Organizations are grappling with the risks of having outdated hardware handling core workloads, mission-critical applications no one knows how to update or maintain, and systems that IT and security teams don't know about.

Dave Lewis, Global Advisory CISO, 1Password

October 14, 2024

3 Min Read

Source: Aleksey Popov via Alamy Stock Photo

COMMENTARY

When I began my security career, everything was an adventure — new technologies, new opportunities, and new lessons to learn. Some of those lessons have stayed with me over the years. Simple on the surface, these lessons have had a significant impact and proved valuable over time. Yet, when I look at the wider industry, I often find myself vexed at the current state of affairs. 

**The Beige Desktop Is Everywhere**

The best example of this flustered feeling is the pervasive nature of the "beige desktop." We have all seen them in our industry travels — machines that predate many of the technologies we rely on today. Hardware that soldiers on from the dark recesses of a data center's raised floor. 

You can see where this is heading. That system is invariably running code written by a summer student long ago and has now become mission-critical. Code that was not properly commented or documented. An application that has somehow become indispensable to the business. 

How does this keep happening? I've often pondered this question. Whenever I bring it up at conferences, heads always nod in understanding. Those systems that lurk in the shadows of a data center. 

**Hard to Get Rid of Shadows**

We often hear the term "shadow IT." It usually finds its way into conversations with a sense of derision. A few months ago, I was giving a talk at a conference when I asked the audience if they had encountered the beige desktop in their environments. The audience laughed, grimaced, and hung their heads — confirming my thoughts. I paused and asked how many companies present had controls in place in their environments for shadow IT. Every hand went up. 

I let the question hang in the air for a moment. Then I asked the audience a follow-up query: "How many of you here have shadow IT in your environments?" There was some hesitation. Eyes darted around nervously. Slowly but surely, every hand went up again. 

We had an interesting conversational moment. These companies all had controls in place to guard against shadow IT, yet … it still existed. We had discovered Schrödinger's IT security problem. It simultaneously exists and doesn't. 

**Who Owns the Risk?This begs the question: Who truly owns the risk of shadow IT? While the knee-jerk reaction might be to assign this to the chief information security officer, I wonder if that is fair. The CISO puts security controls in place. The CISO ensures that there are policies and procedures around handling the risks presented by shadow IT. But it continues. Is it fair to say the CISO is responsible at that point? Just thinking out loud. Could this risk be more appropriately assigned to the chief financial officer, as it presents a potential material enterprise risk so thereby is this executive's responsibility? I would love to see this develop into a broader conversation because, honestly, I'm unsure of the answer and would love the input from the CISO community. ****How We Wound Up Here**

Shadow IT rarely, if ever, originates from a place of malice. These projects are quite often built to satisfy the need for innovation. Other examples of why this happens could include the perceived inadequacy of the deployed systems that support development in the enterprise. Or it simply occurs out of a need for speed and convenience. 

It's often easier to ask for forgiveness than permission. While the beige desktop may be a tongue-in-cheek story, it serves as an example of what happens in environments across the globe. 

**Top Dead Center**

How do we move toward an enterprise or SMB environment that supports innovation while remaining safe and secure? There is a need to provide visibility and security to deal with tools and projects that may not have been vetted or approved by the IT and security teams. 

It's time to move away from the beige desktops and toward a technological engine that empowers businesses to drive innovation safely and securely. 

**About the Author**

Global Advisory CISO, 1Password, 1Password

Dave is the Global Advisory CISO at 1Password. He brings over 30 years of industry experience, extensively in IT security operations and management, at companies such as Akamai, IBM, Duo Security, Cisco, and AMD. He is also the founder of the security site Liquidmatrix Security Digest as well as host of the Liquidmatrix, Plaintext, and Chasing Entropy podcasts. Dave currently serves on the board of directors for BSides Las Vegas and the advisory board for the Black Hat Sector Security Conference. He co-founded the BSides Toronto conference and was a goon on the speaker operations team for DEF CON for over 13 years. He previously held a board position at (ISC)². For fun, Dave loves playing bass guitar, grilling, and spending quality time with his kids. He’s also a part owner of a whisky distillery and a soccer team.

The Lingering 'Beige Desktop' Paradox

Education, including K-12 schools and universities, has become the third most targeted sector due to the high variety of sensitive data it stores in its databases.

Source: SeventyFour Images via Alamy Stock Photo

Malicious actors are increasingly targeting K-12 and higher education institutions, an "industry of industries" as Microsoft's new report calls it, due to the immense amount of private data that these enterprises handle.

From information regarding financial data to health records and other sensitive information, hackers have a host of pickings to choose from if they are successful in their exploitation attempts, Microsoft's Threat Intelligence report explained.

