Training service prepares ransomware response teams for successful threat actor engagement to mitigate damage, protect brand reputation, anticipate emerging threats, and more.

**Arlington, Va., Oct. 19, 2022 –** GroupSense, a digital risk protection services company, today announced the launch of a new Ransomware Negotiation Training service offering. During an immersive three-day, in-person training session, participants will learn the proper strategies to combat the negative consequences of an attack from negotiation experts at both GroupSense and Max Negotiating, a negotiation advisory firm that specializes in training lawyers and legal professionals. As a result of the training, participants will be able to help their client organizations identify threat actors, learn key cyber negotiation principles and strategies, protect brand reputation, avoid unnecessary business losses and stay ahead of emerging threats.

According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, ransomware complaints increased 62% from 2020 to 2021. The increase in attacks makes negotiation with threat actors a crucial part of enabling an organization to resume operations, reducing permanent data loss and eliminating regulatory fines and penalties. While response teams, typically led by lawyers, are accustomed to negotiating on their client’s behalf, many have never communicated directly with threat actors or conducted negotiations under the constraints they impose. With GroupSense’s Ransomware Negotiation Training, participants will discover the ins-and-outs of ransomware attacks, the intricacies of threat actor engagement, discern their role in a ransomware negotiation and master a proactive ransomware response strategy.

“The business impact of a ransomware attack can be severe – revenue loss, brand and reputation damage, operational and business disruption, increased cyber insurance premiums and legal consequences,” said Maxwell Bevilacqua, chief negotiating officer of Max Negotiating. “By teaming up with GroupSense, we’re able to pair their expert ransomware negotiators with our negotiation experts to help clients - such as lawyers and law firms with cybersecurity practices - better understand the art and science of negotiation with threat actors so they can minimize damage to their companies.”

As part of the three-day training, GroupSense and Max Negotiating design a case simulation according to the structure of the client’s organization, putting the client’s response team through a fire drill to consolidate their strengths and highlight vulnerabilities, and prepare the team for worst-case scenarios. The agenda for the training is as follows:

*   **Day 1** – Participants begin by learning the anatomy of a ransomware attack, including how they are conducted, the roles involved and the ransomware ecosystem. Next, the GroupSense and Max Negotiating team provides a framework for conducting ransomware negotiations and delves into core principles as they apply to cybercrime and ransomware.
*   **Day 2** – The framework is then put to the test in a complex, dynamic, multi-party simulation of a ransomware attack. The simulation is recorded for future review and coaching on the third day.
*   **Day 3** – The team provides feedback as participants review recordings of the previous day’s negotiation simulation. The team leads participants in exercises to strengthen the vulnerabilities identified in the simulation. The training is then concluded by building out a team response plan.

After the training program, client organizations will have access to the video recordings as well as the Max Negotiating digital toolkit. They will also have the opportunity to engage in additional ransomware negotiation training and coaching opportunities from both GroupSense and Max Negotiating.

“Over the last three years, our ransomware experts have conducted some of the world’s largest ransomware and extortion negotiations, giving them in-depth practical knowledge of the process and the ability to develop a proven negotiation method that has garnered best-case outcomes for our clients,” said Kurtis Minder, co-founder and CEO, GroupSense. “We partnered with Max Negotiating to combine our field experience with their deep knowledge of the negotiation process to help response teams reduce panic and decision fatigue during a ransomware attack, to arm them with the skills to remain in control of the situation, and to provide the tools they need to engage successfully with threat actors and facilitate a positive outcome.”

In addition to the new Ransomware Negotiation Training offering, GroupSense has additional ransomware offerings, including its Ransomware Response Readiness Assessment (R3A) and Ransomware Negotiation Services. Additional services include ransomware incident support, post-incident monitoring and breach notification services. GroupSense also provides a ransomware hotline (1-800-484-9426) for companies to speak to an expert negotiator if they’ve been affected by ransomware.

For more information about GroupSense’s Ransomware Negotiation Training offering, download the data sheet, and to inquire about pricing, please contact \[email protected\].

**About GroupSense**

GroupSense is a digital risk protection services company delivering customer-specific intelligence to dramatically improve enterprise cybersecurity and fraud-management operations. Unlike generic cyber-intelligence vendors, GroupSense uses a combination of automated and human reconnaissance to create finished intelligence mapping each customer’s specific digital business footprint and risk profile. This enables customers to immediately use GroupSense’s intelligence to reduce enterprise risk, without requiring any additional processing or management by overstretched security and fraud-prevention teams. GroupSense is based in Arlington, Va., with a growing customer base that includes large enterprises, state and municipal governments, law enforcement agencies and more.

