Enterprise cybersecurity awareness training has evolved to include informal lessons for employees' family members, and it has many benefits.

When I’ve talked to cybersecurity awareness training vendors about changes brought on by the pandemic — and further changes brought on by its reduction and end — I've been surprised by how few changes they've discussed.

One change, though, has been talked about by many of the players in the market, and it's one that I didn't anticipate: There's been a change in who they've been asked to train.

As employees flowed out of offices and into work-from-home (WFH) situations, cybersecurity professionals quickly realized that home networks and everyone who used them were suddenly part of the corporate infrastructure. If little Johnny visits the wrong website or grandma clicks on a phishing email, the ramifications could not only harm the household but also the companies of those WFH users.

Different organizations tried different ways to keep the ongoing WFH security risk from becoming a massive security disaster, and many of those ways involved training the employees' family members to be more responsible, security-aware computer users.

For vendors providing cybersecurity awareness training, this new training tended to require teaching those who might not have had previous awareness training the basics of phishing behaviors, malicious links on websites, ransomware, and even mobile threats like smishing and vishing. Omdia's research on how these efforts have affected enterprise security is ongoing, but we have not seen massive increases in corporate security failures over the last two years, so they certainly couldn't have hurt.

**What Are the Benefits of Cybersecurity Awareness Training?**

Beyond the benign impact, there are important long-term benefits to cybersecurity awareness training that extend to employees' family members. The benefits fall, broadly, into short-term and long-term groups.

In the short term, it's unlikely that businesses are going to go back to the simple "everyone comes to the office everyday" model that existed three years ago. More employees will be doing more work at home, at least some of the time, so the home network must now be considered part of the enterprise infrastructure from a cybersecurity standpoint.

While some organizations are installing company-controlled home routers and firewalls on employee networks, those devices aren't magic bullets; there are plenty of cybersecurity threats they won't stop. The users who share physical (and network) space with the employee can have an impact on enterprise security, so those users should receive at least some cybersecurity awareness training.

Once trained, family members will not only be less likely to fall victim to cyberattacks, but they can also become valuable early warning sensors for malicious campaigns. In addition, family members might well become important behavior-reinforcing agents for good cybersecurity hygiene for the employee. Every parent knows that there's often nothing that a little child treasures more than the opportunity to point out poor behavior on the parent's part.

Over the long term, it is unquestionably true that no organization lives as a cybersecurity island. Each is part of a global community of email, messaging, and Internet users. Making the community safer overall makes the individual organization safer by association. As the cyber hygiene of the total community improves, the risk posture of the individual organization cannot help but improve.

In addition, the family members of today are the potential employees of tomorrow. Imagine how much more effective your cybersecurity awareness training could be if employees came to the table with a better baseline understanding of risks and responses.

It is true that there is no guideline or regulation that states a company's cybersecurity program must include teaching good cyber hygiene to employees' family members. However, in the shifting business understanding of 2022, teaching those family members about cybersecurity could be an investment that pays off for years to come.

Enterprise Security Around the Dinner Table

Brands should be vigilant to ensure sites and listings promoting NFTs for sale are legitimate and not being used as an instrument by fraudsters to swindle customers.

Brands should be vigilant to ensure sites and listings promoting NFTs for sale are legitimate and not being used as an instrument by fraudsters to swindle customers.

Source: Cor Laffra via Alamy Stock Photo

Life seems to move exponentially faster with each passing month. And while many recent innovations serve to illustrate that point, few match the nonfungible token (NFT) for the breathtaking speed with which it went mainstream. 

The global market for NFTs has grown to over $40 billion in 2021 and attracted stars like Tom Brady and big brands like Coca-Cola and Nike. Meanwhile, many consumers are still trying to figure out what NFTs are and why they even exist.

Cybersecurity always lags behind the digital innovations it's designed to protect – and therein lies the problem. The faster technology innovation becomes, the bigger the window of opportunity for cybercriminals to swoop in and exploit the vulnerabilities. Brands are destroyed, CEOs fired, customer identities swiped and sold on the Dark Web, bank accounts raided, and credit destroyed. With NFTs, we're in that window now and we're seeing seven primary ways that cybercriminals are exploiting the situation.