"The combination of value and vulnerability found in education systems has attracted the attention of a spectrum of cyberattackers — from malware criminals employing new techniques to nation-state threat actors engaging in old-school spy craft," Microsoft said.

Education as an industry faces a variety of issues that prompt attacks from hackers: security staffing limitations; difficult-to-secure IT systems; virtual/remote learning environments; extensive QR code usage; open email systems; lack of funding; and more. There's also the issue of users — some as young as 6 years old — who are too young to know safe cybersecurity habits and are liable to compromise a network. 

The education sector deals with an average of 2,507 attempted cyberattacks on a weekly basis from nation-state groups to ransomware gangs, with universities especially presenting their own unique challenges due to the culture of sharing information, research, and innovation, Microsoft found.

Some of the nation-state actors that Microsoft highlights are Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, and Moonstone Sleet, with an honorable mention for Storm-1877, which is still in development. 

Education institutions can protect themselves from these threats by implementing a new security curriculum, such as maintaining and scaling core cyber hygiene, prioritizing cyber awareness at all levels, whether students, IT staff, or faculty. Microsoft also advised hardening overall security posture as well as centralizing the technology stack, and implementing better monitoring procedures to get a clear picture of security posture and potential vulnerabilities.  

Microsoft highlighted some institutions such as Oregon State University and the Arizona Department of Education, which are both doing noteworthy jobs of implementing an ace cyber posture. The former's progress came in response to a major cybersecurity incident, prompting its Security Operations Center (SOC) alongside the help of AI and automated capabilities; the latter which focuses on zero-trust principles by blocking any traffic outside of the US from its 365 environment, Azure, and data center.

Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly

Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes.

Source: Mopic via Shutterstock

Attackers can add a malicious document to the data pools used by artificial intelligence (AI) systems to create responses, which can confuse the system and potentially lead to misinformation and compromised decision-making processes within organizations.

Researchers from the Spark Research Lab at the University of Texas (UT) at Austin discovered the attack vector, which they've dubbed ConfusedPilot because it affects all retrieval augmented generation (RAG)-based AI systems, including Microsoft 365 Copilot. This includes other RAG-based systems that use Llama, Vicuna, and OpenAI, according to the researchers.

"This attack allows manipulation of AI responses simply by adding malicious content to any documents the AI system might reference," Claude Mandy, chief evangelist at Symmetry, wrote in a paper about the attack, which was presented at the DEF CON AI Village 2024 conference in August but was not widely reported. The research was conducted under the supervision of Symmetry CEO and UT professor Mohit Tiwari.

Given that 65% of Fortune 500 companies currently implement or are planning to implement RAG-based AI systems, the potential impact of these attacks cannot be overstated," Mandy wrote. Moreover, the attack is especially dangerous that it requires only basic access to manipulate responses by all RAG-based AI implementations, can persist even after malicious content is removed, and bypasses current AI security measures, he said.

**Malicious Manipulation of RAG**

RAG is a technique for improving response quality and eliminating a large language model (LLM) system’s expensive retraining or fine-tuning phase. It adds a step to the system in which the model retrieves external data to augment its knowledge base, thus enhancing accuracy and reliability in generating responses without the need for retraining or fine-tuning, the researchers said.

The researchers chose to focus on Microsoft 365 Copilot for the sake of their presentation and their paper, even though it is not the only RAG-based system affected. Rather, "the main culprit of this problem is misuse of RAG-based systems … via improper setup of access control and data security mechanisms," according to the ConfusedPilot website hosted by the researchers.

In normal circumstances, a RAG-based AI system will use a retrieval mechanism to extract relevant keywords to search and match with resources stored in a vector database, using that embedded context to create a new prompt containing the relevant information to reference.

**How the Attack Works**

In a ConfusedPilot attack, a threat actor could introduce an innocuous document that contains specifically crafted strings into the target’s environment. "This could be achieved by any identity with access to save documents or data to an environment indexed by the AI copilot," Mandy wrote.

The attack flow that follows from the user's perspective is this: When a user makes a relevant query, the RAG system retrieves the document containing these strings. The malicious document contains strings that could act as instructions to the AI system that introduce a variety of malicious scenarios.

These include: content suppression, in which the malicious instructions cause the AI to disregard other relevant, legitimate content; misinformation generation, in which the AI generates a response using only the corrupted information; and false attribution, in which the response may be falsely attributed to legitimate sources, increasing its perceived credibility.

Moreover, even if the malicious document is later removed, the corrupted information may persist in the system’s responses for a period of time because the AI system retains the instructions, the researchers noted.

