Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated.

Artificial intelligence and machine learning (AI/ML) models have already shown some promise in increasing the sophistication of phishing lures, creating synthetic profiles, and creating rudimentary malware, but even more innovative applications of cyberattacks will likely come in the near future.

Malware developers have already started toying with code generation using AI, with security researchers demonstrating that a full attack chain could be created. 

The Check Point Research team, for example, used current AI tools to create a complete attack campaign, starting with a phishing email generated by OpenAI's ChatGPT that urges a victim to open an Excel document. The researchers then used the Codex AI programming assistant to create an Excel macro that executes code downloaded from a URL and a Python script to infect the targeted system. 

Each step required multiple iterations to produce acceptable code, but the eventual attack chain worked, says Sergey Shykevich, threat intelligence group manager at Check Point Research.

"It did require a lot of iteration," he says. "At every step, the first output was not the optimal output — if we were a criminal, we would have been blocked by antivirus. It took us time until we were able to generate good code."

Over the past six weeks, ChatGPT — a large language model (LLM) based on the third iteration of OpenAI's generative pre-trained transformer (GPT-3) — has spurred a variety of what-if scenarios, both optimistic and fearful, for the potential applications of artificial intelligence and machine learning. The dual-use nature of AI/ML models have left businesses scrambling to find ways to improve efficiency using the technology, while digital-rights advocates worry over the impact the technology will have on organizations and workers. 

Cybersecurity is no different. Researchers and cybercriminal groups have already experimented with using GPT technology for a variety of tasks. Purportedly novice malware authors have used ChatGPT to write malware, although developers attempts to use the ChatGPT service to produce applications, while sometimes successful, often produce code with bugs and vulnerabilities.

Yet AI/ML is influencing other areas of security and privacy as well. Generative neural networks (GNNs) have been used to create photos of synthetic humans, which appear authentic but do not depict a real person, as a way to enhance profiles used for fraud and disinformation. A related model, known as a generative adversarial network (GAN), can create fake video and audio of specific people, and in one case, allowed fraudsters to convince accountants and human resources departments to wire $35 million to the criminals' bank account.

The AI systems will only improve over time, raising the specter of a variety of enhanced threats that can fool existing defensive strategies.

**Variations on a (Phishing) Theme**

For now, cybercriminals often use the same or similar template to create spear-phishing email messages or construct landing pages for business email compromise (BEC) attacks, but using a single template across a campaign increases the chance that defensive software could detect the attack.

So, one main initial use of LLMs like ChatGPT will be as a way to produce more convincing phishing lures, with more variability and in a variety of languages, that can dynamically adjust to the victim's profile.

To demonstrate the point, Crane Hassold, a director of threat intelligence at email security firm Abnormal Security, requested that ChatGPT generate five variations on a simple phishing email request. The five variations differed significantly from each other but kept the same content — a request to the human resources department about what information a fictional company would require to change the bank account to which a paycheck is deposited. 

**Fast, Undetectable Implants**

While a novice programmer may be able to create a malicious program using an AI coding assistant, errors and vulnerabilities still get in the way. AI systems' coding capabilities are impressive, but ultimately, they do not rise to the level of being able to create working code on their own.

Still, advances could change that in the future, just as malware authors used automation to create a vast number of variants of viruses and worms to escape detection by signature-scanning engines. Similarly, attackers could use AI to quickly create fast implants that use the latest vulnerabilities before organizations can patch.

"I think it is a bit more than a thought experiment," says Check Point's Shykevich. "We were able to use those tools to create workable malware."

**Passing the Turing Test?**

Perhaps the best application of AI system may be the most obvious: the ability to function as artificial humans. 

Already, many of the people who interact with ChatGPT and other AI systems — including some purported experts — believe that the machines have gained some form of sentience. Perhaps most famously, Google fired a software engineer, Blake Lemoine, who claimed that the company's LLM, dubbed LaMDA, had reached consciousness.

"People believe that these machines understand what they are doing, conceptually," says Gary McGraw, co-founder and CEO at the Berryville Institute of Machine Learning, which studies threats to AI/ML systems. "What they are doing is incredible, statistical predictive auto-associators. The fact that they can do what they do is mind boggling — that they can have that much cool stuff happening. But it is not understanding."

While these auto-associative systems do not have sentience, they may be good enough to fool workers at call centers and support lines, a group that often represents the last line of defense against account takeover, a common cybercrime.

**Slower Than Predicted**

Yet while cybersecurity researchers have quickly developed some innovative cyberattacks, threat actors will likely hold back. While ChatGPT's technology is "absolutely transformative," attackers will likely only adopt ChatGPT and other forms of artificial intelligence and machine learning, if it offers them a faster path to monetization, says Abnormal Security's Hassold. 

"AI cyberthreats have been a hot topic for years," Hassold says. "But when you look at financially motivated attackers, they do not want to put a ton of effort or work into facilitating their attacks, they want to make as much money as possible with the least amount of effort."

For now, attacks conducted by humans require less effort than attempting to create AI-enhanced attacks, such as deepfakes or GPT-generated text, he says.

