Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.

It's a well-known fact that humans are — and will remain — one of the weakest links in any company's cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email.

Results have been middling at best, as shown by the finding in Verizon's "2022 Data Breach Investigations Report" (DBIR) that the vast majority of breaches start with phishing and social engineering.

Kyle Tobener, vice president and head of security and IT at Copado, says that it doesn't have to be that way. Instead, businesses can take a page from the medical community and find a much more effective approach through the principle of harm reduction. That essentially means adopting a focus on minimizing or mitigating bad outcomes from bad behavior rather than attempting to eliminate bad behavior completely.

**How Harm Reduction Applies to Cybersecurity**

In a session next week at Black Hat USA entitled "Harm Reduction: A Framework for Effective & Compassionate Security Guidance," Tobener plans to discuss this fresh way of thinking about user behavior, education, and awareness when it comes to cyber threats.

"Harm reduction is a big topic in the healthcare space, but it hasn't really made its way into information security all that much," he tells Dark Reading, adding that as a cancer survivor and brother of someone who wrestled with substance addiction, he learned about harm reduction firsthand.

"Unfortunately, what we see is still mostly abstinence-based guidance in a lot of scenarios by security people," he says.

To illustrate the contrast between the two approaches, he uses the example of the attention-grabbing Super Bowl ad back in February from Coinbase, which featured a QR code bouncing around the screen, Pong-like.

"If you went to Twitter right after that, there were thousands of security people saying that you should never use a QR code if you don't know where that QR code's from," he says. "That guidance is not effective whatsoever. I'm sure millions of people have used a QR code, and if your focus is giving guidance that isn't practical or pragmatic, that people aren't going to follow, then it's going to be very ineffective and you're wasting an opportunity to educate those people in a way that's actually useful."

In a harm-reduction approach, the answer would have been to assume that people were going to click on such an intriguing item (and indeed, QR codes are so widespread in their use in general that asking people to never use them is a simple non-starter), and build a defensive strategy with that in mind.

"Educate them on what to look for once they do something like use a QR code," Tobener explains. "How do you know that the website you went to is a safe one? If you only tell people not to do something, and then they do it and they go to the website, and they're not prepared to look for red flags, they're going to be worse off than they would be."

**How to Deploy Harm Reduction**

In his Black Hat talk, Tobener plans to address the implementation of harm reduction in a cybersecurity context with a three-pronged approach, starting with fomenting acceptance that risk-taking behaviors are here to stay.

"I think this is a very pragmatic approach that a lot of security people aren't willing to take; they come with a mindset that risk can be eradicated, which is just not realistic," he notes. "Just like the war on drugs was not effective, Prohibition was not effective, and D.A.R.E. programs and 'scared straight' were actually shown to be more harmful than helpful in kids."

After gaining buy-in from security teams and powers that be on the impossibility of preventing risky actions, the next step is prioritizing the reduction of the negative consequences of those risky behaviors, and understanding which battles to fight when it comes to corporate security policies.

"For example, in an enterprise context, you might have an enterprise password manager that everyone is supposed to use," Tobener explains. "But there will be people who don't want to use the corporate-provided password manager because they're not familiar with it, and they want to use their own. Instead of making them stop what they're doing, consider whether using their own password manager is better than not using a password manager at all. In other words, are there bigger fish to fry?"

The third prong that he plans to cover in this Black Hat USA session is that of compassion.

"The final piece of the framework is kind of a weird one for cybersecurity, but it's really important in the harm reduction space: Embracing compassion while providing guidance," he says. "This one is probably the hardest concept for security people and even healthcare people to wrap their heads around, which is the idea of improving people's situations by being compassionate and supportive, even if you're supporting them in doing what you consider to be the wrong thing."

Just like social stigma makes people avoid drug treatment rather than accept it, the harsh attitude and conflict-fraught approach coming from some cybersecurity teams toward users is going to make people less likely to want to do the right thing, he explains. For instance, in the above shadow-IT password manager example, teams could send threatening emails to offenders or even get line managers involved; or, they could work out a compromise, offer ease-of-use training, and generally take a "we're with you not against you" tack when discussing the issue.

"By being supportive and compassionate, you show them that you accept them despite what they're doing, and that even though it's not perfect now, they have a chance to improve in the future," Tobener says. "Oftentimes, when you are compassionate with people, they will then educate themselves. And make better choices in the long run."

The session will look to give attendees practicable takeaways about becoming a more effective security practitione when it comes to managing users who aren't listening to you.

"I get really tired of seeing on Twitter people telling people 'do this or you deserve the consequences,'" Tobener says. "I'm trying to raise the security consciousness to a place where we stop telling people not to do things, and instead say, OK, you shouldn't do this, but if you do, here's how to do it more safely."

How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes

SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more.

A critical, pre-authenticated remote code execution (RCE) vulnerability has cropped up in the widely used line of DrayTek Vigor routers for smaller businesses. If it's exploited, researchers warn that it could allow complete device takeover, along with access to the broader network.

