The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.

New cyber-risk management rules for third-party service providers and beefed-up public company disclosures could have far-reaching effects on financial services firms and others that must comply with SEC regulations, requiring senior management to ensure that their companies upgrade their cybersecurity detection and response times significantly. The proposals, issued by SEC Chair Gary Gensler earlier this year, effectively replace the 2018 guidance on how to handle and disclose cyber-risk.

The proposed rules call for data breaches to be disclosed within four days, as well as for companies to disclose information such as senior management's and the board's roles in and oversight of cybersecurity risks, whether companies have cybersecurity policies and procedures, and how cybersecurity risks and incidents are likely to impact the company's financials, according to Gensler.

"When companies have an obligation to disclose material information to investors, they must be complete and accurate. Their disclosures also should be timely," Gensler said.

Jeff Williams, co-founder and chief technology officer at application security platform provider Contrast Security, is in favor of the new rules. 

"The proposed cybersecurity rules are a big and welcome step forward for cybersecurity transparency," he says, adding that they could go even further. "The primary focus is on breach disclosure and not vulnerability disclosure, which I believe is missing the mark on what will truly deliver better cybersecurity to consumers and investors."  

Steven Yadegari, CEO of FiSolve, a consulting firm that specializes in legal, compliance, and operations for financial services firms and asset managers, also points out that the proposed rules "contain more prescriptive requirements compared to existing SEC cybersecurity guidance and rules related to safeguarding information and would require most registered advisers to implement specific, considerable enhancements to their cybersecurity programs."

**Four Days to File**

A fact sheet from the SEC notes that organizations must disclose information about "a material cybersecurity incident within four business days after the registrant determines that it has experienced a material cybersecurity incident." However, the rule states, if a company determines that the impact of a breach is significantly different from originally disclosed in its 8-K filing, an amended 8-K might be required. Text of the proposed rule can be found here.

The 96-hour disclosure window is one day longer than that provided by the European Union's General Data Protection Regulation (GDPR), the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) signed by U.S. President Joe Biden in March, and the New York Department of Financial Services Cybersecurity Regulation, all of which have 72-hour breach notification periods.

Jason Hicks, field CISO at the cybersecurity consulting firm Coalfire, says one of the more controversial aspects of the new regulation — the 96-hour time requirement for a company to disclose the breach — might not be as draconian as many initially believed. 

"The compressed four-day time line jumped out at me, but if you read the fine print, the agency is allowing an indeterminate amount of time to investigate the incident and determine if it is, indeed, material," Hicks says. "However, you are still likely to find yourself making public disclosure before you've completed your entire incident response process."  

The law firm Woodruff Sawyer analyzed the proposed regulation and cited one word that could take the bite out of the apparent extreme nature. 

"Note that the word 'jeopardizes' could be taken to mean that some harm might take place, as opposed to actually taking place," the firm wrote in its published response. "The contingent nature of such disclosure is unlikely to be useful to investors, a point expressed well by the Davis Polk comment letter on the proposed rules."

**Boards Take Responsibility**

The Davis Polk letter, written to the SEC as part of the public request for comments, also questions whether board members need to have cybersecurity expertise. Instead, the firm expects boards to continue to exercise oversight. The question of a board of directors' responsibility for cybersecurity efforts and their personal liability for data breaches has been the subject of other compliance regulations and laws in recent years; this is simply the latest that would put cybersecurity responsibility at the board level.

Marcus Astin, chief operating officer and the governance, risk, and compliance officer at clothier Pala Leather, says he welcomes the new cybersecurity rules.

"They position me and my team to take a more proactive role in cybersecurity risk management," Astin says. "We will be able to identify risks, plan for their execution, and measure the effectiveness of our programs. The new standards are a great opportunity for us to elevate ourselves from reactive risk detection to a more integrated approach."

Adds Yadegari: "We have already seen many firms of all sizes look for help from outside experts. This is a sign of how seriously the industry takes these issues. Whether the proposed rules are adopted or not, I think we will see boards interested in receiving professional advice from experts knowledgeable about cybersecurity, third-party risk management, and GRC. As attacks and technology become increasingly sophisticated, this need only becomes more important to board members and management."

Proposed SEC Rules Require More Transparency About Cyber-Risk

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

From creating secure environments for hybrid work models to designing safer cloud infrastructures for data security, there is a constant need to solve cybersecurity problems from various domains and standpoints. However, to solve these problems effectively, organizations and governments alike need the right teams.

Nurturing highly effective cybersecurity teams has become a priority for all organizations, and today, an effective cybersecurity team is one that is inclusive of diverse perspectives, particularly those of women.

Research has shown that teams made up of diverse people with various backgrounds, skills, and genders almost always perform better than homogeneous teams. Yet, women are still greatly outranked by men in the cybersecurity space.

While organizations have implemented initiatives like diversity or equality programs, they don't address the specific barriers that female candidates face during recruitment or the problems women face in the cybersecurity workplace, all of which affect the overall productivity and effectiveness of a security team.

This means that organizations need to take more proactive steps in recruiting women into their cybersecurity teams, such as properly implementing policies focused on diversity, equity, and inclusion, and ensuring that they address the barriers qualified candidates face while entering and working in the industry.

