focused on protecting their cloud environments by using tools that provide visibility into anomalous activity and then reacting to it," said Jay Leek, Managing Director at ClearSky Security and former Blackstone CISO. "Security leaders should approach the security of their cloud environments differently by getting ahead of the risks."

The CloudKnox platform uses activity-based access controls to detect identities (service accounts, APIs, bots, contractors or employees) with unused privileges based on actual activities versus static roles. It then allows the automatic revocation of unused high-risk privileges with a single click. The platform, announced the company, "autonomously prevents risks as it learns what activities identities are performing and enables organizations to dynamically and instantly revoke or grant privileges based on actual needs."

The iconic example of abused privilege can be seen in CodeSpaces, which was forced out of business when a hacker gained admin credentials and was able to delete the entire CodeSpaces AWS infrastructure, including backups.

"Today's dynamic infrastructure demands a different approach to manage risks," said Balaji Parimi, CEO and founder of CloudKnox Security. "One key stroke can deploy thousands of cloud workloads and can also destroy thousands of workloads and take down a business. Our approach is built on our belief that enterprises need a single cloud security platform that goes beyond visibility and provides a simple and flexible way to remediate and prevent risks without impacting productivity and trust."


Tanium Raises $200 Million at $6.5 Billion Valuation
4.10.2018 securityweek
IT

Emeryville, CA-based endpoint security and systems management firm Tanium announced on Tuesday that it has raised an additional $200 million through the sale of common stock, which raises the company’s pre-money valuation to $6.5 billion.

The funding round was led by Wellington Management along with Baillie Gifford & Company and Adage Capital Management, and brings the total amount raised by the company to nearly $800 million.

Founded in 2007, Tanium has been a hot candidate for an initial public offering (IPO), but appears to have put that idea on the back burner, noting that some of the funding “may be used to provide early investor and employee liquidity.”

When asked by if an IPO was on the horizon, Fazal Merchant, COO and CFO at Tanium, told SecurityWeek, “An IPO needs to be a natural evolution of the business. Typical reasons, such as the need for liquidity, aren’t relevant to Tanium at the moment. So, we’re going to maintain focus on the three things that will help ensure our success continues: customers, product, and our people.”

The company said it had approximately $320 million in cash and equivalents as of Jan. 31, 2018, and positive operating cash flow of $25 million.

It also said that its Annual Recurring Revenue of approximately $230 million was up over 80% from the prior year.

Tanium offers a platform that collects and processes billions of metrics across endpoints in real-time, which lets enterprises quickly identify the change the state of endpoints, which can help IT do everything from pinpoint and fix operational issues, to fend off cyberattacks.

In April 2017, the company came under fire when it was accused of exposing a California hospital’s network in a sales demos without client permission.


Palo Alto Networks to Acquire Cloud Security Firm RedLock for $173 Million
4.10.2018 securityweek
IT

Palo Alto Networks on Wednesday announced that it has entered a definitive agreement to acquire cloud security company RedLock for roughly $173 million in cash.

The acquisition is expected to be completed in Palo Alto Networks’ first fiscal quarter. RedLock co-founders Varun Badhwar and Gaurav Kumar will join Palo Alto Networks as part of the deal.

RedLock’s AI-powered Cloud 360 platform helps organizations protect their public cloud environments by providing deep visibility, threat detection, risk prioritization, remediation, and incident response capabilities.

Palo Alto Networks already provides a wide range of security services for cloud environments. Its offering was expanded earlier this year following the acquisition of Evident.io for $300 million in cash.

It now plans on combining Evident and RedLock technologies to provide a single offering that encompases cloud security analytics, continuous security, threat detection, and compliance monitoring. The new offering is expected to become available early next year.

“We are thrilled to add RedLock's technology to our cloud security offerings,” said Nikesh Arora, chairman and CEO of Palo Alto Networks. “The addition of their technologies allows us to offer the most comprehensive security for multi-cloud environments, including Amazon Web Services, Google Cloud Platform and Microsoft Azure, and significantly strengthens our cloud strategy going forward.”


Industrial Cybersecurity Firm Nozomi Networks Raises $30 Million
27.9.2018 securityweek
IT

Industrial cybersecurity solutions provider Nozomi Networks announced on Thursday that it has raised $30 million in a Series C funding round.

The company’s latest financing round was led by Planven Investments SA with participation from GGV Capital, Lux Capital, Energize Ventures (formerly Invenergy Future Fund) and THI Investments – all previous investors.Nozomi raises $30 million in Series C funding

The funds will be used to broaden the company’s global presence and continue expansion in the research and development department.

The company has raised a total of nearly $54 million, including $7.5 million in October 2016 and $15 million in January 2018.

Nozomi says it has already exceeded its annual revenue goals with over 1,000 product installations that monitor more than 300,000 industrial devices in the oil and gas, utilities, pharmaceutical, manufacturing, chemicals, mining and other critical infrastructure sectors.

Learn More at SecurityWeek’s 2018 ICS Cyber Security Conference

The company’s flagship solution, SCADAguardian, aims to improve ICS resiliency and provide real-time operational visibility by leveraging machine learning and behavioral analysis. Nozomi claims its product can automatically track industrial assets and their cyber security risk, monitor ICS networks, remotely secure large and distributed industrial networks, rapidly detect cyber threats and risks, and reduce forensics efforts.

“Since our initial investment in the company, we’ve only grown more excited about this market and in Nozomi Networks management team’s ability to build a global enterprise software company. Nozomi Networks is a customer-focused and reliable organization and it is uniquely positioned to address its clients’ most advanced ICS cybersecurity threats,” said Giovanni Canetta Roeder, CEO of Planven Investments. “Now is the right time to double down on our investment in Nozomi Networks.”


Accounting Firm Moss Adams Acquires Cybersecurity Firm AsTech
22.9.2018 securityweek
IT

Moss Adams (an accounting firm founded 105 years ago) has merged in AsTech Consulting (a cyber risk management firm founded 21 years ago). Moss Adams is the thirteenth largest tax company in the U.S., and the leading firm on the West Coast. AsTech is a successful West Coast tech firm that counts the nation's third largest bank among its clients.

Terms of the arrangement have not been disclosed. However, 13 Astech staff will be joining Moss Adams, and AsTech founder Greg Reber becomes a partner in the accountancy firm.

The advantages of the acquisition are clear for both firms. AsTech is introduced to a wide range of important Moss Adams clients, while Moss Adams can improve the cybersecurity offerings to its clients and prospects. The combination of accounting and security advice is a well-established service -- consider America's largest tax firm, PwC.

"Accounting firms are in a trusted position with their clients," Reber told SecurityWeek, "many times acting as an extension of them. This means that they have access to very sensitive financial information and plans. The same can be said for cybersecurity consulting firms. We have very sensitive information regarding a firm's security vulnerabilities and plans to remediate over a certain time period in which they are quite exposed."

Eric Miles, partner in charge of the Moss Adams advisory services practice, said, "We recognize that our clients have a growing need for help with cybersecurity. The high-caliber technical expertise at AsTech will be a critical facet in safeguarding our clients' information technology."

It is natural, continued Reber, "that the clients of accounting firms are asking for cybersecurity assistance from their ëtrusted partner'. We see many of the accounting firms offering these services now, and I believe that this trend will continue. In Moss Adams' case, they have developed a cybersecurity practice over the past couple of years, and are expanding that offering with the addition of AsTech's application security expertise."

The combination provides AsTech with access to existing Moss Adams infrastructure, resources and client relationships, allowing AsTech to grow its own client base. For Moss Adams, it doubles the practice's current security headcount with specialist application security expertise. Both sides believe the arrangement provides a strong growth opportunity their cybersecurity consulting capabilities.

Moss Adams was founded in 1913, and is headquartered in Seattle. It has more than 2,900 staff, and offices in Washington, Oregon, California, Arizona, New Mexico, Kansas, Colorado, and Texas. It offers accounting, consulting, wealth management, assurance, and tax -- and now specialist cybersecurity -- services.

Astech Consulting, based in San Francisco, California, was founded by Greg Reber in 1997. In October 2017, it offered a $1 million guarantee for its Qualys Managed Services offering. Its chief security strategist told SecurityWeek at the time, "We first did it with a security program we call Paragon which is specifically for application security: code review and vulnerability analysis and help with remediation, and we ensure that you will not be breached with a $5 million guarantee."


Rapid7 Adds Automation, Orchestration Capabilities to Insight Platform
22.9.2018 securityweek
IT

Rapid7 announced on Thursday that its Insight Platform now features automation and orchestration capabilities through a new tool called InsightConnect.

The new capabilities, which Rapid7 obtained following the acquisition of security automation and orchestration provider Komand in July 2017, should help security, development and IT teams reduce manual workloads and streamline their tasks.

Rapid7 says there are many potential use cases for InsightConnect. For instance, teams can connect their existing tools using a library of more than 200 plugins. The vulnerability patching process can also be improved through orchestration, and so can threat detection, containment and response processes by connecting threat detection to containment tasks.

Rapid7 improves Insight Platform

The new capabilities can also make it easier for IT teams to address threats, vulnerabilities and misconfigurations by automatically creating service tickets.

Rapid7’s Insight Platform has several components, including for vulnerability management (InsightVM), secure application development (InsightAppSec), phishing (InsightPhish), incident detection and response (InsightIDR), and operational control centers (InsightOps).

The company announced that InsightVM and InsightIDR will soon include pre-built automation functionality that will enable organizations to implement automation and orchestration processes for vulnerability remediation, threat containment and other tasks.

“Technology is being deployed faster than organizations can secure it, and that has placed an enormous burden on security, IT, and development teams that are often understaffed and overwhelmed by the sheer volume of manual work that needs to get done,” said Lee Weiner, chief product officer at Rapid7. “We believe automation and orchestration capabilities are vital for these teams, and will allow them to be more strategic and effective in securing their environments.”

InsightConnect and the new automation features for InsightVM and InsightIDR will be available in the U.S. starting October 1. They are expected to become available globally throughout the rest of 2018 and into 2019.


Symantec Launches Free Election Security Service
20.9.2018 securityweek
IT

Symantec on Tuesday announced the launch of a new service that aims to make elections more secure by helping candidates and political organizations improve their security posture and detect fake websites.

With midterm elections coming up in the United States, tech companies and government agencies have launched various products and initiatives aimed at improving election security.

The threat is not just theoretical. Microsoft revealed last month that it had spotted and disrupted several election-related domains apparently set up by a Russia-linked threat actor.

Symantec has now also joined the list of companies offering election-related solutions with a free service. The main tool is Project Dolphin, an anti-phishing service that leverages Symantec technology and the cybersecurity firm’s massive telemetry to discover spoofed versions of legitimate websites.

According to the company, political candidates and campaigns can sign up and they will be notified if Symantec discovers a fake version of their website. While the service is targeted at political campaigns, it can be used for free by anyone interested in finding spoofed versions of their site.

Symantec told SecurityWeek that fake websites are identified based on domain names, page content or code stolen from the targeted site, and various other technologies and methods.

“Image analysis is particularly effective, using Deep Learning image recognition techniques to create a ‘fingerprint’ of the legitimate website which will then recognize it elsewhere on the internet,” Symantec explained. “The success of a phishing attack is dependent on the victim believing they are seeing a legitimate webpage. Attacks can’t look like and not look like the targeted page at the same time, so cybercriminals have their hands tied in trying to defeat this technology.”

The telemetry leveraged by Project Dolphin comes from a number of sources, including 2.4 billion emails and 1.8 billion web requests the company sees every day, and data collected from 175 million business and consumer endpoints. In addition, Symantec’s so-called “spiders” crawl the web to harvest telemetry on both good and bad sites.

The Dolphin Project is not the only resource available as part of the new election security service. Symantec also provides election security best practices for poll workers, voters and government officials; training videos on how to spot and block tampering attempts; aggregated news; and blogs containing analysis, tips and other relevant information.


Fidelis Cybersecurity Raises $25 Million
20.9.2018 securityweek
IT

Fidelis Cybersecurity, a Bethesda, MD-based company that provides automated threat detection and response solutions, on Tuesday announced that it secured a $25 million growth capital investment.

The funding, which brings the total raised by the company to date to nearly $50 million, will be used to extend product innovation, support business growth, and invest into the company’s 24x7 Managed Detection and Response (MDR) service. The round was led by existing investors.

Fidelis’ Elevate platform provides automated detection and response capabilities for network, cloud, endpoint and enterprise IoT systems. The 24x7 MDR service complements the platform by providing security experts for threat hunting and investigations.

“Our investors recognize Fidelis’ strong value proposition and ability to execute in a dynamic marketplace,” said Nick Lantuh, President and CEO of Fidelis Cybersecurity. “We are making significant investments in innovation to accelerate how security operations and incident response teams react to, manage and hunt for threats. We are doing this by building on our market-leading network traffic analysis solution which provides organizations with full visibility across their attack surface. By combining our patented technology, unmatched expertise and curated intel from our threat research team, we provide customers with deep visibility across increasingly complex environments, more accurate detections and the capability to respond faster and more effectively to threats and data loss.”

Fidelis customers include 15 Fortune 500 companies, 20 Forbes Global 2000 firms and nearly a dozen government agencies in the United States and elsewhere. Its website lists Barclays, the US Department of Energy, Emirates, the International Monetary Fund, NATO, Samsung Research America, and the U.S Air Force among its customers.

Fidelis acquired two companies in the past years: Resolution1 Security in 2015 and TopSpin Security in 2017.


Altaba Settles Yahoo Breach Lawsuits for $47 Million
18.9.2018 securityaffairs
IT

Altaba, the investment company that resulted from Verizon’s $4.5 billion acquisition of Yahoo’s Internet business last year, has agreed to settle consumer class action lawsuits triggered by the massive data breaches suffered by Yahoo in the past years.

Yahoo revealed in September 2016 that its systems had been breached in late 2014 by what it believed to be a state-sponsored threat actor that had managed to access data from at least 500 million accounts.

In December 2016, the company announced a different breach, one that dated back to 2013, which impacted one billion user accounts. In October 2017, Yahoo admitted that the 2013 hack actually impacted all of its 3 billion users.Altaba Settles Consumer Class Action Lawsuits Related to Yahoo Breach for $47 Million

Several class action lawsuits were filed and the US Securities and Exchange Commission (SEC) launched an investigation into how the breaches were disclosed.

In a letter to shareholders, published on Monday on the SEC’s website, Altaba CEO Thomas J. McInerney revealed that the company expects to incur $47 million in settlement expenses related to three breach-related lawsuits.

“We are also pleased to announce today that we have reached an agreement in principle (subject to court approval) to settle the consumer class action litigation related to the Yahoo data breach. We have also received final court approval of the securities class action settlement, and we have negotiated an agreement to settle the shareholder derivative litigation (subject to court approval). We estimate that the Company will incur an incremental net $47 million in litigation settlement expenses to resolve all three cases,” McInerney wrote. “Together, these developments mark a significant milestone in cleaning up our contingent liabilities related to the Yahoo data breach.”

The latest breach-related settlement comes after Altaba in April agreed to pay a $35 million penalty to the SEC for not disclosing the 2014 breach to investors. In addition, a judge recently approved an $80 million settlement that Altaba agreed to pay after being accused of misleading investors about a total of four data breaches.

Commenting on the latest settlement, Ilia Kolochenko, CEO of web security company High-Tech Bridge, said, “Class actions are known to provide their members with very modest compensation compared to individual lawsuits. The settlement (subject to approval by court) makes slightly above $10 per breached account – a scanty amount in the GDPR era. Should a similar data breach happen today with the same disclosure timeline and similar circumstances, the amount of settlement could be significantly higher. Therefore, I think this is a considerable legal victory for Yahoo’s legal team.”


One-Third of Data Breaches Led to People Losing Jobs: Kaspersky
14.9.2018 securityweek IT

Nearly one-third of data breaches suffered by companies around the world have resulted in someone losing their job, according to a study conducted earlier this year by Kaspersky Lab.

The cybersecurity firm has interviewed nearly 6,000 people across 29 countries for its annual Global Corporate IT Security Risks Survey. Respondents worked for companies of various sizes, including small businesses with less than 50 employees and major corporations with over 1,000 workers.

The study found that, globally, 31% of incidents led to employees being laid off. China was the country with the highest percentage of senior IT security staff being laid off as a result of a data breach. People holding a senior IT role lost their job in roughly one-third of cases, with similar percentages across the globe.

Kaspersky’s survey shows a significant difference in the chances of C-level executives and presidents losing their job over a data breach in various parts of the world. In North America, for instance, 32% of CEOs and other C-level managers were laid off following a data breach – this is the region where the C-suite is most likely to lose its job.

In other parts of the world, company leaders losing their job following a data breach is far less likely. In Russia, for example, the C-suite was only blamed in 7% of cases and in Japan the percentage is even lower at 5%.

Which employees are most likely to lose their job following a data breach in different parts of the world

Other non-financial consequences of a data breach – on a global level in enterprises – included additional security policies or requirements (38%), changing security vendors or service providers (35%), engaging with a breach notification services provider (33%), and changing authentication procedures for customers (29%).

North American businesses are the most affected by data breaches, with over 40% of respondents saying their organization had suffered at least one breach. Enterprises are more likely to get hit, compared to small and medium-sized businesses, and 68% of enterprises that suffered a data breach claimed to have suffered at least two incidents.

When it comes to compensations and fines after a breach, companies in China and the rest of the APAC region are most likely to pay compensation to clients or customers, but half of the companies from North America also reported doing the same. Companies in China, APAC and North America are also most likely to have problems with attracting new customers following a data breach, according to Kaspersky’s report.

“While a data breach is devastating to a business as a whole, it can also have a very personal impact on people’s lives — whether they are customers or failed employees – so this is a reminder that cybersecurity has real-life implications and is in fact everyone’s concern,” said Dmitry Aleshin, vice president of product marketing, Kaspersky Lab. “With data now traveling on devices and via the cloud, and with regulations like GDPR becoming enforceable, it’s vital that businesses pay even closer attention to their data protection strategies.”


Report: Kansas Plans to Spend $4.6M on Election Security
14.9.2018 securityweek IT

Kansas plans to spend more than $4.6 million on election security grants over the next five years as it aims to tighten cyber security, modernize voting equipment, audit election results and safeguard voter rolls, according to a report released Thursday.

The U.S. Election Assistance Commission released the Kansas plan for its share of the $380 million allocated by Congress to strengthen voting systems amid ongoing threats from Russia and others. Nearly all the other states had released plans for their election security grants last month, but Kansas had gotten an extension to turn in its report.

Kansas has already received the more than $4.34 million that it sought from the federal government under the program, and the state kicked in about $219,000 in matching funds.

Kansas Secretary of State Kris Kobach told the federal commission in a letter that about half of its grant would be spent to increase and supplement its cyber security efforts at all levels of election administration. He said the state will supplement existing staff with security experts who are outside of state or local government.

Funds would also be made available to local governments to upgrade and supplement security and train county election personnel, Kobach wrote.

Nearly $1.07 million has been budgeted to ensure every voting machine in Kansas has a verifiable paper audit trail, according to the budget breakdown. The majority of counties in the state already have a paper-based system, Kobach said.

The state also slated more than $733,000 to improve security of the statewide voter registration system.

Beginning in January, Kansas will conduct post-election audits after every election. Its plan set aside $450,000 to implement the new auditing procedures at state and county levels.

The remaining funds would be used to create and train election officials to better communicate with the voting public and media as well as other government agencies.


Trend Micro, HITRUST Launch New Cyber Risk Management Firm Cysiv
14.9.2018 securityweek IT

Cybersecurity solutions provider Trend Micro and HITRUST, a non-profit organization that promotes the protection of sensitive data, have joined forces to launch a new company that offers cyber risk management services.

The new company, named Cysiv, will provide risk management services to select enterprises in the United States. Cysiv aims to address several challenges that make it more difficult for organizations to defend themselves against cyberattacks and prevent breaches, including the shortage of skills, alert fatigue, rising costs, and product complexity.Trend Micro and HITRUST launch Cysiv

Cysiv offers experts whose role is to provide in-house security teams a variety of services, including hybrid cloud security, network IPS, user protection, advanced threat detection, and deception technologies.