**Defense Should Ignore the AI Fluff**

Just because cyberattackers make use of the latest artificial intelligence system does not mean the attacks are harder to detect, for now. Current malicious content produced by AI/ML models are typically icing on the cake — they make text or images appear more human, but by focusing on the technical indicators, cybersecurity products can still recognize the threat, Hassold stresses.

"The same sort of behavioral indicators that we use to identify malicious emails are all still there," he says. "While the email may look more legitimate, the fact that the email is coming from an email address that does not belong to the person who is sending it or that a link may be hosted on a domain that has been recently registered — those are indicators that will not change."

Similarly, processes in place to double check requests to change a bank account for payment and paycheck remittance would defeat even the most convincing deepfake impersonation, unless the threat group had access or control over the additional layers of security that have grown more common.

Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks

CISOs' top cloud challenge is harmonizing standards, policies, and procedures across blended environments.

In Coalfire's "2023 State of CISO Influence" report, developed in partnership with Dark Reading — security executives in major industries and companies of all sizes called out _lack of good governance strategy_ as one of the top challenges they face in managing cloud migration.

With any move to the cloud, corporate leaders focus intently on leveraging capabilities and harnessing myriad services, with IT often juggling the management of multiple assets in a hybrid environment. CISOs want to take the existing security program and wrap it around newly migrated systems to keep people, processes, and policies as consistent as possible and avoid the need to invent anything new. Updating and unifying standards and procedures usually lands last on the list.

While no single governance model is the right answer for all organizations, governance in the cloud age must, at a minimum, establish oversight, strategy, and enforcement of standards to ensure alignment of operational practices to the objectives and risk tolerance of the organization.

Security governance bridges business priorities with technical implementation like architecture, standards, and policy.

For smaller companies especially, the governance function is sometimes overlooked until it's too late. C-level security executives at firms with 500 or fewer employees ranked governance problems 10 points ahead of their midsize and larger enterprise counterparts.

**Optimizing Governance to Bolster Brand Confidence**

The report confirmed what I believe to be the essence of business resilience today: setting priorities, communicating effective incident response strategy, preplanning continuity of systems, and assuring continuous compliance.

Business goals and risk management are the best security program guideposts, ensuring that efforts are optimized to focus on the organization's top areas of concern. So naturally, it's becoming mission-critical to optimize governance processes to work effectively in today's hybrid server environments. Increasing infrastructure complexity drives hard questions, such as:

*   _How do we absorb the operational risk introduced by third parties within our cloud-based ecosystem?_
*   _How do we configure and uniformly apply access policies for employees, customers, vendors, remote workers, IoT, etc.?_
*   _Can we achieve zero trust, and can it be retrofitted to effectively fit into a hybrid environment?_
*   _What's our strategy and execution plan to enable operational resilience with pervasive incident detection and response?_
*   _How do we assure customers and stakeholders of our business's ability to continue operations after a disruption or during a mitigation?_

Addressing these questions facilitates a rational, cost-efficient approach instead of the outdated "sky is falling/spend more" mentality that has proven to be unsustainable. With the ever-expanding attack surface of the hyperscale cloud, CISOs can't eliminate risk, nor can they justify impulsive spending on endless identification of threats and scanning for vulnerabilities. Instead, they must respond and remediate problems, reduce costs, and enhance secure product life cycles to bolster brand reputation and customer confidence.

**Align Governance Responsibilities to Avoid Conflict**

Our research reflects that service delivery across industries is moving further into the cloud every year. Though all on-premises systems are eventually considered candidates for transition, legacy systems aren't going away tomorrow, so we need a pragmatic management style to keep the cloud momentum going while dealing with an expanding attack surface — the other "top two" concern of CISOs in the survey along with lack of good governance.

When developing governance strategies for hybrid cloud operations, it's critical that CISOs understand what services are provided by cloud and SaaS vendors, and that they have clarity on where the responsibilities and liabilities fall. While security professionals are more effectively closing known gaps, security teams still feel most of the heat when there are problems. Cloud vs. on-premises staff may fall into an adversarial pattern that results in attempts to deflect responsibility or engage in finger-pointing.

A well-planned governance model that assigns roles and responsibilities through a RACI responsibility alignment matrix is one of the best ways to avoid these situations. Failure to develop those plans up front can exacerbate the impact of even minor conflicts. Forward-thinking security leaders road map what needs to be done and who's going to do what, well ahead of time. At the onset of any migration or lift-and-shift, savvy CISOs need to start with a clear understanding of "who's on first." Prioritize that forethought by shifting core governance functions to the far-left side of the project management planning matrix.

Great CISOs don't just implement security measures, they build trust by working with business leadership to apply essential governance disciplines that align business strategy, risk management, asset protection, and innovation security while providing guidance to drive execution of security best practices and controls.

Across the board, CISOs in every sector and company size say governance is too often an afterthought. Lack of strategy produces hazards such as potential breach, disruption, and policy failures, as well as interdepartmental friction between cloud and on-prem teams. Whether it's a risk steering committee or a Cloud Advisory Board, good governance keeps the business moving and the supply chain flowing. It's a core competency for all security leaders.