GroupSense Delivers New Ransomware Negotiation Training Service

Former Zscaler president to lead DigiCert's next stage of growth as the company accelerates its strategy, expands its product offering, and works to become the de facto standard for digital trust.

**LEHI, Utah, Oct. 19, 2022** – DigiCert, Inc., ("DigiCert" or the "Company") a leading global provider of digital trust, has named Amit Sinha as the Company's Chief Executive Officer, and a member of the DigiCert Board of Directors. Sinha joins DigiCert from Zscaler, Inc. ("Zscaler") where he served as President and a member of the Board of Directors. During his 12-year tenure, Zscaler grew from a startup to a NASDAQ-100 company and established itself as a leader in enterprise security. DigiCert is backed by Clearlake Capital Group, L.P. (together with its affiliates, "Clearlake"), Crosspoint Capital Partners ("Crosspoint"), and TA Associates ("TA").

"I'm honored and grateful for the opportunity to lead the DigiCert team," said Amit Sinha. "Digital trust is the cornerstone of our connected world and DigiCert has built a foundation with global enterprises by delivering comprehensive security solutions. As we look ahead, the Company is positioned to accelerate its leadership in digital trust for connected device and user authentication, secure software, documents, digital content and data integrity."

"Amit has a track record of delivering technology innovation, operational excellence, and customer value," said Behdad Eghbali, Co-Founder and Managing Partner, and Prashant Mehrotra, Partner and Managing Director, of Clearlake. "We look forward to partnering with Amit, and the DigiCert leadership team, as the Company embarks on its next phase of accelerated growth and expansion."

"Amit is a seasoned industry leader with deep security domain expertise and business acumen," said Greg Clark, Managing Partner of Crosspoint Capital and Chair of DigiCert's Board of Directors. "With Amit at the helm, we believe we can drive increasing market adoption of our core platform and deliver innovative new products and services to strengthen DigiCert’s position as the dominant provider of digital trust."

"Amit’s years of experience and passion for continuous technological innovation have positioned him well to guide DigiCert through its next strategic growth phase," said Jason Werlin, a Managing Director at TA. "We believe Amit will be a valuable addition to DigiCert’s talented management team and are excited to work closely with him as we aim to further DigiCert’s industry leadership."

Mr. Sinha brings over 20 years of technology, strategy, and operational experience from leading category-creating businesses at Zscaler, Motorola, AirDefense, and Engim. He has a doctorate in electrical engineering and computer science from the Massachusetts Institute of Technology and a Bachelor of Technology in electrical engineering from the Indian Institute of Technology, Delhi, where he graduated summa cum laude and was awarded the President of India Gold Medal. Mr. Sinha has authored over 25 journal/conference papers, contributed to three books, and is the inventor of 39 US patents, granted or pending.

**About DigiCert, Inc.**

DigiCert is a leading global provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit www.digicert.com or follow @digicert.

**About Clearlake**

Clearlake Capital Group, L.P. is an investment firm founded in 2006 operating integrated businesses across private equity, credit and other related strategies. With a sector-focused approach, the firm seeks to partner with management teams by providing patient, long-term capital to businesses that can benefit from Clearlake’s operational improvement approach, _O.P.S._® The firm’s core target sectors are technology, industrials, and consumer. Clearlake currently has over $70 billion of assets under management, and its senior investment principals have led or co-led over 400 investments. The firm is headquartered in Santa Monica, CA with affiliates in Dallas, TX, London, UK and Dublin. More information is available at www.clearlake.com and on Twitter @Clearlake.

**About Crosspoint Capital**

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity, privacy and infrastructure software markets. Crosspoint has assembled a group of highly successful operators, investors and sector experts to partner with foundational technology companies. Crosspoint has offices in Menlo Park, CA, and Boston, MA. For more information visit: www.crosspointcapital.com.

