Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise.

On the morning of Sept. 7, 2017, US credit bureau giant Equifax announced hackers had infiltrated its network and exfiltrated customer names, Social Security numbers, birthdates, and addresses. The news of the breach — which compromised the private records of 147.9 million Americans (almost 50% of the entire US population), 15.2 million Britons, and almost 19,000 Canadians — immediately created pandemonium across organizations, forcing many business leaders to reconsider their security postures. Much has changed over the past five years, but the lessons from the Equifax breach are still relevant for enterprises.

Equifax didn't reveal the breach as soon as it discovered it — the company sat on the information for more than a month. It was the perfect antithesis: A business known to provide credit score rating, fraud solutions, financial marketing, and analytical services had been hacked. The attackers had gotten in through an unpatched vulnerability in Apache Struts. The worst part? Apache had already warned about the flaw and a patch was available.

"The Equifax breach is a unique attack in that a conscious decision was made by a company and its leadership: not to patch the vulnerability when the software vendor announced the vulnerability and provided the patch," says James Turgal, vice president of cyber risk, strategy, and board relations at Optiv.

The attack, now linked to four hackers from the Chinese military, represents one of the most sweeping attacks conducted against US businesses by foreign nationals. Industry experts discuss with Dark Reading what lessons to draw from the breach and how organizations can prevent similar threats in their environments.

**Data Management Is Still an Enterprise Problem**

"Equifax shows that organizations need to focus on data management," Adam Marrè, CISO at Arctic Wolf and former FBI special agent/cyber investigator, tells Dark Reading.

"With so many different IT and security priorities, companies aren't thinking about data management in the right ways. Most organizations only think about how best to monetize data or how to use it to serve their customers, but they often miss the significant increase in risk that storing the data brings."

Turgal agrees, noting that enterprises and individuals are at risk of data exfiltration and identity theft.

"Every day, companies large and small fall victim to identity theft," he says. "Both the high volume of activity and large transactions occurring at the corporate level attract threat actors, using data that typically has been exfiltrated from another breach by a separate threat actor and sold to the highest bidder to impersonate the identity of a business to commit fraud."

Gartner estimates that until 2025, "80% of organizations seeking to scale digital business will fail because they do not take a modern approach to data governance." That's a lot of businesses, and it's a figure that Marrè agrees with.

"In my experience, most companies don't have a comprehensive picture of how they collect, store, and manage data," he says. "Especially from a security standpoint, most businesses have no idea who has access to what data, how to properly classify it, how to protect it, and even how to set up data retention policies to properly get rid of it. By focusing on these aspects, businesses can transform their data strategies and further protect themselves and their customers."

Turgal suggests that organizations can safeguard data and identity by doing the following:

*   Include artificial intelligence and machine-learning technologies into the business processes to quickly spot anomalous behavior.
*   Review and update access permissions and utilize data encryption when the data is in transit and at rest.
*   Establish protocols for user provisioning and deprovisioning of regular and privileged access holders.
*   Continually educate employees on how to minimize risk.

**Enterprises Aren't Paying Attention to the Basics**

The fundamentals of cybersecurity are still lacking in several enterprise efforts at securing user data. Leaning on his experience in the FBI and private sector, Marrè says he has seen so many organizations that are not adequately prioritizing security. With security incidents at high-profile businesses and rampant ransomware and extortion attacks worldwide, organizations can no longer afford to ignore or sideline their security, he says.

"Although there are new and exciting technologies that are aimed at solving different attack vectors, focusing on successfully executing the fundamentals of cybersecurity remains the most effective strategy," Marrè says. "When it comes to protecting your organization and your data, prevention is good, but detection is a must."

Many attacks can be avoided by implementing zero-trust architecture to the letter. In hindsight, for example, the Equifax attack could have been prevented if the organization had paid more attention to the multiple threat warnings the company had received before the hack.

The Equifax breach was "a strong example of why enterprises should evaluate their data to understand the business need and ensure it is classified appropriately," says Andrew Bayers, head of threat intelligence at Resilience, adding that data should be stored and transmitted securely — and ultimately retained for only the amount of time needed.