**About the Author**

    

Michael Eisenberg is a seasoned information security professional with more than 31 years of experience working across public and private sectors, including two global Fortune 250 organizations (Aon and McDonald's Corporation), the government sector and the U.S. military. As vice president of Strategy, Privacy, and Risk at Coalfire, Michael leverages his experience through a range of security consultative services that help C-level officers build and improve security strategies and deliver cybersecurity programs. He received a master's degree in computer science from Illinois Institute of Technology. Michael holds CISSP, CISA, CISM, and CRISC security certifications.

Governance in the Cloud Shifts Left

School to resume Thursday, Jan. 12, after Iowa school district detected unusual network activity and pulled the plug.

The largest public school system in Iowa is slated to resume classes on Thursday, Jan. 12, following the detection of abnormal network activity that prompted the district to pull its systems offline.

On Jan. 9, DesMoines Public Schools alerted parents classes would be canceled and that their district's Internet and network services would be unavailable following a suspected cyberattack.

DMPS announced today that classes would resume tomorrow — Thursday, Jan. 12 — now that phones are operational. For the time being, students can expect an "offline learning experience," the district added.

"The school district’s information technology staff continues to investigate the cause and extent of the cybersecurity incident that took place earlier this week, in coordination with the school district’s cyber insurance company, and are working to fully restore the district’s network when it is safe to do so," the latest update on the school cyberattack said. "This work will continue in the days ahead."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cyberattack Cancels Classes for Des Moines Public Schools

Organizations are looking for new methods to safeguard the virtual machines, containers, and workload services they use in the cloud.

In 2022, we saw explosive transitions in the cloud security market — every aspect of the ecosystem, including vendors, products, and infrastructure, went through a radical change. It birthed new categories like data security posture management (DSPM), saw established vendors jumping to announce cloud data lakes like Amazon Security Lake, and put vendors through turmoil, like KnowBe4 being acquired by Vista Equity for $4.3 billion.

As we look forward to 2023, cybersecurity for workloads (virtual machines, containers, services) in the public cloud will continue to evolve, with customers trying to balance the need for aggressive cloud adoption and compliance with security needs. CIOs and CISOs will challenge their teams to build the foundation for a security platform that can consolidate point products, support multiple clouds (AWS, Azure, and GCP), and leverage automation to scale security operations. A zero-trust architecture will lead the way to workload protection in the cloud, real-time data protection, and centralized policy enforcement. Here’s a deeper dive into how these five dynamics will make their presence felt in 2023 with public cloud workloads.

**Generative Attacks Will Become Targeted and Personalized**

Automation and machine learning empower cybercriminals to launch sophisticated, targeted attacks. Scripted botnets can conduct network reconnaissance on cloud infrastructure, and valuable data can be harvested and used to launch further attacks. Malware packages are becoming a commodity, with readily available automated tools in which the level of abstraction enables even unimaginative minds to become lethal. For example, ChatGPT, which has taken the tech world by storm, can use machine learning to auto-script malware.

Cyberthreat researcher @lordx64 shared an example of malware auto-generated by ChatGPT. The malware used PowerShell to download ransomware using an obfuscation script, encrypt all the files, and exfiltrate the key to google.com.

**Centralized Security Posture Will Become the Norm to Tackle Workload Sprawl**

Misconfigurations due to human error remain the biggest root cause of cyberattacks. Many attacks use techniques such as code injection and buffer overflow to prey on weak configurations. With the cloud enabling workloads to be spun up and down frequently, configuring security policies at individual firewalls at every virtual private cloud (or a trust zone) opens the door for human error.

Organizations will increasingly look for architectures that can centralize cloud security policy definitions, enforcements, and remediations. Only when cyber prevention is delivered from a central platform can defense be applied to all workloads, instead of just a few select ones.

**Zero-Trust For Workload Protection Will Gain Momentum**

Zero trust will see widespread adoption to protect assets by enforcing an explicit trust framework for all assets in the public cloud. Implementing zero trust in the public cloud is different and unique because customers are dealing with ephemeral and dynamic resources. With zero trust platforms that were architectured for the cloud can bring down cost overruns and complexity. Before a workload in a public cloud can request a resource, it must go through an extensive trust check — one that combines identity, device risk, location, threat intelligence, behavioral analytics, and context. Upon successfully establishing explicit trust, the resource will then be subject to corporate security policy for access control.

**CIOs Will Look For More Effective Multicloud Security Tools**

When it comes to vendor best practices, CIOs are increasingly looking at diversified portfolios of public cloud infrastructure for three main reasons. They want to reduce reliance on a single vendor; many are also looking to integrate infrastructure inherited from mergers and acquisitions. And CIOs need to leverage best-of-breed services from different vendors, such as Google Cloud BigQuery for data analytics, AWS for mobile apps, Oracle Cloud for ERP, for example.

    

Figure: AWS shared responsibility model for protecting cloud resources.