**About TA**

TA Associates ("TA") is a leading global growth private equity firm. Focused on targeted sectors within five industries — technology, healthcare, financial services, consumer and business services — the firm invests in profitable, growing companies with opportunities for sustained growth, and has invested in more than 560 companies around the world. Investing as either a majority or minority investor, TA employs a long-term approach, utilizing its strategic resources to help management teams build lasting value in high quality growth companies. TA has raised $48.6 billion in capital since its founding in 1968. The firm's more than 110 investment professionals are based in Boston, Menlo Park, Austin, London, Mumbai and Hong Kong. More information about TA can be found at www.ta.com.

DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer

New partnership gives security analysts simplicity when sifting through data, thorough readouts of compliance options, and streamlined response to incidents.

**SANTA CLARA, Calif., Oct. 19, 2022** — Revelstoke has partnered with BreachRx to unify automated incident response and compliance capabilities with the Revelstoke next-generation enterprise Security Orchestration, Automation, and Response (SOAR) platform.

BreachRx has created the security industry’s first incident reporting and response automation solution. It is designed to help people find answers to security and regulatory compliance questions in real time and at the height of a crisis. Similarly, Revelstoke has developed a next-level-SOAR solution that allows Security Operations Centers (SOCs) to sift through incoming data and identify the most dangerous cyber threats. The two solutions together give organizations an off-the-shelf solution that holistically addresses problems like no other product currently on the market.

“In the past, security teams relied on trained people and manual processes, but given the scale of today’s threats and growing regulatory landscape, teams can't continue to throw people at the problem,” said Matt Hartley, Chief Product Officer and co-founder of BreachRx. “Our solutions together allow businesses to streamline and automate their response to threats, whether they’re criminals, nation-states, or whatever else could come their way, while ensuring the company meets all legal and contractual incident reporting requirements in tandem.”

Revelstoke’s Unified Data Layer (UDL) — the unique technology that allows different products to communicate seamlessly — will make it easier for analysts working in Security Operations Centers (SOC) to document incident findings. With the power of the UDL, incident response requirements can be managed faster and easier. Additionally, by using automation to help address security and compliance matters, the products can help users get solutions to legal, regulatory, communications, and marketing issues faster than ever before.

“Partnering with BreachRx allows us to help customers in a way we haven’t been able to do before,” said Bob Kruse, Revelstoke’s CEO and co-founder. “We know we make security easier for security analysts, but we also know that more security analysts are concerned about new rules and regulations than ever before. Compliance concerns are rising and there’s no one better at helping organizations sift through the complex maze of new laws like BreachRx. Our two companies approach these problems with a very similar mindset and range of concerns. This partnership makes sense for both the companies and, most importantly, the customers looking for better outcomes.”

**About BreachRx**

BreachRx is the leading automated incident reporting and response platform that security and technical leaders use to overcome one of their biggest challenges — reducing cybersecurity regulatory and incident compliance risks. Our SaaS platform’s automated workspace streamlines collaboration and frees internal bandwidth across the business while ensuring compliance with the most stringent global cybersecurity and privacy frameworks. BreachRx is the only automated approach that creates tailored, effective incident response plans and protects privilege in the market today.

Learn how to turn incident reporting and response into a routine business process today at breachrx.com.

**About Revelstoke**

Revelstoke is the only next-generation Security Orchestration, Automation and Response (SOAR) solution built on a Unified Data Layer that offers no-code automation and low-code customization. Revelstoke empowers CISOs and security analysts to automate analysis, eliminate software development needs, optimize workflows, prevent vendor lock, scale processes, and secure the enterprise.

For more information, contact: \[email protected\]

Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions

Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials.

Security leaders have been raising the alarm for years about the ongoing cybersecurity skills shortage. Even as cyberattacks become increasingly sophisticated, and frequent, corporate defense teams are having more trouble filling open positions. The problem can seem insurmountable, but it shouldn't be.

One solution that few companies have considered is extricating the security team from operations. Consider how much less daunting the skills gap problem would look if corporate security narrowed its focus to governance, oversight, supervision, and auditing, while pushing the implementation and management of security systems out to the operational teams that use them.

Such a change would be dramatic. The corporate security function would shrink substantially, both in staffing and in the number of specific tasks it's responsible for, but it would become more strategic — and more effective.

**Today's Less-Efficient Approach**

The typical security team today involves themselves in all manners of operational activities. For example, when the development group is creating a new application, security staff may get involved in design details, settings for underlying technologies, and determining which users can access development servers.