**Victimology and Mitigations**

The ConfusedPilot attack basically has two victims: The first is the LLM within the RAG-based system, while the second is the person receiving the response from the LLM, who very likely could be an individual working at a large enterprise or service provider. Indeed, these two types of companies are especially vulnerable to the attack, as they allow multiple users or departments to contribute to the data pool used by these AI systems, Mandy noted.

"Any environment that allows the input of data from multiple sources or users — either internally or from external partners — is at higher risk, given that this attack only requires data to be indexed by the AI Copilots," he wrote.

Enterprise systems likely to be negatively affected by the attack include enterprise knowledge-management systems, AI-assisted decision support systems, and customer-facing AI services.

Microsoft did not immediately respond to request for comment by Dark Reading on the attack's affect on Copilot. However, the researchers noted in their paper that the company has been responsive in coming up with "practical mitigation strategies" and addressing the potential for attack in its development of its AI technology. Indeed, the latter is key to long-term defense against such an attack, which depends on "better architectural models" that "try to separate the data plan from the control plan in these models," Mandy noted.

Meanwhile, current strategies for mitigation include: data access controls that limit and scrutinize who can upload, modify, or delete data that RAG-based systems reference; data integrity audits that regularly verify the integrity of an organization's data repositories to detect unauthorized changes or the introduction of malicious content early; and data segmentation that keeps sensitive data isolated from broader datasets wherever possible to prevent the spread of corrupted info across the AI system.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

ConfusedPilot Attack Can Manipulate RAG-Based AI Systems

By combining human and nonhuman identity management in one solution, Flock Safety is helping law enforcement solve an impressive number of criminal cases every day.

Source: ArtemisDiana via Alamy Stock Photo

When Jerrid Powell went on a shooting spree in Beverly Hills last year, he had no idea what he was up against. Law enforcement used Flock Safety's evidence-based crime-solving technology to help locate him. Powell was quickly apprehended and is now behind bars.

Flock Safety is a success story. In less than six years, the native-cloud company has become one of the country's largest public safety technology vendors. It plays a part in solving 10% of crimes in the United States, equating to about 2,000 cases per day, according to a report from the company and validated by independent criminology researchers. It does this by analyzing a vehicle's "fingerprint" using object detection and machine learning, focusing on everything from license plates to bumper stickers.

With so many law enforcement agencies relying on its technology, Flock Safety puts security first. That means securing the identity of its user accounts, along with 1,000 employees and a fleet of cameras, video cameras, and audio detection devices.

From the beginning, Flock Safety has been using Okta for human identity management against its corporate systems, like Salesforce, Google, and Amazon Web Services. Using Okta's customer and workforce identity cloud technology, employees, customers, and contractors authenticate themselves by entering their credentials. It also uses Okta subsidiary's Auth0 to authenticate Internet of Things devices, like cameras, to its FlockOS and devices.

"Imagine a network of cameras, drones, and gunshot detection devices across the United States," explains Eric Tan, the company's CIO and chief security officer. "Each one of those devices has a unique ID and secret associated \[with\] the device that's calling home to the mothership to authenticate and pass on images or videos."

Flock Safety's approach is comprehensive. Alfredo Ramirez, a senior director and analyst of security and emerging technology at Gartner, says that while most companies do use some type of modern technology for employee authentication, they are often less successful at handling nonemployee identities or correlating all of them across connected corporate applications.

**Covering All Bases**

While Tan is quite satisfied with the protection Okta and Auth0 are providing, he noticed that as Flock Safety's customer base and reach grew, it needed to expand past authentication into the realm of authorization. Essentially, authentication is the first step in identity management, but higher levels of security require authorization, which moves beyond identity verification to determining users' levels of access and granting access based on those levels.

"When an identity or user account authenticates onto our platform, we know we're covered, but what we don't know is where that identity is going once it's on the platform," Tan explains. "That's what we wanted to address."

With that goal in mind, Tan found Permiso Security, a cloud security company that had recently branched into identity management. With its ability to track both human and nonhuman identities across authentication boundaries, Permiso's Universal Identity Graph seemed like it could bridge the gap between authentication and authorization for Flock Safety.

Tan looks at it this way: "Auth0 and Okta are important preventative solutions, but Permiso is more like a motion detector system in a house. I want to know who or what is coming into all of the different rooms, and if anything looks off, I want it to let me know."

This is the first year where vendors are going to market claiming to be able to discover and secure all nonhuman identity types, but very few claim to be able to handle securing both human and nonhuman identities within the same solution, Gartner's Ramirez says. Most, like Permiso, are using some sort of graph database technology, unlike incumbent identity vendors.

Over the next three to five years, Ramirez expects incumbent identity security vendors to build, buy, or partner for nonhuman identity solutions to complement their human identity solutions. In addition, he expects startups to continue to advance in this area.