1.  **Celebrity/brand impersonation:** A scammer sets up a social media group or website using the name of a brand or celebrity. They then sell fake or nonexistent NFTs to people or use a fake NFT as a lure to swipe someone’s credentials.
2.  **Counterfeit NFTs:** Just like counterfeit currencies, a brand's NFTs can be reproduced without its knowledge or consent and then traded online. In some cases, artists and brands have discovered thousands of fake reproductions of their property in online marketplaces. Some marketplaces have developed tools to spot fakes, but it’s still a tangled mess of copyright issues given all the visuals, music, and logos involved.
3.  **Unprotected marketplaces**: Putting aside the irony of relying on centralized players like marketplaces to execute decentralized transactions, these third parties can also introduce significant risk. In the short span that NFTs have existed, more than 200 marketplaces have sprung up, and many lack the security needed to handle the impressive ingenuity of the attackers. In one scam, attackers targeted NFT marketplace users lacking two-factor authentication and used smart contracts to transfer ownership to their accounts.
4.  **Fake platforms:** There are so many NFT marketplaces that it’s relatively easy for cybercriminals to build new ones, hide in plain sight, and sell fake NFTs. Another tactic in this category is to create identical replicas of existing NFT marketplaces and use social media or email to lure people in.
5.  **Untraceable payments:** Because of the nature of cryptocurrencies, payments are very difficult to follow. The problem with untraceable transactions, in addition to circumventing taxes, is that they can be used for illegal activities – a vulnerability that cybercriminals exploit. By the time a company, artist, or celebrity realizes that something is amiss, the money is safely in the cybercriminal's bank account. It’s nearly impossible to trace and even harder to reverse.
6.  **Cryptocurrency scams:** Cryptocurrency, predominantly Ethereum, is the key payment method used in NFT transactions, and cryptocurrency scams are incredibly common. This is especially the case around highly anticipated NFT releases that generate a lot of buzz. In the inevitable buying frenzy, scammers create scam-minting sites that request users' private wallet keys. When customers, often the most fervently loyal and valuable, fall victim to these scams, they may sour on the brand.
7.  **Text or email scams:** A cybercriminal sends a malicious email notifying a person of "suspicious behavior" on one of their accounts. As that person logs in and enters their credentials, they are asked for their private wallet keys or 12-word security seed phrases. The scammers then use those credentials to hack into the user’s digital wallet and deplete all of the crypto and NFTs stored therein.

**How Should Companies View NFTs Today?**

NFTs represent a great opportunity for brands to build lasting loyalty with their customers. Some experts even predict they will become the central digital touchpoint between brands and their consumers. The possibilities are exciting and perhaps by then, NFTs will be mostly safe. But in this chaotic, early window where vulnerabilities are everywhere, they do pose serious risks.  

Companies, as well as executives, would be wise to allocate resources to monitoring and mitigating these types of threats. Employees that handle digital assets should also be trained on how to avoid phishing attacks that target them specifically.

Someday, it will be safer to play with NFTs, but until then, we're living in the Wild West. Brands should be vigilant to ensure sites and listings promoting NFTs for sale are legitimate and not being used as an instrument by fraudsters to swindle customers out of money.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

7 NFT Scams That Could Be Targeting Your Brand

By using artificial intelligence to predict how an attacker would carry out their attack, we can deploy defenses and preemptively shut down vulnerable entry points.

Security teams can't protect what they don't know about. But it is not enough to just understand what they have within their organizations' environment. Defenders also need to put themselves in an adversary's shoes to understand which systems are likely to be targeted and how the attack would be carried out. Technologies such as attack surface management and attack path modeling make it possible for security teams to gain visibility into which assets adversaries can see and how they might gain access.

With attack surface management, organizations are continuously discovering, classifying, and monitoring the IT infrastructure. Unlike asset management, which looks for everything the organization has, attack surface management looks at the IT infrastructure from outside of the organization to determine what is exposed and accessible. Since new assets are always being created and cloud infrastructure can be spun up dynamically, this inventory needs to be updated continuously or the organization will have gaps in its knowledge of all the potential entry points, says Pieter Jansen, CEO of Cybersprint, which was acquired by Darktrace in February for $52.3 million (€47.5 million).

Cybersprint's attack surface management platform gives customers their own "hacker's lens" that they can use to determine where an attacker could strike next, Jansen says. Attack surface management goes beyond tracking Internet-accessible systems by considering how the assets are configured, what security controls are in place, and how the various tools and devices are connected.

Someone creating new infrastructure components within the DevOps environment may think they are working within the test environment, but an attacker doesn't care whether it is in testing or production. "It's an ideal way of getting in \[to the organization's environment\] early and to move to production systems," Jansen says.