**Cyber Resilience Needs Action, Not Reaction**

While it's true that some players in the enterprise are investing heavily in cybersecurity, several others are still lagging — giving malicious actors an opening to capitalize on discrepancies and take control of critical data assets. Although its activities are not immediately noticeable, a proactive cybersecurity team is worth its weight in gold.

"Having a skilled security team is the backbone of a sound cybersecurity strategy," Marrè says. "Whether it's a world-class team from a partner or in-house experts, this should be a priority for all companies."

To become cyber resilient, Bayers adds, organizations should identify vulnerabilities in their systems and prioritize patching according to the risks they pose.

Equifax's Lessons Are Still Relevant, 5 Years Later

Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.

AUSTIN, Texas, Oct. 25, 2022 /PRNewswire-PRWeb/ — Spyderbat, a cloud native runtime security company, today announced it has raised $10 million in Series A funding. The funding was led by NTTVC with participation from LiveOak Venture Partners, Benhamou Global Ventures and John McHale to fuel product development and go-to-market activities.

The Enterprise shift-left trend toward a more embedded approach to security in the continuous integration and continuous delivery (CI/CD) pipeline requires new innovation. While organizations adopt strategies to reduce exploitable vulnerabilities in cloud native environments, it has proven insufficient to defend against breaches. The rate of change enabled by cloud provisioning and microservice architectures increase the probability of misconfigurations and missed known and unknown vulnerabilities. Additionally, the dependencies on third-party components increase the probability of supply chain compromises and zero-day attacks. Spyderbat addresses these needs with capabilities that integrate runtime security throughout the lifecycle.

CEO Marc Willebeek-LeMair and CTO Brian Smith, co-founders of Spyderbat, are no strangers to intrusion prevention systems (IPS). As the original founders of TippingPoint, Willebeek-LeMair and Smith invented the network IPS in the early 2000s.

"As we grew closer to understanding the fundamental security concerns in cloud native environments, we recognized the need for a brand-new approach," states Willebeek-LeMair. "Traditional detection methods, along with the rate of change found in cloud native environments, create inaccurate findings that require teams to investigate each with limited data. This leads to high volumes of interrupt-driven efforts that are inconclusive. DevOps and Platform Engineering teams need an accurate understanding of what is happening before automation can occur and a broader protection solution."

The Spyderbat SaaS platform boasts three critical capabilities for detecting and blocking intrusions attacking known and unknown vulnerabilities:

*   Runtime Visibility -Spyderbat generates live detailed mapping and historic contextual visibility across Kubernetes, container and VM  
    environments to enable DevOps and Platform Engineering teams' immediate visibility to the root cause of security and operational issues. 
*   Runtime Delta - Armed with the ability to capture runtime activities with causal context, Spyderbat's Runtime Delta enables development teams to rapidly and securely iterate within guard rails, using an automated understanding of runtime behavior differences between builds and environments.
*   Runtime Intrusion Prevention - Spyderbat provides the industry's broadest form of protection that blocks attacks against cloud-native  
    workloads throughout the software development lifecycle, including supply-chain attacks, compromised credentials, ransomware, and  
    cryptojacking.

In addition to the platform's core capabilities, Spyderbat Labs produces continuous actionable intelligence updates to the Spyderbat platform by performing threat research for cloud native environments. Spyderbat Labs creates Shields to stop attacks against known vulnerabilities, packaged baseline policies to built-in Linux and Kubernetes services, and Attack Detections mapped to MITRE ATT&CK techniques.

"Spyderbat opens the doors to a new level of security and operational awareness," states Aldo Gonzalez, CTO at Client Support Software. "It identifies previous unknowns that require my attention, allowing me to easily see the whole picture and take action."

"It is not about detecting individual activities that may or may not indicate a compromise," adds Smith. "What separates Spyderbat is a complete understanding of runtime activities to recognize new workload behaviors or connect threat indicators to each other and their root cause. This context enables early detection and accuracy, with a thorough understanding of the intrusion that enables automation to block it."

"Spyderbat's platform offers early cloud-native intrusion prevention, which is critical for enterprises in today's complex and high-threat environment," said Fay Hazaveh Costa, Partner at NTTVC. "We are looking forward to supporting the Spyderbat team and helping to fuel their next phase of growth."