The bug (tracked as CVE-2022-32548) carries the highest vulnerability-severity score on the CVSS scale: 10 out of 10. This is no surprise given that not only is it an RCE that doesn't require authentication, but attackers could exploit it to compromise a device without social engineering or user interaction, according to a vulnerability disclosure out today from Trellix.

DrayTek routers are often used by small and midsize (SMBs) to provide VPN access to employees — an increasing need given the mass migration of workers to work-from-home situations since the pandemic started. They're widely deployed, including in the US, and throughout Asia and Europe, especially in the UK.

The zero-click attack is possible if the device's management interface is configured to be Internet-facing, according to Trellix (a Shodan search showed that about 200,000 routers have interfaces open to the Internet). But even if it's not, a one-click attack is also possible, which would require access to the LAN.

**Patch Now: SMBs in the Crosshairs**

So far, there are no signs of exploitation, but since the bug is now disclosed, that's likely to change, so administrators should apply their device-specific firmware updates immediately.

DrayTek routers are firmly in the sights of cybercriminals, with the US Cybersecurity and Infrastructure Security Agency (CISA) going so far as to issue a warning to that effect last June. In fact, DrayTek RCE bugs are among the most popular used by Chinese state-sponsored attackers, the agency noted, who are using them to go after SMBs in a trend that's been evident since 2020.

Lumen also published an advisory in June on ZuoRAT exploiting a bug in the Vigor 3900, an end-of-life device with a large installed base among small-office/home-office (SOHO) users.

It may seem counter-intuitive for advanced persistent threats (APTs) to be going after small fish, but Trellix points out that in 2020, the US Small Business Administration reported that there are 6 million small businesses with fewer than 500 employees in the country, compared with just 20,000 large businesses.

"While we may forget about this massive attack surface, our adversaries have not," the Trellix researchers note. "It is imperative to understand you are a target no matter the size or type of business. Data continues to demonstrate that not only is this space a target but often a more likely target. It is critical for SOHO and SMB users to understand their networks, stay update to date on all vendor patches and immediately report breaches to law enforcement."

Indeed, Barracuda Networks in March published a report that found that small businesses are three times more likely to be targeted by cybercriminals than their larger counterparts.

**Risky Outcomes: Full Device Compromise**

In the case of the new bug, an attack can lead to a host of game-changing outcomes for SMBs, according to the researchers — in some cases, company-ending outcomes.

These include the theft of sensitive data stored on the router, such as keys and administrative passwords that could be used to pivot further into the network to deliver ransomware or other malware. Espionage-minded attackers could also gain access to the internal resources located on the LAN that would normally require VPN access; launch man-in-the-middle (MitM) attacks to spy on DNS requests and other unencrypted traffic flowing from users through the router; and achieving packet capture of the data going through any port of the router. Other kinds of attacks include adding the device to a botnet for distributed denial-of-service (DDoS) or cryptomining purposes.

Even failed exploitation attempts can be problematic, according to Trellix, resulting in the device rebooting or a DoS condition that would lock out users from accessing company resources on the LAN.

**Under the Hood with CVE-2022-32548**

The RCE bug specifically affects the Vigor 3910 and 28 other DrayTek models sharing the same codebase (a list is included in the Trellix advisory). The researchers note that it stems from a buffer overflow in the login page for the devices' Web management interface (/cgi-bin/wlogin.cgi).

"An attacker may supply a carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page," according to the write-up. "This would cause the buffer overflow to trigger due to a logic bug in the size verification of these encoded strings."

As shown in a proof-of-concept (PoC) exploit video, attackers can then take over of the DrayOS operating system that implements the router functionalities.

"On devices that have an underlying Linux operating system (such as the Vigor 3910) it is then possible to pivot to the underlying operating system and establish a reliable foothold on the device and local network," the researchers explain. "Devices that are running the DrayOS as a bare-metal operating system will be harder to compromise as it requires that an attacker has better understanding of the DrayOS internals."

**How to Protect Against SMB/SOHO Router Attacks**

For businesses using DrayTek routers, protection from attack starts with patching and making sure the firmware is always up to date.

Beyond that, Trellix researchers recommend that admins should never expose the management interface to the Internet unless absolutely required; and if it is, they should implement two-factor authentication (2FA) and IP restrictions to minimize risk.

Once the patch is applied admins should also verify that port mirroring, DNS settings, authorized VPN access, and any other relevant settings have not been tampered with in the management interface. And they should change the password of the devices and revoke any secret stored on the router that may have been accessed prior to patching.

For those companies that can't patch right away, Trellix researchers say that monitoring for compromise should be a priority.

"Exploitation attempts can be detected by logging/alerting when a malformed base64 string is sent via a POST request to the /cgi-bin/wlogin.cgi end-point on the web management interface router," they note. "Base64 encoded strings are expected to be found in the aa and ab fields of the POST request. Malformed base64 strings indicative of an attack would have an abnormally high number of %3D padding. Any number over three should be considered suspicious."

Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.

An apparently school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories these days.

The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment.

The packages were named "requesys," "requesrs," and "requesr," which are all common typosquats of "requests" — a legitimate and widely used HTTP library for Python.

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the real "requests" package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them. 

One version of the requesys package contained the encryption and decryption code in plaintext Python. But a subsequent version contained a Base64-obfuscated executable that made analysis a little harder, according to Sonatype.

**An Absence of Malice?**

Developers who ended up with their system encrypted received a pop-up message instructing them to contact the author of the package — "b8ff" (aka "OHR" or Only Hope Remains) — on his Discord channel, for the decryption key. Victims were able to obtain the decryption key without having to make a payment for it, Sonatype says.

"And that makes this case more of a gray area rather than outright malicious activity," Sonatype concludes. Information on the hacker's Discord channel shows that at least 15 victims had installed and run the package.

Sonatype discovered the malware on July 28 and immediately reported it to PyPI's administrators, the company says. Two of the packages have since been removed and the hacker has renamed the requesys package, so developers no longer mistake it for a legitimate package.

"There are two takeaways here," says Ankita Lamba, senior security researcher, at Sonatype. "First, be cautious when typing out the names of popular libraries, as typosquatting is one of the most common attack methods for malware," she says.

Second and more broadly, developers should always be cautious about what they’re downloading and what packages they’re incorporating into their software builds. "Open source is both critical fuel for digital innovation and a ripe target for software supply chain attacks," Lamba says.

**Growing Number of Malicious Code in Repositories**

The incident is among a growing number of instances recently in which threat actors have planted malicious code in widely used software repositories, with the goal of getting developers to download and install it in their environments. 

Some of them — like the latest incident — have involved typosquatted packages, or malware with similar sounding names as legitimate software on public software repositories. In May, for instance, Sonatype found that some 300 developers had downloaded a malicious package for distributing Cobalt Strike called "Pymafka" from the PyPI registry, thinking it was "PyKafka," a legitimate and widely downloaded Kafka client. 

Also in May, Sonatype discovered another malicious package on PyPI called "karaspace," used for stealing system information, that had the same name as a legitimate Kafka project on GitHub.

In July, researchers at Kaspersky discovered four information-stealing packages in the Node Package Manager (npm) repository. The same month, ReversingLabs reported finding some two-dozen, heavily obfuscated npm modules for stealing data that had been downloaded more than 27,000 times. The vendor estimated the malicious packages were likely installed in hundreds — and likely even thousands — of mobile applications and websites.

Security researchers have pointed to the trend as heightening the need for organizations to pay closer attention to their software supply chains — especially when it comes to using open source software from public repositories such as PyPI, npm, and Maven Central.

**A "Fun" Research Project**

Following the latest discovery, researchers at Sonatype contacted the author of the malicious code and found him to be a self-described school-going hacker apparently intrigued by exploits and the ease of developing them.

Lamba says b8ff told Sonatype that the ransomware script was completely open source and part of a project that he had developed for fun.

"As they are a school-going 'learning developer,' this was meant to be a fun research project on ransomware exploits that could have easily gone much further astray," Lamba says. "The author went on to say that they were surprised to see how easy it was to create this exploit and how interesting it was."

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.

An attack that began on Aug. 2 has so far drained nearly $6 million in assets from almost 8,000 Solana wallets — specifically "hot" wallets that are always connected to the Internet. 

According to Elliptic Connect, the attackers have stolen SOL, a few nonfungible tokens (NFTs), and more than 300 Solana blockchain-based tokens. According to the Elliptic report, the bug that enabled the cryptocurrency attack appears to be in the wallet software rather than the Solana blockchain. 

Solana, in a series of tweets, confirmed that the breach also affected Slope and Phantom wallets, and it asked any affected customers to provide the compromised wallet address. 

"Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit," Solana said in a tweeted announcement of the crypto-wallet breach. "Wallets drained should be treated as compromised, and abandoned."

Users should disconnect their wallets from the Internet if they're configured to be always-connected.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cyberattackers Drain Nearly $6M From Solana Crypto Wallets

Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.

The recent Atlassian Confluence remote code execution bug is just the latest example of zero-day threats targeting critical vulnerabilities within major infrastructure providers. The specific threat, an Object-Graph Navigation Language (OGNL) injection, has been around for years but took on new significance given the scope of the Atlassian exploit. And OGNL attacks are on the rise.

Once bad actors find such a vulnerability, proof-of-concept exploits start knocking at the door, seeking unauthenticated access to create new admin accounts, execute remote commands, and take over servers. In the Atlassian case, Akamai's threat research team identified that the number of unique IP addresses attempting these exploits grew to more than 200 within just 24 hours.

Defending against these exploits becomes a race against time worthy of a 007 movie. The clock is ticking and you don't have much time to implement a patch and "defuse" the threat before it's too late. But first you need to know that an exploit is underway. That requires a proactive, multilayered approach to online security based on zero trust.