Darktrace acquired Cybersprint for its external view of the organization's environment, says Jack Stockdale, CTO of Darktrace. Darktrace's artificial intelligence (AI) technology develops a comprehensive view of the organization's infrastructure, but it is an internal view, he says. Darktrace can see what the organization has within the IT environment — the network, email, cloud assets, and endpoints — as well as OT. Bringing Cybersprint's external view into Darktrace's platform makes it possible to find more threats earlier.

"It's essential to put all those different areas into one platform" instead of maintaining individual silos of information, Stockdale says. "Trying to infer what's happening and stop attacks by looking at individual silos — we truly believe that is not the way to go."

**A Shift to Proactive AI**

Up until now, Darktrace's self-learning AI technology has focused on detection and response, which means it is reactive, Stockdale notes. "Essentially, \[the AI\] sits there and waits for a problem," he says. Teaching the AI about the attacker shifts the balance, since the AI now doesn't have to wait for an attack to do something about the organization's security.

This is where attack path modeling comes in.

Security teams are beginning to think about attack path analysis. For the past few years, Verizon's "Data Breach Investigations Report" (DBIR) has devoted a section to analyzing attack paths. Understanding the paths adversaries are likely to take helps security teams identify places they can add more controls or tools to stop the attack.

"Our job as defenders is to lengthen that attack path. Attackers tend to avoid longer attack chains because every additional step is a chance for the defender to prevent, detect, respond to, and recover from the breach," Verizon's researchers wrote.

Attack path modeling uses the existing view of the environment to determine the most likely and most effective paths attackers would take through the organization, Stockdale says. After identifying the key assets and people, as well as the organization's crown jewels, it is possible to use both the internal and external views to identify the likely path the attacker would follow to reach the crown jewels. After analyzing the path, it is possible to run a simulation to see what would happen in the case of an incident.

"What happens if ransomware was detected on a particular laptop or a particular type of compromise started in a particular environment? How will the attacker most likely move through \[the\] organization to cause the damage or to reach the crown jewels or to sell information?" he asks.

Attack path modeling is more than a red team exercise of a penetration test, Jansen notes, because it allows security teams to identify the most likely steps an attacker would take in order to compromise the organization. AI shines here because it is capable of going down every path and seeing every permutation of possible attacker scenarios. Human teams, in contrast, would be able to run only a limited number of exercises.

Once they can see all the potential entry points, security teams can start testing defenses along those particular paths and determine whether additional resources are necessary. Perhaps they discover four or five most likely routes an attacker could take from a compromised email account or system login. At this point, the team can deploy additional controls or defenses to make those paths unfeasible for the attacker.

**Adding 'Prevent' to the Cybersecurity Loop**

Darktrace's Cyber AI Research Centre has been working on ways to apply AI to attack path modeling for almost two years, Stockdale says. The research is now being incorporated into Darktrace's new product family, Darktrace Prevent, which will be generally available by the summer.

"We're now taking \[attack path modeling\] out of the research center and building it into our next set of products that will go to our customers," he says. Several customers in the early adopter program already have the new technology in their production environments.

Darktrace views security as a continuous loop where the AI learns about the organization, identifies potential attack paths, and feeds those outcomes to detect and respond to harden the environment, Stockdale says. Eventually, the plan is for AI to learn to heal from the damage caused by attacks, as well.

"When we talk to our customers, we tend to look at the areas where human beings are doing lots of repetitive work, or challenging work, that we think AI is a perfect fit for," Stockdale says. There are areas where AI can help make these teams more efficient or allow companies that don't have the resources to hire human teams to add security capabilities.

"Our vision moving forward is to be much more proactive," Stockdale says.

Harnessing AI to Proactively Thwart Threats

Edge-based solution detects and blocks malicious files uploaded to Web apps and APIs.

CAMBRIDGE, Mass., June 6, 2022 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today unveiled Malware Protection, which shields web applications and APIs from malicious uploads. The solution expands Akamai's web application and API protection (WAAP), detecting and blocking malware at the edge, preventing it from reaching targeted systems where it can detonate and spread.

Malware Protection addresses the growing problem of malware embedded in files uploaded to web applications such as travel & hospitality, financial sites, customer portals and content management systems. The solution provides a modern approach to protection, inspecting files uploaded to applications and APIs on the Akamai Intelligent Edge network, detecting and blocking malware at the edge.

Because the malware scanning engine is hosted completely on the Akamai Intelligent Edge, there is nothing for customers to install and no changes in application code are required. This makes it easier to deploy and maintain than alternative approaches, such as Internet Content Adaptation Protocol (ICAP)-integrated solutions. Because malware is blocked at the edge, Malware Protection also provides a better security outcome, isolating threats from targeted origins.

"Business processes across a variety of industries have shifted to web applications and users are uploading far more files than before," said Patrick Sullivan, CTO, Security Strategy for Akamai. "With Malware Protection, Akamai is helping customers to easily reduce risk resulting from files uploaded via Web Apps right at the Edge.. This addresses a growing concern among Akamai customers and provides added assurance that their online assets are protected."

**About Akamai**

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world's most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Akamai Launches New Malware Protection for Uploaded Files

A coalition of over 25 industry leaders, led by NightDragon and non-profit NextGen Cyber Talent, partner to raise $1 million for collegiate cybersecurity education

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- NightDragon, an investment and advisory firm focused on the cybersecurity, safety, security, and privacy industries, and NextGen Cyber Talent, a nonprofit organization dedicated to increasing diversity and inclusion in the cybersecurity industry through education and career opportunities for underserved and underrepresented students, today announced the launch of the Coalition to Close the Cybersecurity Talent Gap ("Coalition"), a campaign to raise $1 million to help fund one year of community college courses for Bay Area students pursuing careers in cybersecurity.

The Coalition is composed of more than 25 industry-leading cybersecurity and technology leaders that are passionate about cultivating the next generation of cybersecurity talent and committed to closing the cybersecurity skills gap. Driven to make a difference in the lives of students and their local communities, at launch, the Coalition has raised more than $300,000 of the $1 million needed to fund the cybersecurity education initiative for Bay Area students.

Through leveraging its vast network, NightDragon led the formation of the coalition including NightDragon portfolio companies, go-to-market and investment partners. Founding members for the initial cohort include: AllegisCyber Capital, Carahsoft, Claroty, Coalfire, Cyderes, Deloitte, Exclusive Networks, ForgeRock, HUMAN Security, iboss, Immuta, Ingram Micro, Interos, Knight Group, Macnica, Marsh, Merlin, Mezmo, NightDragon, Onapsis, Optiv, Palo Alto Networks, Prosek, Team8, Ten Eleven Ventures, ThriveDX, SafeGuard Cyber, Snowflake, and vArmour.

"There are an estimated 2.7 million unfilled cybersecurity positions. These vacancies create a significant challenge as security teams everywhere struggle to hire talent to monitor and remediate cyberattacks, as well as develop new technology to combat today's latest threats," said Krishnan Chellakarai, Founder and Co-Chairman of NextGen Cyber Talent and CISO of Gilead Sciences. "Solving the cybersecurity talent shortage will take a collective industry-wide effort. We are calling on the industry during the RSA Conference to contribute to the campaign and look forward to the impact we can make together to close the cybersecurity talent gap."

"The cybersecurity talent shortage is an issue that impacts all of us and is one of the biggest challenges facing our industry and national security. Let's demonstrate that as an industry we can come together to help solve for the talent shortage and foster the next generation in cyber talent that will help us combat today's threats," said Dave DeWalt, Founder, and Managing Director, NightDragon, and Board Member, NextGen Cyber Talent.

"The partners who have pulled together on this important mission are an impactful group of leaders from across the industry, which speaks to the universal nature of this mission to close the cybersecurity talent gap. By reaching out to the broader industry at the RSA Conference, we hope to show the power and compassion of our industry to help the underserved and enrich the cybersecurity workforce with more diversity," said Amy De Salvatore, VP Business Development and Strategic Alliances, NightDragon, who initiated the campaign and led the formation of the Coalition.

NextGen Cyber Talent partners with Bay Area community colleges to offer several cohorts of training programs, continuous career development and mentoring, and grants to hundreds of students pursuing cybersecurity education. The funds will be distributed by NextGen Cyber Talent to students at participating Bay Area community colleges who have applied and met the qualifying grade criteria of a B- or better. In addition to capital, founding coalition partners have also contributed additional in-kind donations, including lectures, curriculum materials, and internships for students.

"As we continue to focus on the essential mission of making each day safer than the one before, we have a responsibility as an industry to encourage and educate the next generation of cyber leaders," said BJ Jenkins, President at Palo Alto Networks and NightDragon Board member. "We thank NightDragon and NextGen Cyber Talent for bringing us together on this shared vision. We look forward to helping students recognize all of the cybersecurity career possibilities."

Donations of any size can be made through the Coalition to Close the Cybersecurity Talent Gap campaign donations page.

**About NextGen Cyber Talent**

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry. It brings together cybersecurity experts, solution providers and enterprises to make a difference in the underserved and underprivileged community and address a mounting cyber skills shortage and talent gap. To learn more, visit www.NextGencybertalent.com.

**About NightDragon**

NightDragon is an investment and advisory firm focused on growth and late-stage investments within the cybersecurity, safety, security and privacy industries. Its platform and vast industry network provide unparalleled threat insights, deal flow, market leverage and operating expertise to drive portfolio company growth and increase shareholder value. Founded by Dave DeWalt, the NightDragon team has more than 25 years of operational and market expertise leading technology companies such as Documentum, EMC, Siebel Systems (Oracle), McAfee, Mandiant, Avast and FireEye. Read more about NightDragon at www.nightdragon.com.

Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap

Nation’s cyber defense agency urges America to enable multifactor authentication.

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) is announcing a collaborative effort with industry to dramatically increase adoption of multi-factor authentication (MFA) and ensure widespread understanding of why it is one of the strongest tools to prevent cyber intrusions. Launching at the 2022 RSA Conference, CISA is embarking on a campaign to encourage widespread awareness and understanding of the benefits of MFA, to ensure that every American knows the simple steps they can take to keep themselves safe online, and to urge technology companies to make MFA available as a default option. CISA’s _More Than a Password_ campaign includes a newly launched webpage with resources, how-to guides, and social media content throughout the month of June.

Adversaries are increasingly harvesting credentials through phishing emails or by identifying passwords reused from other systems. MFA increases security because even if one credential is compromised, unauthorized users will be challenged to meet the second authentication requirement, largely thwarting their ability to access the targeted device, network, or database.

“Whether you call it multi-factor or two-factor authentication, this simple step can make you 99% less likely to get hacked. Think of it like an airbag or the seatbelt in your car—an extra layer to keep you safe in the event of an accident,” said CISA Director Jen Easterly. “We need to get the word out that to stay safe online, every American needs to have _More Than a Password_ on all their sensitive accounts. And if you have an account that doesn’t offer an option for MFA, urge your provider to begin offering this essential security feature.”

There are many ways you may be asked to provide a second form of authentication:

*   **Text Message or Email**: When you login to an account, you’ll be asked to provide a code sent to you by text message or email.
*   **Authenticator App**: An authenticator app is an app that generates MFA login codes on your phone.
*   **Push Notification:** Instead of using a numeric code, the service “pushes” a request to your phone to ask if it should let you in.
*   **FIDO Key:** FIDO stands for "Fast Identity Online" and is considered the gold standard of multi-factor authentication.

Two steps are harder for a hacker to compromise. Users should implement MFA on all their sensitive accounts—email, bank accounts, social media, online stores, gaming and streaming entertainment services. In addition to protecting consumers, MFA makes it more difficult for a threat actor to gain access to an organization’s information systems. It can better protect remote access technology, email, and billing systems, even if passwords are compromised through phishing attacks or other means. On its new webpage, CISA also provides a guide for organizations that need help getting started with deploying MFA to employees and customers.

Finally, CISA is asking our industry partners to help spread the word by ensuring that MFA is available for all services and enabled by default where possible. We’re also asking partners to share the value of MFA to customers and employees, and champion MFA on communication and social media channels. Whether you sing it, shout it, or post it this June, CISA is asking everyone to take the extra step and implement #_MoreThanAPassword_!

For more information, visit: http://www.cisa.gov/MoreThanAPassword

**About CISA**

As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.

Visit CISA on Twitter, Facebook, LinkedIn, Instagram

CISA Challenges Partners and Public to Push for 'More Than a Password' in New Social Media Campaign

Acquisition will leverage Forescout’s automated cybersecurity with Cysiv's cloud-native platform to deliver data-powered analytics for 24/7 threat detection and response.

**SAN JOSE, Calif., June 6, 2022** – Forescout Technologies, Inc., the global leader in automated cybersecurity, today announced that it has signed a definitive agreement to acquire Cysiv, a cybersecurity innovator that uses its cloud platform to improve detection and response of true threats. With this acquisition, Forescout will leverage Cysiv’s threat detection engine to analyze a wealth of asset and network communications data automatically collected by Forescout’s platform. This comprehensive data across IT, IoT, OT and IoMT devices, as well as other essential data sources, enables better true threat detection and response so customers can operate more securely and efficiently. Upon the close of the acquisition, Cysiv will join Forescout.

“Organizations need to be able to reduce the billions of data points on their networks to a handful of actionable true threats – automatically. Together with Cysiv, Forescout will provide customers with the most powerful platform for automated cybersecurity across their digital terrains,” said Wael Mohamed, CEO of Forescout. “Upon close, the acquisition will help our customers leverage actionable threat intelligence from comprehensive data collected by Forescout and analyzed by Cysiv. We will receive far more than just great technology in this acquisition. The Cysiv team is exceptional, and our two organizations are highly complementary.”

Today, organizations are faced with the immense pressure to secure their networks. CIOs and CISOs have experienced rapid growth in the volume and diversity of managed and unmanaged devices, including IoT devices, that has given rise to increased risks and cybersecurity threats, coinciding with a drop in available cybersecurity resources. With the rapid adoption of cloud, and a cloud-first mindset that’s been accelerated by the work-from-anywhere shift of the past two years, enterprises are particularly concerned with managing threats to these fluid threat environments. This has resulted in organizations not being able to effectively manage the detection, investigation, escalation and response of true threats, particularly as the threat landscape and unmanaged device landscape have become more complex.

Existing solutions for threat detection and response, such as EDR, require the use of agents on managed devices. This means that organizations dependent on an agent-based approach for threat detection and response are not able to look for threats coming from the majority of their connected devices, particularly critical assets like IoT, IoMT and OT.

For over a decade, Forescout’s ability to deeply integrate into the fabric of customers’ networks has enabled it to collect real-time data for all connected assets and users, together with the communications among those assets and users. Customers have been asking Forescout to leverage this comprehensive data to provide greater insight into threats for all types of assets and to enable faster, more automated response and remediation.

“We have always been on a mission to provide better threat detection and faster response,” said Partha Panda, CEO and co-founder of Cysiv. “After successfully partnering together for the last year, we are thrilled to join Forescout as we continue on the next stage of our journey. The combination of Forescout and Cysiv will provide organizations with best-in-class threat detection together with automated incident prioritization and automated response.”

The acquisition is expected to close in July, 2022, subject to the satisfaction of closing conditions and receipt of applicable regulatory approvals and comes on the heels of its acquisition of CyberMDX which further strengthens Forescout’s industry-leading IT, IoT and OT device coverage with IoMT expertise.

**About Forescout**

Forescout Technologies, Inc. delivers cybersecurity automation across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Forescout Announces Intent to Acquire Cysiv to Deliver Data-Powered Threat Detection and Response

Fortinet FortiGate-VM receives AAA rating across all five categories in CyberRating's assessment.

AUSTIN, Texas, June 6, 2022 /PRNewswire/ -- CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of FortiGate-VM, Fortinet's virtual network firewall, as part of the first-ever Cloud Network Firewall evaluation. Fortinet received the highest possible rating of 'AAA' with Management and Reporting Capabilities, Routing and Policy Enforcement, SSL/TLS Functionality, Threat Prevention and Performance all earning 'AAA' ratings.

The CyberRatings exploit repository contains exploits that demonstrate a wide range of protocols and applications. Exploit sets for individual tests are selected based on CVSS score (how widely used is an application + what can an attacker do?), use case, and relevance to customers. Fortinet's Threat Protection was rated excellent, blocking 35 out of 35 evasion techniques, 977 out of 977 exploits, and passing all the stability and reliability tests.

While the firewall market is one of the largest and most mature security technology segments, cloud network firewalls are relatively new. Firewalls have undergone several stages of development, from early packet filtering and circuit relay firewalls to application layer (proxy-based) and dynamic packet filtering firewalls. This latest evolution virtualizes this functionality to provide scalable and elastic policy enforcement in a cloud environment.

"This Cloud Network Firewall test is the first of its kind," said Vikram Phatak, CEO of CyberRatings.org "This is a new technology, deployed within a cloud service that by definition is constantly changing, protecting resources that are also deployed within that same cloud service. It is always fun to be the first to test new technologies because we get to learn new things and apply what we have learned," added Phatak.

"We are extremely proud to have received top marks across all five categories in CyberRatings' assessment of FortiGate-VM. With cyberattacks more advanced and persistent than ever before, it's crucial for the safety of people, devices, and data everywhere that cybersecurity products deliver the performance and protection that vendors claim," said John Maddison, CMO and EVP of Products at Fortinet. "Independent testing from nonprofits like CyberRatings plays a critical role in helping organizations stay ahead of the threat landscape because it offers an unbiased assessment of effective security solutions that meet an evolving set of requirements and aids customers in their decision-making process."

To read the CyberRatings in-depth report on the various CNFW capabilities offered by Fortinet, go to CyberRatings.org.

**Additional Resources**

*   Follow CyberRatings.org on Twitter
*   Follow CyberRatings.org on LinkedIn

**About CyberRatings.org**

CyberRatings.org is a non-profit 501(c)6 entity dedicated to quantifying cyber risk and providing transparency on cybersecurity product efficacy through testing and ratings programs. To become a member, visit www.cyberratings.org

CyberRatings.org Announces Test on Cloud Network Firewall

Basic Pen Tests support rapid, basic vulnerability discovery, while Standard Pen Tests provide compliance-driven testing to meet requirements for Web apps, APIs, and networks.

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- Bugcrowd, the leader in crowdsourced security, today announced a significant expansion of its Penetration Testing as a Service (PTaaS) product line to include new offerings—Basic Pen Test and Standard Pen Test—purpose built for today's digital business where continuous testing must keep pace with continuous and agile development. These strategic additions expand the use cases covered by Bugcrowd's PTaaS suite to cover the gamut of customer needs, from basic assurance for simple web apps and networks to continuous, crowd-powered testing of complex apps, cloud services, mobile apps, APIs, and IoT devices for maximum risk reduction.

Most pen test providers today offer cumbersome, ad hoc consulting offerings that do not identify all risks and are hard to execute at scale in a consistent and configurable way for buyers as well as pentesters themselves. PTaaS solutions have emerged to address these issues, but most don't go far enough—only Bugcrowd delivers a modern, platform-powered approach, enabling organizations to keep innovating without compromising security.

With Bugcrowd's expanded PTaaS product line, pen test buyers now have an option for meeting every requirement, and for every asset type:

*   **Basic Pen Tests** for rapid, basic vulnerability discovery and reporting
*   **Standard Pen Tests** for easy-to-launch, compliance-driven testing packaged to meet most customer requirements for common use cases for simple web apps, APIs and networks
*   **Plus Pen Tests** for meeting special needs around targets, testing times, geographic requirements, etc.
*   **Max Pen Tests** for continuous, maximum risk reduction

"We have a diverse set of use cases for pen testing, ranging from basic vulnerability discovery for very simple web apps to intensive and continuous risk reduction for business-critical ones," said Jason Frost, Manager, Security Assessment, Paychex. "These new additions to the Bugcrowd PTaaS product line fulfill all our needs in one platform."

The Bugcrowd Security Knowledge Platform™ enables pen tests to run alongside Bugcrowd's managed bug bounty, vulnerability disclosure programs, and other solutions as a fully integrated and orchestrated experience blending data, technology, and human intelligence, with all findings flowing directly into the software development lifecycle. Bugcrowd's PTaaS suite allows customers to:

*   Activate precisely the right crowd at the right time leveraging the platform's CrowdMatch ML technology, delivering a 2x increase in high-impact findings versus manual matching methods
*   Launch tests in days instead of weeks and continually get fresh eyes-on-target from Bugcrowd's broad and diverse crowd
*   Utilize historical information to create standardized tests that reduce the need for contracted SOW discussions, while getting the intelligence of the aggregated experience of the platform, customer needs, and researchers to conduct the most relevant pen test scope
*   Get high-impact results that go beyond compliance checkboxes
*   See prioritized results and methodology progress in real-time via a rich PTaaS Dashboard experience

"Traditional penetration testing often delivers noisy, low-impact results, often takes weeks or even months to produce results, and offers no visibility into test progress," said Ashish Gupta, CEO, Bugcrowd. "We provide real-time visibility into pen testing results and vulnerabilities being found that allow our customers to continuously reduce risk and secure their environments, helping them stay ahead of a breach with solutions tailored to meet their needs."

Click here to learn more about these additions to Bugcrowd's PTaaS.

Click here to learn more about the Bugcrowd Security Knowledge Platform.

"Bugcrowd", "CrowdMatch", and "Bugcrowd Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

**About Bugcrowd  
**Bugcrowd is the leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world. Today's enterprise demands an offensive approach to cybersecurity—and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. The Bugcrowd Security Knowledge Platform™ enables businesses to do everything proactively possible to protect their organization, reputation, and customers with products like Bug Bounty, Penetration Testing-as-a-Service, and more. Trusted by organizations across the globe, Bugcrowd uncovers and remediates vulnerabilities before they interrupt business by leveraging expert ingenuity and the knowledge of world-class security researchers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Bugcrowd Expands Pen Testing Solutions with New Platform Services

The tool underpins cybersecurity capabilities including SIEM, SOAR, compliance automation, and vulnerability management.

Cybersecurity teams can now use Snowflake as their data platform for a range of critical use cases, making it possible for security teams to deploy a security data lake and unify their security data in one place.

Snowflake's Cybersecurity workload offers customers access to cybersecurity capabilities including security information and event management (SIEM), security orchestration, automation, and response (SOAR), compliance automation, and vulnerability management through connected applications that run on top of their existing Snowflake environmentx.

Snowflake serves as the security data lake, providing scalable storage, while analytics enable security metrics for live insights into an organization's security posture.

Partners including Hunters, Panther Labs, and Securonix offer security capabilities on top of Snowflake accounts through connected applications, removing the need for the homegrown tools security teams used to rely on to build for scale.

**Context Is Key**

"Whether it's spotting risky configurations or catching threat actors in the act, security insights depend on available data," explains Omer Singer, Snowflake's head of cybersecurity strategy. "Less obvious is the need for context and cross-source correlation."

He says many risks and attacks cannot be identified just by looking at a single finding or event log, with unified visibility the key to fewer false positives and false negatives.

For example, a vulnerability may have a CVSS score of 8.0 and be not so concerning if it's affecting a test system without Internet access. "The same issue may be super critical, on the other hand, if it affects a publicly facing Web server that handles customer financial transactions," he adds.

Another example is around user deprovisioning, which Singer calls "a real scourge" for many security compliance teams.

"Has access been revoked from all systems for all terminated employees? If not, has a terminated employee taken advantage of their access?" he asks. "It takes unified visibility to answer these questions."

**Consolidated Data Shows the Whole Picture**

Singer explains that Snowflake is enabling an alternative to typical security tools that operate in a silo and place the burden of connecting the dots on overstretched security teams.

"Our customers kept telling us that their traditional SIEM solutions didn't consolidate security logs — the legacy SIEMs actually create silos since their cost for comprehensive ingest and retention is prohibitively high," he says. "The result has been that security teams struggle to achieve necessary prevention, detection, and response outcomes."

Prabhath Karanth, senior director of security, compliance, and trust at TripActions, says that Snowflake has helped the company with log aggregation, better triaging, removing noisy alerts, faster threat detection and response, applying new threat intelligence to data, and continuous compliance.

"All of this ultimately results in better security assurance and building customer trust," Karanth says. He adds that the adoption of Cybersecurity workload is central to most of the company's data and strategic security initiatives.

"The platform allows us to leverage one single source of truth for multiple use cases," Karanth explained. "It helps us collect all data sources in a centralized location and run analytics on top, both for our business and security use cases."

In addition, integrations with Snowflake partner tools like the autonomous threat monitor Hunters and the compliance program Anecdotes on top of the Snowflake security data lake has helped TripActions further enhance some security use cases.

**The Importance of Compliance**

On the security compliance side, Karanth says TripActions is looking to achieve near-real-time controls automation using Snowflake's Cybersecurity workload and continuous compliance.

"We push all security tooling data into Snowflake data lake," he says. "This includes tools like cloud security posture management, application security posture management, and endpoint security tooling. Most of the compliance controls belong to one of these domains."

He adds that the company can get a unified view of the controls posture to meet compliance requirements like SOC2, ISO, PCI, and others by integrating with Anecdotes.

"This helps us identify control effectiveness from an audit perspective, quicker metrics reporting to leadership, and remediation activities," he says. "From a threat detection and response standpoint, again security tooling is the basis for all of this."

Karanth explains that the deviation from the desired state of assets can be identified from the data the platform collects, and integrations with autonomous tools like Hunters help his company respond with corrective action in a timely manner using custom-built and prebuilt alerts.

"Our ultimate goal as a security team is to enable our business and protect our customers' data," he says. "The need of the hour is to enable our business and at the same time reduce risk. We need to protect our customers' travel data both from a security and privacy perspective. We take customer trust very seriously. It's the foundation for how we do business."

Source

DARKReading