Every cloud vendor preaches the notion of “shared security responsibility,” putting the onus on the customer to implement a security infrastructure for their cloud resources. Savvy IT shops ensure they pick a cybersecurity platform that supports multiple public cloud environments.

**Real-Time Data Protection Will Be a Core Criterion for Cloud Data Governance, Security**

Securing sensitive data such as protected health information, personally identifying information, financial information, patents, confidential corporate data, and other intellectual property is arduous when data moves to the cloud. Legacy data loss prevention (DLP) architectures that rely on regexes, scans, and static rules are insufficient and ineffective for DLP in the cloud.

The rise of the data security posture management category has provided critical visibility into the need for observability and real-time analysis. Proxy-based architectures that can decrypt and inspect all SSL traffic will become a cornerstone for enterprises that truly care about protecting their sensitive data.

Migration to the cloud is not a new trend in the corporate world, but the implications of cybersecurity for cloud workloads are still evolving. While there are no clear answers yet, these are some of the leading indicators customers will use to navigate in 2023.

Read more _Partner Perspectives_ from Zscaler.

5 Ways Cybersecurity for Cloud Workloads Will Evolve in 2023

With artificial intelligence poised to displace many SOC professionals, it's important to think ahead to potential niches for cybersmart humans — even to outer space.

As routine work is increasingly performed by automated systems, exciting new jobs are likely to emerge in cybersecurity. Positions in outer space cybersecurity, AI mentoring, and digital footprint consulting may sound unusual at first glance, but the rapid development of technology could make them a reality in just a few years. Let's take a look at a few of the possibilities.

**Outer Space Cybersecurity Engineer**

Satellites are one of the most essential pieces of space technology in daily life, used in navigation systems, broadcast media, and other communications. The more we use technologies that rely on satellites, the more attractive a target this type of space-based infrastructure becomes to threat actors.

Satellites and the space industry as a whole require dedicated specialists who can prevent attacks of all kinds. This is particularly true when securing systems such as navigation, engine control, emergency, and communication infrastructure. With the development of space tourism, asteroid mining, and new space stations, there will be rising demand for out-of-earth cybersecurity experts.

**AI Mentor**

The rise of AI-based technologies and assistants, such as speech-based systems (e.g. Siri, Alexa, Cortana, etc.) has helped make new technologies more accessible. At the same time, they introduce new privacy and security concerns, while their control, regulation, and monitoring requirements go beyond product management and development areas of expertise.

Speculative fiction writer William Gibson envisioned a Turing Police force in charge of controlling AI and AI-based systems in the technological future. We may realistically need AI mentors as a new type of expert who controls and assesses these technologies. Mentors' responsibilities may also include teaching AIs, controlling their access to data, imposing evolutionary constraints, and acting as a parent to the AI. As the complexity and sophistication of these technologies increases, there will be a growing demand for experts like these.

An AI mentor's assistant could be another role. They would be dedicated specialists responsible for creating a "stop" button to prevent AI systems from operating on their own. This involves the development of protection against malfunctions and alternative rescue plans in case computers are out of service.

**Cyber Immunity Developer**

For decades, people have developed new technologies first, only to think about the cybersecurity implications later. To make the world safer, we’ll need a “security-first” approach. Solutions with embedded cybersecurity principles help move us in that direction, allowing a device to be cyber-immune by default, with built-in protection against most types of cyberattack.

This will drive demand for developers with skills in this methodology, creating systems that are secure by design. These will be too expensive to hack, and the vast majority of threats won't be able to hinder their critical functions.

**Threat Endurance Manager**

A cyberattack can lead to the interruption of production and business processes, posing potential reputational risks and financial losses. Imagine an attacker interferes with the production process of a huge metal processing plant and disables the factory for a day. Because of this, they don't fulfill a bulk order which results in millions of dollars in losses.

Threat endurance managers will be in demand at critical infrastructure sites or large companies that cannot afford such a shutdown. These specialists will be responsible for business continuity and protect companies by controlling IT systems, responding to cyberattacks, and managing software and human errors.

**Cyber Investigator**

This profession already exists, but over the next few years it will become more complex and diverse, following the increased sophistication of digital systems and the trend toward automation.

We know that these specialists normally manage the aftermath of a security breach, covering the entire investigation and working to eliminate the threat to the organization. They collect evidence based on the results of the incident, analyze log files and events on the network, create indicators of compromise, and much more. Cyber investigators of the next generation will be generalists with skills not only in programming and hacking but also in psychology and decision-making in volatile conditions. Apart from that, they will be experts in robotics and AI, as they would have to work with those newly emerging systems.

**Digital Footprint Consultant**

This specialist plays a key role in the future protection of a brand against the potential negative effects of a cyber incident. Cyberattackers are well known for extracting data and blackmailing companies by threatening their reputation. Experts of the future will need to be able to assess a company's vulnerability to these sorts of risks and count skills related to safeguarding the image of the business among their competencies.