What do these layers look like? Consider the following practices that security teams — and their third-party Web application and infrastructure partners — should be aware of.

**Monitor Vulnerability Repositories**

Mass vulnerability scanning tools like Nuclei's community-based scanner or Metasploit penetration testing are popular tools for security teams. They are also popular among bad actors who are looking for proof-of-concept exploit code that will help them probe for cracks in the armor. Monitoring these repositories for new templates that may be designed to identify potential exploit targets is an important step to maintain awareness of potential threats and stay a step ahead of the black hats.

**Make the Most of Your WAF**

Some may point to Web application firewalls (WAFs) as ineffective against zero-day attacks, but they can still play a role in mitigating the threat. In addition to filtering traffic for known attacks, when a new vulnerability is identified, a WAF can be used to quickly implement a "virtual patch," creating a custom rule to prevent a zero-day exploit and give you some breathing room while you work to implement a permanent patch. There are some downsides to this as a long-term solution, potentially affecting performance as rules proliferate to counter new threats. But it's a capability worth having in your defensive arsenal.

**Monitor Client Reputation**

When analyzing attacks, including zero-day events, it's common to see them using many of the same compromised IPs — from open proxies to poorly protected IoT devices — to deliver their payloads. Having a client reputation defense that blocks suspicious traffic originating from these sources can provide one more layer of defense from zero-day attacks. Maintaining and updating a client reputation database is not a small task, but it can dramatically reduce the risk of an exploit gaining access.

**Control Your Traffic Rates**

IPs that are hammering you with traffic can be a tip-off to an attack. Filtering out those IPs is another way to reduce your attack surface. While smart attackers may distribute their exploits across many different IPs to avoid detection, rate control can help filter out attacks that don't go to such lengths.

**Watch Out For Bots**

Attackers use scripts, browser impersonators, and other subterfuges to mimic a real, live person logging in to a website. Implementing some form of automated bot defense that triggers when it detects anomalous request behavior can be extremely valuable in mitigating risk.

**Don't Overlook Outbound Activity**

A common scenario for attackers attempting remote code execution (RCE) penetration testing is to send a command to the target Web server to perform out-of-band signaling to make an outbound DNS call to a beaconing domain controlled by the attacker. If the server makes the call, bingo — they found a vulnerability. Monitoring outbound traffic from systems that shouldn't be generating that traffic is an often overlooked way to spot a threat. This can also help spot any anomalies that the WAF missed when the request came as incoming traffic.  

**Sequester Identified Attack Sessions**

Zero-day attacks are not usually a "one and done" proposition; you may be targeted repeatedly as part of an active attack session. Having a way to spot these repeat attacks and automatically sequester them not only reduces risk, but it can also provide an auditable log of the attack sessions. This "trap and trace" capability is really useful for forensic analysis.

**Contain the Blast Radius**

Multilayered defense is about minimizing risk. But you may not be able to completely eliminate the chance that a zero-day exploit can squeak through. In that case, having blocks to contain the threat is critical. Implementing some form of microsegmentation will help prevent lateral movement, disrupting the cyber kill chain, limiting the "blast radius," and mitigating the impact of an attack.  

There is no single magic formula for defending against zero-day attacks. But applying a range of defensive strategies and tactics in a coordinated (and, ideally, automated) way can help minimize your threat surface. Covering the bases outlined here can go a long way to strengthening your defenses and help minimize the fire drills that erode team morale.

Zero-Day Defense: Tips for Defusing the Threat

Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.

**Santa Clara, Calif. — August 2, 2022 —** ShiftLeft, a disruptor and innovator in the world of DevSecOps and NextGen SAST and SCA, today named Stuart McClure as CEO. With more than 30 years in security, vulnerabilities and prevention technology, McClure will leverage his experience to enable growth and expansion for the company while advancing AI/ML in the DevSecOps and application security market.

“I am honored to join ShiftLeft as CEO and build on the company’s stellar foundation of innovation and thought leadership around vulnerability detection and prevention in the continuous integration/continuous delivery (CI/CD) landscape,” stated Stuart McClure, CEO of ShiftLeft. “I have been waiting almost 30 years to shift the entire discussion left and take prevention to the root cause of cybersecurity vulnerabilities: source code. And with their recent $29M financing round ShiftLeft is set up for success.”

The ShiftLeft platform integrates with the CI/CD pipeline and developer community to quickly identify the known and unknown vulnerabilities that matter most to your organization. Cybersecurity threats begin with code, making them completely preventable if you identify and address them in real time, and before they become part of your product. ShiftLeft’s solution has been built from the ground up to solve the core of this problem and enables developers and application security teams to collaborate together to fix what matters most, quickly.