But the centralized security team may not immediately have the operational knowledge to make those decisions. They may have to dedicate significant time to understanding the business drivers behind the application, the structure, and expertise of individuals on the development team, etc.

The development team managers already have the requisite expertise in operational aspects of putting together their solution. The corporate security team has expertise in the controls needed to prevent specific attacks. Why not let each group specialize in their core competency?

**How It Would Work**

As I envision it, the security team could take responsibility for establishing, at an abstracted level, the controls needed to protect the application, both during development and after launch. But they could hand off responsibility to the development group for building those controls. The development team could decide which security software and configurations they need, set specific security policies, and determine user permissions. Then, the corporate security team could inspect the development environment — and the resulting application — to ensure that the requested controls were implemented and are performing as expected.

This approach would put detailed decision-making in the hands of the people closest to those decisions. The security team would need to know a little bit about the technologies the development group uses, but mostly they would just need to be controls experts who set expectations for the security outcomes the operations groups should achieve.

Consider access control. How should people get authenticated to enter the company's development environment? What credentials are sufficient to prove they are who they say they are? It makes sense for the corporate security group to own the high-level governance of access control, but they would need to learn a great deal about the development environment and development team to effectively answer these questions. Meanwhile, people on the development team already have this knowledge. Letting them make the decisions down in the weeds of their group's access control policies is only logical.

Development processes are one example. The security team I'm envisioning wouldn't be involved in building networks; they would provide control requirements to the networking team, then make sure those requirements were followed. In a cloud setting, the security team might set high-level expectations, then do inspection scanning, looking for anomalies. But that would be the extent of their involvement in cloud security decisions.

**What This Change Would Mean**

Obviously, my vision would require a total restructuring of IT. In some ways, it would move security activities more toward where they were a quarter century ago. Back when security was usually not a separate function, companies taught security best practices to operational subject-matter experts throughout the organization. Expertise was widely distributed, but security was only a small slice of anyone's job responsibilities.

Consolidating security activities into a centralized function has created experts who specialize in the subject. These highly qualified and hard-to-find professionals should focus on setting the overall direction of the company's security strategy, dictating the controls necessary to prevent certain types of attacks, and providing governance and oversight to ensure those controls are effective.

I would like to see the industry re-evaluate whether other, more operational responsibilities — routine firewall maintenance or configuration of SaaS apps, for example — are appropriate for the central security group. I think those tasks are better suited for the individuals who are connecting, architecting, designing, implementing, and configuring the company's systems. They have the expertise to make correct decisions about securing systems and processes with which they are intimately familiar.

An organizational structure that shifts security decisions out to operations groups may shrink some of the day-to-day responsibilities of the security team. However, it would also elevate the team's level of decision-making, free staff time for more strategic activities, and provide a tidy solution to the perpetual challenge of finding professionals with security-specific credentials.

A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams

Cybersecurity company RCS Secure announces round of Series A funding and name change as it rebrands to Third Wave Innovations.

**FRISCO, Texas, Oct. 18, 2022 /PRNewswire/** — RCS Secure is thrilled to announce the completion of a Series A funding round. The funding round was led by Socii Capital, LLC., a venture investment firm focused on healthcare IT with investments in MedOne, ScriptCyle, and ProviderScience.

This round of funding will allow us to grow the customer base we serve and invest in new parts of our core products and services.

RCS Secure has always been committed to being a leading provider of Managed Security, Data, and IT Services. As we have looked to expand our offerings and align the company's strategic growth, it has been decided that a rebrand is appropriate. As of October 17th, 2022, RCS Secure will be known as **Third Wave Innovations**.

"I am both grateful and humbled with our success and accomplishments as an organization," says Randal Asay, CEO of Third Wave Innovations. "From the inception, the advancement of this company has been built on the partnerships and relationships developed over the past 30 years. It is with gratitude and appreciation that as we progress to further heights, that we are worthy of such an amazing and accomplished group of professionals, Socii Capital, to help guide and drive our pathway. The quote 'If you want to go fast, go alone, if you want to go far, go with others' describes our past, our present, and our growth in the future!"

"Properly securing your IT environment to protect your data and the data of your patients is paramount in today's healthcare environment. Health care providers throughout the country are struggling to fill critical gaps in IT security needs with limited internal resources." said George Lazenby, a co-Founder and Partner at Socii Capital. "We were introduced to Third Wave Innovations through one of our portfolio companies utilizing their services. We were immediately impressed with their capabilities, management team and future plans for growth. We are excited to introduce Third Wave to health care providers through our network and portfolio companies."