**Looking Ahead**

For Flock Safety, the time to get this up and running is now. Through an API, Permiso's solution can see the identities in Auth0 and Okta. Flock Safety also exposes the API to some of its more critical systems, like Google Workspace or GitHub, so it can monitor for suspicious activity.

"If one of our cameras were to call home and eventually grant themselves access to our GitHub source code library, that would be really odd. Permiso would pick that up," Tan explains. "Similarly, if you had an employee who was a field technician, and that person's user account was granted additional permissions or elevated access within our Google Active Directory or Workspace environment, it would alert us and automatically quarantine them."

Tan is considering adding Astrix Security's nonhuman identity security platform for real-time discovery and mitigation of breaches by nonhuman identities. He's currently evaluating the tool.

"For example, if there is a test API account connected to our GitHub instance with elevated privileges that the team isn't tracking, I would have the team either shut it down, reduce the privileges, or make it authenticate through Auth0," Tan says.

While it might seem like Flock Safety is adding a surprising number of identity-related security tools into its stack, it's always better to be as prepared as possible, Tan says.

"The concept of solving for nonhuman identity risks is still in the early innings, similar to LLM risks," he says. "The idea is to pick a handful of early innovators and compare the results. In my experience, they're usually always different, allowing us to think about the various threat vectors."

**About the Author**

Contributing Writer, Dark Reading

Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including ITProToday, CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.

Fighting Crime With Technology: Safety First

Ultimately, the goal of creating a trusted environment around all digital assets and devices is about modernizing the way you do business.

Alex Simons, Corporate VP, Product Management, Microsoft Identity and Network Access

October 14, 2024

5 Min Read

Source: Brian Jackson via Alamy Stock Photo

COMMENTARY

In today's digital world, threats are around every corner. The technology behind attacks is increasingly sophisticated. Actors include criminal organizations seeking big payouts and nation-states conducting espionage and looking for opportunities to create chaos.  

At the same time, the world continues to transform rapidly around us. With artificial intelligence (AI), we're about to go through the biggest business transformation since the widespread adoption of the Internet, and the bad guys are also exploring how they can use AI for harm.  

In a mobile, cloud-first, AI-driven world, companies must be ready to use world-class technology and processes to protect themselves, their data, and their people, wherever they go.  

Today, those technologies are coalescing around a modern vision for what is, at its heart, one of our most ancient security solutions: our own unique identity. Let's take a look at how a modern version of this ancient solution can help protect our digital lives.  

**Your Castle Walls Have Fallen. What Now? **

Fifteen years ago, the world's security best practice was a "moat-and-castle" model. Organizations kept their most important resources inside their office networks and wrapped a firewall around them.  

As long as their people and resources were inside the wall, everybody could connect to everything as the entire estate was trusted and contained. Your biggest concerns were insider threats or invaders trying to storm your firewall.  

Today, many employees are embracing hybrid and mobile workstyles. We're also adding cloud-scale AI that, by design, is not inside the firewall, while highly mobile workers use VPNs to access applications while outside the network. All this makes the old moat-and-castle security paradigm terribly outdated.  

Additionally, in many ways, companies are becoming cloud services — as their partners, suppliers and customers increasingly interact with them through digital experiences for product discovery, ordering, payment, invoicing, customer service, and customer loyalty programs.  

**Since Data and People Are Always in Transit, Security Should Flow Wherever They Go**

In a world where every organization is a cloud service that needs to securely interact with everybody and everything, companies must ensure that all of their connections are secure and that only the right people, software, devices, and networks are allowed access.  

This is known as a zero-trust model. In a zero-trust environment, every time a user, a device, or a workload wants to access your digital assets and services, they have to prove that they, their software, and the network they're using are all trustworthy. This is why identity plays such an important role in this new security model. By default, all access to everything is closed off until you have a strong proof of the identity and authenticity of the person and of their device. 

Designing, deploying, and running this kind of identity powered zero-trust enterprise environment can be challenging. It requires having a coordinated strategy across multiple teams to design, deploy, and run a security solution that brings together user and workload accounts, device management, device protection, network state, and an inventory of digital resources and permissions, and enables the enforcement of adaptive, granular access policies across the enterprises entire digital estate. 

**Identity: Even More Important in the Era of AI **

If your organization doesn't have this kind of identity-centric zero-trust model in place today, moving to an AI future is going to be risky and challenging. When you deploy a large language model (LLM) assistant, it becomes incredibly easy for employees to find content from across all your  documents and files, even the ones you didn’t know they had rights to access.  

And that also means an intruder could use the AI assistant to run queries for assets that they never should be able to find. Where organizations used to have the benefit of obscure file hierarchies to waste an attacker's time, today's super-smart AI engines make it incredibly easy to quickly find information anywhere it's stored.  