In addition to its core offering, Spyderbat separately announced today its Open-Source program. Spyderbat is exhibiting at KubeCon+CloudNativeCon October 26th through October 28th. Learn more about Spyderbat's solution for cloud native runtime security by visiting their booth #SU45.

**About Spyderbat**

  
Spyderbat delivers cloud native runtime security to customers with unprecedented precision in intrusion prevention and mitigation. Founded in 2019 on the recognition that the manual processes of traditional security operations are completely ineffective in rapidly changing cloud environments, Spyderbat is making threat prevention and security operation automation available with a platform for early, accurate, and thorough recognition of attacks. To learn more about Spyderbat's solutions, open-source projects, career opportunities, or to begin using Spyderbat's free tier, visit http://www.spyderbat.com.

Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments

New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.

**MIAMI, FL / ACCESSWIRE / October 25, 2022** — Lumu, the creator of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real-time, has partnered with Enterprise Management Associates (EMA) to conduct an independent survey exploring why MSPs are focusing on growing their cybersecurity practices, cites their most pressing concerns when it comes to threats and offers guidance on how MSPs can build a security stack effectively.

"There's been a monumental shift in threat actors' operations, which have led SMBs to face a higher risk of targeted security breaches," said Ricardo Villadiego, Founder and CEO of Lumu. "Now more than ever, entrepreneurs and small business leaders need to understand the heightened need for cybersecurity. With that awareness comes the need to implement a comprehensive cybersecurity program, but not every small business has the means to do so in-house. MSPs that can effectively meet the current needs of SMBs will gain market share and see significant growth opportunities."

The "MSP Cybersecurity Market Opportunity Blueprint" study found that:

*   In the next 12 months, 75% of MSPs are planning to invest in security and threat intelligence, 66.2% in threat detection and response, 66.2% in real-time attack visibility and 50% in forensics and incident response.
*   The most important concerns of MSPs when it comes to protecting customers from cyber threats are malware (77.9%), ransomware (70.6%), business email compromise (64.7%), and phishing (69.1%).
*   More simplistic malware techniques are enough for cyber-criminals to compromise SMBs, while larger organizations must employ more sophisticated and scalable techniques. Cyberattacks on small businesses consist mainly of malware (60%).
*   The top fears MSPs are around when/if customers experience a cyberattack are operational downtime (69.1%), losing the trust of your customers (64.7%), financial losses (63.2%), and reputational losses (61.8%).

Based on the findings of the report, EMA recommends five steps that MSPs should follow to start or evolve their cybersecurity practice:

*   **Customers' network-level threat visibility is vital:** MSPs should develop methods to identify any and all traces of compromise in the network because it will help MSPs minimize damage and avoid disruption.
*   **Ensure scalability through effective tools:** MSPs should favor SaaS-based commercially available solutions that can grow effectively with the MSP - tools built to effectively use cybersecurity talent, so they spend their time effectively.
*   **Leverage response automation:** MSPs achieve great levels of efficiency by combining real-time attack monitoring with integration capabilities that use out-of-the box or API techniques for data exchange and touchless response.
*   **Understand the pricing thoroughly:** MSPs need flexible pricing that matches the services delivered to their customers to not get locked into unfavorable long-term contracts which are undesirable considering the changing threat landscape.
*   **Protect the human element:** With phishing and other social engineering techniques increasing in sophistication and effectiveness, MSPs should train their staff and users across their customer base to identify and report these threats.

"We foresee that more than half of SMBs will part ways with MSPs that fail to address cybersecurity needs effectively and seek out alternative solutions," said Chris Steffen, Managing Research Director at EMA. "There's a huge opportunity for MSPs to get ahead of this and invest in security areas that are most prevalent to SMBs in the next 12 months such as security threat intelligence services, threat detection and response, real-time attack visibility, and forensic and incident response. The MSPs that prioritize these areas will be at an advantage over competitors and will be better equipped to grow their customer base."

To view the full findings of the MSP Cybersecurity Market Opportunity Blueprint report please download https://lumu.io/msp-growth-blueprint/.