**Barriers in the Recruitment Process**

One of the major challenges faced by women is at the recruitment stage. A lot of companies look for people who have specialized, IT-based qualifications for most cybersecurity roles. But cybersecurity isn't an isolated domain, restricted only to IT practitioners. It affects all domains and is influenced primarily by human behavior. Most of the attacks that have happened in recent times are a result of erroneous human behavior and social engineering. The best way to mitigate threats that occur because of human error is to open specialized, isolated security teams to varied perspectives.

Hiring generalists (i.e., candidates who don't have a cybersecurity background) ensures that organizations explore the maximum possible number of user reactions to a cybersecurity product, program, protocol, or any situation that demands caution and awareness from the user's end, leading to an increase in the effectiveness of any team. With the increasing number of vacancies in the industry and the limited number of specialists out there to fill them, filtering candidates who don't have specialized cybersecurity knowledge negates a huge chunk of diverse talent that could help fill the gap. Organizations must consider hiring for entry-level positions based on potential to perform well and add value to cybersecurity teams rather than only considering specialized IT-based competencies. By opening such roles to a whole new set of people, including women, organizations stand to gain better results.

When organizations resort to hiring esoteric profiles, they restrict cybersecurity product or service teams from considering factors beyond homogeneous perspectives while trying to determine possible anomalies in user behavior. Users and attackers will be from various backgrounds, genders, races, and ethnicities. Having a diverse cybersecurity team can help bring about a vivid understanding of user psychology and plug possible loopholes right from the outset. This is possible due to the various life experiences and thought processes a diverse team will bring to the table. This will in turn help predict possible anomalous behavior of users, and set the right detection rules.

**Fostering Inclusive Cybersecurity Teams Through Better HR Practices**

Organizations can make cybersecurity recruitment more inclusive by implementing best practices that specifically address issues that women face.

Tackling preconceived notions that recruiters have while hiring women, and avoiding the age-old question of work-life balance that all women face, would be a good place to start. This goes both ways. Some aspirants have a similar prejudice when it comes to the roles they believe exist in the cybersecurity field. When they think cybersecurity, they see an image of a man wearing a hoodie and hacking systems. This prevents them from exploring the wide range of opportunities the field has to offer, such as governance, risk, and compliance; incident management and response; and SOC teams.

There's a need for awareness among candidates aspiring to enter the cybersecurity industry. Addressing this is the joint responsibility of the organizations that run the industry and of the academic institutions that educate and train the candidates who constitute the workforce.

Despite women constituting a major part of the tech workforce, the challenges they face while entering the cybersecurity domain and once they are in the workplace continue to exist. It's time organizations address these challenges to provide a safer, more inclusive workplace for women, which in turn will benefit the productivity of their teams and ultimately improve the organization's security posture.

Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better

Scams pressure victims to "resolve an issue that could impact their status, business."

A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.

Last week alone, Malwarebytes Labs uncovered two phishing scams, targeting Twitter and Discord (a voice, video, and text chat app). The Twitter phishing scam sends users a direct message (DM) flagging their account for use of hate speech and requesting the user authenticate the account to avoid a suspension. Users are then redirected to a fake "Twitter help center," which asks for the user's login credentials.

The Discord phishing campaign sends users a message from friends or strangers accusing the user of sending explicit photos that are exposed on a server. The message includes a link to the purported server, and if the user wants to follow the link, they are asked to log in via QR code. If they do, the account will most likely be taken over by scammers, according to Malwarebytes. The message then gets sent to the user's friends from his or her account, perpetuating the phishing scam.

Patrick Harr, CEO at SlashNext, an anti-phishing company, says the Twitter and Discord attacks are a clever twist on the traditional social engineering scam to steal credentials. The best social engineering scams use fear or outrage to move the victim to act quickly without taking too much time to think "Is this a phishing scam?," he explains.

"In both cases, the users of Twitter and Discord are motivated to resolve an issue that could impact their status, business, or entertainment, which is why this phish is so effective," he notes.

Social media platforms are perpetual targets of phishing campaigns, using psychological manipulation to encourage victims to disclose confidential login credentials. The pilfered information is then used by malicious actors to hijack the user's social media accounts, or even gain access to their bank accounts.

But more importantly for enterprises, successful social media attacks on their employees can open the door to infiltration to the company network via the user’s infected device or abused credentials. "This means companies need a BYOD strategy that includes multichannel phishing and malware protection to protect social, gaming, and all messaging apps," Harr says.

**Fear and Urgency as Phishing Tools**

James McQuiggan, security awareness advocate at KnowBe4, explains social media phishes are effective because they use fear and urgency to get the victim to take an action they might not otherwise take. "A lot of the time, phishing attacks rely on the victim reacting to the email in an emotional state," he says. "The victim sees the email and responds without adequately checking the sender or the link."

An example is the threat of the social media account being suspended or a notice that the password has expired. When the victim clicks the link and visits the fake website, it looks exactly like the login page, and the user enters their credentials.

And if the user employs multifactor authentication (MFA) with the account, he says, the attacker can copy that session key to bypass the login and automatically gain access before the victim realizes it.

Attackers typically create high-pressure situations to increase their success rates. "If the target doesn't have time to think or feels pressured to act, they will likely overlook any red flags or gut reactions telling them not to engage," says Hank Schless, senior manager of security solutions at Lookout.