The solution is something called "workload identities." A workload identity is the identity your software systems use to get things done. Having your co-pilot or your LLM use a workload identity with well-managed permissions means that it can only get to the specific documents and files you allow it to access, which enables you to govern and secure the LLM's access just like you would for any user.  

**Modern Security Benefits Everyone**

Ultimately, creating a trusted environment can modernize the way you do business. Now, employees can work from anywhere. The company can hire talent it wouldn't have access to before. The company can work directly with customers and suppliers digitally. And you can do all that in a world of cloud, AI, and mobile resources that can easily scale up and down.  

Employees, partners, and customers all get a seamless experience on the devices they choose, wherever they want to work. And chief information security officers (CISOs) can be confident that it's happening with security omnipresent.  

And it's all made possible by focusing on the oldest access solution of all — your own unique identity.  

**About the Author**

Corporate VP, Product Management, Microsoft Identity and Network Access

Alex Simons is corporate vice president, product management, Microsoft Identity and Network Access Division. He is responsible for driving the vision and strategy, product roadmap, and feature design of the Microsoft Entra Suite. He prides himself on being deeply connected to customers and has direct relationships with many of Microsoft’s largest enterprise customers. In addition to managing his own team, Alex is responsible for partnering with teams across Office, Windows, Azure, Visual Studio, Dynamics, Xbox, and LinkedIn to deliver world-class identity experiences and security and compliance controls.

Why Your Identity Is the Key to Modernizing Cybersecurity

Companies are putting "AI" in just about all of their products, which opens up new security holes. LLM SecOps and ML SecOps are becoming must-have skills.

Source: Designer491 via Alamy Stock Photo

In a sign of the growing importance of assessing the risks of artificial language to corporate assets, organizations are increasingly looking for job candidates with skills in machine learning and large language models to fill cybersecurity jobs. In ISACA's 2024 State of Cybersecurity report, just under a quarter of respondents (24%) named LLM SecOps and ML SecOps as the biggest skill gaps they see in cybersecurity. Soft skills — communication, flexibility, and leadership — continue to be the biggest category of skills that cybersecurity professionals are missing, according to 51% of respondents.

**Wanted: LLM, ML Skills**

Both LLM SecOps and ML SecOps are fairly new skill sets, but, like the technologies they secure, they now seem to be everywhere.

MLSecOps is the discipline of integrating security into the development and deployment of machine learning systems. It covers ML-specific processes like securing the data used to train a model and preventing bias through transparency, as well as applying standard security operations tasks such as secure coding, threat modeling, security audits, and incident response to ML systems.

LLM SecOps refers to securing the entire lifecycle of LLMs, from data preparation to incident response. LLM SecOps covers concerns as varied as ethics reviews in the design phase, data sanitization of training data, analyzing why the system made the decisions it did during training, blocking the generation of harmful content, and monitoring the model once it is deployed.

There is a growing list of resources for security professionals to build up their skills. For ML SecOps, Benjamin Kereopa-Yorke, a a senior information security specialist and AI security researcher at telecommunications provider Telstra maintains a GitHub repository of resources and trainings, with courses categorized by prior ML knowledge required and classified as vendor-agnostic or vendor-centric. Open Worldwide Application Security Project (OWASP) has a draft Machine Learning Security Top Ten list describing how ML attacks such as data poisoning or member inference work and how to counter them. OWASP also maintains the OWASP Top Ten for LLMs, which covers topics relevant to LLM SecOps such as prompt injection, sensitive information disclosure, and model theft.

Organizations are looking for specific skills to fill open cybersecurity positions. After soft skills, cloud computing was the second biggest skill gap (42%), followed by security controls implementation (35%), and software development (28%).

With so much of the organization's workload now residing in the cloud, it makes sense that organizations need cybersecurity professionals with cloud computing skills. Securing cloud assets require a different mindset and technical skillset than traditional networking, and cloud providers handle certain tasks differently, requiring specialized knowledge.

Security controls implementation refers to protecting endpoints, networks, and applications. The skills gap in software development was not coding related, but rather things such as testing and deployment. Again, this highlights the challenges organizations are having securing their software development pipelines and integrations.

AI Hype Drives Demand For ML SecOps Skills

Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.

Source: ZUMA Press, Inc. via Alamy Stock Photo

Security operations center (SOC) practitioners are struggling, thanks to an overwhelming volume of false alarms from their security tools.

A Vectra survey of hundreds of cybersecurity professionals revealed a serious gripe that SOC teams have with their software vendors. The overwhelming volume of false positives their tools yield is causing burnout, they say, and allowing real threats to slip through the noise.