In support of its monitoring and management offerings, Cysiv also offers product deployment, digital forensics, and incident response services.

Customers will pay for Cysiv services on a monthly basis depending on the services they require.

Cysiv will leverage Trend Micro’s cybersecurity platform, security research, and threat intelligence. HITRUST will provide expertise in threat information sharing, and compliance and risk management. Trend Micro and HITRUST have been partners for several years.

“The AI-powered security operations and analytics platform that’s at the heart of this new service is part of our on-going efforts to enable the SOC with greater visibility, and to add more actionable intelligence and automation to enterprise security,” said Eva Chen, co-founder and CEO of Trend Micro. “We’re excited by its immediate value to Cysiv customers, and more broadly by its longer-term potential for Trend Micro customers and partners.”

“Insights from both our risk management and information sharing service, clearly demonstrate that organizations of all sizes are struggling to effectively implement and operate their cyber defenses in today’s escalating threat environment,” commented Daniel Nutkis, CEO of HITRUST. “This new venture leverages the tremendous experience we’ve gained in conducting assessments, in managing a threat sharing platform and ultimately helping customers manage their cyber risks.”


Bomgar to Acquire BeyondTrust
14.9.2018 securityweek IT

Atlanta-based Privileged Access Management (PAM) solutions provider Bomgar today announced a definitive agreement to acquire BeyondTrust, from an affiliate of Veritas Capital.

Both companies already have strong PAM offerings. Bomgar’s solutions secure privileged credentials, remote access sessions, and endpoints, while BeyondTrust’s extensible PAM platform helps customers scale privileged security across endpoint, server, IoT, cloud, and network device environments.

Bomgar, which was acquired by Francisco Partners earlier this year (from private equity group Thoma Bravo), announced in the beginning of August that it had completed the acquisition of Massachusetts-based endpoint privilege management company Avecto.

Based in Phoenix, BeyondTrust was acquired by Veritas Capital in 2014 for an undisclosed price. The company says it has a global partner network that serves more than 4,000 enterprises.

The combined company, which will retain the BeyondTrust brand, should provide a comprehensive PAM portfolio to their more than 19,000 customers worldwide. Combined, Bomgar and BeyondTrust have over 800 employees across 14 countries.

The combined company will be led by Matt Dircks, CEO of Bomgar, and will be headquartered in Atlanta, GA.

“The greater scale and resources of the combined company will allow us to accelerate innovation and deliver technology that protects our customers from constantly evolving threats,” Dircks said.

The transaction is expected to close in October. The terms of the deal were not disclosed.

Additional details on the integration and on the resulting products will be provided in the coming weeks or months.


VPN Company AnchorFree Raises $295 Million
6.9.2018 securityweek IT

AnchorFree, the company that makes the popular Hotspot Shield virtual private network (VPN) software, on Wednesday announced that it raised $295 million in a new funding round.

The latest funding brings the total raised by the California-based company to nearly $358 million, which represents a significant amount for a VPN services provider. These types of services have become increasingly popular following the numerous privacy-related scandals involving governments and private firms.

The round was led by media and tech investment group WndrCo with participation from Accel, 8VC, SignalFire, Green Bay Ventures and other investors and executives. Representatives of WndrCo and Accel have joined the company’s board of directors.

According to AnchorFree, the newly secured funds will be used to “further product development and market expansion and drive M&A activity.”

AnchorFree claims its products provide enterprise-level privacy and security for consumers’ mobile devices. This includes protection against ISPs and websites collecting identity data, compromised public Wi-Fi connections, phishing attacks, and malware.

The company, led by CEO and co-founder David Gorodyansky, says its products have been downloaded over 650 million times by users across 190 countries, with 250,000 new downloads each day.

AnchorFree also offers a VPN solution for small and medium-sized businesses, Hotspot Shield for Business. Its VPN technology, called Hydra, has been widely adopted by app developers and licensed by many of the world’s cybersecurity and telecoms companies.

“Anyone who accesses the Internet is vulnerable to data theft and an invasion of online privacy which has real, impactful consequences, and David and the AnchorFree team are deeply mission-driven to address this,” said WndrCo Founding Partner Sujay Jaswa.

“AnchorFree has the two most-downloaded mobile security products, including the #1 mobile VPN product, because they have the fastest most robust technology and they work for the needs of consumers, protecting against phishing, malware, and spam in addition to providing secure Internet access. This growth will only accelerate as the world’s Internet security problems continue to grow, and we look forward to supporting David and his team as they further AnchorFree’s global success in tackling this outstanding market opportunity,” Jaswa added.

AnchorFree was accused last year by the Center for Democracy & Technology (CDT), a nonprofit technology advocacy organization, of collecting user data through Hotspot Shield and sharing it with advertisers. The CDT filed a complaint with the U.S. Federal Trade Commission (FTC) over these allegations. AnchorFree has denied the accusations.

Earlier this year, a researcher disclosed the details of a vulnerability that exposed the names and locations of Hotspot Shield users. The expert made his findings public after claiming that the vendor ignored his attempts to report the flaw. A patch was released a few days later.


What Happens to Whistleblowers After They Blow the Whistle?
31.8.2018 securityaffairs  IT

Whistleblowers are a controversial subgroup of the modern workforce. What Happens to Whistle Site after they reveal uncomfortable truths?
Whistleblowers are a controversial subgroup of the modern workforce. Although their intentions are often pure and they frequently uncover wrongdoings or shortcomings in their particular niche, there are usually some consequences too.

Complicating matters even further is the relative ease of reporting suspected misdeeds in the 21st century. Uncovering wrongdoings in the past often stemmed from hands-on experience with a company — and it usually took years to build a case.

With the popularity of the internet, whistleblowers are now emerging in the most unlikely of places. Now it only takes seconds to spread the word about a company’s misdeeds — whether they’re true or not.

Immediate Consequences

Although whistleblowers are guarded in the United States by the Whistleblower Protection Act of 1989, the amount of protection is minimal — and it doesn’t provide any coverage for the potential fallout of blowing the whistle.

Per a 1990 survey by McMillan, 90 percent of U.S.-based whistleblowers lost their jobs or received demotions, and 27 percent faced legal issues — including defamation. On the darker side, 10 percent eventually attempted suicide as a result of their actions. Another survey, conducted by Whistleblowers Australia (WBA) in 1993, revealed similar numbers.

According to the WBA’s survey, companies often use informal or subversive tactics to punish a whistleblower who remains a part of their organization after the fact. Common strategies include isolation from workplace or industry peers, removal of normal work duties and responsibilities and other disciplinary actions.

Most states have also enacted laws and anti-retaliation clauses for whistleblowers, but these protections only go so far. They also require the whistleblower to prove that the retaliation is a direct result of their whistleblowing, and that’s not always an easy task.

The amount of potential retaliation also depends on the whistleblower’s status as a public or private sector employee. It’s much safer to report wrongdoings and misdeeds in the public sector, as these issues often affect public health or safety and are almost always covered by local laws. Those in the private sector don’t always have such protection.

Whistleblowers

Long-Term Effects

Smaller, localized incidents tend to disappear after some time. While there are some famous cases and prominent names that are forever cast as whistleblowers — like Erin Brockovich and Edward Snowden — those cases are the exception.

Most whistleblowers have to leave their current job — especially if the issue involves their employer. Others accept a demotion or reassignment within the same organization, but these new positions typically don’t last very long.

Some whistleblowers go bankrupt during the process. It takes a lot of time to build a case and shed light on a company’s misdoings. Presenting the issue in a court of law adds weeks — and sometimes months or years — to the otherwise straightforward task of whistleblowing. Making matters worse is the fact that most court cases are not settled in the complainant’s favor.

Others have to relocate to another state or, in the most extreme cases, another country entirely. Edward Snowden, a U.S.-born citizen and former member of the CIA, currently lives under asylum in the Russian city of Moscow. Their government recently decided to extend his right to asylum until 2020 at the earliest.

Living Productively After Blowing the Whistle

The act of whistleblowing sometimes has unintended consequences that reach beyond the individual complainant, the offending company and the local community.

While it often addresses the misdeeds of corporations and governments around the world, the individuals who shed light on these shady acts are often targeted — legally or illegally — by those who don’t agree with their tactics for one reason or another.

Whether they’re seen as martyrs or miscreants, their lives are usually changed after the fact.


Hacktivist Drama 'Mr. Robot' to End With 4th Season in 2019
30.8.2018 securityweek IT

LOS ANGELES (AP) — The hacktivist thriller "Mr. Robot" is coming to an end.

USA Network said Wednesday the drama series starring Emmy Award-winner Rami Malek will air its fourth and final season in 2019.

In a statement, "Mr. Robot" creator Sam Esmail says he decided that it was time to bring the story to a close next season.

"Mr. Robot" will conclude the way he'd envisioned it since it began, Esmail says.

Malek plays Elliot, a troubled cyber-security engineer and hacker who's drawn into a revolutionary movement.

Christian Slater also stars in the Peabody Award-winning drama.

An air date for the final season of "Mr. Robot" was not announced.


What the Blockchain Taught Us about IT Security
30.8.2018 securityaffairs IT

It is not just about security, but in utilizing Blockchain to secure your company and your information.
With how fast technology is improving and being included in everyday activities or jobs to make them fast and efficient, it is important to make sure you are secured, especially when on the internet. You can have your own internet security installed, but if you are planning on running a reliable business you will need a strong and trusted company to provide secure IT systems and support. But it is not just about security, but in utilizing Blockchains to secure your company and your information.

blockchain

What Does IT Stand For?

IT stands for Information Technology and it is basically all the technological advances we have made as a society. At first, IT was slow to start and no one believed that it would go far. But with how much IT has helped and made things easier for people, it is not a wonder why it has become a need for social progress. IT helps the American economy create new products, find the full potential in their employees, participate in global events and company offers, and even manage their own companies.

Without the improvement or advances of IT, we as a society would not be the high functioning one that we are now. But no matter how advanced our technology becomes, IT is ever the more prone of being abused and used to access private and sensitive information. That is why it is vital to have some sort of protection on the company’s system. It cannot be just any simple protection, it has to be a strong form of protection in order to protect the vital and important information. That is where blockchains come in.

What is a Blockchain?
Blockchains can be hard to understand, especially if you do not know many technological terms. Blockchains were originally used as a type of online currency, such as Bitcoin, the original blockchain. But as of recent, large scale companies are starting to use blockchains as a type of database that stores, shares, and maintains data across other businesses. There are different types of databases that blockchains can create and maintain and it is up to the company to decide on which ones work for them. They types of Blockchains are:

Public Blockchains
Blockchain-Inspired Cryptocurrencies
Private Blockchains
Public blockchains are openly available to the public and anyone with a computer can go on, see the data, and update it without needing any special permissions.

Blockchain-Inspired cryptocurrencies record ledgers that anyone can access, but it does need some connection to a business or company.

Private blockchains are secure and personal and are only meant to be shared among a certain group of computers and are not available for the public to access.

Each type of blockchain has its own benefits and security levels, so it is up to the company to decide just how secure they want their information to be.

What Type of Blockchain Technologies are there?
There are five types of blockchain technologies that you should look out for if you are considering adding blockchain technology to your business or company.

Smart Contracts
Blockchain-as-a-Service
Energy Efficiency
Permissioned blockchains
Tangle
Smart contracts do exactly as you direct them to based on an input of coded instructions. They are reliable if you require certain business actions to be completed at certain times in a specific way.

Blockchains-as-a-Service offers everything businesses need in order to start a blockchain in case the businesses are unable to start one themselves.

Energy efficiency tries to reduce the amount of energy needed in order to create and maintain blockchains by operating on a recycled or proof-of-work energy cycle.

Permissioned blockchains are used mainly by banks and governments to provide control over who can make transactions and who can create changes.

Tangle is a blockchain without being a blockchain. It takes all of the advances blockchains have and tries to improve on the limitations.

It is a lot of information to take in, especially when first starting out on trying to use blockchains. But it can become relatively simple with the right help and understanding of how blockchains can be an ideal form of security on the web.

How are Blockchains Helping in Online Security?
Blockchains and crypto currencies are rising in usage more and more each year with every technological advance. As businesses start to rely more on technology and online use, they have to be careful to make sure that they are safe and their information does not fall into the wrong hands. Blockchains work to make businesses and companies feel secure about storing their information online to make it easier to access and be used by others within the company. Blockchains work to create strong, impregnable walls that are hard to break through without the proper permissions.

Is this a Worthwhile Job?
Companies should invest in learning how to use blockchains or to train others in the skill since it seems like blockchains will be in high demand within the next year or so. It is still a relatively new concept, so while it is still starting out companies will be looking for the best blockchain engineers. The great thing about learning the blockchain skill is how versatile it is. Almost every type of company could use and benefit from the security blockchains offer. It has the potential to change lives just like the internet originally did when it first came out.

Blockchains are still a new concept that not everyone has heard about or fully understand the potential that it has. It will take some time for companies to start using blockchains instead of their previous security systems, but the change is expected to happen in around a year. You can be assured that blockchains will soon become normality when it comes to online security. It is best to start researching on blockchains, what they can be used for, and what you can do to make the transition easier.


Lacework Raises $24 Million to Expand Cloud Security Business
29.8.2018 securityweek IT

Mountain View, Calif-based Lacework has closed a $24 million Series B funding round with Sutter Hill Ventures, bringing the total raised, including Series A early stage venture funding, to $32 million.

The company was founded in 2015 by Sanjay Kalra (chief strategy officer) and Vikram Kapoor (CTO). Stefan Dyckerhoff, MD at Sutter Hill Ventures, is CEO.

The new funding will be used to accelerate Lacework's sales and marketing efforts. "The product became available about a year ago," Dyckerhoff told SecurityWeek; "and with minimal sales and marketing we have achieved thirty happy customers with more in the pipeline. It's time to rev up our sales and marketing efforts."

Lacework is a SaaS platform designed to enable security in public cloud implementations "automatically, at speed, end-to-end, and with scale," he explained. "So, just like you're doing DevOps and automation on the development side in the public cloud, we think we have built a platform that can achieve the same thing on the security side while maintaining a very high degree of efficacy."

As soon as the product is deployed, it starts to automatically discover the customer's environment. It tells the customer what parts of the environment are in compliance and what is out of compliance. It detects things that shouldn't be happening, and helps the customer to remediate them.

It is not a complete security product in itself, but a platform that enables the customer to do security properly and at scale. For example, it doesn't operate like a CASB -- it doesn't locate rogue storage accounts operated by staff on shadow IT. It does, however, monitor and record everything that happens on the client's cloud account. "We do see is misuse or rogue use of existing S3 buckets," explained Dyckerhoff.

Sometimes, this can include employees using what's available just because it's easy. "For example," he continued, "if developers know an account exists, would you really know if they fired up a new AWS Region in Japan over the weekend? The answer is probably 'no' -- unless you use a tool like Lacework."

Lacework sees everything that happens within the cloud account. "We have found attacks in this same category," said Dyckerhoff. "We detected live instances of bitcoin mining in one of our customers where the compromised credential of a developer was used to fire up a different Region to do bitcoin mining. With conventional tools there would have been no way to catch that. So, we don't help with small accounts set up by the employee with his own funds; but for misuse of the corporate account, we absolutely catch everything."

It is the ability to see everything that happens that gives Lacework the capacity to monitor compliance. Where regulations are mature -- such as PCI and HIPAA-- it is able to deliver traffic-light compliance reports immediately. GDPR is a little different because the regulation is so new and enforcement practices are still unknown. Nevertheless, Lacework's ability to continuously monitor the entire cloud account can highlight moments when the company does or is in danger of slipping out of GDPR compliance.

"Right now," he suggests, "the key questions for GDPR compliance are 'where is my data?' and 'who accessed it?'. These are questions that can absolutely be answered by Lacework."

Assuming the company knows where its GDPR-sensitive data is stored, Lacework will discover every API call made within the account. "We know every S3 bucket and which API called it," explained Dyckerhoff. "We keep that data over time. But we also map out the applications. So, once we are fully deployed we will know exactly which process talked to which other process, how that relates to an API call, and whether it resulted in an S3 transaction or a network transaction."

The customer gets all these records, and can see if there is an API call to a location storing EU PII that did not come from another EU location. "For GDPR," he continued, "you must not miss a single transaction -- and that's what we provide. The customer still needs to know what is his GDPR data and where it is stored; but from then on, we can show all legitimate and illegitimate access to that data, demonstrating whether his storage data is in compliance or out of compliance with GDPR."

Dyckerhoff believes that the cloud marketplace is accelerating rapidly. "Over the last 12 months," he said, "cloud has progressed from early adopters to early mainstream adopters. A better understanding of the 'shared responsibility' security model is emerging. Our platform assumes the cloud is there. We have all the APIs and data sources that allow us to do automated discovery and analysis and gives the customer the tools to use the cloud securely.

"The cloud is certainly no less secure than on-prem; but it's very different. The cloud is secure if you make it secure; but you have to think about it in a new way. Lacework helps to do that."

In May 2018, Gartner include Lacework in its '5 Gartner Cool Vendors in Cloud Security -- 2018.' It said, "Lacework addresses the challenges enterprises face via their Polygraph technology. Polygraph combines cloud resource monitoring, data collection and correlation, and strong visualization. Lacework also provides threat insights into cloud environments as well as security automation tools."


FireEye: Tech Firms' Secret Weapon Against Disinformation
28.8.2018 securityweek IT

NEW YORK (AP) — This week has seen major social media sites step up their policing of online disinformation campaigns.

Google disabled dozens of YouTube channels and other accounts linked to a state-run Iranian broadcaster running a political-influence campaign.

Facebook removed 652 suspicious pages, groups and accounts linked to Russia and Iran.

Twitter took similar action shortly thereafter.

What did they have in common? The security firm FireEye.

Best known for its work on high-profile cyberattacks against companies including Target, JPMorgan Chase and Sony Pictures, FireEye is emerging as a key player in the fight against election interference and disinformation campaigns.

Founded in 2004, FireEye is based in Silicon Valley and staffed with a roster of former military and law-enforcement cyberexperts.

"They've really become the Navy SEALs of cybersecurity, especially for next-generation cybersecurity threats," said GBH Insights analyst Dan Ives.

Lee Foster, manager of information operations analysis at FireEye, said his team works within the company's intelligence outfit, which researches not only "info-ops" — like the Iran-linked social media activity it recently uncovered — but espionage, financial crime and other forms of vulnerability and exploitation. Specialist teams at FireEye focus on particular areas of cyberthreats, each with their own expertise and language capabilities.

"We kind of operate like a private-sector intelligence operation," he said.

FireEye was founded by Ashar Aziz, who developed a system for spotting threats that haven't been tracked before, unlike older companies that sold firewalls or anti-virus programs that block known malware.

Aziz, a former Sun Microsystems engineer, created a system that uses software to simulate a computer network and check programs for suspicious behavior, before allowing them into the network itself.

FireEye raised its profile in 2014 by acquiring Mandiant, known for expertise in assessing damage and tracing the source of cyberattacks. Mandiant founder Kevin Mandia, a former U.S. Air Force investigator, is now FireEye's CEO.

While businesses are spending more on information security, FireEye itself has spent heavily on research, development, sales and marketing. That has led to struggles to remain profitable, as heavy investments offset revenue growth.

Mandia said that during the three months ended June 30, FireEye's email security found 6 million spear-phishing attacks, a type of hacking, and its security products alerted companies of attempts to breach security 29 million times. That's important, Mandia said, because most of FireEye's products are deployed behind their client's existing firewalls or antivirus software, so everything FireEye catches has already evaded other defenses, he said.

"We are the investigators called in when the processes, people, and technology fail to prevent a security breach or incident," he said. "We find the gaps in the security fabric and we find the needle in the haystack."

FireEye Inc.'s second-quarter revenue rose 6 percent to $203 million but it lost $72.9 million, or 38 cents per share. That met Wall Street's expectations, but its shares fell as investors expected more.

That's a common problem in the white-hot cybersecurity sector, which includes competitors like Palo Alto Networks, CloudFlare and Check Point. The companies are facing high expectations as the cybersecurity market booms, fueled by heightened cyberattacks and hacking fears.

"As the space has become more competitive ... profitability and growth has been a challenge for (FireEye)," Ives said.