“As a board member, Stuart has been instrumental in promulgating the value ShiftLeft brings to the development and security community which will now go to scaling the business,” says Jay Leek, Managing Partner & Co-founder at SYN Ventures. “We are extremely grateful to Manish Gupta for building a tremendously valuable company and solution and look forward to where Stuart will take it.”

“Stuart’s background and command of the cyber landscape makes him the perfect leader for ShiftLeft’s next evolution,” says Manish Gupta, Founder and Former CEO who will continue as Advisor to ShiftLeft and the board.

“Stuart has long been among the very few that I would go into any foxhole with in the cybersecurity industry,” said Malcolm Harkins, former CISO of Intel and Cylance. “His experience in the world of prevention will apply extremely well to tackling the final place to take prevention, that of code.”

Prior to joining ShiftLeft, McClure led Cylance as its Founder and CEO and was acquired by Blackberry in 2019, driving a revolutionary new AI/ML-based approach to threat prevention, detection and response. Prior to Cylance, he was Global CTO for McAfee/Intel, Founder/President/CTO of Foundstone which sold to McAfee in 2004, and at Ernst & Young he was a founding team member of their cybersecurity practice. Finally, Stuart’s knowledge of how the attacker works is well known as the founding author of the world’s most popular cybersecurity franchise called _Hacking Exposed_ and later _Web Hacking_.

**About ShiftLeft**

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left. A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California.

ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO

The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.

**SANTA CLARA, Calif. ‒ Aug 3, 2022** ‒ Druva Inc. today introduced the industry’s most comprehensive data resiliency guarantee, and the only program backed by the reliability, security and availability of the Druva Data Resiliency Cloud. The Druva Data Resiliency Guarantee, made possible by Druva’s leading SaaS-based data protection solution and best-in-class service level agreements (SLAs), provides up to $10 million in coverage and guarantees the security, immutability and availability of customers’ data. In adopting the Druva Data Resiliency Cloud, customers can now gain even more confidence that they are protected against a wide variety of data loss and downtime events across five key risk categories: cyber, human, application, operation and environmental.

Cyber attacks and ransomware continue to pose a significant threat to business, however, organizations, and their critical data, face myriad challenges outside of these external threats. Insider threats and under-trained staff are a significant factor in cyber events, while the rising adoption of SaaS business tools increases the potential risk and impact of unplanned outages. Further, as the scope of global climate change continues to expand, business data will only become more susceptible to natural disasters. The Druva Data Resiliency Cloud offers robust coverage designed to meet today’s evolving business landscape; whether it’s providing high levels of uptime, protecting data from unauthorized user access, or ensuring continuous, successful backups readily available for recovery, Druva’s enterprise-grade SaaS platform offers an unmatched level of protection and peace of mind.

“Ransomware protection alone isn’t enough to satisfy the pressures, challenges and speed of modern businesses,” said Jaspreet Singh, Founder and CEO, Druva. “Protecting data from outside attackers should be table stakes at this point but most vendors are simply unable to make stronger commitments given the limitations of their business models. In contrast, our SaaS model offers complete control over the various technology functions and the ability for our team to manage the entire customer experience. Others might guarantee certain protections or performance but we have taken this a step further by expanding our terms, extending our coverage against all five risks with five SLAs, and clearly defining comprehensive coverage for customers - all backed by up to $10 million.”

**A Guarantee With Unmatched Breadth and Depth**

The Druva Data Resiliency Guarantee is an expansion of the company’s existing limitations of liability and provides up to $10 million in coverage, enabling qualifying customers to protect against a wide variety of data loss and downtime events across five categories of risk, made possible by best-in-class SLAs:

1\. 100% Confidentiality SLA to guarantee customer data stored in backups will not be compromised (i.e. malicious and unauthorized access) as a result of a security incident

2\. 100% Immutability SLA to guarantee backups will not be deleted, encrypted, or otherwise changed as a result of a cyber attack

3\. 3. 99% Reliability SLA guaranteeing successful backup services

4\. 99.999% Durability SLA to ensure successful backups will be recoverable

5\. Up to 99.5% Availability SLA to maximize uptime

“There’s little doubt of the role data protection can play in strengthening business continuity, but enterprises are currently focusing a majority of their resources minimizing the risks of ransomware and cyber attacks specifically,” said Phil Goodwin, Research Vice President, IDC. “Druva is aiming to offer protection against five key risk categories, and guarantee it behind their cloud-native architecture, which presents organizations a very interesting offer to consider.”

The Druva Data Resiliency Cloud is a cloud-native, SaaS-based platform for unified data security, protection, and recovery. Because it is a cloud-native solution managed and maintained by Druva, the company has complete control over the various technology components that deliver customer services. By contrast, other organizations that rely on customers to manage their solutions (on-premises or cloud-based) have limited control and visibility limited to the control and visibility, and thus can only provide limited guarantees.

**Powering the Next Generation of Data Resiliency for Partners and Customers**

BuildGroup is a San Francisco-based general contracting company that takes on all aspects of construction from structural design and foundations to interiors and finish work.