**Digital Bodyguard**

This will essentially be a consultant protecting a person’s digital identity. Like a bodyguard in the physical world, they will guard against things like doxing, cyber stalking, and other harassment. This bodyguard will help clients to protect their digital identities by cleaning their accounts and digital history, guiding and supporting their virtual lives.

In 2021, nearly 46% of US middle and high schoolers had been cyberbullied during their lifetime, while 41% of adults reported experiencing online harassment, and 24% said they'd been stalked using technology. In some cases, this can be combined with offline harassment or even physical violence. A proactive consultant would help protect children and adults from threats of this nature. When it does happen, they will act as a private digital security force, helping to disrupt the offender, identify them, and prevent similar incidents in the future. They could even help the victim cope with the incident from a psychological perspective. In many countries cyberbullying is a crime, so this profession might be in extra demand in those places.

You can hardly single out a business in which cybersecurity is not relevant. Even companies that don’t make money from it still often can have sizeable cybersecurity departments. Apple, for example, has an internal team that handles endpoint security. As technology and business continue to evolve, career opportunities in cybersecurity should remain plentiful and varied long into the future.

Cyber Jobs of the Future: Sleuth, Bodyguard, 'Immunity' Developer

Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.

**SANTA CLARA, Calif.****,** **Jan. 11, 2023****/PRNewswire/ --** Infoblox Inc., the leader in cloud-first DNS management and security, today announced that Jesper Andersen has decided to retire as Chief Executive Officer and the Board of Directors has appointed Scott Harrell as the new President and Chief Executive Officer. Andersen will continue to serve on the Board and support Harrell through the transition.

Harrell brings strong executive leadership and portfolio management experience having spent two decades in leadership roles at Cisco Systems and Intel. Prior to joining Infoblox, Harrell was the Senior Vice President and General Manager for Cisco's $20 billion Intent Based Networking business unit where he oversaw the entire portfolio and engineering teams across the enterprise, IoT and data center markets. He has an MBA from UNC-Chapel Hill, Kenan-Flaglar Business School, and a bachelor's in Industrial Engineering from Georgia Institute of Technology.

Vista Equity Partners and Warburg Pincus, Infoblox investors, have thoughtfully selected Harrell as Andersen's successor.

"We are thrilled to welcome Scott to Infoblox. His deep-domain expertise in building leading technology businesses at Fortune 100 companies makes him perfectly suited for Infoblox – as the company continues to invest in next-generation cloud-first DNS management and security solutions. We're confident that he will lead the business to continued growth and adjacent market expansion," said John Stalder, Managing Director, Vista Equity Partners.

Harrell joins Infoblox at a critical time where more and more enterprises are embracing a remote workforce and multi-cloud strategies – both of which drastically increase DNS management complexities and security challenges.

"Infoblox is an innovative company with an incredibly talented team that consistently executes at extremely high levels. I am thankful for all Jesper has done for the company and the incredible culture that has been built under his leadership," said Harrell. "Infoblox's solutions are critical to the ongoing operations, availability, and security of enterprises across the world. I'm thrilled to join a company that embraces an innovation mindset anchored by its technology and its people, and I look forward to further accelerating Infoblox's growth and market leading solutions."

Over the past decade, Infoblox has experienced expansive growth, including growing its customer base by 82%, growing its partner relationships by 43% and more than doubling its employee base, all while taking its technology solutions to innovative new heights. 

"On behalf of the Board, we thank Jesper for his invaluable contributions and tremendous impact to Infoblox – transforming the company into a cloud-first market leader in comprehensive, world-class security and networking solutions. Infoblox's momentum and growth is a testament to Jesper's leadership, passion, and dedication to employees, customers, and partners. While Jesper's retirement has been planned for a long time, we are excited to have him remain on the Board of Directors and continue to be an important strategic asset to the company," said Cary Davisand Parag Gupta, Managing Directors, Warburg Pincus. 

Jesper's continued passion and dedication for employees has fostered a very strong, collaborative culture, and one that continues to attract top talent and executives like Harrell.

"My time at Infoblox will remain the highlight of my career, where we were able to disrupt the industry and offer solutions to our customers unmatched by any competitor," said Jesper Andersen. "Beyond our leading technology, I am proud to have worked alongside Infoblox employees across the globe to create a culture-driven by our core values – to make Infoblox an incredibly positive, innovative, and supportive workplace that I know they will carry forward. I have incredible confidence in Scott and the executive leadership team to continue our mission to drastically simplify networking and security for our customers," added Andersen.

Learn more about Infoblox's networking and security solutions here.

**About Infoblox**

Infoblox is the leader in next generation DNS management and security. More than 13,000 customers, including 75% of the Fortune 500, rely on Infoblox to scale, simplify and secure their hybrid networks to meet the modern challenges of a cloud-first world. Learn more at

 https://www.infoblox.com.

Infoblox Appoints Scott Harrell to CEO

**IRVINE, Calif. – January 11, 2023 –** SecureAuth, a leader in next-generation access management and authentication, today announced that the United States Patent and Trademark Office (USPTO) has granted the company seven groundbreaking methods for authenticating users’ claimed identities for frictionless user access using automated risk-based control and behavioral modeling. Capabilities derived from these patents are included SecureAuth’s ArculixTM product portfolio.