Still, FireEye's stock jumped 6 percent on Thursday when news broke of its role in uncovering the fake accounts on YouTube, Facebook and Twitter. It was up another 3 percent Friday.

FireEye shares hit their all-time peak of $95.63 on March 5, 2014, a few months after they went public, but began a long decline after that, hitting an all-time low of $10.40 almost exactly three years later on March 14, 2017. In the past month the stock has traded between $14.38 and $16.69.

And the company's reputation continues to grow.

"There are many vendors that play in cybersecurity when you look at some of the very sophisticated threats facing enterprise and governments," Ives said. "FireEye many times gets that first phone call when it comes to assess threat environment for companies."


Wickr Partners with Psiphon to Improve Network Availability
24.8.2018 securityweek IT

Despite government demands for backdoors into end-to-end encryption, it remains a legitimate requirement for business. Political tensions affect, but don't stop, international commerce; and business teams visiting foreign countries need to know that their communications are secure and delivered. The problem is domestic as well as international -- staff are increasingly mobile and work from any hotspot or free WiFi location they can find.

Such internet users need to know that their data remains secure from whatever location they use. This is a requirement solved by Wickr. It provides encrypted communication from source to destination whatever the location. Traveling staff can use any internet cafe or hotspot confident that their content cannot be sniffed.

But there remains a problem. Some of those source locations impose local restrictions on traffic -- it could be anything from traffic management controls to ISP restrictions, or simply a flakey network. The result is that Wickr content may be secure, but delivery can become problematic. To solve this problem Wickr has partnered with Psiphon to create WOA -- Wickr Open Access.

"Wickr already solves the crypto part," Joel Wallenstrom, president and CEO of Wickr told SecurityWeek. It triple-encrypts every bit of streaming data and applies perfect forward and perfect backward secrecy. "But a really critical part of enterprise communication is availability. That's why we've partnered with Psiphon. Together, we've developed something unique in the market, combining our encryption with how Psiphon ensures a robust and always-available network."

Psiphon can be described as a smart VPN. WOA combines Wickr's cryptography with Psiphon's network availability to provide consistent deliverable security, anywhere.

Chris Lalonde, Wickr's COO, explains. "Global enterprises have teams all over the world and they have people traveling all the time. The challenge that you face is that in many cases you are on an unpredictable network -- whether that's a coffee shop in Soho, a cafe in Paris, or some place in Hong Kong. What happens in a lot of those cases is users end up getting frustrated. They tend to think that it is the application when really it's the network they're using."

Enterprises have two problems. Mobile workers traveling locally, using local coffee shops with poor network connectivity and the potential for industrial espionage; and international business teams visiting nations with what we might term repressive governments. Wallenstrom describes the first. "If you're in a local coffee shop with free wifi it may have certain protocols restricted in order to maximize web-serving traffic. What that means for an end user trying to get on a call for a business meeting is it just doesn't work. This happens anywhere where the coffee shop is trying to optimize its free stuff -- to the end user, it just feels like the application is crappy."

Michael Hull, president of Psiphon Inc (which grew out of a Citizen Lab project) provides the international perspective. "There are probably 30 to 40 countries in the world where governments, ISPs and security agencies are all colluding together to control the local population and economy," he told SecurityWeek. "This is the problem that Psiphon was founded to solve. We've been providing an anti-censorship solution to the big international broadcasters for the last ten years or so. The BBC uses us, the Voice of America, Radio Free Europe and more use us to make sure that when governments try to intervene to prevent people from accessing information in contravention of Article 19 of the UN Declaration of Human Rights, we have a very sophisticated smart VPN that is capable of getting around large scale filtering systems and so on. We've honed our technology in the classic regions like China, Iran and Russia. The internet is being regularly disrupted by different ISPs for various reasons, some of them human rights related, some are business related."

Wickr has integrated the technology developed by Psiphon to ensure reliable network routing through the vagaries of both the local coffee shop and intrusive foreign governments. Psiphon operates 3500 servers, hosted on third party cloud providers, throughout the world -- ensuring that Wickr's encrypted traffic can get from anywhere in the world to anywhere in the world safely, securely and predictably.

"We're enabling users to simply put their application to work all the time, anywhere," said Lalonde. "Combining with Psiphon, WOA enables users to have a one-two punch to not only secure their data end-to-end but to make sure it gets to where it needs to go."

This gives it another practical enterprise application: incident response. "Let's say that my corporate network has been hacked," explained Wallenstrom, "and I don't know what to trust and what not to trust on my infrastructure. An attacker could be doing all sorts of things to my network traffic in order to see what the incident response team is doing. This happens -- it happened in the Sony hack. WOA gives the CISO and incident response team assurance that not only are the messages encrypted, but they are getting through to the destination when they need to."

"In today’s world," says Chris Lalonde, Wickr's COO, "end users are rarely aware of the networks across which their data is transmitted. Sometimes networks are restricted, other times they are degraded or monitored. With WOA, users can be certain that their data is secure in transit, their critical communications make it to the intended recipients and no service provider -- including Wickr -- has access to end user data."

Psiphon describes its product as a circumvention tool that utilizes VPN, SSH and HTTP Proxy technology to provide uncensored access to Internet content. But it is more than a VPN that gives access to Pirate Bay when the local ISP blocks it. Wickr is using Psiphon to not just bypass the local ISP, but to bypass problematic local networks to ensure that traveling teams can maintain secure communications from even the most far-flung locations.

The enterprise version is available today. It will be rolled out to other versions of Wickr, including the free version, in the future.


Code Analysis Firm Semmle Launches With $21 Million in Funding
22.8.2018 securityweek IT

Semmle, a company whose software engineering analytics platform is already used by several major companies, on Tuesday announced its global launch, along with a $21 million Series B funding round.

This funding round, led by Accel Partners with participation from Work-Bench, brings the total raised by the company to date to $31 million. The newly acquired funds will be used to accelerate Semmle’s go-to-market efforts serving large tech and financial services companies worldwide.

Semmle offers two products designed to help organizations find coding errors that can introduce critical vulnerabilities. One of the products, QL, is a software analytics engine that treats code as data so that it can be quickly and accurately analyzed by developers and security response teams.Semmle launches globally

“The same kinds of logical coding mistakes are made over and over again, sometimes repeatedly within a single project, and sometimes across the whole software ecosystem. These mistakes are the source of many of today’s critical software vulnerabilities,” Semmle explained on its website. “Using QL, you can codify such mistakes as queries, find logical variants of the same mistake elsewhere in the code, and prevent similar mistakes from being introduced in the future by automatically catching them before code gets merged.”

QL powers Semmle’s second product, LGTM, whose name stems from “Looks Good to Me,” which programmers use to express approval when reviewing software.

LGTM is a software engineering analytics platform that combines deep semantic code search and data science insights from a community of hundreds of thousands of developers. The platform, which Semmle claims is easy to integrate into the developer workflow, provides feedback, coding recommendations, and benchmarking insights.

Semmle’s platform has already been used in the past years by Microsoft, Google, Capital One, Credit Suisse, Nasdaq and NASA, which has helped the company perfect its product, said Oege de Moor, CEO and co-founder of Semmle.

The commercial product is now being made available to the rest of the world.

“On August 21, for the first time, any company can have access to our enterprise product and benefit from the work of leading technology companies like Google and Microsoft. Every customer benefits from the work that these security researchers report back to our vulnerability analysis repository — we are pioneering security as a public good,” de Moor told SecurityWeek.

“The LGTM community is our security research team, and this is one of the most powerful aspects of our platform. The leading companies using our tools have now made insights available to the rest of our customers, who might not have the resources or scale to invest in product security teams to hunt for vulnerabilities,” he added.

Semmle is the company that last year reported CVE-2017-9805, an Apache Struts vulnerability that ended up being exploited in the wild.


Container Security Firm Twistlock Raises $33 Million
15.8.2018 securityweek IT

Twistlock, a provider of solutions to protect cloud containers, today announced that it has raised $33 million in Series C funding, bringing the total raised to-date by the Portland, Oregon-based company to $63 million.

The company’s flagship Twistlock platform provides protection for containers, serverless functions, and container-as-a-service platforms like AWS Fargate into a single full stack security platform.

The latest version of the platform brings cloud native forensics capabilities to help during the incident response process.

Twistlock“The Twistlock platform replaces multiple outdated layers of security – from standalone vulnerability assessment tools that force developers to read CVEs in CSVs, to application firewalls that require static configuration and updates with every build,” CEO Ben Bernstein explained in an associated blog post.

Twistlock

Founded in 2015, Twistlock says it has grown its customer base over 350 percent each year, and counts 25 percent of Fortune 100 companies as customers, including McKesson, Walgreens, Aetna and USAA. The company also said it has grown its employee headcount 200 percent year over year, and has opened five offices across the globe.

Led by ICONIQ Capital, existing investors YL Ventures, TenEleven, Rally Ventures, Polaris Partners and Dell Technologies Capital all participated in the round.

Twistlock is one of several companies looking to lead in the container security space that has raised funding in recent years. Israel-based Aqua Security has raised more than $38 million, NeuVector has raised $7 million, Capsule8 has raised $23.5 million, and Tigera received $23 million. Container security firm StackRox announced in April that it had secured $25 million in a Series B funding round, bringing the total raised by the company to more than $39 million.

While several security startups have emerged with a focus on containers, veteran security firms are also targeting the sector. In June 2017, cloud-based security and compliance solutions provider Qualys launched a product designed for securing containers across cloud and on-premises deployments.

According to a 2015 survey of 272 IT decision makers in North America conducted by Twistlock, 91 percent of the respondents said they were concerned about the security of containers.


SIEM Platform Provider Exabeam Raises $50 Million
15.8.2018 securityweek IT

Exabeam, a San Mateo, California-based provider of a next-gen security information and event management (SIEM) platform, announced on Tuesday that it has closed $50 million in Series D funding.

Exabeam was founded in 2013 by Nir Polak, CEO, Sylvain Gil, vice president of products, and Domingo Mihovilovic, chief technology officer. Before launching the company, Polak and Gil worked for Imperva, while Mihovilovic occupied a founding leadership role at Sumo Logic.

While SIEMs are sometimes outed as a dying tool for security teams, Exabeam's Security Intelligence Platform(SIP) includes more features than legacy SIEMs, including powerful data collection, threat identification and response capabilities.

"We started," Polak told SecurityWeek in early 2017, "as a SIEM-helper." The intention was always to be more, but the route to a complete platform was designed to be in steps. SIEMs, he suggested are broken, difficult to use and no longer fit for today's needs; and a SIEM-helper was the obvious starting point. "SIEMs were born some 20 years ago, before the age of big data and before the skills gap became as severe as it is today. So, we used machine language and analytics to help find the threats for the SIEMs."

"We're moving to the next phase, ready to take on the incumbents -- Splunk, ArcSight and QRadar -- head on," Polak said at the time.

“Built on open source, big data technology, including Elasticsearch and Hadoop, it provides unlimited secure data collection, indexing and search but without volume-based pricing,” the company explains. “Advanced machine learning capabilities provide rapid insights into all events, including attacks and vulnerabilities so subtle and precise that humans simply cannot see them.”

According to the company, the additional funding will be used to grow its cloud portfolio and support global sales efforts.

Led by Lightspeed Venture Partners, the Series D round was supported by Aspect Ventures, Cisco Investments, Icon Ventures, Norwest Venture Partners and cybersecurity investor Shlomo, all which are existing investors.


North Dakota Guard Unit Alerted of Potential Deployment
15.8.2018 securityweek IT

BISMARCK, N.D. (AP) — A North Dakota Army National Guard unit based in Bismarck has been notified it could be mobilized.

Detachment 1, 174th Cyber Protection Team has about seven soldiers on an alert status. The unit is led by 1st Lt. Charles Werner of Upham.

The Bismarck Tribune reports the decision to mobilize this unit has not yet occurred.

If mobilized, the unit would provide network security and cyber defense operations in support of the Department of Defense early next year at Fort Meade, Maryland.

North Dakota's adjutant general, Maj. Gen. Al Dohrmann, says the unit's potential mission would mark a new era for the North Dakota National Guard "as it engages in cutting-edge cyber operations technology."

Currently, about 45 North Dakota Guardsmen are mobilized for stateside and overseas missions.


Tech Giants Face Hefty Fines Under Australia Cyber Laws
15.8.2018 securityweek IT

Tech companies could face fines of up to Aus$10 million (US$7.3 million) if they fail to hand over customer information or data to Australian police under tough cyber laws unveiled Tuesday.

The government is updating its communication laws to compel local and international providers to co-operate with law enforcement agencies, saying criminals were using technology, including encryption, to hide their activities.

The legislation, first canvassed by Canberra last year, will take into account privacy concerns by "expressly" preventing the weakening of encryption or the introduction of so-called backdoors, Cyber Security Minister Angus Taylor said.

Taylor said over the past year, some 200 operations involving serious criminal and terrorism-related investigations were negatively impacted by the current laws.

"We know that more than 90 percent of data lawfully intercepted by the Australian Federal Police now uses some form of encryption," he added in a statement.

"We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm."

The laws have been developed in consultation with the tech and communications industries and Taylor stressed that the government did not want to "break the encryption systems" of companies.

"The (law enforcement) agencies are convinced we can get the balance right here," he told broadcaster ABC.

"We are only asking them to do what they are capable of doing. We are not asking them to create vulnerabilities in their systems that will reduce the security because we know we need high levels of security in our communications."

The type of help that could be requested by Canberra will include asking a provider to remove electronic protections, concealing covert operations by government agencies, and helping with access to devices or services.

If companies did not comply with the requests, they face fines of up to Aus$10 million, while individuals could be hit with penalties of up to Aus$50,000. The requests can be challenged in court.

The draft legislation expands the obligations to assist investigators from domestic telecom businesses to encompass foreign companies, including any communications providers operating in Australia.

This could cover social media giants such as Facebook, WhatsApp and gaming platforms with chat facilities.

The Digital Industry Group (DIGI), which represents tech firms including Facebook, Google, Twitter and Oath in Australia, said the providers were already working with police to respond to requests within existing laws and their terms of service.

DIGI managing director Nicole Buskiewicz called for "constructive dialogue" with Canberra over the adoption of surveillance laws that respect privacy and freedom of expression.


Canadian Industrial Security Firm iS5Com Raises $17 Million
8.8.2018 securityweek  IT

iS5 Communications (iS5Com), a Canadian provider of networking and cybersecurity solutions for industrial systems, announced on Tuesday that it has raised roughly $17 million (CDN $22 million) in funding.

iS5Com Raptor

iS5Com RaptorAccording to the company, the funding will be used to enhance its flagship RAPTOR platform and to develop additional solutions for securing critical infrastructure communications and networks.

Designed to protect Smart Cities and various critical infrastructure systems, including those in harsh environments, RAPTOR is compliant with IEC 61850 Ed. 2, IEEE 1613, and EN50155 standards. The flexible platform allows the customers to connect various plug‐in modules to meet functional requirements, the company says.

Additionally, the company says that all of its products have the ability to transmit data efficiently without the loss of any packets under harsh environments and EMI conditions.

Phoenix Contact Innovation Ventures GmbH led the round with participation from new investors, existing shareholders and management.


Cisco to Acquire Duo Security for $2.35 Billion in Cash

3.8.2018 securityweek IT

Cisco announced on Thursday that it will pay $2.35 billion in cash to acquire cloud-based identity and access management solutions provider Duo Security.

Ann Arbor, Michigan-based Duo raised $70 million in Series D funding in October 2017, which valued the company at $1.17 billion at the time.

Through its flagship two-factor authentication (2FA) app, Duo's "Trusted Access" product suite helps verify the identity of users, and the health of their devices, before granting them access to applications. The platform supports Macs, PCs and mobile devices, and gives administrators visibility into end user devices accessing the corporate network.

Duo Security Logo“Integration of Cisco's network, device and cloud security platforms with Duo Security's zero-trust authentication and access products will enable Cisco customers to easily and securely connect users to any application on any networked device,” Cisco said.

Overall, Cisco says that by getting its hands on Duo’s technology, it will be able to extend intent-based networking into multi-cloud environments, simplify policy for cloud security, and expand endpoint visibility coverage.

The acquisition is expected to close during the first quarter of Cisco's fiscal year 2019, subject to customary closing conditions and required regulatory approvals.

Duo said previously that it has doubled its annual recurring revenue for the past four years, and currently has more than 500 employees globally, after doubling its headcount in 2016.

Duo serves more than 10,000 paying customers and said protects more than 300 million logins worldwide every month. Customers include Facebook, Etsy, Facebook, K-Swiss, Paramount Pictures, Toyota, Random House, Yelp, Zillow and more.

In addition to its Ann Arbor, Michigan headquarters, Duo currently maintains offices in Austin, Texas; San Mateo, California; and London, England.

Duo Security, which will continue to be led by Dug Song, Duo Security's co-founder and chief executive officer, will join Cisco's Networking and Security business led by EVP and GM David Goeckeler.

Cisco has acquired several emering security companies over the years. In June 2015, it announced its acquisition of OpenDNS for $635 Million. The move followed other acquisitions by Cisco in the security sector, including its acquisition of Porcullis, ThreatGRID, Neohapsis, Virtuata, and its $2.7 billion acquistionof Sourcefire in 2013. In June 2016, it agreed to pay $293 million to acquire cloud access security broker (CASB) CloudLock.


Mimecast Acquires Threat Detection Startup Solebit for $88 Million
1.8.2018 securityweek   IT

Email and data security firm Mimecast (NASDAQ: MIME) announced on Tuesday that it has acquired threat detection firm Solebit for approximately $88 million net of cash acquired.

Founded in 2014 by cybersecurity experts from the Israel Defense Forces (IDF), Solebit announced that it had raised $11 million in Series A funding in March 2018.

Solebit’s technology helps detect and protect against zero-day malware and unknown threats in data files and links to external resources/URLs.

“Security methods like signature-based antivirus and sandbox detonation are too limited when it comes to today’s most advanced threats,” said Peter Bauer, chief executive officer at Mimecast.

“Solebit has developed a differentiated approach that is engineered to preclude the need for signatures and sandboxes,” the company explains. “It is designed to help customers find advanced threats by recognizing when there is malicious code embedded within active content and data files.”

Mimecast says that Solebit’s threat detection tools are already integrated into Mimecast Targeted Threat Protection products.

London, UK-based Mimecast announced earlier this month that it had acquired Bethesda, Md-based security training company Ataata.

“Combined with the recent acquisition of Ataata in the security awareness and training space, and the recently previewed early adopter web security program, Solebit brings another important set of microservices to the Mime|OS platform that all of Mimecast’s unified services are built upon,” the company says.

Research by Mimecast and Vanson Bourne in May 2018 highlighted the extent to which humans are the targeted weakness in cybersecurity. From a pool of 800 IT decision makers and C-level executives, 94% had witnessed untargeted phishing attacks, 92% had witnessed spear-phishing attacks, 87% had witnessed financially-based email impersonation attacks (BEC), and 40% had seen an increase in trusted third-party impersonation attacks.

Founded by Bauer and CTO Neil Murray in 2003, Mimecast went public in late 2015 at $10 per share, raising $78 million in gross proceeds. After the IPO, share value fell as low as $6.20 in January 2016. Since July 2016, however, share price has risen steadily, sitting at $36.37 at the time of writing.

Investors in Solebit include ClearSky Security, MassMutual Ventures and Glilot Capital Partners.


Tenable Soars on IPO Day
28.7.2018 securityweek IT

Tenable Holdings, parent of veteran cybersecurity firm Tenable Network Security, celebrated its much-anticipated initial public offering (IPO) by raising roughly $250 million through the sale of 10.9 million shares at $23 per share.

The Columbia, Md.-based company began trading on the Nasdaq Global Select Market on Thursday under the ticker symbol “TENB”.

Joe Brantuck of Nasdaq with Tenable CEO Amit YoranShares of the company jumped more than 45% in early trading, reaching nearly $34 per share at the time of publishing, pushing the company’s market cap above $3 billion.

Founded in 2002, Tenable is known for its vulnerability scanners and software solutions that help find network security gaps. The company has more than 24,000 customers across 160 countries, including more than 50 percent of Fortune 500 companies and nearly 30 percent of Global 2000 firms.