Since day one, RCS Secure has been driven to innovate and provide cutting-edge solutions within its competitive market. The goal has always been to leverage our family of employees, partners, and clients, using technology to create a more secure world, and the company is committed to accelerating its efforts. We're investing in additional people, processes, and technology to deliver a broader and more robust set of services to our clients. Our commitment to this will remain our highest priority.

We look forward to what the future holds for Third Wave Innovations and can't wait to catch this wave with you.

**About Third Wave Innovations**

Third Wave Innovations is a privately owned corporation offering a full spectrum of cybersecurity safeguards, managed IT services, and a comprehensive data platform that empowers organizations to experience their own data in new ways.

**About Socii Capital, LLC**

Socii is a private investment capital firm founded in Fort Worth in 2015 with investments in SAAS technology companies with a primary focus on solving healthcare provider issues. Based on our team's deep experiences in the healthcare IT sector: operational management, product knowledge, and industry relationships, coupled with our hands-on approach, we add significant value to our portfolio companies.

**Contact Info:  
**Third Wave Innovations  
5 Cowboys Way, Suite 300  
Frisco, TX 75034  
844-267-6100  
**\[email protected\]**

**SOURCE:** Third Wave Innovations

RCS Secure Catches Its Next Big Wave

The Winnti APT was spotted dropping several variants of Spyder Loader and other malware as part of the so-called Operation Cuckoobees.

The Winnti cyber-espionage group out of China was discovered deploying the Spyder Loader malware as part of an ongoing campaign to gather intelligence information on government organizations in Hong Kong.

Researchers at Symantec's Threat Hunter Team recently observed malicious activity in which attackers remained active on some targeted networks for more than a year to steal critical data in what they believe is an extension of the group's previously identified Operation Cuckoobees, they said in a blog post published this week.

"While we did not see the ultimate payload in this campaign, based on the previous activity seen alongside the Spyder Loader malware it seems likely the ultimate goal of this activity was intelligence collection," researchers wrote.

Researchers at Cybereason first identified the Cuckoobees campaign in May as a massive cyber-espionage campaign against manufacturing and technology companies in North America and Asia that had been stealing immense stores of intellectual property and other sensitive data for years when it was discovered.

At that time, researchers estimated that Winnti — aka APT41, Wicked Panda, and Barium — so far had stolen hundreds of gigabytes of data, including trade secrets, blueprints, formulas, diagrams, and proprietary manufacturing documents, from more than 30 global organizations. They also harvested details about a target organization's network architecture, user accounts, credentials, customer data, and business units to leverage in future attacks.

The latest activity against Hong Kong organizations appears to be part of that broad campaign, which is likely to continue and ensnare more victims in its cyber-espionage web before it's over, researchers said. "The fact that this campaign has been ongoing for several years … indicates that the actors behind this activity are persistent and focused adversaries, with the ability to carry out stealthy operations on victim networks over a long period of time," they wrote.

**Unpacking a Trojan**

During the activity they observed Symantec researchers got a good look under the hood at Spyder Loader, which Winnti already had been spotted using as the initial payload in previous malicious activity.

Researchers at SonicWall were the first to discuss the malware publicly in March 2021, according to Symantec, which is part of Broadcom Software. At the time researchers identified the malware being used for targeted attacks on information storage systems to collect information about corrupted devices, execute mischievous payloads, coordinate script execution, and communicate with command and control systems, they said in their report.

The malware later was spotted being used in the Cuckoobees campaign and now again against Hong Kong organizations, with various variants being deployed this time around. All of them "displayed largely the same functionality" to load next-stage payloads and perform functions similar to those described by SonicWall, using obfuscation to hide malicious activity, the researchers said.

Winnti is believed to be working on behalf of, or with the support of, the Chinese government since at least 2010. Some security vendors have described Winnti as an umbrella group comprised of multiple threat actors operating under the control of China's state intelligence agencies.

In addition to Cuckoobees, Winnti also has been linked to attacks in 2010 on scores of US firms that included such heavy-hitters as Google and Yahoo. Its activity eventually led the US government to indict five members of the threat group, which in the end did little to stop its malicious activities.