“The innovation in the Arculix platform adds a new dimension in cyber protection by delivering passwordless and continuous authentication to clients who are exhausted by the lack of efficacy in existing binary authentication systems,” said Shahrokh Shahidzadeh, CTO at SecureAuth. “Enterprises that leverage Arculix’s data science approach and end-to-end passwordless continuous authentication experience a trifecta of elevated platform trust, lower friction, and insightful real-time action when detecting anomalies.”

The USPTO issued U.S. Patent No. 11,329,998, entitled “Identification (ID) Proofing and Risk Engine Integration System and Method” on May 10, 2022. Methods disclosed in the patent include performing entity authentication through identification (ID) proofing using bio-behavior-based information which may be continuously monitored.

The USPTO has issued U.S. Patent No. 11,250,530, entitled “Method and System for Consumer Based Access Control for Identity Information” on February 15, 2022. The methods disclosed in this patent involve organizations such as the DMV or the IRS receive an identity request per set policies allowing authorization by the owner.

The USPTO issued U.S. Patent No. 11,349,879, entitled “System and Method for Multi-Transaction Policy Orchestration with First and Second Level Derived Policies for Authentication and Authorization” on May 31, 2022. This highlights authentication policy orchestration between a user device, a client device, and a server.

The USPTO has issued U.S. Patent No. 11,321,712, entitled “System and Method for On-Demand Level of Assurance Depending on a Predetermined Authentication System” on May 3, 2022. This patent involves issuing an authorization token and based on real-time multi-factor authentication (MFA).

The USPTO issued U.S. Patent No. 11,367,323, entitled “System and Method for Secure Pair and Unpair Processing Using a Dynamic Level of Assurance (DLOA) Score” on June 21, 2022. The patented technology delivers Biobehavioralâ identification in which the elements of a system work together to monitor biologic features (e.g., fingerprints, pupils, or the like) and behavior (e.g., wake time, exercise time, and location) of a user.

The USPTO issued U.S. Patent No. 11,455,641, entitled “System and Method to Identify User and Device Behavior Abnormalities to Continuously Measure Transaction Risk” on September 27, 2022. The patent continuously monitors the context and behavioral information restricting improper access to a secure network.

The USPTO issued U.S. Patent No. 11,552,940 entitled “System and Method For Continuous Authentication of User Entity Identity Using Context and Behavior For Real-Time Modeling and Anomaly Detection” on January 10, 2023.  The system allows an identity to be continuously proven due to a user entity’s behavior and their biometrics. A primary ID allows risk-based continuous authentication and step-up post-authorization authentication upon detection of an anomaly.

As a leader in the industry, SecureAuth is a powerful innovator with 53 issued patents across identity and access management, adaptive authentication, passwordless authorization and ID proofing.

**About SecureAuth Corporation**

SecureAuth is a leading next-gen access management and authentication company that enables the most secure and flexible authentication experience for employees, partners, and customers. With the only solution that can be deployed in cloud, hybrid, or on-premises environments, SecureAuth manages and protects access to applications, systems, and data at scale, anywhere in the world. To find out more, please visit www.secureauth.com.

SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digital Identities

Shift your mindset from risk to resilience.

As the lyrics of "Auld Lang Syne" so eloquently say, "Should old acquaintance be forgot and never brought to mind?" As security leaders look forward to what the new year brings, they're taking stock of everything — their teams, their technologies, their budgets — and trying to plan for what looks to be another challenging year.

While I don't have a Magic 8 Ball, 2023 looks like more of the same — the same budget constraints, the same supply chain problems, and the same cybersecurity challenges. There is also a lot of pressure currently on security leaders to do more with less while also facing more scrutiny and more accountability for the effectiveness of their cybersecurity programs. Sophisticated and frequent cyberattacks, shrinking budgets, and a scattered workforce have only exacerbated preexisting security challenges to the point that it's hard to know what to address first. So, if you're a security leader still working on your New Year's resolutions, cyber resilience should be No. 1 on your list.

**Shifting Your Mindset****

Most security leaders today have adopted "it's not if, but when" mindset in relation to cybersecurity incidents. Additionally, risk management — constantly identifying risk and implementing the appropriate mitigating controls — continues to be a key component of overall cybersecurity program management. But what if you're unable to implement the necessary controls or if you fail to identify a critical risk? The real question is, what is your plan for readiness when you're faced with a risk that has been realized due to having no mitigating controls, inadequate mitigating controls, or blind spots?

Recently, I met with a potential customer, and security staffers outlined their current cybersecurity challenges, program/technology wants and needs, and talent shortages. As they described their top cybersecurity concerns, I asked if they were thinking about their problems correctly; instead of focusing on problem X, perhaps they should focus on problem Y instead. But then I realized that the security leader at that company sees the same problems day in and day out, and they're specific to the organization. In contrast, however, being in a role similar to that of a security solutions consultant, I see many different types of problems being approached and solved in multiple ways.