In late 2017, Tenable announced a partnership with Siemens that aims to provide asset discovery and vulnerability management solutions for industrial networks.

Before going public, Tenable had raised more than $300 million, including $250 million in November 2015 and $50 million in September 2012.

Currently led by CEO Amit Yoran, former President of RSA and former National Cybersecurity Director at the U.S. Department of Homeland Security, Tenable had revenue of $187.7 million in 2017 and reported a net loss of $41 million for the year.


Customer Identity and Access Management Firm LoginRadius Raises $17 Million
26.7.2018 securityweek IT

Vancouver, Canada-based customer identity and access management (cIAM) firm LoginRadius has raised $17 million Series A funding led by ForgePoint Capital and Microsoft's venture fund, M12.

Founded in 2012 by Rakesh Soni (CEO) and Deepak Gupta (CTO), LoginRadius has concentrated on cIAM -- initially as a social login provider, but now the provider of a multi-faceted, cloud-based, full-function cIAM platform. In its six years it has grown largely without external capital funding (previously raising a total of $2.3 million in initial and seed funding); and it has achieved triple digit growth in its last two years.

LoginRadius LogoWith the demand for customer (as opposed to enterprise) identity and access management growing rapidly, the new funding is designed to ensure that the firm can expand to meet potential requirements. Driving this growth is the ongoing digital transformation of business. Commercial enterprises are no longer satisfied with identity alone, but seek complete identity profiles of their customers in order to provide a more personalized service.

LoginRadius Logo

This makes cIAM a very different requirement to enterprise IAM. While enterprise IAM is concerned with validating the identity of a relatively small and finite number of known company employees, cIAM needs to handle the identity and profile of an infinite number of potentially worldwide internet customers.

"In customer identity you do not control the identity," Soni told SecurityWeek: "you just define it. Control remains with the customers who decide whether they want to keep the identity, destroy the identity, whether they want to access 20 of your brands or just one. And because the system faces outwards rather than inwards, the compliance requirements that are absent in employee identity becomes extremely critical -- especially, for example, with GDPR and the other privacy regulations popping up throughout the world."

The scale is very different. "While most companies have a maximum of a few hundred thousand employees," he continued, "one of our biggest clients has 50 million identities. Those people can access the client from anywhere on the planet, and they need the system to be up and running 24/7. For employee IAM, if the system is down for ten or 15 minutes (especially out of business hours) the impact is minimal. But in the case of cIAM even small downtimes can damage revenue and impact brand satisfaction."

These requirements, he suggests, demand a cloud-based solution. "With increasing customer experience expectations and growing cybersecurity threats, enterprises need a modern cloud-based identity platform that can be the foundation for digital transformation and provide peace of mind when it comes to security. This funding is a testament to LoginRadius' ability to deliver on this promise to our customers and sets the foundation for our future growth."

The firm already has offices in London, San Francisco, Sydney, and Jaipur; and plans to double its workforce over the next 12 months.

"Customer identity is at the intersection of security, digital business and compliance. This requires significant expertise to build and maintain in-house, resulting in extended go-to market time," said Deepak Gupta. "LoginRadius provides the answer to this critical challenge with its out-of-the-box solution."

The LoginRadius cloud platform is built with RESTful APIs and open sourced SDK libraries to allow developers to implement authentication, login interfaces and web SSO without worrying about back-end capabilities such as data management, disaster recovery, performance, system availability and scalability. It already serves more than 700 million identities, and handles 7.5 billion API calls per month.

"Forward-thinking companies are looking for secure, cloud-based identity solutions that can serve a global customer base and handle complex scenarios," commented Nagraj Kashyap, corporate vice president at Microsoft and global head of M12. LoginRadius is "delivering on their promise to simplify customer identity management, which allows enterprise companies to more easily achieve their digital transformation ambitions."


Big Tech Firms Agree on 'Data Portability' Plan
26.7.2018 securityweek IT

Facebook, Google, Microsoft and Twitter unveiled plans Friday to make it easier for users to take their personal data and leave one online service for another.

The "Data Transfer Project" revealed by the companies responds to concerns about the growing influence of internet platforms and internet user concerns about control of their personal information shared online.

"Users should be in control of their data on the web, part of this is the ability to move their data," the companies said on the project website.

Data portability has been a goal of many privacy activists, and is enshrined in some country regulations including Europe's new General Data Protection Regulation.

Currently, people can download their data from an online service, without a guarantee it will be possible or feasible to upload the information to a new service.

The situation can result in people feeling anchored to a service or app, even if they are unhappy with it or an enticing option arises, because of photos, contacts, posts and other accumulated data.

"Making it easier for individuals to choose among services facilitates competition, empowers individuals to try new services and enables them to choose the offering that best suits their needs," the project said at its website.

"There are many use cases for users porting data directly between services, some we know about today, and some we have yet to discover."

Reasons for shifting personal data could include abandoning an old service, trying a new one, or simply backing up information to keep it safe.

The project was formed two years ago and remains in a development phase.

Disclosure of the effort comes amid heightened scrutiny over the potential of internet companies to abuse positions of power and the right of people to control their online data.


Gigamon Acquires Network Visibility Startup ICEBRG

24.7.2018 securityweek IT

Network traffic analysis firm Gigamon on Tuesday announced plans to acquire network security startup ICEBRG.

Founded in 2014, Seattle, Washington-based ICEBRG provides a Security-as-a-Service (SaaS) solution designed to help organizations detect threats and gain and leverage network visibility for security operations.

Gigamon's flagship GigaSECURE platform provides visibility into network traffic, users, applications and suspicious activity.

The ICEBRG platform uses sensors deployed at customer locations that stream network traffic metadata to a cloud-based system that helps Security Operations Center (SOC) teams quickly identify threats and act to remediate them.

Gigamon says it will combine the two platforms to help enterprises leverage various security tools.

“The combination of the high-quality network data from the GigaSECURE Security Delivery Platform and the ICEBRG cloud-based platform will power the next generation of security capabilities. Together, our expertise in networking and security will help SOC teams focus on defending against the most severe threats in their environments,” William Peteroy, co-founder and CEO of ICEBRG, said.

The terms of the deal were not disclosed.


Security Orchestration Firm Siemplify Raises $14 Million
24.7.2018 securityweek IT

Siemplify, a New York, NY-based provider of security orchestration, automation and response (SOAR) tools, today announced that it has raised $14 million in a Series B funding round led by Jump Capital.

This latest funding brings the total amount raised by the company to $28 million.

Designed to help security operations teams work more efficiently, Siemplify’s platform assists with tasks ranging from incident triage and investigation to collaboration and remediation.

“SOAR enables the management of disparate cybersecurity tools - including SIEM, endpoint protection, threat intelligence and more - through a single platform that helps security operations teams respond to threats faster and more effectively,” the company explains.

Jump Capital was joined by the company’s existing investors G20 Ventures and 83North in the Series B round.

Siemplify is yet another cybersecurity startup founded by former Israeli Defense Forces (IDF) security experts.


Okta Acquires Access Control Startup ScaleFT
19.7.2018 securityweek  IT   

Enterprise identity management firm Okta this week announced that it has acquired ScaleFT, a company that offers a Zero Trust access control platform.

Okta provides a Single Sign-On (SSO) solution to help customers efficiently manage user accounts across the enterprise and eliminate passwords while simplifying access. With Multi-factor Authentication (MFA), it provides strong authentication various services, with over 5,500 pre-built integrations to applications and infrastructure providers.

Okta Logo

Founded in 2015, ScaleFT’s access management platform was inspired by Google’s BeyondCorp security model, which provides remote access without the use of a VPN (virtual private network).

With this acquisition, publicly traded Okta (NASDAQ:OKTA), which already helps over 4,700 organizations both secure and manage their extended enterprise, plans to bring Zero Trust to corporations with a framework to protect sensitive data without compromising on experience.

By combining ScaleFT’s Zero Trust platform with its own Identity Cloud, Okta aims to help organizations easily validate users, devices, application and network information while also securing access to data from cloud to ground.

“Companies have realized they can no longer trust their network and have to understand device security — instead of trusting everyone behind a firewall, now IT and security leaders must trust no one, inside or outside the organization,” Frederic Kerrest, Chief Operating Officer and co-founder, Okta, said.

“To help our customers increase security while also meeting the demands of the modern workforce, we’re acquiring ScaleFT to further our contextual access management vision — and ensure the right people get access to the right resources for the shortest amount of time,” Kerrest continued.

The Zero Trust security paradigm requires organizations to move away from the traditional approach of perimeter-based security that included static credentials and access controls, and to focus on adaptive and context-aware controls instead, for making continuous access decisions.

Following the acquisition, ScaleFT CEO and co-founder Jason Luce will manage the transition, while CTO and co-founder Paul Querna will lead strategy and execution of Okta's Zero Trust architecture. Marc Rogers, CSO, will join Okta as Executive Director, Cybersecurity Strategy.


Compliance-Focused Cybersecurity Firm A-LIGN Raises $54.5 Million
19.7.2018 securityweek IT

A-LIGN, a provider of cybersecurity and compliance solutions, announced this week that it has raised $54.5 million from growth equity firm FTV Capital.

Tampa, Florida-based A-LIGN provides assessments, audits and cyber risk advisory and testing services for companies of all sizes. Using its flagship platform, A-SCEND, the company helps organizations address third-party risks, security controls, and privacy concerns, with a focus in four core areas:

• Compliance Assessments: SSAE 18, SOC I, II, III audits, and assessments;

• Industry Specific Audits such as ISO, PCI, HITRUST, HIPAA;

• Cybersecurity Services: Penetration testing, vulnerability scanning; and

• Cyber Risk and Privacy: GDPR, CCPA, related privacy and incident planning services.

“Evolving security frameworks and the continual release of new regulations and compliance requirements, such as GDPR, SOC I/II/III, and the recently-passed California Consumer Privacy Act, require that company executives constantly examine their data privacy practices,” Scott Price, CEO of A-LIGN, said in a statement. “Organizations across all industries are conducting critical assessment and audits not only for mandated compliance but also to deepen trust among customers and users which has a direct impact on the bottom line.”

A-LIGN is a licensed CPA firm, Qualified Security Assessor Company (QSAC), accredited ISO 27001 certification body, certified HITRUST Assessor firm, and accredited FedRAMP 3PAO. The company’s tools help customers streamline the audit and certification process through workflow automation, document management, and auditing history.

As part of the transaction, FTV Capital partner Liron Gitig and managing partner Richard Garman will join the company’s board of directors.


Symantec Launches Email Threat Isolation Solution
19.7.2018 securityweek IT

Symantec on Tuesday unveiled a new solution designed to help protect enterprises against email-based attacks using threat isolation.

According to the security firm, the new Email Threat Isolation technology can block advanced email attacks, including spear phishing, credential theft and account takeover attempts, and ransomware.

The solution creates what Symantec describes as a secure remote execution environment between the user and the potentially malicious content.

Specifically, Email Threat Isolation sends traffic from the links included in suspicious emails to this secure environment. All potentially malicious elements remain confined in this isolated environment while the user is only shown a safe visual representation of the content.

The solution can also render websites in read-only mode, which helps prevent employees from entering sensitive information, such as corporate credentials, on a phishing website.

Email Threat Isolation is available as a cloud-based or on-premises service, and it can be used with Symantec Email Security or third-party email security solutions.

“Despite significant efforts by our industry to detect and block email-borne threats, messaging remains the primary vector for malware and scams within the enterprise. The industry requires a paradigm shift to properly secure messaging, and we are excited to be bringing the innovation of integrated isolation technology to email,” said Greg Clark, CEO of Symantec.

“This revolutionary technology helps enterprises to quickly and easily isolate all malicious email content – both internal and external – to substantially reduce inherent risks within messaging applications. Further, because the technology is cloud-based, organizations can be up and running quickly and easily, reducing stress on already taxed IT teams,” Clark added.


Security Instrumentation Firm Verodin Raises $21 Million
19.7.2018 securityweek IT

Verodin, a Virginia-based company that helps organizations assess the effectiveness of their cybersecurity controls, on Tuesday announced that it has raised $21 million in a Series B funding round.

The round was led by TenEleven Ventures and Bessemer Venture Partners (BVP), with participation from Capital One Growth Ventures, Citi Ventures and all existing investors. As part of the deal, TenEleven Ventures founder Mark Hatfield will join the company’s board of directors.

The company says it will use the funds to continue the development of its Security Instrumentation Platform (SIP), increase hiring in all functional areas, and expand global sales.

“Boards and C-level executives increasingly want evidence that the dollars and effort they spend on cyber defenses are actually working,” said TenEleven Ventures’ Hatfield. “Verodin is leading a revolutionary shift in cybersecurity, delivering organizations the evidence they need to measure, manage and improve their cybersecurity effectiveness.”

The latest funding round brings the total raised by Verodin to $34 million. The company secured $10 million in a Series A funding round in June 2016.

While the Series B round was officially announced only on Tuesday, the funding was actually revealed in late June when a SEC filing showed that the company had raised roughly $20.7 million from 14 investors. The company refused to make any comments at the time.

Verodin SIP is deployed in an organization’s IT environment and it continuously tests the effectiveness of endpoint, cloud, email and network controls. The solution helps enterprises ensure that the products they have purchased and deployed are actually protecting business-critical assets.


Data Privacy Automation Provider Integris Software Raises $10 Million
19.7.2018 securityweek IT

Integris Software, a Seattle-based provider of data privacy automation tools, today announced that it has raised $10 million through a Series A financing round led by Aspect Ventures.

The oversubscribed round brings the total funding raised by the company to $13 million.

The company explains that its flagship data privacy automation platform automates the process of “identifying, classifying and continuously monitoring sensitive data that enables a defensible compliance strategy for enterprises.”

"Global CTOs are realizing that complying with privacy law is essentially a data problem and that without an automated discovery mechanism for sensitive information, they’re flying blind on what data is important to secure and why,” Kristina Bergman, CEO of Integris Software, said in a statement.

The company will help customers comply with emerging and changing data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and the upcoming California state law AB375.

Other investors participating in the funding round include Workday Ventures, Madrona Venture Group, and Amplify Partners.

“Integris is a unique vendor that, through automation, can discover data at rest or in motion, structured or unstructured, on premise or in the cloud,” said Mark Peek, managing director and co-head, Workday Ventures. “Companies need to be able to produce evidence that shows what sensitive information has been deleted or rectified.”


PE Firm Thoma Bravo Buys Majority Stake in Centrify
18.7.2018 securityweek  IT

Private equity investment firm Thoma Bravo said it will acquire a majority interest in identity and access management (IAM) solutions firm Centrify.

Financial details of the transaction were not disclosed, and the transaction is expected to close in the third quarter of this year.

Founded in 2004, Centrify has raised a total of $94 million in funding to date, and offers a unified platform that provides Privileged Identity Management (PIM) and Identity-As-A-Service (IDaaS).

The Santa Clara, California-based company serves over five thousand customers around the world in industries including defense, banking, energy, retail, manufacturing and health care.

Thoma Bravo has made several large investments in the cybersecurity space over the years. In May 2018, it announced that it would acquire a majority interest in Security Information and Event Management (SIEM) solutions vendor LogRhythm. Other cybersecurity investments include SonicWall, SailPoint, Hyland Software, Deltek, Blue Coat Systems, Imprivata, Bomgar, Barracuda Networks, Compuware and SolarWinds.

“With Thoma Bravo’s extensive sector experience and insight in the enterprise security software space, Centrify is in a strong position to provide our products, services and unique expertise to meet the rising need for identity-based cybersecurity technology in today’s global environment,” Tom Kemp, co-founder and CEO of Centrify, said in a statement.


Israeli Firm Radiflow Raises $18 Million to Grow Industrial Cybersecurity Business
18.7.2018 securityweek  IT  ICS

Israeli cyber security firm Radiflow, which provides cybersecurity solutions for industrial control systems (ICS) and Supervisory control and data acquisition (SCADA) networks, announced on Wednesday that it has raised $18 million in venture funding through an investment round led by Singapore-based engineering company ST Engineering.

Radiflow’s product offerings include risk assessment, threat detection and secure remote access tools with industrial asset visibility and anomaly detection.

Under a strategic partnership, ST Engineering has integrated Radiflow’s detection and prevention tools with its SCADA system.

Radiflow logoMore specifically, Radiflow said that its tools would be integrated with ST Engineering’s Rail Command, Control and Communications (C3) Systems (SCADA) to offer an end-to-end cybersecurity solution for the rail transport industry.

Radiflow says the investment will be used to expand its sales team to support growing market demand, strengthen its brand globally and support product development.

Radiflow also recently announced partnerships with Palo Alto Networks and RSA, to make field deployments easier and help ensure compliance with new regulations, including NERC CIP and the EU NIS Directive.

Radiflow will demonstrate its technology at SecurityWeek’s 2018 ICS Cyber Security Conference, taking place October 22-25, 2018 in Atlanta.

Radiflow is one of several cybersecurity startups targeting the industrial space that have raised funding. Some others include Dragos, Indegy, Bayshore Networks, CyberX, SCADAfence and Nozomi Networks. Veteran industrial software firm PAS raised $40 million in April 2017. Darktrace, which has an offering targeted to the industrial sector, raised $75 million at a valuation of $825 million in July 2017. Just last month, New York-based Claroty announced that it had raised $60 million in a Series B funding round, bringing the total amount raised by the company to date to $93 million.


AT&T to Acquire Threat Management Firm AlienVault
18.7.2018 securityweek  IT

AT&T on Tuesday said it would acquire San Mateo, Calif.-based threat management and intelligence firm AlienVault for an undisclosed sum.

AlienVault offers its Unified Security Management platform and Open Threat Exchangeintelligence community, which will be integrated into AT&T’s cybersecurity suite of services.

Both companies have approved the agreement but the terms of the deal haven’t been disclosed. The acquisition, which is subject to customary closing conditions, is expected to complete in the third quarter of 2018.

AlienVault had raised more than $118 million in funding prior to agreeing to be acquired by the telecom giant.

With the acquisition of AlienVault, AT&T aims at expanding its portfolio of enterprise-focused security solutions to target small and medium-sized businesses.

“Regardless of size or industry, businesses today need cyber threat detection and response technologies and services. The current threat landscape has shifted this from a luxury for some, to a requirement for all,” Thaddeus Arroyo, CEO, AT&T Business, commented.

After the transaction is completed, AT&T will provide business customers with a unified security management platform that aims at helping organizations detect and respond to threats more effectively. According to AT&T, AlienVault will become a key part of its Edge-to-Edge Intelligence capabilities.

Although the two companies did not provide details on the transaction, AT&T did say the deal is not “expected to have a material effect on AT&T’s results.”


Broadcom Buys Business Software Firm CA for $18.9 Billion
18.7.2018 securityweek  IT

Semi-conductor giant Broadcom, which recently failed in a bid to buy US rival Qualcomm, on Wednesday announced a cash deal to buy software and services firm CA Technologies for $18.9 billion.

Broadcom described CA as a major provider of information technology management software, in an acquisition that would help the chip maker diversify its offerings.

"This transaction represents an important building block as we create one of the world's leading infrastructure technology companies," Broadcom chief executive Hock Tan said in a release.

The deal was approved by the boards of both companies.

Broadcom will pay $44.50 per share of CA stock; about 20 percent over the closing price for common shares at the end of formal market trading on Wednesday, according to the company.

"We are excited to have reached this definitive agreement with Broadcom," CA Technologies chief Mike Gregoire said in the joint release.

"This combination aligns our expertise in software with Broadcom's leadership in the semiconductor industry."

The companies expected the acquisition to close in the final quarter of this year. The merger must be approved by shareholders and regulators.

Broadcom in April transferred its headquarters from Singapore to the US as promised when it tried to buy Qualcomm.

The prior month, President Donald Trump issued an order barring the proposed $117 billion hostile takeover of Qualcomm, citing what he called "credible evidence" such a deal "threatens to impair the national security of the United States."

It would have been the biggest-ever deal in the tech sector.

Trump's order made no mention of China, but an earlier letter from the US Treasury Department warned that a takeover might hurt US leadership in 5G, super-fast fifth-generation wireless networks now being deployed, and consequently pose a threat to US security.