**Technical Details**

Symantec researchers analyzed a sample of Spyder Loader compiled as a 64-bit PE DLL, a modified copy of sqlite3.dll with the addition of a malicious export, sqlite3\_prepare\_v4, which expects a string as its third argument, they said.

"Reportedly, whenever an export is executed by rundll32.exe, the third argument of the called export should contain part of the process command-line," researchers explained. "When this loader is executed, it extracts the file name from its third argument, and the referred file is expected to contain a sequence of records."

The malware executes a created wlbsctrl.dll file that likely acts as a next-stage loader that runs the content of a previously stored blob\_id 2 record — which it encrypts using the AES algorithm in Ciphertext Feedback (CFB) mode with segment\_size of 0x80 bits — from the created FileMapping, researchers explained. The encryption key is based on the name of an affected computer per GetComputerNameW() API, they said.

Spyder Loader also used other obfuscation techniques to prevent its activity from being analyzed, researchers said. In addition to AES encryption, the malware sample also used the ChaCha20 algorithm encryption to obfuscate one of the strings, as well as cleaned up created artifacts by overwriting the content of the dropped wlbsctrl.dll file before deleting it, for example, they said.

There are several similarities between the Spyder Loader activity seen in the Hong Kong campaign and its original functionality as described by Cybereason. They include: use of a modified version of sqlite3.dll; use of the third parameter of its malicious export that's consistent with the rundll32.exe command-line example seen in Cybereason’s research; and use of the CryptoPP C++ library.

In addition to Spyder Loader, credential-stealer Mimikatz and a Trojanized ZLib DLL were among the malware loaded onto victim machines, the researchers said.

The researchers included in their report a list of indicators of compromise for Spyder Loader in the post so enterprises can detect if their systems have been infected. They also encouraged organizations to stay up to date on the latest threats and malware in circulation that may require security updates by referring to Symantec's Protection Bulletins page.

China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs

The extension allows cloud security teams to protect their organization's infrastructure at the source and collaborate with developers.

**PARIS, Oct. 18, 2022** — GitGuardian, the enterprise-ready automated secrets detection and remediation platform, is expanding its capabilities to new security verticals. GitGuardian is now building a comprehensive platform to help development and security teams write, maintain, and run secure code anywhere.  

The everything-as-code movement GitGuardian is securing has taken multiple domains by storm and elevated code to the ranks of the most valuable asset an organization can own. Often overlooked in the inventories of organizations, security teams have just awakened to the need to secure, protect, and continuously monitor the software development lifecycle (SDLC) for risks like tampering, code leakage, hardcoded credentials, and more.  

GitGuardian's product suite already provides such capabilities, but the company is now looking to consolidate everything into one single platform:

*   Secrets detection and remediation; GitGuardian helps security and development teams reduce the risks of secrets exposure in the software development lifecycle.
*   Public GitHub monitoring; GitGuardian helps organizations secure their extended attack surface by monitoring GitHub for leaked secrets and sensitive data.
*   Source code leakage detection; GitGuardian continuously scans public GitHub to look for proprietary code leaked from private repositories.
*   SDLC intrusion detection; GitGuardian enables security teams to deploy canary tokens at scale in their DevOps environments and lure attackers into revealing themselves.  
    

This movement has also blurred the boundaries between Application Security and Cloud Security. With Infrastructure-as-Code (IaC), both the application and cloud infrastructure layers have collapsed onto one another in git-based Version Control Systems.  

While software-defined infrastructure has unlocked automated cloud resource deployment with more speed and consistency for engineering teams, it is still fraught with risks. Gartner expects that through 2023, at least 99% of cloud security failures will be the user's fault, mainly misconfigurations. Such errors propagate from code to cloud-native environments, exposing critical workloads and resources on the way.  

To help Cloud Security teams protect their organization's infrastructure at the source, GitGuardian is adding Infrastructure-as-Code scanning for security misconfigurations to its platform. And in the spirit of Shift Left security, the company is enabling this through its popular open-source command-line interface (CLI) for developers, ggshield.  

“With this initial release, developers and Site Reliability Engineers will be able to find and fix over 60 types of security misconfigurations in Terraform files — while they develop.” says Eric Fourrier, GitGuardian co-founder and CTO.  

GitGuardian’s initial focus in Infrastructure-as-Code security is Terraform and AWS. Still, it plans to enrich its Infrastructure-as-Code policies directory, support additional cloud services providers like Azure and Google Cloud Platform, and integrate scanning natively in developer workflows on GitHub, GitLab, or Bitbucket.  