In the two incidents involving Discord and Twitter, Schless says, the attackers went for the integrity of the individual. "The public shame associated with hate speech or inappropriate behavior can be enough to get someone to act without thinking," he says.

**Remote Workforce Susceptible to Phishing**

McQuiggan points out remote workers have less in-person interaction with people around them and are less likely to share the experience or event with their co-workers sitting next to them.

"Suppose the organization isn't providing them with equipment from the organization," he says. "In that case, they will certainly be using their own devices and are more relaxed with them at home than with a machine from their organization."

It's not hard for cybercriminals to search LinkedIn or Twitter to see which users work for the public relations, marketing, or communications teams and then work to target them. He says spear-phishing is a top attack vector to get employees to click the links and "open the electronic front door" of the organization.

SlashNext’s Harr says training should include social engineering scams to demonstrate how personal interactions, such as social media interactions, can impact their work life. "However, we hear from customers that making policy adjustments restricting employees' use of mobile, social, or other personal apps is not well-received," he says. "In fact, asking employees to install managed security on their personal devices is also a non-starter."

McQuiggan says additional training is certainly one method of getting users aware of the various social media attacks. "Avoid relying on the links in the email and use it as an alert to check the account," he adds. "Use the application or a browser to log in and verify if an account is wrong or experiencing problems, as mentioned in the phishing email."

Organizations should employ mobile phishing protection across their entire user base — to both corporate-owned and personal devices, Schless recommends.

"Phishing credentials on mobile devices is typically how attackers can gain discreet access to the broader infrastructure and execute more advanced attacks like ransomware," he explains. "Protection against those more advanced attacks requires visibility into how users are accessing apps and data, then how they interact with that data."

**Phishing Attacks Just Won't Die**

Schless is also seeing a recent increase in voice phishing (vishing) and QR code phishing. "There could also be broader use of deepfake technology to impersonate an individual's voice or face in order to make the malicious communication even more convincing," he says.

Harr says social engineering phishing scams continue to be a serious problem for organizations. "We have seen an increase in requests for SMS and messaging protection as business text compromise, like its cousin business email compromise, is becoming a growing problem for an organization to detect and block."

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.

_Updated 5:19 p.m. EDT to include Microsoft's clarification that the change is temporary._ 

Several security experts expressed disappointment this week at Microsoft's quiet reversal Wednesday of a decision it had announced in February to disable Office macros in files from the Internet. Likely in response, Microsoft on Friday clarified that the rollback is only temporary while the company makes some additional changes to enhance usability.

In a brief — and barely noticeable — update Wednesday to the February announcement, the company originally said it was taking the step because customers wanted it to do so. "Based on feedback, we're rolling back this change from Current Channel," Microsoft said. "We appreciate the feedback we've received so far, and we're working to make improvements in this experience."

On Friday, the company revised the wording to make clear the rollback was not permanent. "This is a temporary change, and we are fully committed to making the default change for all users," Microsoft noted. The update noted that organizations that wanted to could block Internet macros through the Group Policy setting.

Macros allow users to automate commonly repeated tasks in Microsoft applications such as Word, PowerPoint, and Excel. But they have also long been a favorite attack vector for threat looking to deploy ransomware and other malware on Windows systems via phishing emails and other means. As a glaring example: in January 2022, just before Microsoft announced its decision to block macros from running by default, some 31% of all threats that Netskope blocked involved weaponized Office files.

"Macros in Microsoft Office have been a mixed blessing since their inception," says Mike Parkin, senior technical engineer at Vulcan Cyber. "While they provide a lot of functionality that users like and have leveraged in myriad ways, they’ve also been a popular attack vector since they were introduced."

Microsoft's February announcement that they were doing something about macros as an attack vector was welcomed by people in cybersecurity. So, its change of heart now is a bit disappointing, Parkin says. "While Microsoft has not yet said why they are rolling back the change, it seems likely it’s because users have come to depend on the functionality and would rather keep it in spite of the risk."

A Microsoft spokesman pointed Dark Reading to the company's updated update on the rollback when asked for comment.  

**The Macro Threat**

Microsoft itself has noted the threat that macros pose. In fact, as recently as April, the company urged Windows administrators to ensure Office macros are disabled in the environment to protect against macro malware. The company pointed to several ransomware families that attackers had distributed on Windows systems by abusing macros. Because of this, many security experts reacted with enthusiasm when Microsoft announced that macros from the Internet would be blocked by default in Office starting April 2022.

Starting with Office version 2203, users would no longer be able to enable content macros in files from the Internet by clicking a button, Microsoft had said. Instead, when they attempt to open a download or attachment from the Internet, a message would alert users them about the presence of VBA macros in the file and direct them to learn more about the potential risks associated with the file.

The change prompted a noticeable drop in Office-based attacks. According to Netskope, the percentage of Office malware detected by the company's cloud security platform has declined steadily since February 2022 and hovered at less than 10% for the last five months — compared with 35% a year ago.

Microsoft's reversal this week is going to result in a resurgence of Office malware, says Ray Canzanese, director of Netskope Threat Labs. "We are disappointed with the decision," Canzanese says. "Malicious Office documents are a major infiltration vector for attackers, being used to spread backdoors, info stealers, and ransomware."