The presidential action was allowed because Broadcom is a foreign entity, but would not have been possible had it completed its move to Silicon Valley.

On March 14, Broadcom said it was withdrawing its offer for Qualcomm.

Broadcom was founded in California but moved its headquarters after a 2015 deal that merged it with Avago Technologies.


UK Financial Authorities Publish Paper On Operational Resilience
12.7.2018 securityweek  IT

UK Financial Authorities' Paper on Resilience Potentially Silos Continuity from Data Protection

The Bank of England (BofE), the UK's Prudential Regulation Authority (PRA), and the UK's Financial Conduct Authority (FCA) -- together known as the financial supervisory authorities -- have jointly published a discussion paper (PDF) on building operational resilience into the financial sector. While cyber is a major risk, the concept is to build resilience to all risks including cyber.

Regulated firms, financial market infrastructures (FMIs), consumers, industry bodies, auditors, specialist third-party providers, professional advisors and other regulators are invited to comment on the paper by 5 October 2018. The paper notes that there is currently no global framework for resilience, and says that the authorities "will share our insights with the global regulatory community."

While the paper does not differentiate between the types of risk to continuity, it nevertheless reflects a great deal of current thinking about cyber risk. It suggests that relevant companies should plan on the assumption that disruption will occur, as well as seeking to prevent it. Current cyber advice is that companies should assume they either are currently breached or will be breached in the future.

Consequently, the key to resilience is for the board to define "the level of disruption that could be tolerated" (CISOs call this the 'risk appetite'); and for the risk managers (CISOs for the cyber aspect) to put in place the means to confine any disruption within those bounds. This is the thinking behind cyber advice to concentrate on incident response.

The paper takes the view that concentrating on resilience is consistent with the Bank of England's Financial Policy Committee's (FPC) work on cyber risk. "The FPC identifies, monitors and takes action to remove or reduce systemic risks with a view to protecting and enhancing the resilience of the UK financial system. The FPC has been considering whether testing the financial system for disruption from cyber incidents is warranted for the purpose of enhancing and maintaining UK financial stability. While the FPC has been doing this in the context of cyber, the concepts are relevant to operational resilience regardless of the specific cause of disruption."

Indeed, the recommended process for evaluating and reducing the risk to resilience is similar to the recommended process for evaluating and reducing cyber risk.

But where the paper digresses from current cyber thinking is the view "that managing operational resilience is most effectively addressed by focusing on business services, rather than on systems and processes." It's a question of emphasis, and is similar in concept to the ongoing difficulties between operational technology and information technology. OT frequently prioritizes continuity over data protection. While few cyber experts believe that security can be obtained by technology alone, even fewer believe it can be obtained without it.

In the financial sector it is feasible that risk management might conclude that maintaining legacy systems is more important to operational continuity than the cyber risk to those same legacy systems; or that the introduction of new cyber security technologies might be operationally disruptive. Neil Costigan, CEO at BehavioSec, sees a danger here. "This is less about appropriate technology than practices and thinking," he told SecurityWeek. "It does, I guess, offer solid support for CISOs to lobby their boards about the threats and expectations; but I see it as recommendations/guidelines/advice for silos."

While current cyber thinking is that OT and IT need to merge, there is a danger that this emphasis on continuity and processes might maintain and even promote the separation. Costigan goes further, suggesting the UK might be missing an opportunity here. The paper discusses individual bank responsibility, where possibly sector resiliency is a shared responsibility.

"If you look at Sweden and Norway," he said, "you'll see that the banks do not operate in isolation -- security is viewed as a collective responsibility." He gives the example of BankID -- a single identity system that operates across multiple financial institutions, and has been recognized as a legally binding signature in other areas.

Dan Sloshberg, director product marketing at Mimecast, suggests that concentrating on resilience will automatically include cyber issues. "WannaCry was a wakeup call and highlighted the disruptive power and scale cyber-attacks can have on our critical national infrastructure," he says. "Organizations can also learn from the new NIS Directive. This legislation clearly signals the move away from pure protection-based cybersecurity thinking. Robust business continuity strategies have never been more important to ensure organizations can continue to operate during an attack and get back up on their feet quickly afterwards."

Dave Ginsburg, VP of marketing at Cavirin, sees the paper as a reasonable attempt to improve resiliency in a changing world. He notes that since the London bombing threat going back to the IRA and The Troubles last century in the UK, and 9/11 in the U.S., banks in both countries have effective disaster recovery operations in place.

"However," he told SecurityWeek, "financial interconnections and interdependencies are much more complicated than they were 17 years ago. What the UK is getting at is putting in place the mechanisms to preserve the financial ‘supply chain' if the worst occurs due to physical or cyberattack. Everyday approaches to physical security and user training don't necessarily address this, and one would hope that institutions in the US, if not implementing such an approach already, may use this as a template. And, it need not only apply to finance, but to the cyber posture of other critical systems such as telecommunications, transportation, electricity, and water supply, to name a few."

"The concept of impact tolerance is core to the supervisory authorities' thinking," comments the paper, "and may challenge firms and FMIs to think differently. It encourages them to assume operational disruptions will occur. This means that attention can be directed towards minimizing the impact of disruption on important business services. Impact tolerance focuses firms, FMIs and the supervisory authorities on the potential vulnerabilities in business and operating models. The work they do to increase the resilience of these need not be tied to specific threats, rather an important business service should be made resilient to a wide variety of threats."

The paper highlights an unpalatable truth for consumers: in critical industries such as the financial sector, operational continuity is more important than data protection -- including PII. Concentrating resources on continuity could feasibly leave customer data more exposed to cyber-attack. Having PII stolen does not normally directly impinge on continuity, and could conceivably be considered of lesser importance (at least as far as the financial regulators are concerned).

The problem for individual firms within such critical industries is that any ensuing resilience regulations will not excuse them from existing data protection regulations. By treating resiliency as a separate issue to data protection, it merely complicates an already complicated regulatory environment.


Email Security Firm Mimecast Buys Staff Training Startup Ataata
12.7.2018 securityweek  IT

London, UK-based email archiving and security firm Mimecast has acquired Bethesda, Md-based security training company Ataata. Financial terms of the acquisition have not been disclosed

Mimecast, founded by CEO Peter Bauer and CTO Neil Murray in 2003, offers a SaaS-based email platform providing email security and management. Ataata was founded in 2016 by CEO Michael Madon. It offers a continuous training platform that analyzes results and predicts which staff may be security risks.

Research by Mimecast and Vanson Bourne in May 2018 highlighted the extent to which humans are the targeted weakness in cybersecurity. From a pool of 800 IT decision makers and C-level executives, 94% had witnessed untargeted phishing attacks, 92% had witnessed spear-phishing attacks, 87% had witnessed financially-based email impersonation attacks (BEC), and 40% had seen an increase in trusted third-party impersonation attacks.

Mimecast LogoDespite this, only 11% of the respondents claimed to use continuous staff training to help employees detect and respond to such email attacks. "Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn't work," commented Bauer.

"As cyberattacks continue to find new ways to bypass traditional threat detection methods, it's essential to educate your employees in a way that changes behavior," he continued. "According to a report from Gartner, the security awareness computer-based training market will grow to more than $1.1 billion by year-end 2020. The powerful combination of Mimecast's cyber resilience for email capabilities paired with Ataata's employee training and risk scoring will help customers enhance their cyber resilience efforts."

Ataata brings humor to staff training. "Every module is drafted by professional television comedy writers who understand the reality of security in the enterprise," it explains. "Yes, such people exist. We hired 'em. So our content is funny, deeply knowing about the contemporary workplace and driven by characters your employees will recognize all too well." Ataata was founded on the principle that training should not be a compliance tool imposed by management, but a commitment enjoyed by staff.

Human error is involved in the majority of all security breaches, and casual mistakes can cost organizations money, their reputation -- and employees, potentially their job. "Organizations need to understand that employees are their last line of defense," says Madon. "Cybersecurity training and awareness doesn't need to be difficult or boring. Training and awareness is needed to help mitigate these internal risks. Our customers rely on engaging content at the human level, which helps to change behavior at the employee-level. We're excited to join forces with Mimecast to help customers build a stronger cyber resilience strategy that includes robust content, risk scoring and real-world attack simulation -- going way beyond basic security awareness capabilities."

Mimecast told SecurityWeek that teams from both firms will be working to integrate the products "to create the most advanced, sophisticated and effective cyber awareness training product on the market." Over time, the two platforms will become more tightly integrated, but, says Mimecast, "the offering is immediately relevant and valuable to all of Mimecast's target audiences."

Ataata has not operated from a central office. Existing staff will be maintained as employees of Mimecast, and remain based where they currently live -- with the exception of Madon. Madon, Mimecast told SecurityWeek, will relocate to Boston, where he "will now be leading up the newly established Mimecast Learning Labs, a training and certification program for Mimecast customers looking to achieve role-based excellence around security best practices."

Mimecast went public in late 2015 at $10 per share, raising $78 million in gross proceeds. After the IPO, share value fell as low as $6.20 in January 2016. Since July 2016, however, share price has risen steadily to $42.99 at the time of writing. Ataata raised $3 million in a Series A funding round in December 2017.


Former Equifax Manager Charged With Insider Trading
29.6.2018 securityweek  IT

US securities regulators announced insider trading charges on Thursday against a former Equifax manager who sold shares in the company before it disclosed a giant data breach.

Sudhakar Reddy Bonthu, a product development manager at Equifax, allegedly netted more than $75,000 after placing orders on September 1, 2017 betting that Equifax shares would fall, according to a complaint by the US Securities and Exchange Commission.

Six days later, the company announced one of the biggest data breaches ever, sending shares sharply lower.

"As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit," said Richard Best, director of the SEC's Atlanta Regional Office.

"Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves."

Bonthu, 44, a resident of Georgia, settled the SEC civil charges and agreed to return his ill-gotten gains plus interest, the agency said.

Bonthu has also been charged in a parallel US criminal case by the Department of Justice, the SEC said.

Bonthu is the second Equifax defendant in an insider trading case after authorities in March brought criminal and civil charges against former Equifax executive Jun Ying.

Key personal data, including names, social security numbers and dates of birth, were pilfered from more than 140 million Americans in the Equifax hack.

On Wednesday, the company agreed to new oversight requirements under a consent order with eight state regulators, including financial regulatory bodies in New York, Georgia and California.


Threat Detection Firm Cynet Raises $13 Million
28.6.2018 securityweek IT

Threat detection and response company Cynet on Wednesday announced that it raised $13 million in a Series B funding round, which brings the total raised to date to $20 million.

The funding round was led by Norwest Venture Partners, with participation from Shlomo Kramer and Ibex Investors. The firm previously raised $7 million in a Series A funding round in 2016.

Cynet says it will use the new funds to continue its growth and keep fueling the development of its products.Cynet secures $13 million investment

The company’s Cynet 360 platform, which is said to be used by organizations worldwide to protect millions of endpoints, is designed to prevent, detect and remediate any threat on the internal network, including malware, zero-day attacks, ransomware, lateral movement, and malicious insiders.

Cynet says its solution can be deployed in less than two hours and it provides security teams complete visibility into traffic and communications across tens of thousands of endpoints.

“Almost all cybersecurity solutions are built to address one vertical in the complex enterprise defense architecture,” said Dror Nahumi, general partner at Norwest Venture Partners. “However, small to medium size enterprises do not have the resources to define, select, integrate and manage dozens of products from different vendors. We are impressed with Cynet’s vision and proven customer success to enable a complete defense solution from a single platform, addressing this huge market demand.”


Identity-based Threat Detection Preempt Raises $17.5 Million
28.6.2018 securityweek IT

San Francisco, Calif (HQ) and Ramat Gan, Israel (R&D) threat prevention firm Preempt has raised $17.5 million in a Series B funding round supported by ClearSky, Blackstone, Intel Capital and General Catalyst. The total raised by Preempt now stands at $27.5 million, having raised $2 million as seed funding in 2014, and $8 million in a Series A round in 2016.

Preempt was founded in 2014 by Ajit Sancheti, and Roman Blachman. It is another innovative cybersecurity firm with roots into the Israeli Defense Forces, where Blachman spent almost ten years -- with four as a research and development manager.

Preempt focuses on providing security by preventing malicious transactions. It does this by identity, behavior, risk and context at the point of the transaction rather than just the point of log-in. It allows, says the company, for control over who can access what resources and in what context without network segmentation or application development.

"Our mission," explains Preempt CEO and co-founder Ajit Sancheti, "is to provide a more holistic approach around securing and protecting identity within the enterprise and to make it easier for enterprises to preempt threats before they impact the business."

In a blog published Wednesday (June 27), ClearSky's operating partner and CISO, Patrick Heim wrote, "We believe that Preempt's approach -- identity as the new perimeter, identity as a cybersecurity problem-solver -- is the future."

The idea of identity being the true perimeter is a growing concept. It is no longer the firewall nor even the endpoint that should be considered the security perimeter -- it is each individual human. Earlier this month, Tessian co-founder and CTO Ed Bishop told SecurityWeek, "Our belief is that organizations' security has moved on from perimeter firewalls, and even endpoint security. I think we are in a third phase here, where humans are the real endpoints of the organization."

While Tessian concentrates on email security, Preempt concentrates on real-time network threat prevention -- but both do so based on user identity and behavior.

Preempt further allows tool and protocol containment. The misuse of network tools can be controlled, and the use of hacking tools prevented. It can deeply inspect authentication protocols such as Kerberos, NTLM, RPC and LDAP, and detect known issues such as pass-the-hash.

At the same time, all user activity can be viewed in one place, including access, behavior, history, profile, changes, locations, device, role, password strength, privileges, VPN, SSO, and more.

ClearSky's Patrick Heim is joining Preempt's board of directors. "It was exciting to see Preempt take a radical new approach to solving vulnerabilities that lie at the core of virtually all enterprises and are commonly leveraged by attackers in major breaches," he said; while adding in his blog, "It's rare that [I] get truly excited about a new security technology."

Preempt already counts Fortune 500 enterprises among its customers. The new funding is intended to help the company expand operations to accelerate product innovation and its go-to-market strategy.


BitSight Raises $60 Million in Series D Funding Round
28.6.2018 securityweek IT

Security ratings firm BitSight today announced that it has closed a $60 million Series D funding round that brings the company’s total funding to $155 million.

Founded in 2011, BitSight's Security Ratings SaaS platform is currently used by more than 1,200 customers around the world to manage third party risk, benchmark performance, underwrite cyber insurance policies and conduct M&A due diligence.

BitSight plans to use the funding to continue its global expansion and extend its portfolio of security risk management solutions.

BitSight Logo

According to BitSight, demand for its product is increasing rapidly. In fact, cyber-security ratings are expected to become “as important as credit ratings when assessing the risk of business relationships” within the next four years, the company notes, citing a Gartner report.

Cybersecurity rating services are also expected to impact the degree to which organizations engage with other companies and should also influence the cost and availability of cyberinsurance.

“When BitSight introduced the first Security Ratings Platform in 2011, we set out to transform how businesses evaluate risk and security performance. […] there is still more work to do in continuing to establish a global standard for cyber security risk decisions,” said Tom Turner, CEO of BitSight.

“We believe there is tremendous opportunity for BitSight globally, and we look forward to working with Tom and the rest of the talented management team in the company’s next phase of growth,” Davis said.

Led by Warburg Pincus, BitSight’s new funding round received participation from existing investors Menlo Ventures, GGV Capital and Singtel Innov8. Cary Davis, Managing Director of Warburg Pincus, will join BitSight's Board of Directors.


Ping Identity Acquires API Security Firm Elastic Beam
28.6.2018 securityweek IT

Identity management solutions provider Ping Identity on Tuesday announced the acquisition of Elastic Beam, a company that specializes in detecting and blocking attacks aimed at application programming interfaces (APIs).

Ping Identity has been around since 2002 and it has raised more than $128 million. It previously acquired two other companies, UnboundID in 2016 and Accells Technologies in 2014.

The Ping Identity Platform allows enterprise users to securely access mobile, cloud and on-premises applications, while providing developers the possibility to enhance their apps with access management, single sign-on, multi-factor authentication, and data governance capabilities.

Elastic Beam emerged from stealth mode last year with a hybrid cloud software product that uses artificial intelligence (AI) to detect and neutralize threats that leverage APIs, including data exfiltration, unauthorized changes or removal of data, distributed denial-of-service (DDoS) attacks, code injections, brute force attempts and authentication via stolen credentials, API memory attacks, and WebSocket attacks.

Along with the acquisition of Elastic Beam, Ping Identity announced the launch of a new AI-driven solution designed for securing APIs.

The new product, named PingIntelligence for APIs, is currently in private preview and is expected to become generally available in the second half of 2018.

According to the company, PingIntelligence for APIs is designed to provide organizations deep visibility into how APIs are used or misused, and it delivers extensive information that can be useful for audit, compliance, and forensic reports.

“PingIntelligence for APIs applies AI models to continuously inspect and report on all API activity. It automatically discovers anomalous API traffic behavior across the enterprise. Bad actors are well versed in circumventing static security policies, so PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code,” Ping Identity described the product on its website.


Window Snyder Joins Intel as Chief Software Security Officer
26.6.2018 securityweek IT

Intel on Monday announced that Window Snyder has joined the company’s Software and Services Group as chief software security officer, vice president and general manager of the Intel Platform Security Division.Window Snyder joins Intel

The decision, effective July 9, comes after Intel was forced to rethink its cybersecurity strategy following the disclosure of the Spectre and Meltdown vulnerabilities early this year, and less than one week after the chip giant announced the resignation of Brian Krzanich as CEO and member of the board of directors.

Window Snyder joins Intel

Snyder has worked in the cybersecurity industry for two decades, including as senior security strategist at Microsoft, co-founder of Matasano, security chief at Mozilla, and security and privacy product manager at Apple. Prior to joining Intel, she was Fastly’s chief security officer for three years.

“In this role with Intel, Window will be responsible for ensuring the company maintains a competitive security product roadmap across all segments in support of business group objectives and continues to engage with the external security ecosystem to apply industry trends and sensing to Intel roadmap differentiation,” said Doug Fisher, senior vice president and general manager of the Software and Services Group at Intel.

Specifically, according to Fisher, Snyder will be responsible – among other things – for working with operating system developers and the security industry to ensure that the company is informed on attacks, to help guide its response, to deliver differentiated security capabilities for data and workloads, and to “drive scale for security.”

Window Snyder


Cyber Intelligence Firm Intsights Raises $17 Million
22.6.2018 securityweek  IT

Israel-born startup Intsights Cyber Intelligence has raised $17 million in a Series C funding round led by Tola Capital. It brings the total capital raised by the firm to $41.3 million ($1.8 million seed funding in 2015; $7.5 million Series A in 2016; and $15 million Series B in 2017).

"This new round of funding," commented CEO Guy Nizan, "will fuel further investment in our cyber reconnaissance capability and global expansion, allowing us to bring the power of tailored intelligence to enterprises around the globe."

The firm was founded in Israel in 2015 by Alon Arvatz, Gal Ben David, Guy Nizan. All three are veterans of the elite cyber-warfare and intelligence services of the Israel Defense Forces (IDF). Intsights is now headquartered in New York, NY.

Intsights Cyber Intelligence is predicated on the idea that effective defense begins before an attack is launched. By definition, most traditional security controls are reactive. They attempt to recognize an attack at the perimeter and block it, or an existing incursion and mitigate it. But also by definition, reactive controls are after the event: the attack is in progress or has already succeeded.

Intsights seeks to be proactive -- to recognize and mitigate an attack before it occurs. It does this by crawling both the surface and dark web looking for indications that an attack is being planned by a hacker or criminal gang. Clues can include actions like scouting targets, using suspicious tools, and collaborating with other hackers on underground forums. The Intsights platform then goes further by integrating with many of the most popular security controls, automatically updating the security infrastructure to block or mitigate the budding attacks it discovers.

Intsights has 15 strategic partners, including firms like Splunk, Check Point, Palo Alto, Carbon Black, Fortinet, IBM, Microsoft, LogRhythm (now majority-owned by investment firm Thoma Bravo), and Symantec.