I wondered how much this difference in perspective affects our ability as an industry to align on cybersecurity baselines, metrics, prioritization approaches, etc. It's difficult to solve problems within our cybersecurity programs when the problems, the organizations we protect, and our priorities change every day. If we agree that "it's not if, but when," we also agree that we must accept a degree of uncertainty when managing our security. We cannot, however, allow those blind spots to result in business disruption. Instead, there must be a mindset shift in the way cybersecurity programs are managed, from a traditional risk management model to cyber resilience.

****Understanding the Security Game****

The good news is we're starting to see a shift in organizations prioritizing resilienc and not just risk, even though effective risk management is an important component of cyber resilience. According to a recent Forrester report, there has been a significant increase in chief risk officers (CROs) reporting directly to the CEO. This is one example of a much-needed pivot in the enterprise mindset, with security evolving from a compliance checkbox to an investment in a strategy for cyber resilience. For companies with inadequate protections in place, CISOs will need to focus their budgets on having a resourced team, proper tools, and robust training.

Part of this mindset shift is also understanding the security game you need to play and then being able to explain that strategy to your leadership team and board of directors. When all you think about is the risk — we're risky here, so we'll plug this hole with this solution, then we're risky over here, so we'll plug that hole over there with this other solution — it's like playing a game of whack-a-mole. Try taking that approach to your board as a well-defined strategy.

Instead, the message needs to be something along the lines of: According to industry research in our vertical, here are the top threats that attackers can leverage in our type of environment, and here's how we can improve our environment. Our strategy is to be more resilient.

Now you have something measurable and can build a reasonable cybersecurity program road map.

****Why Cyber Resilience Should Be No. 1 on Your To-Do List****

The CISOs who will be most effective in 2023 will not look to answer the question "Are we safe?" Because the answer is always no — there will always be risk. The right question is "How ready are we?" You want to think about what you learned from that cyber incident — which is more than just reactively identifying the risk, assessing costs, and then implementing controls accordingly. Guess what? Attackers also have those controls. And by the time you go through your procurement process, proof of value, vendor selection, and solution implementation, attackers are several steps ahead of you.

There will always be gaps in what you know about your environment, so focusing on the continuous improvement of your security program through the lens of being ready to anticipate, withstand, recover, and adapt is how you should approach 2023.

Now is the time for security leaders to create a cyber resilience-focused program. Companies can't eliminate all risk, but we will see organizations putting in place full-scale plans and spending where they need to so they are prepared to measure progress and improvement in their cybersecurity program. Those organizations that go with the "good enough" approach will most likely pay the price (and more) later.

**

The Resolution Every CSO/CISO Should Make This Year

**San Francisco, CA, January 11, 2023** **–** Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced several new Zero Trust email security solutions, compatible with any email provider, to protect employees from multichannel phishing attacks, prevent sensitive data being exfiltrated via email, and help businesses speed up and simplify deployments. Now, Cloudflare is providing organizations with its simple and robust phishing and malware protection that is deeply integrated with its Zero Trust platform, helping to secure all of an organization’s applications and data.

“You can’t have a complete Zero Trust solution without securing email, given that a huge proportion of all cyber attacks begin with phishing,” said Matthew Prince, co-founder and CEO of Cloudflare. “In 2022, Cloudflare Area 1 identified and kept almost 2.3 billion unwanted messages out of customer inboxes. Today we’re filling a void in the marketplace that has been underinvested in for the last ten years, with the first set of deeply integrated solutions that bring together Cloudflare Area 1 email security and our Zero Trust platform.”

Email is one of the most ubiquitous and also most exploited tools that businesses use every single day. The FBI’s latest Internet Crime Report shows that business email compromise and email account compromise, a subset of malicious phishing campaigns, are the most costly—with U.S. businesses losing nearly $2.4 billion. On top of that, email is also one of the hardest tools for businesses to secure, often resulting in multiple vendors, complex deployments, and a huge drain of resources for IT teams. Now, with Cloudflare’s Zero Trust SASE platform, customers can quickly and easily deploy comprehensive email security and data protection tools that are deeply integrated with their existing security stack and work with any email provider.

Cloudflare One provides a comprehensive Zero Trust SASE platform that is built natively into Cloudflare’s global network, spanning more than 275 cities in over 100 countries. This deeply integrated approach ensures a simple deployment in just a few clicks, without the need to change email providers, and lightning fast performance wherever users are. With Cloudflare Area 1’s new solutions, business will be able to:

*   **Automatically isolate suspicious links or attachments in emails:** With Link Isolation, If an employee clicks a link in an email it will automatically be opened using Cloudflare’s industry leading Remote Browser Isolation technology. Isolating any potentially risky links, downloads, or other zero day attacks from impacting that user’s computer and the wider corporate network.
*   **Identify and stop exfiltration of data:** With the rapid use of cloud-based email services within organizations, the amount of sensitive data that now resides outside a customer's premises has increased dramatically. By combining Cloudflare’s Data Loss Prevention and Area 1, businesses can create specific policies to scan for and block sensitive or protected content before it gets attached and sent.
*   **Onboard new Microsoft 365 domains in minutes:** Now it is as simple as possible to deploy Cloudflare Area 1 for Microsoft 365 domains via the Microsoft API. This means a single IT administrator can have the entire solution fully deployed, and running in minutes not days like legacy providers.