In its ongoing efforts to build a code security platform for the DevOps generation, GitGuardian is also actively exploring opportunities in areas such as Static Application Security Testing (SAST) and Software Composition Analysis (SCA).

**About GitGuardian**

GitGuardian, founded in 2017 by Jérémy Thomas and Eric Fourrier, has rapidly emerged as the leader in automated secrets detection and is now focused on providing a comprehensive code security platform. The company has raised a $56M total investment from Eurazeo, Sapphire, Balderton, and notable tech entrepreneurs such as Scott Chacon, co-founder of GitHub, and Solomon Hykes, co-founder of Docker.  

GitGuardian Internal Monitoring helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.  

Widely adopted by developer communities, GitGuardian is used by over 200,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.  

GitGuardian Internal Monitoring is an automated secrets detection and remediation platform. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

Its detection engine is trained against over a billion public GitHub commits yearly. It covers 350+ types of secrets, such as API keys, database connection strings, private keys, certificates, and more.  

GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents quickly and thoroughly. Organizations can achieve higher incident closing rates and shorter fix times by pulling developers closer to the remediation process. Please visit the official website to learn more about GitGuardian Internal Monitoring, the enterprise-ready automated secrets detection, and remediation platform.

GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations

Organizations without the time or talent to patch may find patching-as-a-service to be a way to improve security.

Patching is a critical method to isolate risks and to ensure workflows are not interrupted due to allowing software to fall out of supportable versions.

The security risk resulting from unpatched vulnerabilities is substantial — Verizon's 2022 Data Breach Investigations report found around 70% of successful cyberattacks exploited known vulnerabilities with available patches.

Too often, however, IT teams must choose which urgent items get their attention, which creates a scenario where the urgent tasks get in the way of important tasks. By outsourcing patch management, also known as patching-as-a-service, organizations can shift the burden of ensuring that the patch process completes consistently to a third party.

**Control, Transparency Must Be Maintained**

Outsourcing patching can save an organization time and money. It can also lead to improved security. The outsource model provides security leaders with a verifiable service level agreement (SLA) to guarantee that the investment protects the organization.

"There are some challenges that come with outsourcing patching," cautions Darryl MacLeod, vCISO at Lares Consulting, an information security firm. "For example, an organization may lose some control over patch management, and the patch management process may not be as transparent as it would be if patch management was done in-house."

He adds that patching-as-a-service is probably most effective for small and midsized organizations that do not have the resources to patch in-house, but it can also be beneficial for organizations with complex patch management needs.

Data management and analytics company Aunalytics recently added a co-managed patching-as-a-service platform to its security solution suite. The company's vice president, Steven Burdick, points out the security challenges for every organization are evolving every day.

"Bad actors are knocking on any door they can find hopeful that you have not patched a workstation or key third-party application such as Acrobat Reader," he says. "Yet, despite your efforts to secure your environment by battening down the hatches, new, not yet discovered exploits continue to show up."

He argues that outsourcing security patching and antivirus/malware protection platforms allow organizations to invest the time of their team members in the areas where the business can get the best value.

"Assigning an FTE or part of an FTE to someone to manage patching and security platforms requires additional investments in time, travel, and training that do little more than prepare your IT staff for their next role in another company," he says.

**Paying a Third Party to Take Responsibility**

Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, explains that outsourcing patching to a patching-as-a-service vendor is a subset of outsourcing IT operations, in that an organization is shifting responsibility to a third party.

"There are a lot of reasons organizations outsource these tasks, though cost savings and not having to manage an internal IT department are two common reasons," he says.

Like MacLeod, he points out there are also challenges. For one, the organization has to rely on the efficiency and integrity of the vendor to take on mission-critical issues without the oversight that comes with in-house assets.

Parkin says a successful program will require accurate and robust asset management tools, so the vendor knows what's live in the client's environment.

"They'll need an included, or compatible, patch management function," he adds. "Ideally, they will have inputs from vulnerability scanners and a risk management platform to help them prioritize the most important patches."

**Patching Services Rely on Automation**

MacLeod predicts that as patch management becomes more complex, patching-as-a-service providers will likely offer more comprehensive solutions that include patch management software, patch repositories, patch deployment tools, and other services.