"Cyber-attacks are driven by humans who leave footprints and breadcrumbs as they plan their attack," explains Nizan. "Enterprises need tailored intelligence that looks beyond the firewall to see the indicators of attack their cyber adversaries leave and understand how, why and when they plan to attack."

Sheila Gulati, managing director of investment firm Tola Capital, expands: "Traditional threat intelligence solutions have failed to deliver the advantage promised to enterprise customers and their security teams. Today, CISOs want to understand what risks are coming and take a proactive stance, as well as determine what sensitive assets are already exposed. By leveraging a data and software enabled approach, security teams can prepare for upcoming attacks and prevent future attacks."

Of course, corporate risk isn't limited to the attack itself. Risk also comes from fake mobile applications, phishing sites, pastebin posts, social media pages, and malicious domains. These can be discovered by Intsight's web-crawling algorithms -- and the platform allows them to be remediated with a single click. "This is done," says Intsights, "via integration with social media platforms, app stores, and registrars by engaging with the IntSights External Remediation team."

The firm already has 20 of the Fortune Global 500 enterprises among its customers, from the financial services, automotive, telecom, apparel, and gaming industries. This customer base is growing at more than 200%. Intsights has offices in Amsterdam, Tokyo, Singapore, Dallas, and Boston and 40 reseller partners worldwide.


CrowdStrike Raises $200 Million at $3 Billion Valuation
20.6.2018 securityweek IT

Sunnyvale, California – based endpoint security firm CrowdStrike today announced that it has secured over $200 million through a Series E round of financing, valuing the company north of $3 billion.

Founded in 2011, CrowdStrike takes a cloud-based approach to endpoint security and has more than doubled both its revenue and headcount over the past year. The company says it is currently serving more than 16% of Fortune 1000 companies and 20% of Fortune 500 companies.

According to the company, the newly secured funds will be used to accelerate the global demand for its CrowdStrike Falcon endpoint protection platform.

The company also says it has seen impressive year-over-year growth in various areas, including: 500% increase in number of $1 million or greater annual contract value (ACV) transactions, 167% increase in the number of subscription customers, 172% growth in new subscription bookings ACV, and 140% increase in annual recurring revenue.

In early June, the company launched its next-generation endpoint security breach prevention warranty, offering up to $1 million if a breach occurs within a customer’s protected environment, as part of its Falcon EPP Complete offering.

In July 2017, CrowdStrike teamed with Dragos, a company that specializes in protecting industrial control systems (ICS), on a strategic partnership to allow joint customers to benefit from a combination of CrowdStrike’s assessment, preparedness and incident response services and Dragos’ expertise in protecting ICS.

The Series E funding round was led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG.


Cylance Announces $120 Million in Funding
20.6.2018 securityweek IT

Endpoint security firm Cylance announced Tuesday afternoon that it has closed a $120 million funding round led by funds managed by Blackstone Tactical Opportunities and including other investors.

The announcement was made hours after endpoint security rival CrowdStrike announced that it had raised more than $200 million in a Series E round of funding at a $3 billion valuation. Given the timing of the announcement—just after 1PM ET—it is likely that Cylance had been preparing to announce its funding in the near future, but scrambled to get the news out as soon as possible to follow CrowdStrike. The company did not immediately respond to a request for comment on the timing of the announcement.

Cylance’s flagship endpoint security product, CylancePROTECT, takes a mathematical and machine learning approach to identifying and containing zero day and advanced attacks. The company has been utilizing artificial intelligence and machine learning as part of its core marketing message since the company was founded in 2012.

The company claims that it has prevented over 23 million attacks worldwide, including more than four million previously unidentified attacks.

According to Cylance, the additional cash will be used to support sales, marketing and development efforts to increase market share, and further expand its footprint across Europe, the Middle East, and Asia Pacific, and expand product offerings.

“With annual revenues over $130 million for fiscal year 2018, over 90% year-over-year growth, and more than 4,000 customers, including over 20% of the Fortune 500, we have demonstrated market success, scale and traction,” said Brian Robins, Chief Financial Officer at Cylance. “We are honored to have Blackstone Tactical Opportunities expand its commitment to Cylance by leading this round of financing. The investment supports our growth strategy and will enable us to continue on the path to becoming cash flow positive.”

In April 2017, Ars Technica published an article detailing a test that used 48 Cylance-provided malware samples, which showed 100% detection by Cylance, but somewhat less from competing products, leading some to some suggestions that Cylance had been gaming the system. In response, Chad Skipper, Cylance's vice president of product testing and industry relations, explained that Cylance doesn't simply use known malware for tests, but alters them via the mpress and vmprotect packers so they effectively become unknown malware. Cylance also claimed at the time, that the majority of independent third-party tests are biased in favor of the incumbent vendors that use malware signature databases (as well as other techniques, including their own use of machine learning).

Cylance is not alone in disputes over competitive testing methods. CrowdStrike sued testing firm NSS Labs in 2017 to seek a temporary restraining order to prevent publication of CrowdStrike comparative test results. CrowdStrike explained that it filed suit to hold NSS accountable for unlawfully accessing its software, breaching its contract, pirating its software, and improper security testing.


Osquery Management Firm Uptycs Emerges from Stealth With $10 Million Funding
19.6.2018 securityweek IT

Waltham, Mass-based Uptycs has emerged from stealth today with the announcement of $10 million Series A funding. The investment was led by ForgePoint Capital and Comcast Ventures.

Uptycs provides security analytics to the huge amounts of data that can be provided by the Osquery open source endpoint agent. The new funds will be used to expand staff levels and further product development.

Osquery Solutions from UptycsOsquery is an operating system instrumentation framework for Windows, OS X, Linux and FreeBSD developed by Facebook. It effectively turns the operating system of individual endpoints into a relational database, allowing system data, such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes, to be explored via SQL queries.

This has huge potential for security. For example, a query could be used to return all currently executing processes, but refined to list only those where the original launching binary no longer exists on the filesystem. This could indicate stealthy malware.

Osquery Solutions from Uptycs

"By itself," explained Uptycs director of security in a blog posted last week, "Osquery is a really neat project that allows you to virtualize an endpoint as if it were a SQL database of information, instead of having to run and remember hundreds of different system utilities. You can ask questions with queries, and schedule questions with query packs. However, what you really need is a way to deploy and manage Osquery at scale."

This is Uptycs. The Uptycs security analytics platform, said the firm in a statement today, stores and transforms Osquery telemetry into context-rich dashboards, reports and alerts that help teams detect intrusions, discover vulnerabilities and manage compliance all from a comprehensive, common dataset. And it doesn't matter whether it is 50 or 50,000 endpoints involved.

"Organizations aren't Windows-centric anymore. There is an increasing mix of Windows, Linux, Mac and containers running across the enterprise, especially in cloud and hybrid environments," said Uptycs CEO and founder, Ganesh Pai. "Security solutions have not kept pace to serve the needs of today's modern computing environments. There are growing blind spots especially for cloud workloads and macOS that Osquery is uniquely capable of covering. Uptycs is helping companies leverage the benefits of Osquery quickly, and at scale."

"A challenge in the modern enterprise is juggling the numerous point security solutions -- each with their own data collection strategy -- especially across a diverse ecosystem of IT assets. Uptycs combines the universality of Osquery with meaningful views of data." explained Andy Ellis, CSO at Akamai. "A team of any size or maturity benefits, taking action across a range of needs from compliance to incident response. As organizations grow, they will continue to benefit from the continuous monitoring and analytics Uptycs provides."


Google Increases Visibility Into Endpoints Accessing G Suite Data
19.6.2018 securityweek  IT

A newly added “Endpoint Verification” feature in G Suite provides administrators with increased visibility into the computers that have access to corporate data.

Released for ChromeOS, macOS, and Windows, the new feature requires a Chrome extension to be installed. On macOS and Windows, the feature also requires a native application that works with the extension.

Users can install the extensions and the apps individually and admins can deploy them centrally, if needed, Google reveals.

Once it has been set up on user devices, Endpoint Verification provides admins with access to an inventory of desktop and laptop devices within the enterprise environment that can access corporate data. Additionally, it offers information such as screen lock, disk encryption, and OS version.

Through said Chrome extensions and native apps, Endpoint Verification collects information on the users’ systems, and displays the information in a new report that becomes accessible via the Admin console.

All that an admin should do to access the available reports is to open the Admin console and visit the Device management > Endpoint Verification section.

When the Endpoint Verification extension is installed on a user’s system, a notification is displayed and the user needs to click “Agree” before the data from their device appears in the admin’s Endpoint Verification report. No data will be shown in the admin console if the user doesn’t click “Agree.”

“[Endpoint Verification is] a lightweight and easy solution for desktop and laptop device reporting, and we hope this visibility empowers admins to maintain a strong security posture for their organization,” Google notes.

The search company is launching the new feature to both Rapid Release and Scheduled Release, for all G Suite Editions. The rollout, however, will be gradual, meaning that it might take up to 15 days for the functionality to become available in some cases.


F-Secure Acquires MWR InfoSecurity for $106 Million
18.6.2018 securityweek IT

Finland-based F-Secure announced on Monday that it has entered an agreement to acquire cybersecurity consultancy MWR InfoSecurity for over €91.6 million ($106 million) in cash and the promise of a significant earn-out if business objectives are achieved until the end of 2019.

Specifically, in addition to the €91.6 million ($106 million), which is subject to adjustments, F-Secure has agreed to pay up to €28.6 million ($33 million) if the agreed business target is achieved between July 1, 2018, and December 31, 2019.

The acquisition is expected to be completed in early July. F-Secure is still evaluating the impact of the acquisition on the company’s financial outlook for 2018.

MWR has nearly 400 employees across offices in the UK, the US, South Africa and Singapore. The company estimates that its revenue for the financial year ending on June 30 will be €31.1 million ($36 million).

The deal is part of F-Secure’s growth strategy, allowing the company to expand its services offering to global markets. The acquisition of MWR also results in the addition of the Countercept threat hunting platform to F-Secure’s detection and response offering. The company’s portfolio will also be enhanced by MWR’s managed phishing protection services.

“The acquisition brings MWR InfoSecurity’s industry-renowned technologies to F-Secure making our detection and response offering unrivaled. Their threat hunting platform (Countercept) is one of the most advanced in the market and is an excellent complement to our existing technologies,” said F-Secure CEO Samu Konttinen.

“I’m thrilled to welcome MWR InfoSecurity’s employees to F-Secure. With their vast experience and hundreds of experts performing cyber security services on four continents, we will have unparalleled visibility into real-life cyber attacks 24/7. This enables us to detect indicators across an incredible breadth of attacks so we can protect our customers effectively. As most companies currently lack these capabilities, this represents a significant opportunity to accelerate F-Secure’s growth,” Konttinen added.


UK Email Threat Firm Tessian Secures $13 Million Series A Funding
18.6.2018 securityweek IT

London, UK-based start-up Tessian has raised $13 million in a Series A funding round led by Balderton Capital. Existing investors Accel, Amadeus Capital Partners, Crane, LocalGlobe, Winton Ventures and Walking Ventures also participated. It brings Tessian's total funding, including initial Angel investments and seed funding, to $16.8 million.

Tessian uses machine learning artificial intelligence to prevent sensitive data leakage via email. It was founded in 2013 by Tom Adams, Ed Bishop and Tim Sadler, who first met as students at Imperial College, London before moving on to careers in investment banking. It was here they realized the extent and danger of accidental data leakage via email -- and saw a market gap for a preventative product.

Data from the UK's data protection regulator, the Information Commissioner's Office (ICO) shows the single greatest category of reported data security incidents in the UK during the first quarter of 2018 was data sent by email to the wrong person. With the likelihood of such incidents attracting more attention and potentially greater fines under GDPR (effective from May 2018), it is a simple business error that needs to be addressed.

"It's human nature to fear scary things like hackers or malware," explains Sadler, "but we often don't think twice about the dangers behind something as familiar and ingrained as sending an email. In reality that's where an overwhelming threat lies."

"What Tessian has done," comments Balderton Capital partner Suranga Chandratillake, "is apply machine intelligence to understand how humans communicate with each other and use that deeper understanding to secure enterprise email networks." As an investor he sees great potential for expanding the approach into other forms of human business communication. "The genius of this approach," he continues, "is that while the product focus today is on email -- by far the most used communication channel in the corporate enterprise -- their technology can be applied to all communication channels in time. And, as we all communicate in larger volumes and on more channels, that represents a vast opportunity."

Both Chandratillake and Accel partner Luciana Lixandru will join the Tessian board. "Since our seed investment just over a year ago," she said, "the company's ability to address a fundamental data security risk has been reflected in its strong growth and a string of blue chip client wins."

That growth has seen annual recurring revenue increase by 400% in the last twelve months, with staff levels increasing from 13 to 50 people. Clients include Schroders, Man Group and Dentons and over 70 UK law firms.

Chris White, global CIO at international law firm Clyde & Co LLP, commented, "Misaddressed emails are a major cybersecurity problem that all organizations have to deal with, but trying to train human error out of employees is near impossible. Tessian's machine intelligence plays a vital role in helping mitigate these kinds of errors and ensure that customer data remains secure and private. The speed and ease of deployment of Tessian," he added, "has been unparalleled by any other solution we've dealt with, and has been our quickest GDPR win to date."

Tessian uses machine learning to understand normal email communication patterns and automatically identify email security threats in real time. It analyzes enterprise email networks to understand normal and abnormal email sending patterns and behaviors, detects anomalies in outbound emails and warns users about potential mistakes, before the email is sent.

"Our belief at Tessian," co-founder and CTO Ed Bishop told SecurityWeek, "is that organizations' security has moved on from perimeter firewalls, and even endpoint security. I think we are in a third phase here, where humans are the real endpoints of the organization." If you look at how hackers try to break into a company, they're not so much hacking devices as hacking the humans.

"We are focused on building security for the human endpoint," he continued. "In short, we are thinking not just about outbound email threats, but also inbound email threats; and in going beyond that to understand what are the other ways in which humans leak data within an enterprise."

The new funding will be used to expand its product offering and increase its sales and marketing teams. It is likely that the product will be expanded to directly address the BEC and phishing threats before the firm moves on to other forms of business communication.


India-based Network Intelligence Raises for $4.8 Million for Expansion
16.6.2018 securityweek IT

Bengaluru, India-based security services and products firm Network Intelligence Inc (NII) has raised Rs 33-crore funding (approximately $4.8 million) from private equity firm Helix Investments. The money will be used for product development and to expand operations in the U.S. and Europe. The investment values the firm at $22.7 million.

NII was founded in 2001, and provides information security services, consultancy and products. It offers assessment, advisory, remediation, training, and managed services; and is an Indian VAR for leading global security firms and products -- such as McAfee, Imperva, Cyber-Ark and FortiGate. NII also sells its own products, Firesec and Insight.

Firesec delivers an analysis of firewall rules for medium to large enterprises. It can purge redundant rules, group similar rules, and find vulnerable rule patterns. Insight is a vulnerability management suite that can manage assets, assess vulnerabilities, and determine compliance status.

"We are going to deploy the funds for two purposes," said KK Mookhey, CEO of NII: "expanding to the US and Europe and to enhance product development initiatives. Around 60% of our revenues are from the banking, financial services and insurance (BFSI) sector and the rest from critical infrastructure like oil and gas and also from IT."

NII employs around 450 people, primarily in India and the Middle East. Its operations centers are in Mumbai and Dubai, and it has recently established operations in the U.S. and Singapore.

Helix Investment is an India-focused private equity fund that aims to invest around $20 million annually in India -- typically at around $5 million to $15 million at a time. The fund is sponsored by Culbro LLC, the private equity investment vehicle of the Cullman family of New York and by Bloomingdale Properties, a US based investment and real estate company.


Australia Agrees Solomons Internet Cable After China Concern
13.6.2018 securityweek IT

Australia will help fund and build an underseas communications cable to the Solomon Islands, it was agreed Wednesday, after the Pacific nation was convinced to drop a contract with Chinese company Huawei.

The impoverished country and Huawei inked a deal in late 2016 to construct the fibre-optic cable from Australia to Honiara to improve its often unreliable internet and phone services.

But Solomon Islands Prime Minister Rick Houenipwela said last week there had been a change of heart following "some concerns raised with us by Australia", without elaborating.

The move comes with Australia refocusing its foreign aid programmes to win hearts and minds in the island nations of the Pacific, as China flexes its muscle in the region.

It pledged more than Aus$1.3 billion (US$970 million) in its national budget last month to fund projects such as the communications cable, which will also link-up with Papua New Guinea.

Canberra and other regional capitals have become increasingly alarmed at Beijing's push into the Pacific through "soft diplomacy", which could potentially upset the strategic balance in the region.

Australian Foreign Minister Julie Bishop refused to detail what concerns Canberra had with telecom giant Huawei.

"I would not elaborate on security issues, that's not appropriate," she told reporters.

"What we have offered the Solomon Islands, and they have accepted, is an alternative to the offer, and ours is cheaper. It's likely to be a faster result for them, and technically superior."

Huawei was blocked from bidding for contracts on Australia's ambitious national broadband project in 2012, reportedly due to concerns about cyber-security.

Huawei has long disputed claims of any links to the Chinese government.

According to broadcaster ABC, Australia's spy boss Nick Warner and other senior officials visited the Solomons last year and returned with concerns about Huawei being permitted to plug into the country's telecommunications infrastructure.

They reportedly believed that while Huawei was an independent company, it retained links to the Chinese government and could pose a threat to Australian infrastructure in the future.

After meeting Houenipwela in Canberra Wednesday, Prime Minister Malcolm Turnbull said Australia will also jointly fund a domestic telecommunication cable network linking remote provinces in the Solomons to the capital Honiara.

"As we step up our engagement in the Pacific, we are working as partners with Solomon Islands more closely than ever to ensure stability, security and prosperity in the region," he said.


Splunk to Acquire DevOps Alert Firm VictorOps for $120 Million
12.6.2018 securityweek  IT

Machine data solutions firm Splunk announced Monday that it has agreed the acquisition of alert management start-up VictorOps for approximately $120 million. The acquisition is expected to close during Splunk's FQ2, subject to customary closing conditions, and will be funded by cash out of Splunk's balance sheet.

The acquisition makes sense. Splunk uses data analytics and artificial intelligence to locate alert incidents within masses of log data. VictorOps manages the delivery of alerts to the right on-call technical staff. Together, they combine data analytics with DevOps practices.

"The world is changing," explains VictorOps' CEO and co-founder Todd Vernon in an associated blog. "Companies are increasingly relying on software for their competitive advantage in business. Software that historically changed a few times a year, now changes hourly or even by the minute in progressive, market-savvy companies."

VictorOps was founded to provide a collaborative way to quickly resolve software incidents. "By combining VictorOps incident management capabilities and the Splunk platform," Vernon continued, "organizations will be able to quickly resolve and even help prevent issues that degrade customer engagement. We look forward to joining Splunk and working together to help solve these complex challenges facing every Development and DevOps team."

"The combination of machine data analytics and artificial intelligence from Splunk with incident management from VictorOps creates a 'Platform of Engagement' that will help modern development teams innovate faster and deliver better customer experiences," added Doug Merritt, president and CEO at Splunk. The intention is the integration of Splunk Enterprise with VictorOps will deliver monitoring, event management, on-call management and ChatOps.

'Platform of engagement' is also the term used by VictorOps. "Modern Incident Management," wrote Vernon, "is in a period of strategic change where data is king, and insights from that data are key to maintaining a market leading strategy. We look forward to working together to create a 'Platform of Engagement' that uses the most actionable information available and correlates monitoring and incident management data to foster shared understanding, speed resolution, and leverage AI to recommend solutions."

The acquisition of VictorOps builds on the earlier $350 million acquisition of Phantom. While Phantom also helps automate IT teams' responses to alerts, it lacks VictorOps' team collaboration capabilities.

VictorOps was founded in 2012 by Bryce Ambraziunas, Dan Jones and Todd Vernon. In 2016 it raised $15 million in Series B funding, bringing the total funding raised to $33.7 million. Investors include Silicon Valley firms Shea Ventures and Costanoa Ventures.