For more information on how to get started with Cloudflare Area 1 Security or Cloudflare One check out the information below:

*   Blog: Email Link Isolation: your safety net for the latest phishing attacks
*   Blog: How Cloudflare Area 1 and DLP work together to protect data in email
*   Landing Page
*   CIO Week

**About Cloudflare** Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list, ranked among the World’s Most Innovative Companies by Fast Company in 2019, awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

**Forward-Looking Statements** This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention), the benefits to Cloudflare’s customers from using the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) and Cloudflare’s other products and technology, the expected functionality and performance of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) and Cloudflare’s other products and technology, the timing of when any new Cloudflare One features (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) will be generally available to all current and potential Cloudflare customers, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Cloudflare’s actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in its filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on November 3, 2022, as well as other filings that we may make from time to time with the SEC.

The forward-looking statements made in this press release relate to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in its forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

Cloudflare Announces Email Security & Data Protection Tools

After a delay of more than a year, Intel's on-chip confidential computing feature is coming to all the major cloud providers, starting with Microsoft's Azure.

Intel launched on Tuesday its newest server chips, code-named Sapphire Rapids, which will form the backbone of server infrastructure in the public and private cloud.

The chips have built-in security features the company says will prevent attackers from stealing high-value data from computer systems, ensure regulatory compliance, and maintain data sovereignty. These 4th Gen Intel Xeon scalable processors will increase the baseline enclave, and Intel SGX will be able to accurately and securely verify application software loaded in that enclave, the chip giant said in a statement. These server chips fit in with Intel's confidential computing portfolio.

Confidential computing refers to a security mechanism where a bubble of protection is added around data as it travels over the network between computing systems. That is done through encryption. The Xeon chips add techniques to verify the integrity of code and authentication measures to ensure the data is accessible only to authorized individuals and systems.

The chips create trusted boundaries — which Intel calls trusted execution environments, or TEEs — in which code can be executed. A feature called Trust Domain Execution (TDX) locks down code in a secure enclave that can only be unlocked by those with the right keys or codes. The process of verifying and unlocking the code is called attestation.

The TDX instructions add a boundary around the virtual machine and everything in it, including the guest OS and apps in it, and removes the cloud service provider or other cloud tenants from a trust boundary, said Anil Rao, vice president and general manager for systems architecture & engineering at Intel's office of the CTO.

TDX leverages a security feature on Xeon chips called Software Guard Extensions (SGX), which is widely used today as a secure enclave to protect data in execution environments. But TDX is much larger in scope and covers a wider range of applications, such as AI in virtualized environments.

**Securing Virtual Machines**

SGX has been a critical element of Microsoft's Azure confidential computing offerings so far, and TDX in the newer Sapphire Rapids chips will strengthen the security in virtual machines, said Mark Russinovich, the chief technology officer at Microsoft's Azure, during the Xeon launch event.

"We look forward to being one of the first cloud providers to offer confidential services based on Intel 4th Gen Xeon scalable processors with Intel TDX later this year, enabling organizations to achieve confidentiality by seamlessly lifting and shifting their workloads without requiring any code changes," Russinovich said.

Confidential computing could be attractive to organizations concerned about high-value data and applications and services that require strong security.

"It strengthens compliance with data privacy and governance regulations and helps create a more private controlled infrastructure, even when using the public cloud," said Lisa Spelman, corporate vice president and general manager for Xeon products at Intel, during a press briefing on the new chips.

TDX will also be relevant to customers that want to activate private or regulated data in a way that doesn't breach confidentiality, Intel's Rao said.

"Think of a way in which customers use this for multiparty collaborations focused on shared analysis with data privacy," Rao said.

**From Edge to Cloud**

Rao provided some examples of sharing sensitive data securely in financial or healthcare organizations, or to share research for fraud detection. He summarized that confidential computing makes it possible to move workloads securely from the private into the public cloud while meeting data residency and compliance requirements.

Intel's 4th Gen Xeon chips will also be tied to a cloud service called Project Amber, which will help verify trust of computing boundaries from edge to cloud. It will start as an independent attestation service for Intel confidential computing technologies, Rao said. Intel plans to offer Project Amber as a pay-as-you-go feature.

The new Xeon chips will also appear in virtual machine instances in cloud services from Google, IBM, and Alibaba, but the chip maker didn't comment on whether the cloud providers would specifically offer TDX instructions.

AWS has its own confidential computing offerings, while Microsoft also has virtual machine instances with AMD’s on-chip cloud computing features.

Intel is a dominant player in the server market, with an x86 server market share of 82.5% during the third quarter of last year; its closest rival, AMD, sported a 17.5% market share, according to Mercury Research.

Source

DARKReading