"There wasn't that much of a change from last year's results, and honestly it wasn't much of a surprise," says Mark Wojtasiak, vice president of research and strategy at Vectra AI. "SOC practitioners are clearly still frustrated with threat detection tools. And, really, what the data tells us is that, more than a threat detection problem, SOC teams have an attack signal problem. The promise of consolidation and platformization have yet to take hold, and what SOC teams really need is an accurate attack signal."

**What Does the SOCs Say? Ding Ding Ding**

SOCs ingest an average of 3,832 security alerts per day. For a sense of just how unmanageable that might be, consider that an average SOC might be staffed by a few dozen people, or just a few, depending on the size of the organization and its investment in security.

The result: 81% of SOC staffers spend at least two hours a day simply sifting through and triaging security alerts. It's no wonder, then, that 54% of Vectra respondents said that, rather than making their lives easier, the tools they work with increase their daily workloads, and that 62% of security alerts ultimately just get ignored.

Of course, SOC operators are aware of the implications of ignored security warnings. A full 71% reported worrying every week that they'll miss an attack buried in a flood of less important alerts. And 50% went so far as to say that their threat detection tools are "more hindrance than help" in spotting real attacks.

The conflict between what operators are dealing with, and what they can handle, is fostering genuine resentment toward vendors. Around 60% of respondents reported that they've been buying security software mostly just to tick a compliance box, and 47% don't trust these programs outright. A similar percentage (62%) believe that vendors are intentionally, cynically flooding them with alerts so that when a breach occurs, they're more likely to be able to say: We warned you!

A majority (71%) of SOC practitioners say that vendors need to take more responsibility in failing to prevent breaches.

**How AI Can Make SOCs More Efficient**

The most attainable, practical promise of artificial intelligence (AI) is that it will reduce the tedium associated with repetitive jobs, and bolster productivity. And more so than most, SOC staffers stand to benefit from exactly that.

In fact, Wojtasiak says, AI is the path to a whole mindset shift. "Security thinks in terms of individual attack surfaces: I have a network, endpoints, identities, email, now generative AI (GenAI). OK. I'm going to go buy tools to do threat detection across those siloed attack surfaces, then ask a human being to make sense of it all. That's how security thinking has fundamentally been for the past 10 years," he says.

"Modern attackers," he continues, "just see one, giant attack surface that they can move around in. So why isn't security thinking the same way? Why aren't we looking at threats holistically across the entire attack surface, using AI to piece together detections that are indicative of attacker behavior, correlating those detections, and then giving one integrated signal to the SOC analyst?"

Plenty of SOCs are already starting to do just that. About 67% of Vectra survey respondents found that AI is already improving their ability to identify and defend against threats, and 73% claimed that that's helped ease their feelings of burnout. Nearly nine in 10 respondents have already boosted their investments in AI, and are planning to go further.

"I'm \[already\] hearing about the positive outcomes they're experiencing as they introduce these new tools — reduced workloads, less burnout, and less sprawl," Wojtasiak reports. "The hope is that current frustrations will ease as siloed legacy tools are replaced by AI-powered tools capable of delivering an accurate attack signal."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

SOC Teams: Threat Detection Tools Are Stifling Us

PRESS RELEASE

New York, United States, Oct. 10, 2024 (GLOBE NEWSWIRE) -- The Certificate Authority (CA) market is the industry dedicated to the issuing, management, and renewal of digital certificates. These digital certificates are used to authenticate the identification of entities such as websites, organizations, or individuals, as well as to secure network interactions with encryption. CAs are trusted third-party organizations that verify entities' identities and provide certificates to establish secure connections, such as SSL/TLS certificates for websites. This market is essential to the overall cybersecurity ecosystem as it maintains the security, integrity, and trustworthiness of digital communications and transactions on the Internet.

Download Free Sample Report PDF @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Market Dynamics

Focus on Cybersecurity Integration drives the global certificate authority market.

Certificate Authorities (CAs) are expanding their services to include broader cybersecurity solutions such as threat detection and identity management, resulting in more comprehensive security offerings. They collaborate with cybersecurity firms to integrate certificate management with other important security services, giving organizations an integrated and effective protection approach.

*   For instance, on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    

The emergence of Blockchain Technology creates opportunities for the global certificate authority market.

Blockchain technology's decentralized and tamper-proof mechanism improves the security and transparency of digital certificate issuance and maintenance. This significant development has the potential to eliminate fraud, increase trust, and alter the certification authority market by developing more secure and efficient certificate management systems.

*   For instance, in March 2024, Tezos introduced a blockchain-based certificate management system known as Tezos DigiSign.
    

Regional Analysis

North America is the dominating region in the global certificate authority market shareholder and is anticipated to exhibit a CAGR of XX% during the forecast period. North America dominates the certificate authority market due to its modern IT infrastructure, high cybersecurity awareness, stringent regulatory environment, and the presence of major CA providers such as DigiCert and GlobalSign, which offer a wide range of digital certificate solutions. This region has strong adoption rates of digital certificates, particularly in finance, healthcare, and government.