Microsoft's decision suggests the company decided to prioritize the usability concerns of a vocal minority of customers over the security benefits inherent in disabling macros by default for all Office users, he says. "Instead of having users who preferred the old behavior opt-out of the enhanced security measure, users and admins will now have to opt-in," Canzanese says. "With this reversal, we expect Office documents to regain their previous popularity among attackers."

Ian McShane, vice president of strategy at Arctic Wolf, says disabling Office macros by default was a huge step forward in securing a tried and tested attack path for adversaries. Re-enabling macros now means Office users are less secure today than they were a week ago. McShane says it would have been better for Microsoft to have continued blocking macros by default than leaving it up to organizations to do it. via group policy settings. The multiple steps and settings that are often involved in doing this can be confusing, he says. 

Instead, the better approach would have been to let those who need macros to enable it via group settings. "Opt-in security benefits no one and is dangerous," he says.

Microsoft Reverses Course on Blocking Office Macros by Default

Fraudster allegedly passed off refurbished, modified Cisco equipment as new to hospitals, schools, and even the military.

The US Department of Justice has charged a Florida man for running a massive scheme that sold more than $1 billion in fraudulent Cisco networking equipment to unsuspecting customers.

Onur Aksoy of Miami, Fla., is accused of personally collecting millions off the scam, the DOJ said in a statement. The accused operated a company called "Pro Network Entities" that sold refurbished, rehabbed, and modified Cisco gear imported from China and Hong Kong along with fake yet convincing packaging, labels, and documentation.

The indictment for Aksoy said that victims who purchased the counterfeit hardware included hospitals, schools, government agencies, and the military, who were left with faulty, failing equipment.

The DoJ charged Aksoy with one count of conspiracy to traffic in counterfeit goods and to commit mail and wire fraud; three counts of mail fraud; four counts of wire fraud; and three counts of trafficking in counterfeit goods.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DoJ Charges CEO for Dealing $1B in Fake Cisco Gear

CHICAGO, July 8, 2022 /PRNewswire/ -- According to a research report "Security Orchestration, Automation and Response (SOAR) Market **by Offering (Platform & Solutions, Services), Application (Threat Intelligence, Network Forensics, Compliance), Deployment Mode, Organization Size, Vertical and Region - Global Forecast to 2027**," published by MarketsandMarkets™, the global SOAR Market size is expected to grow from an estimated value of USD 1.1 billion in 2022 to USD 2.3 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 15.8% from 2022 to 2027. As SOAR helps security team to fight against alert fatigue, growing incidents of phishing emails and ransomware is driving the market growth.

_Browse in-depth TOC on_ **"Security Orchestration, Automation and Response Market"****398 – Tables  
39 – Figures  
282 – Pages**

**Download PDF Brochure:** https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=176584778

**By offerings, services segment to grow at higher CAGR during forecast period**

Services involve support offered by security vendors to assist their customers to use and maintain security products efficiently. With the increasing sophistication in cyberattacks, organizations are adopting security services to address risks related to cyber threats as well as prevent them. The security services market is segmented across two major types: professional services and managed services. These services enhance the security portfolio of enterprises and safeguard their systems from unauthorized access, exploitation, and data loss. With the increasing digitalization and changing regulatory norms, customers need continuous guidance from SOAR implementation experts. This expertise gathered from managed services helps consumers design customized solutions for their business processes. MSPs also ensure customers are aware of the Return on Investment (RoI) on their security platform.

**By deployment mode, cloud segment to grow at higher CAGR during forecast period**

With the rapid digital transformation, organizations are changing their operating models and embracing cloud-based solutions. Cloud-based deployment offers several benefits to organizations, such as scalability and agility, reduce physical infrastructure, less maintenance cost, and 24/7 data accessibility from anytime, anywhere. Thus, organizations are adopting cost-effective SOAR solutions to prevent and protect volumes of data from cyberattacks. Cloud platforms automate all the process in an organization that falls short of staff to monitor security operations. These platforms also offer additional support and consulting services.

**Speak to Analyst:** https://www.marketsandmarkets.com/speaktoanalystNew.asp?id=176584778

**By Region, Asia Pacific to grow at a higher CAGR during the forecast period.**

Asia Pacific comprises some of the world's largest economies, such as China, India, Japan, and Australia. The cyber threat landscape in these countries is changing every day, with threats experienced by organizations increasing at an alarming rate. In 2021, the most targeted region for cyberattacks was Asia Pacific, it accounted for one in four cybersecurity attacks launched worldwide. The most incidents in the region were experienced by Japan, Australia, and India, where server access and ransomware were amongst the most popular forms of attacks. The type of threats faced by Asia Pacific countries is also changing and growing more complex each day. Asia Pacific is also proactively leading the charge in the development and adoption of many new technologies, including smart cities. As more and more technologies or complex projects are being taken up, the region also becomes increasingly vulnerable to more sophisticated threats. To address these increasing vulnerabilities, many companies are expanding into Asia Pacific. For example, Swimlane, a major vendor of SOAR has extended its cloud-based security automation into Asia Pacific Japan (APJ) amid momentous growth in region.

**Key Players**

Major vendors in the global **Security Orchestration, Automation and Response (SOAR) Market** include IBM (US), Cisco (US), Rapid7 (US), Palo Alto Networks (US), Splunk (US), Swimlane (US), Tufin (US), Fortinet (US), ThreatConnect (US), Trellix (US), Sumo Logic (US), Siemplify (US), LogRhythm (US), Resolve (US), Exabeam (US), manageEngine (US), KnowBe4 (US), D3 Security (Canada), Qvine (US), Cyware (US), LogicHub (US), Cyberbit (US), Logsign (Netherland), SIRP (UK), Tines (Ireland).

**Browse Adjacent Markets:** Information Security Market Research Reports & Consulting

**Related Reports**

Cybersecurity Market by Component (Software, Hardware, and Services), Software (IAM, Encryption, APT, Firewall), Security Type, Deployment Mode, Organization Size, Vertical, and Region (2022 - 2026)

Security Information and Event Management Market by Component, Application, Deployment Mode, Organization Size, Vertical (Information, Finance and Insurance, Healthcare and Social Assistance, Utilities), and Region - Global Forecast to 2025

**About MarketsandMarkets™**

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7500 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model – GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledge Store" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets

This year's RSA Conference saw a strange mix of selling the future and the past — for good reason.

The show floor during the RSA Conference was a dizzying mix of vendors selling solutions ideal for a precloud world and vendors carving out new concepts. There was a bewildering list of acronyms that we knew and several we didn't. CSPMs, CWPPs, and CIEMs were joined by SSMP, CNAPP, and CDR. (Read this companion piece to learn what they mean.)

The main takeaway seemed to be "Secure the future, but don't neglect the legacy of the past" — which is surprisingly reasonable for the volatile and ephemeral world of cybersecurity. Mix that in with the global skills shortage and confusion in the world of talent and, as the title of this article says, welcome-back-to-the-future shock!

Why do we see this strange mix of selling the future and the past? Well, not every company has the same pressures and drivers, so consequently they can be at a different stage of technology transformation. Cloud natives and the growing ranks of "cloud immigrants" (those not born using the cloud but who fully embrace it) live in the 2020s. At the same time, some organizations are moving to enter the 1990s or perhaps 2000s, at least as far as IT security spending goes. People are buying their first SIEM or upgrading to a next-gen firewall, as well as trying to secure cloud-native and cloud-migrated applications and workloads. Different industry sectors have different dynamics, and this is reflected in their architectures and operations.

Back in 1970, the Boston Consulting Group created the paradigm of the four stages of product growth: question marks, stars, cash cows, and pets. The VPN market is a perfect example of the cash cow — larger than all of the cloud security markets combined but with a clearly visible end-of-life looming on the horizon. In contrast, many cloud security solution categories, such as CSPM, CIEM, and CWPP, are now firmly established as rising stars, with healthy innovation and growth being evident.

**Ubiquitous Buzzwords and Hidden Gems**

RSA Conference has always been about buzzword bingo. Extended detection and response (XDR) was everywhere, but the vendor offerings underneath the banner varied widely. XDR is a relatively new term, and the various analyst firms — and even individual analysts within the big firms — are arguing about what it means. This is even more true of zero trust (a phrase that also describes how many CISOs feel about vendor pitches and marketing). More mature detection and response technologies, such as endpoint detection and response (EDR) and network detection and response (NDR) are joined by cloud detection and response (CDR, which I have seen interpreted also as content disarm and reconstruction) and data detection and response (DDR). Managed detection and response (MDR) is an attempt by managed service providers to shed the reputation of simply being there to tell the customer they've been hacked, and to shift a little bit left of the crisis.  

Zero trust is a term that's become overused and is losing traction — however, it's still an integral part of the security landscape. Of course, it's debatable whether zero trust truly models the way that we interact as humans in our customer and supplier relationships, but it is a useful model for cybersecurity architects and engineers trying to reduce the hazard of unintentional connectivity between systems.

And when we talk about hype in cybersecurity, there is one specter that always lurks in the corner. Machine learning spent a good few years being breathlessly abused by excited salespeople, to the point when it seemed like we should expect it to magically inoculate our applications, straighten out our insider risk problems, manage our supply chain, and serve coffee afterward. The reaction this provoked was frustrated CISOs refusing point-blank to talk to any wide-eyed evangelist of the magic box. Thankfully, machine learning and artificial intelligence now provide solid solutions ready to be put into operation. Marketing efforts are focusing on realizable, evidence-backed assertions based on customer benefits, and this is converting into solid growth.

**What Did I Miss?**

Despite the fact that fraud is on the rise, there weren't that many fraud detection solutions. Perhaps their absence is an indication that CISOs are turning away from the dream of the fusion solution and deciding that despite evidence of attackers using cyberattacks in fraud schemes, it's too complex to overcome the corporate politics. 

Dedicated ransomware solutions were also remarkably absent. While CISOs may recognize the benefits of solutions specifically targeted at this huge problem, they need to be able to explain to the CFO why the malware solutions that have already been paid for aren't doing the job. I think that we are not seeing the full ransomware kill chain, as several threat research organizations are identifying links between ransomware, fraud attacks, and other cyberattacks.

Data security solutions seem to be becoming a component of other solutions, such as CWPP (for cloud), or other specific verticals, such as payment solutions, healthcare, and others that have compliance-driven privacy responsibilities. This is another example of how compliance drives security investment (and therefore, engineering and product development). It may be that, as more applications become fully cloud-centric, we will be expecting this capability to be provided natively within the cloud app itself.

It is surprising that Internet of Things/operational technology (IoT/OT) solutions remain thin on the ground. One colleague of mine suggested that the "s" in "things" stands for security, and it's not hard to see the truth behind that witticism. Security has always been driven by compliance and risk, and IoT/OT is still at the stage where design engineers and managers are seeking operational availability and connectivity. 

There appears to be little driving force in investing in secure cybersecurity solutions, despite the evident threat from unfriendly foreign powers, criminal gangs, and destructive activists. As many industrial control engineers say, it's all fun and games until some noxious glowing goo eats through the floor!

What's clear from the RSA Conference is that the industry is ready to use the lessons of the past to point us toward the future.

Welcome-Back-to-the-Future Shock

**BOULDER, Colo. – July 6, 2022 –** Swimlane, the low-code security automation company, today announced a $70 million growth funding round led by Activate Capital. Existing investors Energy Impact Partners (EIP) and 3Lines Venture Capital also participated in the round. The new investment will accelerate the company’s ongoing growth and operations on a global scale while continuing to advance its platform innovations in security automation ahead of the competition.

Automation has become a must-have technology for security operations, evident from recent Presidential Executive Orders, an unsolvable talent shortage and an ever-increasing amount of threat telemetry. Swimlane recently launched Turbine as the solution — a breakthrough in low-code automation that captures hard-to-reach telemetry and expands actionability beyond closed extended detection and response (XDR) ecosystems.

As part of the funding, the company also announced that Raj Atluru, Managing Partner at Activate Capital, will join the Swimlane Board of Directors.

“We invested in Swimlane because we believe in the company’s ability to unlock the most valuable product developments customers demand for security automation inside and outside the SOC,” said Atluru. “Swimlane has transcended traditional SOAR and risen to meet the growing need for low-code security automation to help organizations quantify business value, overcome process and data fatigue, and combat chronic staffing shortages.”

Sameer Reddy, Managing Partner at Energy Impact Partners said, “Security operations today is at a critical inflection point. Organizations don’t have enough people, money, or resources to address all of their security workflows across the entire organization, while also responding to threats the moment they happen. Automation will have to play a critical role in addressing these challenges and Swimlane is incredibly well-positioned as the leading independent security automation platform.”

According to Niloofar Razi Howe, Swimlane Board Member and long-time cybersecurity veteran, “The accelerating pace of threat telemetry coupled with a rapidly expanding attack surface is outstripping the ability for humans to act. Swimlane is filling in one of the biggest gaps in cybersecurity today by putting humans back in control with a low-code approach to security automation.”

“We are very proud of the global traction and results we have achieved,” said James Brear, CEO of Swimlane. “Besides our hyper revenue growth, we have achieved over 120% of net retention and product expansion. Our cloud product has seen a 5X increase in adoption over 2021 and our growth over the last four years is over 700%. This is a testament to our customer-first mindset and meeting all the use case requirements our customers demand.”

The new investment will also accelerate the growth of Swimlane’s global partner network and create new market opportunities through partners in all major geographies. This will include technical partner support and enablement to help partners unlock the power of automation beyond just threat response.

“Organizations across industries are facing a more sophisticated and targeted threat landscape than ever before,” said John Vanderzon, CTO of Sun Management, which also joined the growth round of investment. “We invested in Swimlane for its intelligent approach to solving a long-term problem. We see Swimlane as a paradigm shift similar to what we saw with Palo Alto Networks when we ran four of their betas in 2007. We look for technology that solves problems intelligently, and Swimlane's low-code security automation goes above and beyond to give companies the power to stop threats at the point of inception in a rapidly expanding attack surface — without the need to hire more people.”

**About Swimlane**

Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders. For more information, visit swimlane.com or join the conversation on LinkedIn, Twitter and YouTube.

Swimlane Secures $70M Growth Round to Fuel Global Expansion of Next Generation Low-Code Security Automation Platform

DUBLIN, July 8, 2022 /PRNewswire/ -- The "Global Enterprise Endpoint Security Market - Forecasts from 2022 to 2027" report has been added to **ResearchAndMarkets.com's** offering.

Endpoint security is the technique of preventing harmful actors and campaigns from exploiting endpoints or entry points of end-user devices such as PCs, laptops, and mobile devices. Endpoint security solutions on a system or cloud protect against cybersecurity threats. Endpoint security has progressed beyond antivirus software to supply comprehensive security against sophisticated malware and new zero-day dangers.

Nation-states, hacktivists, organized crime, and purposeful and unintentional insider threats all pose a hazard to businesses of all sizes. Endpoint security is frequently referred to as cybersecurity's frontline, and it is one of the first places where businesses attempt to defend their networks. Due to several benefits, such as cost savings with cloud storage, compute scalability, and low maintenance requirements, enterprise use of SaaS-based or cloud-delivered endpoint security solutions continues to grow.

**The growing number of enterprise endpoints and mobile devices with access to sensitive data has created a tremendous need for endpoint security solutions, which is expected to drive the market.**

In today's environment, mobile gadgets such as smartphones and tablets have become necessary for both individuals and businesses. The number of employees using their phones for work is fast expanding, and mobile devices and applications have presented a slew of new attack vectors and data security challenges.