**About Lumu**  
Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes. Learn more about how Lumu illuminates network blindspots at www.lumu.io.

**About EMA**  
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going "beyond the surface" to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals.

Learn more about EMA research, analysis, and consulting services for enterprise IT professionals, and IT vendors at www.enterprisemanagement.com or follow EMA on Twitter or LinkedIn.

MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Program In-House

BILBAO, Spain, Oct. 25, 2022 /PRNewswire/ — SealPath, a leading provider of zero-trust data-centric security and enterprise digital rights management, announced the launch of SealPath Data Classification powered by Getvisibility, leveraging the latest Artificial Intelligence and Machine Learning technologies to provide their customers with an advanced standard of visibility, protection, control, and a dynamic understanding of their data as it is being created.

This innovative AI-enhanced data classification solution provides the insights and continuous automated protection that enterprise customers need to securely and accurately classify data over its entire lifecycle. Thus, organisations across multiple business verticals gain the ability to prevent data leaks and achieve compliance with the strictest data protection regulations.

With SealPath's classification, the user receives suggestions about the classification level when creating and editing a document. The software learns and adapts to different document types, continuously improving accuracy through AI, and allows organisations to classify unstructured information with unprecedented confidence.

SealPath's information protection is 100% integrated with the new intelligent data classification system so that those files labeled with a certain classification level or subject to a specific regulation can be protected automatically and without user intervention.

"SealPath Data Classification powered by Getvisibility was born in response to the outdated technologies most modern companies currently utilise to classify and manage their data. The solution's machine learning models have been pre-trained for years via data containing a wide array of data types – from personal information, medical and financial to defense data. Combined with robust software specialised in data classification, these thoroughly trained models minimize human error, costs, and time in labelling corporate information. We expect this new AI-powered approach will transform how organisations classify and protect their data," Luis Angel del Valle, CEO of SealPath, stated.

SealPath Data Classification deploys a flexible approach, considering different dimensions such as data sensitivity, associated regulations, data types, and scope of dissemination. Consequently, the system can adapt the classification to the organisation based on the aforementioned dimensions, enabling the automated protection of tagged data via AI/ML algorithms.

SealPath's protection, coupled with the AI and Machine Learning-powered classification system, streamlines an organization's efforts to avoid sensitive information data classification errors quickly and cost-effectively.

**About SealPath**

SealPath is a European leader in Zero-Trust Data-Centric Security and Enterprise Digital Rights Management, working with major companies in more than 25 countries. SealPath has been helping organisations across multiple business verticals, such as Manufacturing, Oil & Gas, Retail, Finance, Healthcare, and Public Administrations, protect their data for over a decade. SealPath's client portfolio includes organisations within the Fortune 500 index and Eurostoxx 50. SealPath makes it easy to avoid costly mistakes, lower the risk of data leaks, ensure security for confidential information and protect data assets.

SealPath Data Classification Powered by Getvisibility Applies Artificial Intelligence to Improve Accuracy and Efficiency of Data Labelling and Protection

The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago.
The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.
This allegedly comprises

The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago.

The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.

This allegedly comprises signed client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others.

The Mumbai-based firm, which is India's largest integrated power company, is part of the Tata Group conglomerate.

Tata Power had previously disclosed in a filing with the National Stock Exchange (NSE) of India that an intrusion on the company's IT infrastructure impacted "some of its IT systems."

According to further details shared by security researcher Rakesh Krishnan, the leak contains personally identifiable information (PII), including Aadhaar identity numbers, permanent account numbers (PAN), drivers' license, salary specifics, and engineering drawings.

The latest development is also indicative of the fact that Tata Power likely refused to pay a ransom, prompting the cybercrime gang to publish the siphoned data on its HiveLeaks dark web portal.

According to statistics published by Digital Shadows and Intel 471, Hive was the third-most prevalent ransomware family observed in Q3 2022, coming only behind LockBit 3.0 and Black Basta and surpassing the likes of AvosLocker, BlackByte, BlackCat, and Vice Society.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

Chinese and Russian cyber-spies actively targeting security vulnerability

Chinese and Russian cyber-spies actively targeting security vulnerability

Fortinet is urging customers to patch a critical authentication bypass vulnerability that has already been exploited in the wild.