The United States and Canada are the primary contributors to the North American certificate authority market, benefitting from their strong economies and a significant focus on cybersecurity in sectors such as banking, healthcare, e-commerce, and government services.

The Asia-Pacific (APAC) region is the fastest-growing market for certificate authorities, driven by rapid digitalization, cloud adoption, government initiatives, and significant investments in cybersecurity. Governments in China, India, and Japan are implementing policies and regulations to improve secure communication and protect sensitive data, such as China's security law, National Cyber Security Policy, and Japan's Act on the Protection of Personal Information, which is driving demand for certificate authority (CA) solutions.

These countries are major players in the APAC region, with both local and global CA providers such as CNNIC, e-Mudhra, JPRS, and DigiCert catering to a wide range of demands. The region's diverse legal frameworks and cybersecurity practices have an impact on digital certificate adoption.

Europe's certificate authority market is influenced by a wide range of regulatory standards, and a strong focus on data protection, particularly under GDPR. The market includes a mix of local and international CA providers like Entrust and Sectigo, and increasing adoption in industries including banking, telecommunications, and e-commerce. The region is distinguished for its diverse regulatory environment.

The certificate authority market in Latin America is rising and growing, due to increased digital transformation initiatives in a variety of sectors. Rising cybersecurity concerns and regulatory demands are driving the region's adoption of digital certificates.

The Middle East and Africa region is experiencing an increase in the adoption of digital certificates as businesses and governments seek to improve their cybersecurity posture. Rising digital transactions, legal restrictions, and increased data protection awareness drive the market.

To Gather Additional Insights on the Regional Analysis of the Certificate Authority Market @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Competitive Players

5.  Entrust Datacard Corporation
    

10.  WISeKey International Holding AG
    

Recent Developments

*   On 12 April 2023, Entrust Launched Zero Trust Ready Solutions for Passwordless Authentication, Next-Generation HSM, and Multi-Cloud Key Compliance
    
*   On 9 May 2023, DigiCert announced a partnership with Oracle to make DigiCert ONE, the platform for digital trust, available on Oracle Cloud Infrastructure (OCI).
    
*   On 7 March 2023, GlobalSign announced a technology partnership with essendi it to integrate Essendi's xc certificate lifecycle management (CLM) software with GlobalSign’s certificate platform, Atlas.
    
*   on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    
*   In January 2023, DigiCert launched the DigiCert Trust Lifecycle Manager, a comprehensive digital trust solution designed to unify certificate management and public key infrastructure (PKI) services.
    

Segmentation

2.  By Certificate Validation Type 
    

Get Detailed Market Segmentation @ https://straitsresearch.com/report/certificate-authority-market/segmentation 

About Straits Research Pvt. Ltd.

Straits Research is a market intelligence company providing global business information reports and services. Our exclusive blend of quantitative forecasting and trends analysis provides forward-looking insight for thousands of decision-makers. Straits Research Pvt. Ltd. provides actionable market research data, especially designed and presented for decision making and ROI.

Whether you are looking at business sectors in the next town or crosswise over continents, we understand the significance of being acquainted with the client’s purchase. We overcome our clients’ issues by recognizing and deciphering the target group and generating leads with utmost precision. We seek to collaborate with our clients to deliver a broad spectrum of results through a blend of market and business research approaches.

Certificate Authority Market Size to Surpass $485M by 2033

PRESS RELEASE

SAN FRANCISCO, Oct. 10, 2024 /PRNewswire/ -- Relyance AI, the leading AI-powered data governance platform that provides complete visibility and control over enterprise-wide data, today announced a $32.1 million Series B funding round to scale operations and meet the needs of the exploding use of artificial intelligence in the enterprise. Thomvest Ventures led the round. M12, Microsoft Ventures Fund, also participated in addition to Cheyenne Ventures and existing investors Menlo Ventures and Unusual Ventures.

As demand for AI surges in the enterprise, global regulators are mandating data protection safeguards that companies find impossible to implement. At the same time, legal, security, and engineering teams are grappling with endless questions about how customer data is being used to train AI models. The impact? Executives are stifled by their inability to realize AI's innovation potential, and according to KPMG, more than two-thirds (76%) of enterprises are worried about data privacy and security when they partner with third parties. The result could be catastrophic: more than a quarter of the Fortune 500 identified AI regulation as a risk in annual reports to the SEC, and many continue to struggle with established data privacy regulations such as GDPR, which led to a record €2.1 billion in fines in 2023.