These cyber dangers range from Trojans and viruses to botnets and toolkits, and they can have a significant impact on the broader network, putting sensitive and private data at risk. For example, according to the Mobile Security Report 2021 by Check Point, 97 percent of businesses globally were hit by mobile attacks that used several attack vectors. At least one employee in 46 percent of those businesses downloaded a malicious app to their phone.

According to the same report, nearly every firm had at least one smartphone malware assault in 2020. The mobile network was responsible for 93 percent of the attacks. As previously stated, around 40% of all mobile devices are at risk of being targeted by cyber-attacks. As a result, businesses are increasingly implementing endpoint security solutions to secure their networks and give secure access to confidential data to their employees.

As a result, factors such as increased mobile and wireless device usage, advancements in connectivity infrastructure around the world, and dropping mobile device prices are all expected to have a significant impact on the endpoint security industry. For instance, according to Ericsson, there are already over six billion smartphone subscribers worldwide, with several hundred million more expected in the next years.

By 2026, the number of smartphone users is predicted to increase to 7516 million. Employees at firms are increasingly using their personal mobile devices to access corporate data owing to the growing BYOD trend. However, it poses security concerns, necessitating powerful endpoint security solutions to protect sensitive company data, resulting in significant demand.

However, the lack of awareness about endpoint security among the general public, as well as the fact that many enterprises are struggling to deal with security threats and data breaches as a result of a lack of understanding about endpoint security, is expected to limit the market expansion.

**By region, the Asia Pacific and North America are expected to hold a notable share in the global enterprise endpoint security market during the forecast period.**

North America and Asia-Pacific are predicted to have a significant share of the global enterprise endpoint security market. Applying technology to restrict threats on organizational endpoints and the rising penetration of mobile devices that are initially prone to endpoint attacks are two reasons supporting the market expansion in these regions.

For instance, in July 2021, SentinelOne and ConnectWise established a partnership to strengthen their security relationship. MSPs will be able to obtain SentinelOne Control and SentinelOne Complete as standalone products from ConnectWise rather than having to purchase them as part of the SOC-targeted Fortify Endpoint offering.

Similarly, in September 2020, Palo Alto Networks and OPSWAT expanded their partnership to add support for new endpoint platforms and IoT devices in GlobalProtect and Prisma Access for branch offices, retail locations, and mobile users. The integration detects and evaluates the state of the endpoint as well as any third-party security programs installed on it. The Host Information Profile (HIP) gathers data about the network's endpoints' security state, used to implement gateway policies.

**COVID-19 Insights**

The COVID-19 outbreak compelled enterprises all around the world to mobilize swiftly in order to secure large numbers of remote workers and expand their tooling beyond traditional security measures. With the growing number of cybercrimes in 2020, the market for global enterprise endpoint security has been positively impacted by the pandemic.

For instance, the US Department of Health and Human Services (HHS) systems were subjected to a large DDoS attack in March 2020. In the same month, a cyberattack hit databases at the University Hospital in Brno, one of the Czech Republic's main centers for COVID-19 blood testing. As a result, doctors could not complete coronavirus testing and had to postpone several surgical procedures.

**Key Topics Covered:**

**1\. INTRODUCTION**

**2\. RESEARCH METHODOLOGY**

**3\. EXECUTIVE SUMMARY**

**4\. MARKET DYNAMICS**  
4.1. Market Drivers  
4.2. Market Restraints  
4.3. Porter's Five Forces Analysis  
4.3.1. Bargaining Power of Suppliers  
4.3.2. Bargaining Powers of Buyers  
4.3.3. Threat of Substitutes  
4.3.4. Threat of New Entrants  
4.3.5. Competitive Rivalry in Industry  
4.4. Industry Value Chain Analysis

**5\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY SOLUTION**  
5.1. Anti-Virus  
5.2. Firewall  
5.3. Endpoint Device Control  
5.4. Anti-Spyware/Anti-Malware  
5.5. Others

**6\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY COMPONENT**  
6.1. Application Control  
6.2. Endpoint Encryption

**7\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY DEPLOYMENT**  
7.1. Cloud  
7.2. On-Premise

**8\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY ORGANIZATION SIZE**  
8.1. Small  
8.2. Medium  
8.3. Large

**9\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY INDUSTRY VERTICAL**  
9.1. BFSI  
9.2. Government  
9.3. Aerospace and Defense  
9.4. Healthcare  
9.5. Communication and Technology  
9.6. Others

**10\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY GEOGRAPHY**  
10.1. Introduction  
10.2. North America  
10.2.1. United States  
10.2.2. Canada  
10.2.3. Mexico  
10.3. South America  
10.3.1. Brazil  
10.3.2. Argentina  
10.3.3. Others  
10.4. Europe  
10.4.1. Germany  
10.4.2. France  
10.4.3. United Kingdom  
10.4.4. Spain  
10.4.5. Others  
10.5. Middle East and Africa  
10.5.1. Saudi Arabia  
10.5.2. Israel  
10.5.3. Others  
10.6. Asia Pacific  
10.6.1. China  
10.6.2. Japan  
10.6.3. South Korea  
10.6.4. India  
10.6.5. Thailand  
10.6.6. South Korea  
10.6.7. Taiwan  
10.6.8. Indonesia  
10.6.9. Others

**11\. COMPETITIVE ENVIRONMENT AND ANALYSIS**  
11.1. Major Players and Strategy Analysis  
11.2. Emerging Players and Market Lucrativeness  
11.3. Mergers, Acquisition, Agreements, and Collaborations  
11.4. Vendor Competitiveness Matrix

**12\. COMPANY PROFILES**  
12.1. Intel Corporation  
12.2. Broadcom Inc. (Symantec Corporation)  
12.3. Trend Micro Incorporated  
12.4. RSA Security LLC  
12.5. Kaspersky Lab  
12.6. Bitdefender  
12.7. WatchGuard Technologies  
12.8. ESET  
12.9. Sophos Ltd  
12.10. McAfee LLC

For more information about this report visit https://www.researchandmarkets.com/r/fyl26c

Worldwide Enterprise Endpoint Security Industry to 2027: Focus on Antivirus, Firewall, Endpoint Device Control, and Anti-Spyware/Anti-Malware

Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalition’s vision to provide security for all.

SAN FRANCISCO, July 08, 2022 (GLOBE NEWSWIRE) -- Coalition, the world’s first Active Insurance company designed to prevent digital risk before it strikes, today announced it has raised an additional $250 million to accelerate its rapid growth, power international expansion, and broaden the services Coalition offers to help organizations manage digital risk. This funding round closed in June with participation from Allianz X, Valor Equity Partners, Kinetic Partners and other existing investors, increasing Coalition’s valuation from $3.5 billion to $5 billion.  

Coalition’s Active Insurance combines industry-leading cybersecurity tools, access to around-the-clock digital forensics and incident response, and broad insurance coverage to help organizations identify, mitigate, and insure digital risk. Coalition’s technology advantage has allowed the company to build a sustainable, high-performing book of business in a highly-dynamic cyber market, while also helping Coalition customers spot and manage digital risk before it strikes. Coalition now serves over 160,000 customers with Active Cyber Insurance, Active Executive Risks Insurance, P&C insurance, and cybersecurity capabilities.

The new funding comes as Coalition continues its wave of growth at massive scale, exceeding $775 million in run rate GWP (gross written premium) and a nearly 200% increase in revenue growth over the prior year. Coalition partners with brokers in all 50 states to provide active cyber and active executive risks insurance and offers active cyber insurance across Canada. Later this year, Coalition will launch its UK active cyber program in partnership with Allianz, as announced last week.

“Many organizations remain unprotected in the face of rising digital threats, and neither traditional insurance nor cybersecurity alone is well equipped to help them,” said Joshua Motta, CEO and co-founder of Coalition. “Our active approach to underwriting, monitoring, and responding to digital risk has allowed Coalition to achieve market leading underwriting results while demonstrably reducing claims and losses for our customers so they can continue to thrive in the digital economy.”

“Coalition’s active, tech-based approach to cybersecurity and cyber insurance has proven to be profoundly effective, which is also reflected in its outstanding business results,” said Dr. Nazim Cetin, CEO of Allianz X. “The trends driving the importance of cyber defense are irreversible. We see an active approach as the most effective solution for addressing cyberthreats to businesses both now and in the future.”

“Coalition demonstrates clear market and technology leadership with growing network effects,” said Chris Golden, Founder and Chief Investment Officer at Kinetic Partners. “With the company’s high-quality culture and outstanding execution, we believe Coalition’s competitive advantages and value-creation will continue to compound in the coming years.”

Coalition has raised over $755 million in equity funding to date from leading global technology investors, including Durable Capital, T. Rowe Price Associates Inc, Whale Rock Capital, Index Ventures, General Atlantic, Ribbit Capital, Vy Capital and Valor Equity Partners, among others. Founded in 2017 by Joshua Motta and John Hering, Coalition is one of the largest cyber insurance and security providers in the United States and Canada.

To learn more about Coalition, visit coalitioninc.com. To learn more about Coalition cyber insurance in the UK, visit coalitioninc.co.uk

**About Coalition**  
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by leading global insurers Allianz, Swiss Re Corporate Solutions, Arch Insurance North America, Lloyd’s of London, and Ascot Group, Coalition offers its insurance products in the US and Canada and its security products to organizations globally. Coalition’s Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates both digitally and in office hubs across the globe.

**About Allianz X**  
Allianz X invests in digital frontrunners in ecosystems relevant to insurance and asset management. In just a few years, it has grown to a portfolio of more than 25 companies and AuM of over 2 billion euros. Allianz X has counted 11 unicorns among its portfolio so far. The heart and brains behind it all is a talented team of around 40 people. As one of the pillars of the Allianz Group’s digital transformation strategy, Allianz X provides an interface between Allianz Operating Entities and the broader digital ecosystem, enabling collaborative partnerships in insurtech, fintech, and beyond. As an investor, Allianz X supports mature digital growth companies to take the next bold leap and reach their full potential.

**About Kinetic Partners**  
Kinetic Partners Management, LP (“Kinetic”) is an investment firm focused on global public and private equities. Kinetic seeks to provide thought partnership, support, and capital to exceptional teams driving innovation. Kinetic was founded by Chris Golden and maintains offices in Miami, Florida and New York, New York.

Source

DARKReading