San Francisco, CA-based Splunk was founded in 2003. VictorOps is its seventh acquisition, including Phantom earlier this year, and SignalSense in October 2017. Both Phantom and VictorOps had a year-long product integration partnership with Splunk prior to acquisition.

"Upon close," wrote Vernon, "VictorOps will join Splunk's IT Markets group and together will provide on-call technical staff an analytics and AI-driven approach for addressing the incident lifecycle, from monitoring to response to incident management to continuous learning and improvement."

Splunk plans to retain VictorOps approximately 90 employees after the acquisition.


Industrial Cybersecurity Firm Claroty Raises $60 Million
11.6.2018 securityweek IT

New York-based industrial cybersecurity firm Claroty announced on Monday that it raised $60 million in a Series B funding round, bringing the total amount raised by the company to date to $93 million.

The funding round was led by Temasek, with participation from several industrial giants, including Rockwell Automation, Schneider Electric’s investment arm Aster Capital, and Siemens-backed venture capital firm Next47. Envision Ventures, Tekfen Ventures and original Claroty investors Bessemer Venture Partners, Innovation Endeavors, Team8, and ICV also contributed.

The company will use the new funds to further advance the technology powering its products, grow the Claroty brand, and extend global sales and customer support.

Claroty has been working with Rockwell Automation for nearly two years and in 2017 the companies announced that they had teamed up to combine their security products and services. Claroty also struck a deal last year with Schneider Electric to market its network monitoring solutions through Schneider’s Collaborative Automation Partner Program (CAPP).

Siemens has also entered a partnership with Claroty. A recently introduced anomaly detection capability added by Siemens to its service offering involves Claroty software running on Siemens hardware – initially on ruggedized PCs and, in the future, on switches.

Claroty was founded in 2014 and it emerged from stealth mode in 2016 with $32 million in funding. The company claims it has recorded a 300% year-over-year growth in bookings and customer base, which includes organizations all around the world in the electric utilities, oil and gas, chemical, manufacturing, mining, food and beverage, and real estate sectors.

Claroty’s ICS security platform continuously monitors operational technology (OT) networks in search of potential threats. The product enables organizations to control remote employee and third-party access to critical systems, and helps them create a detailed inventory of industrial network assets and identify configuration issues.

“Protecting the critical automation systems our customers operate against cyberattacks remains a top priority for the company,” said Frank Kulaszewicz, SVP, Architecture & Software at Rockwell Automation. “Claroty has been a partner since 2016 and their advanced technology is a key element of our real-time threat detection and monitoring service. Our investment in Claroty is a logical extension of our ongoing strategic partnership.”

“A perimeter defense to cybersecurity in today’s connected world is not enough. An end-to-end approach, with solutions that provide deep visibility into operational technology and industrial control systems, is critical for the security of heavy processing environments,” said Hervé Coureil, Chief Digital Officer at Schneider Electric. “Leading the digital transformation of energy management and automation, Schneider Electric takes cybersecurity very seriously and the partnership with Claroty complements the cybersecurity layer of our IoT-enabled EcoStruxure architecture.”


Capgemini to Acquire Leidos Cyber
9.6.2018 securityweek  IT

French IT consultancy firm Capgemini announced Thursday an agreement to acquire Leidos Cyber from the U.S.-based Leidos. The acquisition is subject to anti-trust and Committee of Foreign Investment in the United States (CFIUS) approvals, and is expected to complete before the end of 2018. Financial terms have not yet been disclosed.

Founded in 1967, the Capgemini Group employs more than 200,000 people in more than 40 countries. It focuses on consulting, technology services and digital transformation; and reported global revenue of EUR 12.8 billion in 2017.

In terms of its heritage, a Capgemini spokesperson told SecurityWeek, "Leidos Cyber was formed through the mergers, since 2011, of Lockheed Martin’s corporate division, Industrial Defender and Leidos’ own commercial cybersecurity business."

Leidos was formerly known as Science Applications International Corporation (SAIC), which changed its name in 2013. A new SAIC was then spun off Leidos, retaining the original name. Leidos Cyber is the cybersecurity arm of Leidos Holdings, employing almost 500 cybersecurity professionals across the North America. Leidos reported 2017 revenues of $10.2 billion.

The products and services of the two organizations complement each other. Capgemini gives a global market to Leidos Cyber's services; while Leidos Cyber will give Capgemini a much stronger footing in the U.S.

"Leidos Cyber is a pioneer in the field of cybersecurity. It defined the market in protecting the industrial control ecosystem for the mission critical infrastructure needs of global enterprises," comments Paul Hermelin, Chairman and CEO, Capgemini. Leidos' core market comprises government and highly regulated industries.

"Its world class security expertise and status as a trusted advisor to many Fortune 500 leaders," continued Hermelin, "makes it totally complementary to Capgemini's global cybersecurity practice. It is the perfect fit to reinforce our cybersecurity practice in North America, to help meet the security requirements of our international client base."

Robert Meindl, president of Leidos Cyber, is also confident, calling Capgemini 'a natural home for our commercial cybersecurity team'. "Not only will we be able to play our part in augmenting the North America cybersecurity practice," he said, "but we also look forward to adding value to the global security provisions of Capgemini's clients around the world."

Angie Heise, president at Leidos Civil Group, added, "Capgemini's commitment to engaging a broad set of commercial markets makes it an ideal fit for the Leidos Cyber business."


Nikesh Arora Takes Over as New CEO of Palo Alto Networks
9.6.2018 securityweek  IT

Nikesh Arora became the new CEO of Santa Clara, CA-based Palo Alto Networks (PAN) on Wednesday, June 6. He replaces existing CEO Mark McLaughlin, who will continue with PAN as vice chairman of the PAN board.

"Over the course of several quarters, I have been discussing succession planning with the Board and I couldn't be more pleased that we have found a leader in Nikesh," said McLaughlin, who has served as CEO since 2011.

Share price dipped slightly since the news became known at the beginning of the month, but at $197.07 (at the time of writing) it is still considerably up on the firm's 52-week low of $126.56. It has been suggested that the market is slightly wary of Arora's lack of cybersecurity experience. He is, however, a big business player with big business experience.

Nikesh Arora - chairman and CEO of Palo Alto Networks

Nikesh Arora - chairman and CEO of Palo Alto NetworksArora's former positions include chief business officer at Google (Fortune claims that Eric Schmidt once described him as "the finest analytical businessman I have ever worked with"); and COO at SoftBank (where he was 'heir apparent' to founder Masayoshi Son). He left SoftBank when Son decided to stay on for another decade. At Google, Fortune claims, "He helped instill discipline into the quirky Internet upstart, focusing its untamed energy into unstoppable commercial force."

Arora is not concerned about his personal lack of cybersecurity experience. "The good news is I knew nothing about advertising or ad sales when I joined Google in 2004 and I think that worked out," he told CNBC. In 2012, he was Google's highest paid executive. He expects to work closely with both McLaughlin and PAN founder and CTO, Nir Zuk. "I may not have a background in security, but with my background as an engineer, I can sit down with Zuk to help guide the next generation of products we can offer," he told recode.net.

Arora's pay package is impressive -- especially if he provides impressive growth to the company. His base salary is around $1 million per year, with a further $1 million as target bonus; plus $40 million of restricted stock vesting over seven years, and stock options valued at $66 million vesting in increments. "If the stock quadruples," reports Business Today, "he is in for a windfall -- he gets all of them." BT calculates this will amount to $128 million.

"We wanted to make sure that Nikesh, as the new leader of the company, has strong skin in the game," Asheem Chandna, a member of Palo Alto Networks' board of directors and investor at Greylock Partners, told Fortune. "And we wanted to make sure Nikesh is rewarded if he creates multiples of value for shareholders."

That leaves the question of how Arora will seek such dynamic growth for PAN. McLaughlin claims the transition from him to a new CEO has been planned for some time. He told CNBC that PAN is already focused on the new developing markets: cloud, machine learning and new-age software, and suggested that PAN will look very different in five years' time.

"In looking for the perfect person to do that, we wanted somebody who is a very demonstrated business executive at scale and would bring those key attributes to the table to take us where the company's going to be in five years."

"I'm hoping, as we go forward," added Arora, "we'll strike partnerships not just with Alphabet and Google but also with the other big players in the space, be it Microsoft or Amazon or many of our partners in the cybersecurity space." His intention is to apply the same principles of scale that he learned from his time at Google to Palo Alto Networks.


U.S. in Deal to Ease Sanctions on China's ZTE: Top Official
8.6.2018 securityweek IT

US officials reached a deal Thursday to ease sanctions which threatened to cripple Chinese smartphone maker ZTE, Commerce Secretary Wilbur Ross said.

Ross told CNBC television the deal includes a $1 billion fine levied on the Chinese firm and a requirement that it change its board of directors.

In April, the Chinese group was cut off from US technology products for violating US sanctions against North Korea and Iran -- measures which threatened to put ZTE out of business.

Ross said the agreement calls for "embedding a compliance department" chosen by Washington to monitor company conduct.

"They will pay for those people but the people will report to the new chairman," Ross said.

"This is a pretty strict settlement. The strictest and largest settlement fine that has ever been brought by the Commerce Department against any violator of export controls."

Ross said the plan calls for ZTE to create a $400 million escrow account in case of future violations, and a requirement to overhaul the board of directors and executive team within 30 days.

Several US lawmakers have warned against easing sanctions on ZTE, citing national security concerns.

But President Donald Trump last month said he was looking at options to prevent a shutdown of ZTE.

The news comes amid increasing trade tensions between Washington and Beijing, with Trump threatening to impose tariffs of Chinese technology products to reduce a large trade deficit.


Data Classification Firm DocAuthority Raises $10 Million
7.6.2018 securityweek IT

Israeli startup firm DocAuthority has raised $10 million in a Series A funding round led by Raine Ventures, with the participation of Greycroft, ffVC, Differential VC in the US, and 2B Angels and Plus Ventures in Israel. The finance will be used to accelerate growth and market reach.

DocAuthority brings artificial intelligence to the classification problem for unstructured data. Security and compliance require that company secrets, intellectual property and personal information be adequately secured; but business efficiency requires ready access to and use of non-confidential data. This requires accurate document classification, specifying what level of security control should be applied to different documents.

This data classification is traditionally performed manually. If applied historically it can take many months, and is subject to both false positives and false negatives in the application of classification labels. If done in real time, there is a frequent tendency for individuals to over-classify -- to assume a particular document is more sensitive than it actually is.

The result is often both an unnecessary burden on staff efficiency (through over-classification), and a failure to adequately protect instances of personal data (through under-classification). The need to locate and protect all instances of PII is increasingly important with the rapid growth of severe personal privacy legislation, such as GDPR.

DocAuthority's AI-based platform will scan documents and apply classification without human error, and at machine rather than human speed. "DocAuthority's revolutionary BusinessID technology," claims cofounder and CTO Ariel Peled, "is a new branch in data science, offering a novel take on AI that solves a major problem in data management and protection. With full automation and an accuracy level of 1:10,000, both business and security can agree and safely rely on policies for data classification, access management, DLP, encryption and as importantly, retention."

The funding "is an important milestone for DocAuthority," commented CEO Steve Abbott. "DocAuthority enables organizations to manage data based on both risk profile and business value, offering a common language across an organization. Assigning data management policies, based on business category, easily aligns security controls with business usage of data."

DocAuthority was founded in 2013 by Ariel Peled (CTO) and Itay Reved (VP R&D). It is based in Ra'anana, HaMerkaz, in central Israel.


Microsoft to Acquire GitHub for $7.5 Billion
6.6.2018 securityweek IT

Microsoft on Monday announced that it has agreed to acquire software development and collaborateion platform GitHub in a deal valued at $7.5 billion.

Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock. The dal is expected to close by the end of 2018, subject to customary closing conditions and regulatory review.

GitHub is a cloud-based repository for source code, offering hosting, version control management and code collaboration capabilities. It is thought to have 27 million developers using its services in nearly every country in the world, and to host 80 million code repositories. Microsoft is already a major user of GitHub, reportedly with more than 1,000 employees pushing code to GitHub repositories.

GitHub was valued at $2 billion dollars at its most recent funding round in 2015.

The acquisition makes sense for Microsoft with its increasing involvement with Linux and open source projects. There is, however, concern among many of the independent developers using the service, pointing to a perceived performance reduction from both LinkedIn and Skype following earlier acquisition by Microsoft.

"LinkedIn has turned into a slow-loading junk after the Microsoft acquisition. I can only imagine what awaits GitHub," tweeted Catalin Cimpanu.

A further concern is that ownership could give Microsoft access to the source of potentially competitive or disruptive projects. "This is not all about Microsoft," was another tweet. "This is about the independence of what has become the de-facto home of open source. It shouldn't be owned by any company that has any agenda other than host that home."

Robert Graham of Errata Security has a different concern. GitHub has a history of national censorship attempts -- a DDoS out of Russia in 2014; blocked in India in 2014; a DDoS apparently out of China in 2015; and blocked in Turkey in 2016. On February 28, 2018, GitHub was hit by a world record DDoS peaking at 1.35 Tbps.

His concern now is that China would be able to censor GitHub via Microsoft. It cannot currently censor individual pages (such as those about the Tiananmen Square massacre in 1989) because GitHub forces the use of SSL/TLS, so the China Firewall cannot see which pages are being accessed. "The only option," he tweeted "would be to block the entire site, all access to http://GitHub.com, but China can't do that either, because so much source code is hosted on GitHub -- source code their industry needs in order to build products."

As an independent organization he believes that GitHub is too important to be blocked by the Chinese government. "When Microsoft buys GitHub, however, China will now have leverage, threatening other Microsoft interests in China in order to pressure Microsoft into censoring some GitHub pages."

In the meantime, with few details of the terms and conditions, users' reactions have been largely emotional. There was widespread concern that Microsoft's motive in buying LinkedIn was to gain access to the personal details of the world's business management. There is similar concern now that Microsoft is seeking to gain some form of control over the world's open source software.

This is unlikely. SecurityWeek spoke to Robin Wood (aka DigiNinja), an independent penetration tester who uses GitHub to host the tools he develops for his trade. Assuming the purchase is finalized, "I think the important thing to look at is the exact details of the terms and conditions and any changes they decide to make to it," he told SecurityWeek. "There may be clauses in there about ownership or use without license that currently don't mean much but could mean a lot with the change of ownership."

For the moment, he is not worried by the takeover. "There are a number of established alternatives, so they can't do much to mess up actual usage otherwise people will just move away. So probably no real change for most users of the service but some with tools that Microsoft are interested in may be hit."

For himself and his own repositories, "I won't be moving my tools unless there are any specific negative changes that affect me, but I reckon there will be a bunch of people jumping ship early just in case, and another bunch fear-mongering about all the nasty stuff that might happen, most of it just guess work."

Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub’s current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives, Microsoft said.


Cyber Range Developer Cyberbit Raises $30 Million
6.6.2018 securityweek IT

Israel-based Cyberbit Ltd., a provider of cyber range training and simulation platforms, announced on Monday that it has received a $30 million investment from Claridge Israel.

Cyberbit offers a cyber range for simulated cyber training, and a detection and response platform to help protect an organization’s attack surface across IT, OT and IoT networks.

Founded in 2015, Cyberbit is a subsidiary of Elbit Systems and has offices in Israel, Unites States, Europe, and Asia.

With the funding, Cyberbit says it will expand sales and marketing, primarily in North America, boost product development, and enhance customer and partner support.

“Cyberbit’s growth in just three years has been remarkable,” said Rami Hadar, Managing Director at Claridge Israel. “This growth is driven by a unique product portfolio that addresses several of the most pressing industry problems, a solid go-to-market strategy and a highly capable team that is executing successfully and creating a leadership position in several markets.”


Cyber Range Developer Cyberbit Raises $30 Million
6.6.2018 securityweek IT

Israel-based Cyberbit Ltd., a provider of cyber range training and simulation platforms, announced on Monday that it has received a $30 million investment from Claridge Israel.

Cyberbit offers a cyber range for simulated cyber training, and a detection and response platform to help protect an organization’s attack surface across IT, OT and IoT networks.

Founded in 2015, Cyberbit is a subsidiary of Elbit Systems and has offices in Israel, Unites States, Europe, and Asia.

With the funding, Cyberbit says it will expand sales and marketing, primarily in North America, boost product development, and enhance customer and partner support.

“Cyberbit’s growth in just three years has been remarkable,” said Rami Hadar, Managing Director at Claridge Israel. “This growth is driven by a unique product portfolio that addresses several of the most pressing industry problems, a solid go-to-market strategy and a highly capable team that is executing successfully and creating a leadership position in several markets.”


IBM Adds New Features to MaaS360 with Watson UEM Product
6.6.2018 securityweek IT

IBM announced on Monday that it has added two new important features to its “MaaS360 with Watson” unified endpoint management (UEM) solution.

UEM solutions allow enterprise IT teams to manage smartphones, tablets, laptops and IoT devices in their organization from a single management console.

IBM has improved its MaaS360 with Watson UEM product with two capabilities the company says can be highly useful for IT departments: app intelligence and reporting, and security policy recommendations.

Business Dashboards for Apps is designed to provide administrators information on mobile applications and how they are used by employees. This can help them get a better understanding of which apps require attention and investment and which ones can be removed.

IT teams can obtain information on the number of installs (by platform, manufacturer and ownership), usage (popularity and session length), performance (crashes and data usage), and trend information (crashes, network requests and data consumption over a period of six months). Admins can also apply filters to make analysis easier and more useful.

The second new feature, the Policy Recommendation Engine, helps IT teams by dynamically providing recommendations when configuring security policies. Recommendations are provided based on the organization’s profile and common practices observed at similar companies in the MaaS360 community.

“Imagine a way to configure your policies with guidance that is dynamically presented every step of the way, catered to your organization and the size of your deployment. Whether you’re new to the game — or have been managing policies for years — a little confidence in your configurations goes a long way,” IBM Security’s John Harrington Jr. said in a blog post.

IBM also announced this week the launch of Guardium Analyzer, a new tool that uses a specialized data classification engine and data patterns to identify and classify GDPR-relevant information across cloud and on-premise systems. The tool can also identify the databases most likely to fail a GDPR-focused audit, the company said.


Fortinet Acquires Bradford Networks to Extend Security to the Edge
6.6.2018 securityweek IT

Fortinet has acquired Boston-based network security firm Bradford Networks. The purpose is to extend Fortinet's micro segmentation to the new perimeter: that is, the IoT and mobile edge.

A Fortinet spokesperson told SecurityWeek that it paid approximately $17 million in initial consideration, net of cash acquired and subject to certain adjustments. It may pay an additional $2 million as an earn-out, subject in certain performance conditions. According to Crunchbase, Bradford had raised roughly $14 million in funding.

Gartner predicts that the currently estimated 4 billion enterprise connected devices will grow to 7.5 billion in the next two years. Making sure that every one of those devices is both known and secure is difficult. It is, suggests Fortinet in a blog, a 'classic' example of the asynchronous security problem: "Security managers need to secure every single device every single time, while criminals only need one open port, one compromised or unknown device, or one uncontained threat to circumvent all of the effort going into securing the network."

"As large organizations continue to see high growth in network traffic and the number of devices and users accessing their networks," explains Ken Xie, founder, chairman of the board and CEO at Fortinet, "the risk of breach increases exponentially. According to a recent Forrester study, 82 percent of companies surveyed are unable to even identify all devices accessing their networks. The integration of Bradford Networks' technology with Fortinet's security fabric enables large enterprises with the continuous visibility, micro-segmentation and access control technology they need to contain threats and block untrusted devices from accessing the network."

Bradford Networks enhances Fortinet's Security Fabric by providing agentless visibility of endpoints, users, devices, and applications that access the complete corporate network including headless devices and IoT. It brings security to IoT through device micro segmentation and automatic policy assignment, allowing granular isolation of unsecure devices.

Once visibility of all devices that connect to the network is attained, the next step is to make sure they are authenticated or authorized, and are subject to a context driven policy that defines who, what, when, and where connectivity is permitted.

"Such an approach -- where no unknown devices ever gain access to the corporate infrastructure, permitted devices are automatically segmented based on policies and roles, and connected devices that begin to behave badly are immediately quarantined from the network," says Fortinet, "becomes the foundation for a comprehensive positive security posture."