Patch management software automates the patching process; a patch repository stores and manages patches; and patch deployment tools are used to deploy patches to systems.

"Service providers will likely continue to expand their customer base by offering patching services to more types of organizations," he adds.

He points out that the patching-as-a-service market has been growing in recent years as more organizations outsource patch management.

"This growth is expected to continue as patching becomes an increasingly complex and time-consuming task," MacLeod says.

**Outsourcing Makes up for Scarce Human Resources**

Burdick says Aunalytics is seeing a lot of interest in the healthcare industry, professional services firms, and government, where IT talent is hard to attract and retain.

He adds that manufacturers are often early adopters of this type of solution because they recognize that they must constantly evolve to compete.

Paying for these services in an "as-a-service" model precludes organizations from having to pay for the training and travel costs of IT security team members, Burdick says, as well as the cost to replace and retrain staff when the company's internal resource leave.

"Businesses today do not struggle buying technology; it's the people to use the technology and to keep it running efficiently who are very hard to source in this economy," Burdick says.

Patching-as-a-Service Offers Benefits, Challenges

Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.

**Question: What is the difference between identity verification and authentication?**

**Shai Cohen, senior vice president of global fraud solutions, TransUnion:** As more services shift to a virtual format, consumers and organizations are threatened by more efficient and evolved forms of fraud. To confirm that a customer is who they say they are requires both identity verification and identity authentication.

These two terms are not synonymous or interchangeable, and the organizations that don't know the difference make themselves vulnerable to increased fraud losses. Treating a verified identity ("this identity exists") as authenticated or proofed ("this user is who they claim to be") makes an organization vulnerable to account takeover fraud and synthetic identities.

**Securing Account Creation and Use**

The combination of a name, address, phone number, and email on an online form can provide enough information for a company to verify a consumer's identity and establish a layer of trust when an account is first created. This information can be checked against multiple data sources, such as utilities or telephone carriers, to ensure the name matches the other qualifying data.

It's critical to note, however, that verifying that the identity exists does not prove it belongs to the person entering that information. Criminals can use illicitly obtained identifying information to apply for new accounts or benefits in victims' names. Some create synthetic identities where credentials have been fabricated and are not associated with a real person but can fool verification processes.

This type of identity theft has prompted a shift toward proofing or authentication practices. These approaches require significantly more rigor than simply verifying that an identity exists. Organizations work to confirm that the identifiers supplied to create a new account belong to the person entering the information — i.e., that the applicant is who they say they are. Some identity-proofing systems may request a selfie and government photo ID for a facial recognition match from new customers.

Authentication, on the other hand, is an ongoing identity-proofing process that both checks the identity of digital users and ensures the integrity of the devices they use. Two-factor authentication and one-time passcodes are both commonly used authentication methods that help grant account access to the right person in real time.

Note that security measures have to balance consumer needs. A 2021 study from the CMO Council reported that authentication frustration caused 61% of consumers to abandon a transaction, and TransUnion's 2022 "Global Digital Fraud Trends Report" showed that approximately two-thirds of consumers would switch companies for a better digital experience. Organizations should incorporate both identity verification and authentication processes so that they can ensure safe interactions and create a trusted virtual channel that keeps consumers coming back.

What Is the Difference Between Identity Verification and Authentication?

Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.

A new survey shows Generation Z and millennials, younger workers who have grown up as digital natives, are surprisingly more careless about their employer's cybersecurity than their senior Gen X and baby boomer colleagues. 

According to Ernst & Young LLP's 2022 Human Risk in Cybersecurity survey, although 83% of workers in the US report they understand their company's cybersecurity policies, younger Gen Z and millennial workers are less likely to comply with them. 

For instance, 48% of Gen Z and 39% of millennial employees confessed to being more cautious with their own devices compared to their work-issued devices; they also admitted to widely disregarding IT updates; reusing passwords for personal and professional accounts; and accepting browser cookies in far greater numbers than Gen X or baby boomer workers. 

"This research should be a wake-up call for security leaders, CEOs and boards because the vast majority of cyber incidents trace back to a single individual," Tapan Shah, EY Americas' consulting cybersecurity leader, said in a statement. "There is an immediate need for organizations to restructure their security strategy with human behavior at the core. Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then building proactive cybersecurity systems and a culture that educates, engages, and rewards everyone in the enterprise."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading