Provides autonomous and uninterrupted monitoring of unmanned IT locations at scale.

**AUSTIN, Texas, April 19, 2022**—RF Code, a pioneer of automated, real-time physical asset lifecycle management and environmental monitoring solutions for data centers, today announced the launch of Sentry, the company's first Software-as-a-Service (SaaS) innovation for decentralized edge computing locations. Sentry provides autonomous and uninterrupted monitoring of unmanned IT locations at scale. With deep intelligence and real-time notifications, Sentry makes it easier for IT professionals to monitor all of their remote IT spaces without being on-site.

"I can honestly say the Sentry device from RF Code will be an industry game-changer," said John Fletcher, Lead Technology Analyst for a major U.S. retail IT firm. "You get three monitoring devices in one unit ... temperature, humidity, and camera monitoring. Sentry is very easy to set up and cost-effective for our team's budget. It has real-time visual access and rich data of each IT environment that we're monitoring. It also has thermal scanning so I can check any room that houses critical IT equipment for potential hotspots that would cause an outage in the future.”

With the increased adoption of IoT devices, autonomous vehicles, as well as new work-from-anywhere (WFA) models, data center functions are moving to the edge to support these compute-intensive, zero-latency applications, and the demands of an increasingly remote workforce. By implementing a decentralized architecture, organizations like retailers, hospitals, hotels, manufacturers, and banks can improve localized computing power for end-users and the applications they need to drive business.

Without real-time environmental and critical asset monitoring tools in place, these unmanned and unmonitored IT spaces can be costly. Unplanned downtime, theft, and breaches can hurt an organization's bottom line costing thousands of dollars a minute.

"We developed Sentry as a way to meet the needs of a broader, underserved edge market with a simple, scalable, and affordable real-time IT asset and environmental monitoring solution," said Dale Quayle, CEO, RF Code. "Enterprises of all sizes need the ability to see, hear, and secure these edge environments as though they're onsite and Sentry makes it easier to prevent, mitigate, or remediate IT situations that threaten to disrupt normal business operations—from air quality and overheating to unauthorized access and other potential threats."

Sentry is easy to install and can be deployed in 20 minutes—all without the need for an on-site IT team, providing real-time visibility and remote monitoring from anywhere. Sentry's SaaS model makes it more affordable for organizations to monitor several IT locations at scale.

For more information and to see how Sentry monitors and secures remote edge locations, please visit http://rfcode.com/sentry.

**About RF Code**  
RF Code is an innovator of autonomous critical asset intelligence solutions. RF Code's real-time, active RFID technology improves IT asset tracking accuracy, full lifecycle management, and inventory utilization at data centers and edge locations. Autonomous IT asset data tracking and enhancement help RF Code customers slash manual error costs, optimize processes, maintain uptime, and comply with regulatory requirements. With patented wire-free active RFID sensors, open APIs, and real-time reporting capabilities, RF Code can be easily integrated with existing IT, facilities, and business systems.

RF Code is based in Austin, TX, and serves more than 200 organizations worldwide including Fortune 500, systems integrators, and value-added resellers. Additional information can be found at http://www.rfcode.com.

  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

RF Code Announces Sentry, a New Edge Solution for Remote Locations

Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

PALO ALTO, Calif., April 19, 2022 (GLOBE NEWSWIRE) -- Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, found in its “2022 Sensitive Content Communications Privacy and Compliance Report” that more than half of organizations believe they are inadequately protected against third-party security and compliance risks. The report attributes various reasons for this lack of preparedness, including 53% failing to encrypt all sensitive content communications with third parties, 58% lacking content governance controls to measure third-party risk, and nearly 8 out of 10 believing their compliance reports are not completely accurate.  

Findings in the Sensitive Content Communications Privacy and Compliance Report are based on a survey of 400 IT, security, privacy, and compliance professionals from numerous industries and 15 different countries around the world. In addition to struggling to manage security and compliance risks efficiently and effectively, respondents indicated they spend significant time on manual tasks related to key management and encryption/decryption, governance controls, and compliance reporting.

“Nation-states and cybercriminals know that confidential, private data holds great value, and studies show that it is increasingly the target of cyberattacks,” said Tim Freestone, Chief Strategy Officer at Kiteworks. “At the same time, regulatory bodies see these trends and have instituted, and continue to do so, standards that help protect sensitive content. This report reveals that many organizations are ill-equipped to deal with the sophistication and volume of today’s cyberattacks as well as the breadth of compliance standards when it comes to sharing and storing sensitive content. This lack of maturity creates significant security and compliance risk exposures.”

In addition to the above findings, notable admissions in the report include:

*   Nearly two-thirds of organizations share and transfer confidential data with more than 1,000 third-party entities, including one-third that do so with over 2,500 third parties.
*   41% of organizations want to see significant improvement or even a whole new approach to managing sensitive content communications.
*   59% of organizations cited distributed denial of service (DDoS), malware, and ransomware in their top two concerns for external threats.
*   Only 21% of organizations believe their compliance reports are fully accurate.
*   Almost 8 in 10 organizations spend 20-plus hours compiling audit trails and generating reports.
*   Only 14% of organizations manage and monitor all their sensitive communications taking place in the cloud.

“The Kiteworks platform provides our customers with a Private Content Network that delivers a comprehensive security and compliance approach for sharing and storing sensitive content communications,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “Granular audit controls and reporting to the level of user, folder, and file, and capabilities such as geofencing and encryption for data at rest and in motion enable our customers to protect all of their sensitive content communications while remaining compliant with a long list of regulatory standards.”

To read the 2022 Sensitive Content Communications Privacy and Compliance Report, download your copy here. You can also register to hear a panel of privacy and compliance experts discuss the findings and pinpoint actionable recommendations in a webinar scheduled for April 13 at 10 a.m. PT.

**About Kiteworks**   
Kiteworks' mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

New Kiteworks Report Reveals Significant Risk Maturity Gap

From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.

When the European Union introduced General Data Protection Regulation (GDPR) guidance several years ago to address privacy concerns, it became the genesis of a worldwide movement that led to an increased focus on privacy issues. Similarly, the EU recently released guidance on a security issue that still doesn't get the focus that it should — DNS abuse.

The Domain Name System (DNS) is a hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol (IP) networks. Specifically, DNS abuse is any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity. Malicious activities on the DNS have been a frequent and serious issue for years, affecting online security, undermining trust on the Internet, and causing harm to users and third parties. This type of abuse also includes cybersecurity threats and the distribution of illegal and harmful materials.

While many organizations are aware of traditional approaches to cybersecurity, the one area that consistently gets ignored is maintaining and protecting Web domains. Inaction leads to issues such as DNS hijacking, which redirects employees, partners, and customers to sites that put them at risk or steal sensitive data. When legitimate domains are compromised, cybercriminals bypass traditional security, making it more difficult to identify, mitigate, and block such users. Fraudsters also use malicious domains (e.g., homoglyphs or confusingly similarly named domains or subdomains) and email spoofing to commit fraud and intellectual property abuse.

To date, there is no global consensus on what should be done to prevent or fight DNS abuse, and there are no policies in place to hold domain registrars to higher validation standards in terms of ownership. Upholding and preserving a reliable, resilient, and secure DNS is a key factor in maintaining the integrity of the Internet and is essential for its continuous and stable operation, on which the digital economy and society depend.

To address this, the European Commission recently conducted a study and issued this report, which assessed the scope, impact, and magnitude of DNS abuse, and also provided input for possible policy measures based on identified gaps. Analysis was completed of the available data and the report proposed a set of recommendations to prevent, detect, and mitigate DNS abuse.

**DNS Report Takeaways  
**While this report is compelling and provides guidance to follow, there are key components of it that enterprises should home in on when looking to improve the domain security posture of their organization. Specifically, the report recommends the following:  

*   **Selecting providers with more validation standards for domain registrations.  
    **We need to hold domain registrars to higher standards. They need to take a customer validation approach that verifies who the customer is to ensure abuse isn't happening. This "know your customer" strategy is used in enterprises today to mitigate fraud, and in this instance, it can bring a level of compliance to a situation where cybercriminals are currently registering any new domain whenever they want to.

*   **Initiate prevention and remediation solutions.  
    **Free hosting and subdomains, services that were originally intended for legitimate services, are commonly exploited in phishing attacks. Companies should activate proactive detection of suspicious domain names containing targeted brand keywords. Additionally, they should monitor the domain and DNS space for brand abuse, infringement, and fraud. Trusted notifier programs should be developed so that enterprises can enforce their rights through reporting and suspending offending domains.

*   **Increase adoption of security controls.  
    **Domain name system security extensions (DNSSEC) can authenticate communication between DNS servers. However, low adoption and lack of deployment can lead to hackers taking control of an Internet browsing session and redirecting users to deceptive websites. SPF and DMARC protocols should continually be adopted as the first line of defense against business email compromise (BEC) as those protocols can mitigate email spoofing. Just as crucial to security is to enable registry locks. While **t**his area wasn't discussed in the European Commission report, it's a great way to prevent attacks, as it enables end-to-end domain name transaction security to mitigate human error and third-party risk. Most large registries in Europe, such as those in Germany, France, and Sweden, have adopted this security measure, but it's not consistent, with notable exceptions such as Italy and Spain. Unlocked domains are vulnerable to social engineering tactics, which can lead to unauthorized DNS changes and domain name hijacking.

*   **Better standards in top-level domains (TLDs).  
    **A TLD is the final component of a domain name (.org, .icu). The generic TLDs (gTLDs) are the most abused domains by volume. However, some new gTLDs and country code TLDs (ccTLDs) have a higher concentration of fraud. You can get a TLD for less than a dollar these days, and phishers love this easy accessibility. There needs to be further consideration of tools and measures that safeguard intellectual property rights and consumer safety in a cost-effective and scalable way. One example is blocking programs — leveraged by the Donuts DPML program — which could reduce DNS abuse. Donuts, a part of the gTLD program, offers a blocking service for trademark holders known as the Domain Protected Marks List, or DPML.

**Building Domain Standards  
**While the EU report provides great insights into how to better mitigate threats to domains, it should serve as a foundational piece upon which companies and countries around the world can build.

As domain standards evolve, it will be important for government and industry to develop effective policies and programs to ensure that Web users aren't at risk of crime and fraud during their daily lives. Simultaneously, limiting hackers' ability to operate and maliciously commit fraud will be vital to our society and digital economy.

How to Interpret the EU's Guidance on DNS Abuse Worldwide

A large number of enterprise applications are affected by the vulnerability in Log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.

Not all software utilizing Log4j is equally attractive from an attacker’s point of view, and the most widely used application isn’t necessarily the one attackers will go after.

About 10% of large enterprises have an Internet-exposed instance of VMware Horizon, a desktop and application virtualization product, but it is currently the most “attackable” application using Log4j, Randori said in a report (PDF) earlier this month. In contrast, 37% of organizations have multiple instances of cPanel, a web-hosting control panel software that is visible on the Internet, but attackers are less likely to target it.

The vulnerability in the Log4j logging library was publicly disclosed a little over four months ago. 

“While some \[organizations\] felt massive blowback from Log4j exposures on their attack surfaces, others managed to weather the storm without major incident,” Randori’s team said. “By understanding how attackers choose their targets during such exposures, defenders can help put their company in the latter category.”

Randori’s approach isn’t just about looking for vulnerabilities that can be exploited, but also thinking about how attackers choose their targets. Adversaries consider several factors when picking their targets, such as where the most initial damage would likely occur and what kind of impact the intrusion would have on the environment. Adversaries are more likely to target applications that would allow them to remain in the environment, so they would be less interested in systems that have a lot of security software that would detect the intrusion. Applications that grant access to other systems or give adversaries privileged access would be a more tempting target.

VMware Horizon is considered the most attackable because if compromised, it gives adversaries access to the rest of the network. Mobile device management platform Jamf and single-sign-on platform PingFederate are used by 1% to 2% of the enterprise market but are ranked second and third on the attackable list because of what adversaries would be able to do next, Randori noted. The authentication and automation mechanisms provided by PingFederate and Jamf would allow adversaries to pivot in the network and expand operations, Randori said.

Jenkins, an automation server to build, test, and deploy software, does not even make the widespread list because the core platform does not include Log4j dependencies. However, some add-ons do use Log4j, and if those instances of Jenkins are compromised, the attackers would have the “keys to the kingdom,” Randori notes.

“Our attack team wouldn’t be surprised to \[see\] attacks in the wild abusing Log4j in Jenkins,” the company noted.

Most of the applications on the widespread list are application servers or middleware and are less interesting to attackers because not every version may have Log4j dependencies. Or if they have optional components that use Log4j, the configurations may not be as easily exploited.

Organizations need to understand software stack underlying their platform, since the dependencies will make a difference in whether they are more attractive to adversaries or not, Randori’s team concluded.

Adversaries Look for 'Attackability' When Selecting Targets

The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.

WASHINGTON D.C., April 19, 2022 – Verica, the Continuous Verification company that makes systems more reliable and less vulnerable to costly incidents, and Prowler creator Toni de la Fuente today announced the launch of Prowler Pro. Prowler Pro marks the evolution of Prowler Open Source, one of the most recognizable and dependable open-source tools for AWS cloud security.

Prowler Pro puts AWS security assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness in easy reach of anyone running multiple AWS services. It contains over 220 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Prowler Pro is now available to the public through the AWS Marketplace, and is easy to deploy in multiple AWS cloud accounts. It offers continuous monitoring, faster execution, personalized support, and customizable dashboards. With Prowler Pro, customers get compliance results out of the box.

“Uniting our technology offerings was a natural progression for both platforms. We are thrilled to welcome the Prowler team to the Verica family and bring open-source solutions to a wider audience.” said Aaron Rinehart, co-founder & CTO of Verica. “We think it's critically important to bring the practices of Continuous Verification to AWS security problems, and we look forward to rolling out more integrations to create a seamless experience for customers.”

“When I started Prowler, the AWS cloud security community didn’t have many tools, and securing AWS was complicated and confusing (and still is). It was natural for developers to start using Prowler due to its simplicity to install and run,” said de la Fuente. “This evolution of Prowler aligned with Verica’s vision makes it even easier to identify issues and threats. We are excited to offer a solution for AWS Security that will complement and make Prowler Open Source even stronger.”

Prowler Open Source will still be available on Github for cloud security professionals and developers. The team will focus on enhancing the open-source offering — expanding its database of 220+ checks — while strengthening Prowler Pro capabilities. Whether a Prowler Open Source or a Prowler Pro customer, organizations will have much to look forward to with upgrades to their tools that will make the process of securing their AWS systems significantly easier.

**About Verica and Prowler Pro**

Verica uses Continuous Verification to make systems more secure and less vulnerable to costly incidents. Verica’s Continuous Verification Platform provides out-of-the-box verifications that proactively uncover system weaknesses and security flaws before they disrupt business outcomes. All companies running complex systems experience failure, but as systems become more complex, Verica will be there to help maintain confidence in those systems. With Verica, you can trust that your software is working how it’s meant to. Learn more about Verica at www.verica.io.

Prowler Pro makes AWS Security easy and enables your team to build trusted applications. With Prowler Pro, you will get the benefits of Prowler Open Source and you will get continuous monitoring, faster execution, personalized support, and visualization of your data with customizable dashboards. Find out more about Prowler Pro at prowler.pro.

Verica Launches Prowler Pro to Make AWS Security Simpler for Customers

Study shows that more than 35% have suffered seven or more successful attacks.

Ransomware, phishing/social engineering, denial of service (DoS) attacks, and the business fallout of a data breach rank as the top concerns of global organizations, a new study shows.

The newly published Cyber Risk Index, a study by Trend Micro and the Ponemon Institute, shows that more than three-quarters of global organizations expect to suffer a cyberattack in the next 12 months — 25% of which say an attack is "very likely."

More than 80% of the 3,400 CISO and IT professionals and managers surveyed say their organizations were hit with one or more successful cyberattack in the past 12 months, and 35% suffered seven or more attacks, according to the report, which covers the second half of 2021.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year

Swimlane’s Asia-Pacific presence grows 173%, highlighting rising demand for low-code security automation.

DENVER--(BUSINESS WIRE)--Swimlane, the leader in low-code security automation, today announced the general availability of Swimlane Cloud in the Asia-Pacific Japan (APJ) region. This deployment is further evidence of Swimlane’s continued commitment to empowering APJ customers to enable new use cases previously not possible with traditional security orchestration, automation and response (SOAR). This includes unlocking the use of automation beyond the SOC, where Swimlane serves as the system-of-record for the entire security organization.

**Meeting the APJ Staffing Shortage Head-On with Swimlane Cloud**  
The APJ region faces a significant cybersecurity talent shortage with an estimated 2.045 million open cybersecurity roles, accounting for 66% of the total global shortage, signaling the struggle to find qualified, skilled professionals to handle increasing security alerts. Without automation, these overburdened security administrators must manually perform repetitive and time-consuming tasks needed to track, mitigate and resolve security events across multiple security platforms. Despite significant time investments, security teams cannot realistically analyze and adequately prioritize security alerts and events at the rate necessary to protect networks.

“In order to mature our security operations, we knew it was necessary to advance how we monitor and respond to threat intelligence by taking a more proactive approach to security operations,” said Tanajak Watanakij, CISO, R V Connex. “With our existing talent pool, we turned to Swimlane’s low-code security automation offering to create a centralized system of record for our Security Operations Center (SOC) and remove dependencies on a host of manual processes. Swimlane’s interactive dashboards and automated, easily customizable workflows reduced our mean time to respond and ultimately helped us ensure continuous compliance and prevent breaches across the entire R V Connex Corporation and our MSSP customers.”

“Security teams across APJ need solutions that reduce the manual operations needed to respond to security threats and speed up incident response,” said Johan Wikenstedt, Vice President of Asia Pacific and Japan (APJ) for Swimlane. “We are a customer-focused company with a powerful platform for helping companies ease the burden security teams face daily. Swimlane is fully dedicated to supporting the region’s ongoing cybersecurity challenges through the adoption of low-code security automation.”

**Demand for Low-Code Automation Continues to Climb**  
Swimlane’s current product initiatives in APJ continue to drive regional market traction highlighted by:

*   173% revenue growth of regional presence in the past four months, with more than 7x revenue growth in the past 6 months.
*   142% growth of regional employee headcount in the past six months.
*   New sales offices established in Australia, Malaysia and South Korea.
*   Net-new customer adoption in Australia, Bangladesh, India, Japan, Malaysia, Philippines, Singapore, Thailand, and New Zealand.
*   Vertical expansion of customer adoption across banking, technology, financial services, government, MSSP, and manufacturing industries.
*   8 new go-to-market partners established in the region.

Lumen Technologies turned to Swimlane after experiencing a rapid period of growth that challenged the company’s security team to capacity. Swimlane’s low-code security automation platform allowed the organization to maintain the integrity of its security operations and quickly adapt to business growth across its SecOps infrastructure. Within the first quarter of implementing the solution, Lumen achieved a 30% automation level. Today, 70% of security events hitting the Security Operations Center (SOC) can be fully automated without human intervention.

“Swimlane was a partner from the start, helping us ensure the solution was easy to manage and operate and providing technical support whenever we needed,” said Wai Kit Cheah, Director of the Security Practice at Lumen Technologies. “With Swimlane’s robust automation engine, events can be processed from any source, enabling our security team to integrate security automation with user and entity behavior analytics (UEBA) and third-party threat intelligence feeds. This allowed us to achieve a holistic look at our ecosystem and has quickly made Swimlane’s platform an essential component of our SOC.”

**Swimlane Medley Partner Program Expands to Malaysia**  
Swimlane has invested significantly in Malaysia due to the region’s robust national cybersecurity strategy and world-class talent. As part of its growth in the region, Swimlane recently announced a partnership with CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Ministry of Communications and Multimedia Malaysia (KKMM), to assist the organization on its mission to build a more resilient cyber ecosystem throughout Malaysia.

“Our strategic partnership with Swimlane comes at an exciting time for CyberSecurity Malaysia as we seek to elevate a strategic cybersecurity vision for the region,” said Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia. “Together, Swimlane and Cybersecurity Malaysia will leverage our combined experience, capabilities, and products to deliver innovative cybersecurity solutions across Malaysia and ensure companies in the region have access to the world’s most-capable low-code automation technology to safeguard their networks and data.”

**Join Swimlane at the SecOps Automation Summit 2022**  
Swimlane will hold the SecOps Automation Summit 2022 in South Korea, Malaysia and Australia in late April and early May. Presenters include Co-Founder and Chief Strategy Officer Cody Cornell and other members of the Swimlane team, along with various current partners and customers, to explore new and future innovations in the dynamic field of security automation.

To learn more about the summit and Swimlane’s expansion in the APJ region, visit https://swimlane.com/swimlane-helps-address-asia-pacifics-security-skills-shortage.

**About Swimlane**  
Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system-of-record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization. For more information, visit swimlane.com, swimlane.com/japan and swimlane.com/korea.

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

**VANCOUVER, British Columbia and SAN JOSE, Calif. — April 14, 2022 —** Absolute Software™ (NASDAQ: ABST) (TSX: ABST), a leader in self-healing endpoint and secure access solutions, today announced the availability of Absolute Ransomware Response, enabling customers to strengthen preparedness and accelerate endpoint recovery in the face of the ever-growing threat of ransomware attacks. With this new offering, part of the company’s Secure Endpoint product portfolio, organizations have the key capabilities and services needed to assess their ransomware preparedness and cyber hygiene across endpoints; ensure mission-critical security applications, such as anti-malware and device management tools, remain healthy and capable of self-healing; and expedite the quarantine and recovery of devices if an attack occurs.

Cybersecurity Ventures predicts that organizations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds in 2021. While the top priority for IT and security teams has historically been securing and restoring critical infrastructure, such as servers and business applications, the accelerated adoption of ‘work-from-anywhere’ has significantly expanded the potential ransomware attack surface – and in turn, has increased the need to extend preparedness and recovery efforts to end user devices.

“The reality is that, while organizations are very concerned about the time to recover from ransomware attacks, they often solely focus on prevention tools, without planning for the worst-case scenario: falling victim to an attack,” said Eric Hanselman, Principal Research Analyst at 451 Research, part of S&P Global Market Intelligence, in a recent webinar. “By building a plan and improving their preparedness and simplifying the endpoint recovery process for their organizations, they can accelerate businesses’ ability to recover and resume operations.”1

“Ransomware is more prevalent, more sophisticated, and more capable of disruption and damage than ever and organizations need to plan for ‘when,’ not ‘if,’ they are successfully attacked,” said John Herrema, EVP of Product & Strategy at Absolute. “When a ransomware attack occurs, organizations are often forced to weigh the risks of cutting off all communication with an infected device, losing the ability to restore or recover it, or leaving the door open for re-infection. This new offering gives them the cyber resiliency needed to mitigate ransomware deployment techniques, restore and update tools critical to recovery, and if needed, hit the ‘kill switch’ – meaning they can wipe the device while still maintaining control so it can be recovered.”

Key capabilities and benefits available with Absolute’s new Ransomware Response offering include:

*   **Assess Strategic Readiness Across Endpoints**: Empower customers to review the existing security controls deployed across their endpoints, and identify key applications (e.g., anti-virus/anti-malware, endpoint protection, or endpoint detection and response) and device management tools required to minimize ransomware exposure and accelerate recovery efforts.
*   **Establish Cyber Hygiene and Resiliency Baseline:** Enable application resilience policies that monitor and self-heal the critical controls identified during the assessment phase, to both mitigate the risk of a successful ransomware attack and ensure that tools may be restored if an attack renders them inoperable. This also includes training customer personnel on how to monitor application health and apply these baseline resilience policies to new Absolute-enabled devices.
*   **Monitor Device Security Posture and Sensitive Data**: Allow customers to report on hardware and software inventory across their endpoints and assess overall device security posture. Scan for sensitive data – such as financial information, social security numbers, personally identifiable information (PII), protected health information (PHI), and intellectual property – to identify devices most at risk for data extraction and enable proper back-up via customers’ existing tools.
*   **Expedite Device Recovery and Limit Re-Infection**: Equip customers with the capabilities needed to communicate with end users even if their devices are compromised; quarantine and freeze endpoints to limit further spread of infection and preserve evidence for litigation purposes; restore endpoint security and device management tools that have been rendered inoperable; and execute custom workflow and task automation commands to expedite device recovery. In addition, Absolute experts are available to remotely assist customers with endpoint recovery efforts leveraging Absolute’s product capabilities.

Absolute Ransomware Response is available for purchase for new customers as part of the company’s Secure Endpoint product offerings. These capabilities are also available as add-on modules for existing Absolute Control and Resilience service tier customers. To learn more, visit here.

_\[1\] 2022 Data Theft Report Webinar by Eric Hanselman, 451 Research, part of S&P Global Market Intelligence, March 31, 2022_

**_Forward-Looking Statements_**

_This press release contains certain forward-looking statements and forward-looking information (collectively, “forward-looking statements”) which relate to future events or Absolute’s future business, operations, and financial performance and condition. Forward-looking statements normally contain words like “will”, “intend”, “anticipate”, “could”, “should”, “may”, “might”, “expect”, “estimate”, “forecast”, “plan”, “potential”, “project”, “assume”, “contemplate”, “believe”, “shall”, “scheduled”, and similar terms and, within this press release, include, without limitation, the statements regarding the ever-growing threat of ransomware attacks, the speed at which a business may recover from a ransomware attack and resume operations and ‘when’ or ‘if’ an organization may face a ransomware attack. Forward-looking statements are provided for the purpose of presenting information about management’s current expectations and plans relating to the future and allowing investors and others to get a better understanding of our anticipated financial position, results of operations, and operating environment. Readers are cautioned that such information may not be appropriate for other purposes._

_Forward-looking statements are not guarantees of future performance, actions, or developments and are based on expectations, assumptions and other factors that management currently believes are relevant, reasonable, and appropriate in the circumstances. The material expectations, assumptions, and other factors used in developing the forward-looking statements set out herein include or relate to the following, without limitation: Absolute will be able to successfully execute its plans, strategies, and objectives. Although management believes that the forward-looking statements herein are reasonable, actual results could be substantially different due to the risks and uncertainties associated with and inherent to Absolute’s business, as more particularly described in the “Risk and Uncertainties” section of Absolute’s most recently filed Management’s Discussion and Analysis, which is available at www.absolute.com and under Absolute’s profile on www.sedar.com. Additional material risks and uncertainties applicable to the forward-looking statements herein include, without limitation, unforeseen events, developments, or factors causing any of the aforesaid expectations, assumptions, and other factors ultimately being inaccurate or irrelevant. Many of these factors are beyond the control of Absolute._

_All forward-looking statements included in this press release are expressly qualified in their entirety by these cautionary statements. The forward-looking statements contained in this press release are made as at the date hereof and Absolute undertakes no obligation to update publicly or to revise any of the included forward-looking statements, whether as a result of new information, future events, or otherwise, except as may be required by applicable securities laws._

**About Absolute Software**

Absolute Software (NASDAQ: ABST) (TSX: ABST) is a leading provider of self-healing endpoint and secure access solutions, delivering truly resilient zero trust for today’s distributed workforces. Absolute is the only endpoint platform embedded in more than half a billion devices, offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network connections - helping customers to strengthen cyber resilience against the escalating threat of ransomware and malicious attacks. Trusted by nearly 16,000 customers, G2 recognized Absolute as a leader in Zero Trust Networking and Endpoint Management in the Winter of 2022.

©2022 Absolute Software Corporation. All rights reserved. ABSOLUTE, the ABSOLUTE logo, and NETMOTION are registered trademarks of Absolute Software Corporation or its subsidiaries. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

Absolute Software Introduces Ransomware Response Offering

Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

The increased adoption of cloud infrastructure by companies looking to improve agility and support a hybrid workforce has led to more development teams adopting security-as-code as a way to build security into software and products.

Over the past year, for example, Google has pushed security-as-code as a fundamental component of its cloud offerings, identifying in January "software-defined infrastructure" as one of the eight megatrends driving the security of the cloud. Encoding security configuration as code that can be an input into development and deployment processes lets organizations analyze their security configuration, change and redeploy easily, and continuously monitor the state of their security configuration to evaluate whether it matches policies.

The result is analyzable security configuration and continuously verifiable controls, says Phil Venables, vice president at Google and CISO for Google Cloud.

"The great thing about security-as-code is that you know the configuration that you have deployed exactly corresponds to what you had specified and analyzed as meeting your security requirements," he says. "Many breaches out there are not necessarily the result of an unknown risk, but are usually the result of some control that the organization thought they had not being deployed and operating when they needed it the most."

Security-as-code is an extension of the infrastructure-as-code movement that has come about as software-defined networks and systems have become more popular. DevOps teams have adopted infrastructure-as-code as the de facto standard for building and deploying software, containers, and virtual machines, but now companies are betting that the shift to cloud-native infrastructure will make security-as-code a key part of a sustainable approach to security.

**How Security-as-Code Works**  
In 2021, consulting firm McKinsey and Company identified security-as-code as perhaps the only way to secure cloud application and infrastructure at the speed at which modern businesses move.

"Capturing value in the cloud requires most companies to build a transformation engine ... to integrate cloud into business and technologies, drive adoption in priority business domains, and establish the foundational capabilities required to scale cloud usage safely and economically," the consulting firm wrote in a position paper. "SaC is the mechanism for developing foundational capabilities in cloud security and risk management."

Google intends to make the concept much more functional and part of any cloud infrastructure. In November, the company's Cybersecurity Action Team announced a Risk and Compliance as Code (RCaC) solution.

Companies that have embraced DevOps know that repeatable software builds rely on being able to specify the configuration of infrastructure elements — whether software applications, pipeline builds, or containers — as code in a file. This infrastructure-as-code approach allows developers and operations specialists to express and analyze the configuration before it is deployed.

Security-as-code aims to do the same thing for security, in an approach that many have called DevSecOps. Security-as-code expresses the security configuration of a variety of elements, including what security testing should be performed, the criteria for vulnerability scanning, encryption requirements, and access controls.

**How Does it Affect SBOMs?**  
Google sees the current efforts to make software bills of materials (SBOMs) more explicit and functional as a key component of the future of software-as-code. The components of a software program could be analyzed during any build and the policies described in the security-as-code file would be applied. Using a component that is vulnerable to a specific threat, such as Log4j, could stop the build. Other requirements, such as a high level in the Supply Chain Levels for Software Artifacts (SLSA), could also be specified, Google's Venable says.

"This mechanism allows you to start making richer decisions," he says. "This programmability of the environment to enforce security policy is pretty transformational compared to what any of us used to be able to do in traditional on-premise environments."

Google is joined by others blazing a trail into the security-as-code arena. The growing movement to encode security as a configuration file that can be incrementally improved led security firm Tenable Network Security to acquire Accurics, a maker of security-as-code technology.

"It's far more effective to find and fix the issues at the point of creation in code, rather than where they manifest in the cloud," Renaud Deraison, chief technology officer for Tenable Network Security, said in a blog announcing the acquisition. "In this way, we can ensure that what is deployed is secure by default and that any fixes are a simple merge request rather than a patch or operational afterthought."

Not everyone is convinced that security configurations will be ensconced in code anytime soon. While configuration files traveling along with software-defined infrastructure components could bring significant benefits — such as the audit ability and improved change management — companies are still too reactionary to adopt the technology, says Brian Fox, chief technology officer and co-founder of Sonatype, a software-management and security firm.

Software composition analysis (SCA) services that can automate the identification of risky software components — a service that Sonatype provides — provides some of the automated benefits of security-as-code. Most businesses have no idea of even what components make up their software, Fox says.

"We are super early in the adoption cycle with this," he says. "All the reasons that infrastructure-as-code made sense will make sense with security-as-code, but the industry is not quite there yet, because so many people do not have the mechanisms to even do this, never mind doing it as code."

Security-as-Code Gains More Support, but Still Nascent

Companies need to detect and counteract brute-force and enumeration attacks before fraudsters run away with their customers' funds.

On April 10, 2020, Atlanta-based fintech firm Brightwell was navigating more than the deadly COVID-19 pandemic.

It all started with a series of customer phone calls. That morning sometime between 7 a.m. and 8 a.m., Brightwell received word from the customer service team that customers called to complain about missing funds, says Ernie Moran, at the time Brightwell's senior vice president of risk. Under normal circumstances, if users noticed a discrepancy upon logging into their app, the company typically would look into the problem to determine whether the customer mistakenly overspent or a fraud had occurred. Unfortunately for Brightwell, it was the latter.

"I would say the next 24 hours was the most insane 24 hours I think we've ever had at Brightwell," Moran says. "From that point forward, we started hearing from more and more customers. And you start the research process, and you start going into the platform, the processor platform, and looking at the data."

Brightwell spent the following weeks dissecting the damage of an attack that resulted in $2.5 million stolen in the span of four hours, Moran says. With the pandemic pushing more transactions online, more online fraudsters are targeting e-commerce platforms and payments companies. Sources advise payments providers to implement multiple measures prior to and during the transaction process to detect brute-force and enumeration attacks before fraudsters run away with customers' funds.

During the first five days of Brightwell's investigation, the company assessed how widespread the fraud was. First, they reviewed its authorization reports generated by its payments processor and the reports generated by its card brand. Then it cross-checked its internal data with the external reports, Moran says. The threat actor used the stolen credentials to buy cryptocurrency at an exchange, he said.

Over the course of its investigation, Brightwell discovered that a fraudster deployed a bot to guess the prepaid debit card numbers, expiration dates, and CVV numbers for 41,000 cards, which were guessed after 100,000,000 authorizations, Moran says. The bot guessed the credentials across seven merchants; one merchant, in particular, was used to steal "a large dollar amount," he says. Brightwell didn't name the sellers affected by the attack, nor did it disclose the general amount stolen per customer.

The ordeal led the company to create its fraud alert system, Arden, which stands for "AI risk detection engine." Despite all the data collected, Moran, now senior vice president of Arden, says the company couldn't figure out who was responsible for the attack.

**Watching for Red Flags**  
As e-commerce transactions skyrocketed during the coronavirus pandemic, online fraud appears to have increased also. A LexisNexis Risk Solutions Analysis of data from July 2021 to December 2021 found that bot attacks against companies have risen 32% from 2020, and human-initiated attacks have grown 46% compared with 2019. From March 2020 to February 2022, U.S. consumers spent about $1.7 trillion online, up $609 billion compared with the prior two years, according to research from Adobe.

Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions, advises cybersecurity teams to look for a high volume of transactions coming from a device within a short period of time. Seeing the same device return to transact isn't a red flag because it could be a repeat customer. However, if one device is attempting a transaction multiple times, perhaps thousands of times per second, it's likely an attack, she says.

In addition to paying attention to the device that managed to circumvent a company's defenses, Sutherland also advises companies to mitigate suspicious activity during the authorization process. They must, for example, pay attention to whether the device has malware on it, she adds.

"We talk consistently about having a layered approach to prevent unauthorized access, so that means ensuring that they have fortified their new account opening processes to prevent any application fraud, to prevent account takeover fraud as well — everything from not just that payment but that login," Sutherland says. "There's all types of avenues that a fraudster will try to be able to have a successful fraud attack, and an attack is just one of many things that concerns us in the payment ecosystem."

Another step payments providers must take is issuing their card numbers randomly rather than sequentially, says Curtis Franklin, senior analyst at Omdia and a former editor at Dark Reading. Issuing card numbers randomly prevents online fraudsters from easily route-forcing accounts. (Moran clarified that Brightwell does not issue cards sequentially.)

If the card issuer sees hundreds of guesses of card credentials in rapid succession, cybersecurity teams must alert the vendor and monitor the reasons for rejection. The card issuer could, for example, check to see whether the card number has not yet been issued. If an online fraudster guesses a card number that hasn't been issued yet, it's a good indicator that they are sequentially guessing the credentials using an algorithm, Franklin says.

Besides monitoring for rejections of sequential numbers, rejections of unissued card accounts, and rapid-fire rejections from a single merchant, companies should also determine ahead of time how high their risk tolerance is. There's a chance that companies could reject legitimate customers who are inputting the wrong card information while screening for fraudulent activity.

**Managing the Risks**  
In 2021, cybercriminals used cryptocurrency to launder $8.6 billion, a 30% increase from 2020, according to a report from the blockchain data firm Chainalysis. The cryptocurrencies, particularly Monero, have attracted cybercriminals seeking to transact anonymously; however, their fluctuating speculative value complicates criminals' ability to monetize the crime.

"Criminals hate losing money," Franklin says, but "they like the idea of making it harder for national governments to find them."

"In this case, the vast majority of the fraud losses and risk ended up being on Brightwell for a number of reasons that \[were\] outside of our control in many cases," Moran says. "We had a small portion of the losses that were actually not our responsibility ... and then we had a larger portion that was our responsibility. However, in the end there was enough risk and fall to go around that we ended up being made whole for the losses."

As merchants and payment providers face these attacks, card providers such as Visa and Mastercard will usually bear the liability, but customers can suffer the inconvenience when their card is frozen. Thus, the vendor and member bank can lose income, as well as the trust of their customers.

"The thing that keeps all of this rolling along so well is the understanding among consumers and merchants and everyone else that this is, in fact, a secure way to do business. If that confidence is shaken, then that can have a more profound impact," Franklin says. "That's the cost that they really want to solve."

Source

DARKReading