Fortinet's share price has grown steadily, from $35.83 in September 2017 to $62.48 at the start of 4 June 2018. A slight dip occurred with the Bradford Networks announcement (down to $61.70), but the share price has already risen above the pre-acquisition price to its highest ever value at $62.92, at the time of writing.

Fortinet does not expect the transaction to have a material impact on the company's second quarter or full year 2018 financial guidance disclosed on May 3, 2018.

Rob Scott, CEO at Bradford Networks, said, "We are excited to join with Fortinet, the leader in network security to deliver exceptional visibility and security at scale to large enterprise organizations. Bradford Networks' technology is already integrated with Fortinet's Security Fabric including FortiGate, FortiSIEM, FortiSwitch and FortiAP products to minimize the risk and impact of cyber threats in even the toughest security environments such as critical infrastructure - power, oil and gas and manufacturing."

Bradford Networks, the Fortinet spokesperson said, "will become part of the Fortinet brand and will enrich Fortinet’s IoT offering. The majority of Bradford Networks employees will transfer to Fortinet and be integrated across multiple functions based on areas of responsibilities."


Updated: Microsoft reportedly acquires the GitHub popular code repository hosting service
6.6.2018 securityaffairs IT

Microsoft has reportedly acquired the popular code repository hosting service GitHub, but at the time of writing there is no news about how much Microsoft paid for the platform.
Microsoft has reportedly acquired the popular code repository hosting service GitHub.

GitHub was last valued at $2 billion in 2015, but at the time of writing there is no news about how much Microsoft paid for the platform.

“The software maker has agreed to acquire GitHub, the code-repository company popular with many software developers, and could announce the deal as soon as Monday, according to people familiar with the matter.” reported a post published by Bloomberg.

GitHub board decided to sell to Microsoft because of the leadership of Microsoft’s CEO Satya Nadella and his vision on the open source technology.

Github currently hosts more than 80 million code repositories, it has a privileged position in the software development community, the company that owns this platform could have strategic benefits from the knowledge of the projects that are hosted on the platform.

Of course, part of the open source community disagrees with Github move and is opting to switch to competitor services such as BitBucket or GitLab.

Bryan Lunduke
@BryanLunduke
To those that have @GitHub accounts:

If @Microsoft buys GitHub... would you continue to use it? Or would you move your repositories to a different service?

6:21 PM - Jun 2, 2018
32%Stick with GitHub
68%Move to another service
632 votes • Final results
56
95 people are talking about this
Twitter Ads info and privacy
Many development teams fear Microsoft could abuse its position after the acquisition gaining full access to the millions of private projects hosted on GutHub.

The code hosting service GitLab has seen a massive traffic spike after news of the deal, with thousands of projects and code repositories are being transferred from GitHub.

code repository GitHub deal

At the time of writing, neither Microsoft nor GitHub has commented on the acquisition deal.
Updated on June 4
In a blog post published today, Microsoft confirmed that will acquire GitHub for $7.5 billion in Microsoft stock.

“GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects — and will still be able to deploy their code to any operating system, any cloud and any device.” reads the blog post.

“Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub’s current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives.”


PE Firm Thoma Bravo Buys Majority Stake in LogRhythm
1.6.2018 securityweek  IT

Private equity firm Thoma Bravo announced on Thursday that it will acquire a majority interest in Security Information and Event Management (SIEM) solutions vendor LogRhythm.

Terms of the deal, which is expected to close in Q3 2018, were not disclosed.

Founded in 2003, LogRhythm is veteran security firm that has raised more than $110 Million in funding, and has more than 2,500 customers around the world that use its platform that combines traditional SIEM capabilities with user and entity behavior analytics (UEBA).

“Thoma Bravo has long admired the work of Andy, Chris, Phil Villella and the entire LogRhythm team,” said Seth Boro, a managing partner at Thoma Bravo. “The company’s impressive track record of growth shows the continued demand for LogRhythm’s differentiated offerings. With Thoma Bravo’s investment, we look to further accelerate product innovation and drive continued customer success.”

Thoma Bravo has made several large investments in the cybersecurity space over the years. Its portfolio of investments include SonicWall, SailPoint, Hyland Software, Deltek, Blue Coat Systems, Imprivata, Bomgar, Barracuda Networks, Compuware and SolarWinds.


Fraud Protection Firm Signifyd Raises $100 Million
31.5.2018 securityweek  IT 

Signifyd, a San Jose, CA-based company that specializes in fraud protection solutions for e-commerce businesses, on Wednesday announced that it raised $100 million in a Series D funding round.

The round was led by Premji Invest, with participation from existing investors Bain Capital Ventures, Menlo Ventures, American Express Ventures, IA Ventures, Allegis Cyber and Resolute Ventures.

This brings the total raised by the company to date to $187 million, including $56 million secured in 2017 and $20 million in the previous year. Bloomberg reported that the company has been valued at roughly $400 million following the latest funding round.

Signifyd says it will use the funds to further accelerate its growth. The company claims the number of global e-commerce businesses it protects has doubled to more than 10,000. Signifyd customers include Build.com, Helly Hansen, iRobot, Walmart-owned Jet, Lacoste, Luxottica, Stance, Tous and Wayfair.

The company recently partnered with Magento, the open-source e-commerce platform, which Adobe agreed to buy for $1.68 billion.

Signifyd provides a solution that helps organizations identify fraudulent online orders by using a combination of machine learning, data science research and behavior technology. The solution should help reduce the risk of chargebacks and fraud without having a negative impact on customer experience.

Last month, the company opened its first European office in Barcelona, Spain.

“The fraud detection and prevention market is estimated to reach nearly $42 billion by 2022,” said Raj Ramanand, CEO and co-founder of Signifyd. “However, while fraud remains a serious concern, transactions wrongly declined due to suspected fraud represents a bigger problem of more than $150 billion a year. A wrong decline can push consumers to abandon the merchant and thereby erode customer lifetime value. With this funding, we’re looking to continue to enable friction-free e-commerce for enterprise and omnichannel retailers globally.”


FireMon to Acquire Cyber Situational Awareness Firm Lumeta
30.5.2018 securityweek IT 

Network security policy management solutions provider FireMon announced on Tuesday that it has entered an agreement to acquire Lumeta, a company that specializes in cyber situational awareness.

The financial terms of the deal, expected to be completed in the second quarter of 2018, have not been disclosed.

Lumeta’s products provide organizations real-time network and device visibility and security monitoring, including for IoT and industrial control systems (ICS). The company also helps customers identify and remediate leak paths and segmentation violations.

Lumeta technology can continuously identify new devices and cloud connectivity, allowing FireMon to extend the capabilities of its own platform to previously unknown network and cloud elements. This should help reduce attack surface and expose activity that may represent a security risk, FireMon said.

“Lumeta and FireMon share a vision for deeper integration across the security industry. For example, Lumeta built Spectre with two-way RESTful APIs, which has resulted in proven integrations with leading security vendors, including McAfee ePO, IBM QRadar, Carbon Black, Cisco, Tenable, InfoBlox and Qualys. This pairs well with FireMon’s vendor-agnostic approach to solving customers’ problems,” said Satin Mirchandani, CEO of FireMon. “Additionally, Lumeta’s history, which dates back to the legendary innovation center Bell Labs, perfectly complements FireMon’s business model and technology strategy.”

FireMon says Lumeta will remain a standalone business, and its current president, Reggie Best, will continue to fill the position. FireMon also plans on investing into the development of Lumeta’s technology and integration with its own products.

Lumeta is not the first company acquired by FireMon. It bought Immediate Insight in 2015 and in 2016 it acquired cloud security firm FortyCloud.


Vulcan Cyber Emerges From Stealth With $4 Million Seed Round
30.5.2018 securityweek IT 

Vulcan Cyber is the latest Israel-based cybersecurity startup to emerge from stealth mode. The company, whose main product is a vulnerability remediation platform, announced on Wednesday that it raised $4 million in seed funding.

The funding round was led by YL Ventures with participation from other investors. Vulcan Cyber will use the seed funds to build its Israeli R&D office, which will develop and deliver its product, and kickstart operations in the U.S., with a focus on sales, marketing, support and professional services.

A beta version of the platform is already available to qualified customers and is expected to become generally available in late 2018.Vulcan Cyber emerges from stealth

Studies have shown that it can take organizations a long time to patch vulnerabilities in the software they use and it’s not uncommon for known flaws to be exploited in high profile attacks that end up costing companies millions of dollars.

Vulcan cyber aims to address the vulnerability remediation gap by providing a platform that integrates with existing security assessment, DevOps and IT tools, allowing organizations to detect vulnerabilities and automate the remediation process. The list includes tools from AWS, Nessus, WhiteHat, Qualys, IBM, BlackDuck, Tripwire, Checkmarx, Rapid7, Veracode, Google, Microsoft, GitHub, Slack and many others.

The solution provides an orchestration engine that helps coordinate the teams, tasks and tools needed to address vulnerabilities, the company says.

Vulcan says its goal is to build the largest vulnerability remediation database, including patches, automated scripts and signatures.

The company claims that unlike competitors, whose products assess and prioritize flaws strictly based on threat intelligence, its platform also leverages DevOps and IT data.

The product is aimed at CIOs and CISOs who want to get a clear picture of the risk level across their organization, and individuals responsible for vulnerability management programs, as it allows them to better manage the remediation process and improve efficiency by automating certain tasks.

Vulcan says its cloud-based platform is easy to deploy – it does not require any agents or tapping into network traffic, and organizations only need to provide the API and credentials for their vulnerability assessment, DevOps and IT tools.


Symantec Shares More Information on Internal Investigation
16.5.2018 securityweek IT

Symantec shares gained nearly 10 percent on Monday in anticipation of a conference call that promised to provide more information regarding the internal investigation announced by the company last week.

Along with its financial results for the fourth quarter and full year, Symantec told investors last week that the Audit Committee of the Board of Directors had launched an investigation as a result of concerns raised by a former employee.

The company initially did not share any additional information, except that the Securities and Exchange Commission (SEC) had been notified and that the probe would likely prevent it from filing its annual 10-K report with the SEC in a timely manner.

Symantec shares dropped roughly 20 percent to less than $24 after the announcement was made on Thursday, and on Friday shares dove 33 percent, reaching just over $19.

A conference call announced for Monday afternoon helped the company gain nearly 10 percent, closing at $21.40.

While many expected Symantec to provide details on its internal probe, the company did not answer any questions on the matter. A statement published by the company does, however, reveal that the investigation is related to “concerns raised by a former employee regarding the Company’s public disclosures including commentary on historical financial results, its reporting of certain Non-GAAP measures including those that could impact executive compensation programs, certain forward-looking statements, stock trading plans and retaliation.”

The company says it cannot predict the duration of the investigation or the outcome, which could have an impact on financial results and guidance.

The cybersecurity firm says it does not anticipate a material adverse impact on its historical financial statements.

In response to news of the internal probe, investor rights law firm Rosen Law Firm announced the preparation of a class action to recover losses suffered by Symantec investors. Rosen says it’s investigating allegations that Symantec “may have issued materially misleading business information to the investing public.”


Symantec Shares More Information on Internal Investigation
15.5.2018 securityweek  IT

Symantec shares gained nearly 10 percent on Monday in anticipation of a conference call that promised to provide more information regarding the internal investigation announced by the company last week.

Along with its financial results for the fourth quarter and full year, Symantec told investors last week that the Audit Committee of the Board of Directors had launched an investigation as a result of concerns raised by a former employee.

The company initially did not share any additional information, except that the Securities and Exchange Commission (SEC) had been notified and that the probe would likely prevent it from filing its annual 10-K report with the SEC in a timely manner.

Symantec shares dropped roughly 20 percent to less than $24 after the announcement was made on Thursday, and on Friday shares dove 33 percent, reaching just over $19.

A conference call announced for Monday afternoon helped the company gain nearly 10 percent, closing at $21.40.

While many expected Symantec to provide details on its internal probe, the company did not answer any questions on the matter. A statement published by the company does, however, reveal that the investigation is related to “concerns raised by a former employee regarding the Company’s public disclosures including commentary on historical financial results, its reporting of certain Non-GAAP measures including those that could impact executive compensation programs, certain forward-looking statements, stock trading plans and retaliation.”

The company says it cannot predict the duration of the investigation or the outcome, which could have an impact on financial results and guidance.

The cybersecurity firm says it does not anticipate a material adverse impact on its historical financial statements.

In response to news of the internal probe, investor rights law firm Rosen Law Firm announced the preparation of a class action to recover losses suffered by Symantec investors. Rosen says it’s investigating allegations that Symantec “may have issued materially misleading business information to the investing public.”


Behind the Scenes in the Deceptive App Wars
14.5.2018 securityweek IT

All is not well in the app ecosphere. That ecosphere comprises a large number of useful apps that benefit users, and an unknown number of apps that deceive users. The latter are sometimes described potentially unwanted programs, or PUPs. Both categories need to make money: good apps are upfront with how this is achieved; deceptive apps hide the process.

In recent years there has been an increasing effort to cleanse the ecosphere of deceptive apps. The anti-virus (AV) industry has taken a more aggressive stance in flagging and sometimes removing what it calls PUPs; the Clean Software Alliance (CSA) was founded to help guide app developers away from the dark side; and a new firm, AppEsteem, certifies good apps and calls out bad apps in its ‘Deceptor’ program.

One name figures throughout: Dennis Batchelder. He is currently president of the AV-dominated Anti-Malware Testing Standards Organization (AMTSO); was a leading light in the formation, and until recently a member of the advisory board, of the CSA; and is the founder of AppEsteem.

But there has been a falling out between the CSA and AppEsteem.

The CSA
The CSA was officially launched in the Fall of 2015, although it had already been on the drawing board for over a year. Batchelder was instrumental in getting it started while he was working for Microsoft, where he was director, program management until April 2016.

The CSA was introduced during VB2015 with a joint presentation from Microsoft and Google, demonstrating early support from the industry’s big-hitters.

“As a 501(c)(6) nonprofit trade association,” writes the CSA on its website, “the CSA works to advance the interests of the software development community through the establishment and enforcement of guidelines, policies and technology tools that balance the software industry’s needs while preserving user choice and user control.”

In other words, it seeks to develop an app ecosphere where honest developers can be fairly recompensed, via monetization, for their labor. However, it provides very little information on its website. It does not, for example, list the members of the trade association, nor give any indication on how it will enforce its guidelines and policies on recalcitrant apps.

AppEsteem
Founded by Batchelder in 2016, AppEsteem is primarily an app certification organization – it certifies clean apps. However, since a carrot works best when supported by a stick, AppEsteem also calls out those apps it considers to be deceptive and therefore potentially harmful to users.

Batchelder hoped that the CSA and AppEsteem could work together (he was on the advisory board of the former and is president of the latter). The CSA could provide recommendations and industry support on classification criteria, and AppEsteem – at one step removed – could provide the enforcement element apparently missing in the CSA.

AppEsteem maintains what it calls the ‘deceptor list’; a list of apps that in its own judgement use deceptive means to increase their monetization potential. At the time of writing, there are more than 300 apps on the deceptor list. It also actively encourages AV firms to use this list in their own attempts at blocking PUPs.

There is a difficult balance. Deceptive app developers will object to being included on a public shaming list. Apps that get clean need to be removed in a timely fashion. New methods of deception need to be recognized and included in the bad behavior criteria.

It is, in short, a process wide open for criticism from app developers who are called out.

CSA criticizes AppEsteem
Criticism came last week from an unexpected source – from the CSA. On 10 May 2018, the CSA published a remarkably negative report on AppEsteem’s ‘deceptor’ program titled, CSA Review of AppEsteem Programs. It was, said the CSA, “triggered by a groundswell of complaints and expressions of concern received by the CSA from industry members regarding this program.”

The report is largely – although not entirely – negative. It raises some interesting points. The ‘groundswell of complaints’ is to be expected; particularly from the apps and the app developers called out for being deceptive.

However, concern over some other elements seem valid. AppEsteem does not seem keen to call out AV products, even when they appear to use ‘deceptive’ practices (consider, for example, the ease with which the user can download one product and find that McAfee has also been downloaded).

Furthermore, if certification is annual, a certified app could introduce deceptive practices immediately after certification that would go undetected (would effectively be allowed) for 12 months. “There is no more deceptive or risky behavior than that,” notes the report.

The CSA report makes four proposals. AppEsteem should: refocus efforts on certification; work with the CSA to devise consensus‐built ‘minbar’ criteria; balance violator identification and remediation; and embrace oversight and dispute resolution.

‘Oversight’ implies external management. Refocusing on certification implies abandoning the deceptor app listing. And ‘work with the CSA’ implies that AppEsteem should take its direction from the CSA. If not quite a power grab, the report attempts to neutralize the enforcement element of AppEsteem.

AppEsteem’s response
AppEsteem’s first response was for Batchelder to resign from the CSA advisory board. “I unable to figure out how to remain on the CSA Advisory Board in good conscience,” he wrote to the CSA. “Which sucks, as I’ve pushed for CSA to get operational and remain relevant, sent potential members its way, and worked hard to help it succeed. But being an advisor of an incorporator-status organization who is conducting a ‘confidential’ investigation into AppEsteem’s certification program without involving AppEsteem makes no sense at all.”

AppEsteem’s second response was to establish CleanApps.org; which is effectively an alternative to the CSA. “AppEsteem needs CSA,” comments one source who asked to be anonymous, “or at least some organization that can provide guidelines and some kind of oversight of what AppEsteem is doing… It seems that this new player is in fact a company created by Dennis trying to get rid of CSA.”

That partly makes sense. If AppEsteem cannot work with the CSA, it must find a similar organization it can work with. “After I disengaged from CSA, Batchelder told SecurityWeek, “we realized that AppEsteem had to find a way to get the vendor voice and to reassure them that we’re doing things fairly (the stuff we had hoped CSA would do). So, I incorporated CleanApps.org and recruited its first board from some of our customers (I know, it’s like a soap opera), and then resigned/handed it over once the board launched. Our goal is that once CleanApps.org launches, we’ll give them insight into our operations.”

To the CSA, he wrote in February, “I wanted to let you know that we have determined that it’s in best interests of both ourselves, our customers, and the vendor community if we had oversight and a ‘voice’ specifically representing the vendor community… We won’t become a member or hold any position in CleanApps.org; they will self-govern.” (He has since made it clear that he does not mean ‘oversight’ in any controlling manner.)

AppEsteem’s position seems to be that the app ecosphere requires three organizations: AppEsteem to enforce good behavior among the app developers; the CSA to represent the market in which apps operate; and CleanApps to represent the apps and app developers.

But it is clearly concerned over the current relevance of the CSA. “I think the biggest hole with CSA,” Batchelder told SecurityWeek, “is that they never finished forming: it’s still just… as the only member, and what we felt was that when [that member] had an issue with us, CSA went negative… it’s problematic to us that they’re not formed after four years.”

If AppEsteem needs something like the CSA to be effective, the CSA needs something like AppEsteem to be relevant.

AppEsteem’s third response is a short blog posted on the same day as CSA published its report – Thursday, 10 May 2018. There is no indication of any rapprochement with the CSA. “But we also want to be clear,” writes the author: “if you think it’s fine to treat consumers as exploitable targets for deceptive and aggressive software, we totally understand your desire for us to leave you alone. We strongly suggest you either get on board or find something else to do with your time, as we’re going to continue to tune our Deceptor program to find even more effective ways to disrupt your ability to hurt consumers.”

The way forward
It is hard to see how any outright deceptive app produced by developers simply out to get as much money as possible will ever be persuaded by force of argument alone to abandon deceptive practices. This seems to be the approach of the CSA; and it appears – on the evidence of its website – to have achieved little in its three to four years of existence.

Indeed, the one and only report the CSA has published is the report criticizing AppEsteem. Before that, the previous publication seems to be ‘update #7’, probably written around March 2016.

If the CSA has achieved anything, it is not saying so. At the very least, it could be urged to be more transparent in its operations and achievements – even a list of members would be useful.

Meantime, if the new CleanApps.org gathers pace and support, the CSA itself will become increasingly irrelevant in the battle against deceptive apps; that is, potentially unwanted programs.