“After conducting an extensive evaluation of data protection solutions, we had no doubt Druva was the best of breed and the right technology for our growing team,” said Adam Kailian, IT Manager, BuildGroup. “In addition to proven TCO savings and the only mature SaaS delivery model, Druva has put an exceptional system in place that ensures our data isn’t just protected from cyber attackers, it’s resilient from almost anything that might come our way. The Druva Data Resiliency Guarantee gives us the peace of mind that no one else could.”

Softcat is a leading provider of IT infrastructure to corporate and public sectors based in the UK, supporting thousands of customers with more than 200 partners and vendors.

“Business continuity and data resilience are crucial to all our customers, a reality that has been highlighted by the recent surge in malicious activity and the subsequent examples of ransomware attacks” said Tim Jeans, Solutions Sales Director, Softcat. “There are a number of factors to take into account in mitigating the associated risks and a solution capable of providing holistic protection, let alone guaranteeing it, like the Druva Data Resiliency Cloud, will put our customers in an outstanding position to protect their businesses.”

For more information on program terms, conditions and eligibility, visit the Druva Data Resiliency Guarantee webpage here.

**Additional Information**

**Blog:** Read more details about today’s announcement and Druva’s comprehensive guarantee

**Video:** Learn more about the new Druva Data Resiliency Guarantee

**LinkedIn Live:** Join us on August 11 for a special broadcast about today’s varied data risks, the five pillars of data resiliency, and Druva’s $10 million guarantee

**About Druva**

Druva enables cyber, data and operational resilience for every organization with the Data Resiliency Cloud, the industry’s first and only at-scale SaaS solution. Customers can radically simplify data protection, streamline data governance, and gain data visibility and insights as they accelerate cloud adoption. Druva pioneered a SaaS-based approach to eliminate complex infrastructure and related management costs, and deliver data resilience via a single platform spanning multiple geographies and clouds. Druva is trusted by thousands of enterprises, including 60 of the Fortune 500 to make data more resilient and accelerate their journey to cloud. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.

Druva Introduces the Data Resiliency Guarantee of up to $10 Million

Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIA’s Project Agora; invites broad industry participation in the effort to fight for tech talent.

CHICAGO, August 3, 2022 – CompTIA, the nonprofit association for the information technology (IT) industry and workforce, is undertaking an expansive effort to create the most resource-rich source of information and support for anyone interested in starting, staying and succeeding in a career in technology.

CompTIA President and CEO Todd Thibodeaux revealed the association’s Project Agora during his state of the industry remarks at ChannelCon 2022.

“The goal of Project Agora is to create the most respected place to start, build and supercharge your tech career,” he said. “With amazing resources and broad support from our members, partners and industry Project Agora will help people find success in the tech workforce.”

The labor market is in a period of unprecedented transition, characterized in large part by the volume of frictional unemployment as individuals search for, or transition from one job to another. One in four US workers were actively seeking a new job or pursuing other career options during Q2 2022, CompTIA research reveals. While tech is among the top five industries job seekers were considering, it ranked behind several other sectors, including sales, real estate, healthcare, hospitality and finance. A lack of confidence in technical skills, concerns about the cost and the time it will take to learn those skills and perceptions about the tech industry culture are factors that contribute to reluctance to consider tech as a career option.

“Our challenge is to convert more career intent people to tech intent,” Thibodeaux said. “We need to tell better stories, more consistently, about how truly great it is to work in tech. The way we get the talent we need is by fighting for it.”

Project Agora will help in that effort, first by enabling individuals to explore in great depth tech jobs and careers. CompTIA has identified 30 different job roles covering 90% of tech employment. The next step is creating resources to engage users and convert them from career intent to tech intent. Thibodeaux issued a call to action for the industry to get involved in this effort to build the best, most comprehensive collection of tech career resources available anywhere.

“Confidence gaps, career transition gaps and reskilling gaps are not insurmountable barriers but rather opportunities to chart a new course for individuals and the companies that employ them,” Thibodeaux concluded. “Project Agora is all about unlocking potential, for the industry, and for millions of people we want and need working in it.”

Organizations interested in getting involved in Project Agora can contact CompTIA at \[email protected\]  

**_About CompTIA_**  
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. https://www.comptia.org/.

CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career

Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.

SANTA CLARA, Calif., Aug. 2, 2022 /PRNewswire/ -- Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced it has acquired Infiot, a pioneer in enabling secure, reliable access with zero trust security, network and application optimization, and AI-driven operations.

As Netskope Borderless WAN, the addition of Infiot's revolutionary technology will enable Netskope customers to apply uniform security and quality of experience (QoE) policies to the widest range of hybrid work needs, from employees at home or on-the-go, to branch offices, ad-hoc point-of-sale systems, and multi-cloud environments. For customers, all of these capabilities are delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations, preserves network performance, and ensures SASE success.

**The Benefits of SASE**

Businesses and governments are rapidly adopting SASE to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and return-on-investment from their technology. Netskope is a widely acknowledged leader in SSE, which describes the security services needed for a successful SASE architecture.