This has become a business-critical problem for all enterprises that was impossible to solve before Relyance AI's fully integrated governance platform. Until now, privacy and security have been seen as separate challenges, with one woefully unaware of the other. Privacy teams didn't know if their commitments to regulations and customers were being met, and security teams didn't know what data should be in AI models. Relyance AI marries the two into one joint solution, which is the only way to enable innovation while ensuring compliance in a rapidly evolving regulatory landscape.

"The era of accepting subpar privacy, DSPM, and AI governance solutions is over. Relyance AI sets a new standard where data protection and innovation are not mutually exclusive," said Abhi Sharma, CEO and co-founder of Relyance AI. "It's impossible to keep up with the current state of regulations, especially when GDPR, HIPAA, the EU's AI Act, and a mosaic of local U.S. privacy laws are all different and sometimes at odds. We're making it possible to demystify this and embolden the C-suite, engineers, and legal teams to urgently green-light AI in the enterprise with an integrated governance approach." 

Relyance AI safeguards businesses from fines and reputation damage while boosting customer trust to accelerate business growth. The platform provides complete visibility into enterprise-wide data processing and compares it against contractual commitments, global privacy regulations, and compliance frameworks. The company has scaled significantly to meet recent demand for these capabilities. In the first half alone, Relyance AI increased its enterprise customer base by 30%, and the company is projected to double its annual recurring revenue in 2024. Its client list now includes Coinbase, Fivetran, Verkada, Snowflake, Logitech, Plaid, and Notion.

"We're thrilled to lead the investment in Relyance AI, a unique, automated data governance platform that addresses the urgent need for real-time data visibility and compliance in a world of explosive data growth and emerging regulations," said Umesh Padval, Managing Director, Thomvest Ventures. "Relyance AI empowers Chief Privacy, Security, and Information Officers to manage data privacy and compliance, avoiding costly penalties while driving safe and responsible AI adoption. We are excited to partner with CEO Abhi Sharmaand his team, who have built a solution that transforms compliance into a competitive advantage, enabling businesses to scale AI with trust and transparency."

"The future of AI governance isn't about compliance alone – it's about building trust, transparency, and accountability into every layer of your technology," said Todd Graham, Managing Partner at M12. "Relyance AI is the catalyst for that transformation, paving the way for AI implementation that is both compliant and incredibly fast."

"With Relyance AI, we established enhanced visibility of data processing activities, seeing an impressive increase of 1,660% within three weeks of deployment," said Deborah Usry, Senior Privacy and Product Counsel at NextRoll. "What used to be a time-consuming manual process is now an automated task that produces a robust record of our processing activities."

The funding will further develop Relyance AI's platform and scale its go-to-market efforts in response to significant recent momentum. Learn more here.

About Relyance AI  
Relyance AI is the new standard for organizations trust and data governance infrastructure. Relyance AI is the only platform providing real-time visibility into how and where data is being used compared to customer agreements, global privacy regulations, and compliance frameworks. Companies of all industries and sizes – including Coinbase, Snowflake, Logitech, Plaid, Notion, and more – trust Relyance AI to safeguard businesses from fines and reputational damage and to deliver the most complete customer trust experiences.

Relyance AI Raises $32M Series B Funding to Safeguard AI Innovation in the Enterprise

The hotel giant will be held to higher security standards in a series of proposed requirements, including implementing a new annually reviewed security program.

Source: Wdnet Studio via Alamy Stock Photo

Marriott and its subsidiary Starwood Hotels have agreed to pay $52 million in fines and create a revamped information security program, in an Federal Trade Commission (FTC)-led settlement with 344 million customers who were impacted by three data breaches occurring between 2014 and 2020.

The hotel giant also agreed to provide its US customers with a way to request deletion of their personal information associated with their loyalty rewards account number or email address. In addition, they must implement a policy to retain the personal information of its customer only for as long as necessary to fulfill its purpose. Marriott also will be required to review loyalty rewards accounts upon request, and also reimburse stolen loyalty points.

 "The FTC's action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe," said Samuel Levine, director of the FTC's Bureau of Consumer Protection.

The first breach began in June 2014 and involved the payment card information of more than 40,000 Starwood customers; it went undetected for 14 months, until November 2015.

Starwood faced its second breach in July 2014. That intrusion went undetected for years — until 2018, when 339 million Starwood guest accounts were revealed to have been accessed by malicious actors, exposing various data, including 5 million unencrypted passport numbers. 

And finally, Marriott was breached again in 2018, a breach that went undetected until February 2020. In that incident, 5.2 million guest records were accessed, nearly 2 million of them belonging to Americans. 

Going forward, Marriott and Starwood will have to certify compliance with the FTC annually for 20 years, and undergo independent third-party assessments every two years.

Source

DARKReading