Relevant to SASE growth, Gartner® notes:

· "By 2024, 80% of SD-WAN deployments will incorporate SSE requirements, up from less than 25% in 2022"\[1\]

· "By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor's SSE platform"\[2\]

Despite SASE's popularity, however, confusing vendor messaging often accompanies piecemeal product sets that are spuriously marketed as "SASE." Most of these products are not natively integrated, nor able to simplify technology environments, and lack critical network and infrastructure transformation capabilities—all of which risk higher levels of security incidents, network downtime, and poor ROI.

Netskope Borderless WAN combines with Netskope Intelligent SSE in a fully converged SASE platform, uniquely addressing these challenges.

**Borderless WAN Unlocks Full SASE Potential**

Founded in 2018 by veterans of the SD-WAN market, Infiot was one of only four vendors recognized in the 2021 Gartner "Cool Vendors™ in Cloud Networking"\[3\] report, was twice named to The Futuriom Top 40\[4\], and has been successfully deployed by customers in healthcare, retail, education, energy, manufacturing, telecommunications, and other industries.

Infiot technology leverages a cloud-based, zero-touch deployment and provisioning model with multiple physical and virtual appliance form factors. The solution includes built-in routing, a transport-agnostic approach that supports both wired and wireless networking, app-aware QoE enforcement combined with policy-based traffic steering, and other integrated network security functions critical for deployment at the edge. For customers, all of this capability is delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations for thinly-stretched networking and infrastructure teams.

As the foundation of the new Netskope Borderless WAN solution, Infiot technology will allow customers to embrace modern, cloud-first networking by leveraging Netskope SASE Gateways, creating secure, optimized connections between any enterprise location, including site-to-site, or the cloud. Netskope SASE Gateways also enable end-to-end optimization for improved app performance, provide increased network resilience through real-time link monitoring and dynamic path selection, and offer identity and per-app access policies to apply zero trust principles to the network.

Netskope Borderless WAN critical use cases include:

· Easy access to industry-leading Netskope Intelligent SSE services powered by world-class Netskope NewEdge infrastructure

· All-in-one intelligent access, routing, wireless WAN, network security, app assurance, and edge compute as an effective way to modernize, simplify and implement SASE architecture

· The ability to offload MPLS and eliminate costs by sending more traffic direct-to-net, eliminate backhauling and leverage fixed/mobile connectivity options (such as 4G/5G)

· Better guaranteed WAN connectivity to ensure end-to-end performance, from the "last mile" to the cloud or legacy data center

· Simplified operational overhead associated with running custom third-party applications

**Quotes**

"Today, leaders across IT, security, and networking and the world's best-known analyst firms agree that the explosion of data and devices, along with the numerous ways that people connect, communicate, and collaborate, make the transformation of both networking and security a critical imperative for businesses and governments. It is in this transformation where Netskope is uniquely positioned to help customers with a fully converged SASE platform," said Sanjay Beri, Netskope CEO. "We're very excited to introduce Borderless WAN, and to welcome Infiot to our growing team."

"Today, many-to-many secure optimized connectivity is required to address any user, device, and location, in combination with a zero trust approach that integrates seamlessly with Security Service Edge," said Parag Thakore, Infiot CEO. "Netskope Intelligent SSE is the industry's leading SSE, and the combination of Infiot and Netskope will deliver on the promise of SASE like no other technology vendor can."

"As we continue to transform our patient care experience, we are excited to partner with Netskope,'' said Rick Lacy, Senior Enterprise Network Engineer, CHRISTUS Health. "Netskope Borderless WAN provides adaptive, identity-aware precision access for our medical workers to deliver care from the comfort of their homes, without compromising experience, all at a significantly lower cost to our business. In the future we see many applications for Netskope, including our medical IoT deployments."

"Netskope Borderless WAN is a new mindset. It's a new way of thinking about how our users access our domain and critical applications," said Robert Boopsingh, CIO, The Beacon Insurance Company. "For us, it will replace VPN for our employees and branch offices across our seven countries. We have implemented a zero trust model while delivering superior network access with this modern, secure, cloud-first implementation."

"This is a great move," said Frank Dickson, Group Vice President, Security & Trust, IDC. "What Netskope will now be able to offer, thanks to its compelling security platform and Infiot's technology, is fully secure hybrid-work in-a-box, solving for both networking challenges and security challenges at the same time. It's a self-provisioning network, with security that's automatic. That's not just an abstract framework or a good idea, it's a specific set of benefits and use cases for businesses."

In addition to offering Borderless WAN capabilities, Netskope integrates with key SD-WAN partners, ensuring customers benefit from Netskope Intelligent SSE in mixed environments while maintaining flexibility and choice in vendor partners.

Financial terms of the acquisition are undisclosed. Parag Thakore and the Infiot product team now comprise Netskope's Borderless WAN group, and Infiot's sales team has joined Netskope's sales organization.

Read the Netskope blog for more on today's acquisition news. Visit Netskope.com for more on Borderless WAN and the Netskope SASE platform.

**Gartner Disclaimer**

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER and COOL VENDORS are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

**About Netskope**

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

\[1\] Gartner, "How to Align SD-WAN Projects With SASE Initiatives," Bjarne Munch, Lisa Pierce, Craig Lawson, 18 April 2022

\[2\] Gartner, "Gartner Predicts 2022: Consolidated Security Platforms Are the Future," Charlie Winckless, Joerg Fritsch, Peter Firstbrook, Neil MacDonald, Brian Lowans, 1 December 2021

\[3\] Gartner "Cool Vendors in Cloud Networking," Andrew Lerner, Arun Chandrasekaran, Jonathan Forest, Joe Skorupa, 16 April 2021

\[4\] Futuriom, The 2022 Futuriom 40, R. Scott Raynovich, January 31, 2022

Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

Rising interest in chess may feed the next generation of cybersecurity experts.

The world of cybersecurity is not so different than a high-stakes chess game. In chess as in cybersecurity, players must outsmart their opponents, capitalize on their weaknesses in a timely and strategic manner, and think numerous steps ahead. As the need for cybersecurity grows in our increasingly digitized world, these skills will become more and more in demand.

With interest in chess booming, here are five ways in which strategic chess play can inspire the next generation of cybersecurity experts.

**1\. Understand Weaknesses**

Chess, unlike its board, isn't just black and white. The best chess players must have mastery over tactics, strategy, openings, endgames, and more. Players must memorize key moves and predictable patterns while solving chess puzzles to hone their ability to adapt to near-infinite scenarios. Each skill must be finetuned on its own before being combined into a sum greater than its parts, and no one player is perfect in every regard.

Similarly, there is also no such thing as 100% cybersecure. There’s a famous saying in the cybersecurity industry: "You can’t protect what you can’t see." As in chess, cybersecurity experts must steep themselves in what is visible – assets, vulnerabilities, threats, patterns of past attacks, and so on – to prepare for what is not _yet_ visible. Knowing that your own king is protected is as important as knowing when your opponent's king isn’t.

**2\. Get into the Minds of Opponents**

In chess, each turn is a complex effort to estimate what an opponent will do next and then determine how to respond to that estimated move, how the opponent will respond to the response, and so on. The very same principle is key to a good cybersecurity strategy. Getting insight into the opponent's mindset by studying past moves is key to intuiting future ones.

Using adversarial techniques, red teams, and vulnerability research, cybersecurity experts also attempt to find their own weaknesses. Sometimes a single weakness in security posture will be enough for an adversary to exploit the entire network – a dangerous gambit. The goal is to always stay ahead by knowing those weaknesses better (and sooner) than bad actors do. The adage "know thyself" is imperative – in cybersecurity, in chess, and in life.

**3\. Have a Plan — Any Plan**

"A bad plan is better than no plan." This quote from former World Chess Championship competitor Mikhail Chigorin should guide every chess player. Moving pieces without a clear guiding strategy makes it difficult to evaluate the situation and make required changes when needed. If you're making moves on the fly, you've already lost.

The cybersecurity world is noisier and filled with even more unknowable possibilities than a chess game. Thus, it is critical to ensure that every security decision an organization makes is part of a thoughtful, comprehensive long-term strategy, built around concrete objectives. Incident planning, for example, is a good way to ensure that once an incident occurs and panic likely ensues, the right controls and processes will already be in place.

**4\. Keep Time on Your Side**

Time is a key element in chess. If you don’t organize your pieces fast enough, your opponent will get an advantage. If you play too slow, you'll be pressured later to make suboptimal decisions.

As a cyber defender, the growing number of increasingly sophisticated threat actors forces you to outsmart an unpredictable opponent faster than they outsmart you. And the playing field isn't just an eight-by-eight checkered board right in front of you. In the cybersecurity game, opponents ceaselessly attempt to exploit your systems, and they do so along myriad invisible, global digital connections.

Be timely, or be hacked.

**5\. Automate … Everything**

The advent of computers has changed chess dramatically. When the Deep Blue computer beat World Champion Garry Kasparov in 1997, chess programs became a must-have for every professional player. These programs enable players to analyze games and prepare for matches while allowing them to focus on creativity and strengthen weaknesses in a controlled environment.

For cybersecurity, the use of automation whenever possible is key to staying ahead of the meteoric rise in the number of devices and types of connectivity; it is simply impossible for the human brain to keep track of so much at once. Having the right automated cybersecurity tools will allow security staff to focus on the most important challenges, without leaving basic security functions unaddressed.

**Endgame**

The Internet has made it easier than ever for anyone to learn and play chess. This is beneficial for an increasingly online generation, challenging young minds in new ways and potentially positioning them as the cybersecurity experts of the future.

Source

DARKReading