Earlier this month, the networking vendor patched the bug, CVE-2022-40684, found in its FortiOS network operating system, FortiProxy secure web proxy, and FortiSwitchManager management platform projects.

The vulnerability allows an unauthenticated attacker to add an SSH key to the admin user, enabling potential miscreants to hack the administrative interface using specially crafted HTTP or HTTPS requests.

The issue affects FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1, FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0, and FortiSwitchManager versions 7.0.0 and 7.2.0.

Catch up on the latest network security news and analysis

Customers were notified via email and advised to update vulnerable devices to FortiOS 7.0.7 or 7.2.2 and above, FortiProxy 7.0.7 or 7.2.1 and above, and FortiSwitchManager 7.2.1 or above earlier this month. Those that can’t, said Fortinet, should immediately disable internet-facing HTTPS Administration interfaces.

After the patch was released, Horizon3.ai published proof-of-concept code for exploiting the vulnerability.

“An attacker can use this vulnerability to do just about anything they want to the vulnerable system. This includes changing network configurations, adding new users, and initiating packet captures,” it warned.

“Note that this is not the only way to exploit this vulnerability and there may be other sets of conditions that work. For instance, a modified version of this exploit uses the User-Agent ‘Node.js’.”

**Axis of exploit**

Meanwhile, cybersecurity firm Cyfirma warned that attackers are scanning for and attempting to exploit the vulnerability in the wild.

“Our intelligence research community observed Iranian and Chinese threat actors abusing the vulnerabilities of Fortinet products,” it said. “The suspected threat actors are US17IRGCorp aka APT34, HAFNIUM, and its affiliates in the ongoing campaign.”

Cyfirma warned that Iranian cybercriminals appear to be colluding with Chinese groups and Russian cybercriminals as part of the campaign, with the aim of supporting Russia’s offensive in Ukraine.

Dark web forum discussions, according to Cyfirms, have focused on exploiting weakness in enterprise networks that rely of Fortinet’s technologies, manipulator-in-the-middle (MITM) attacks, potential ransomware attacks, and lateral movement to hack deeper in the network of compromised organizations.

**Patching advice reiterated**

In response to the detection of attacks in the wild, Fortinet issued a further advisory, stressing the increased seriousness of the situation.

“Fortinet is aware of instances where this vulnerability was exploited to download the config file from the targeted devices, and to add a malicious super\_admin account called ‘fortigate-tech-support’,” it said, before reiterating its advice for customers to update.

However, four days later, it appeared that many affected organizations had still failed to patch their systems, leading to yet another warning from Fortinet.

“After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party of PoC code, there is active exploitation of this vulnerability,” it said.

In a statement for The Daily Swig, the company adds: “As part of our commitment to the security of our customers, we continue to proactively reach out to strongly urge them to immediately follow the guidance provided in our October 10 PSIRT Advisory (FG-IR-22-377), as we continue monitoring the situation.”

RELATED Failed Cobalt Strike fix with buried RCE exploit now patched

Critical authentication bug in Fortinet products actively exploited in the wild

Free service provides insights developers need to systematically identify and reduce container vulnerabilities.

DETROIT, Oct. 25, 2022 /PRNewswire-PRWeb/ — KUBECON + CLOUDNATIVECON NORTH AMERICA — In software supply chain security, knowing your software means knowing what's in it--for better or worse. Slim.AI, the Boston-based startup focused on optimizing and securing cloud-native applications, has today launched Container Intelligence, a free and open service that anyone can use to quickly gain  
valuable insights into what's in the most popular container images that they're baking into their software every day.

Despite the supercharged emphasis on security in the software industry, containers now have more vulnerabilities than ever before; moreover, a worrisome gap exists between developers and leadership on resources needed to address the problem. These findings are detailed in the second annual Slim.AI Public Container Report, published today and available for complimentary download.

Slim.AI aims to help close the gaps identified in the report by making Container Intelligence available to everyone, free. Container Intelligence scans more than 160 popular public container images making up 30% of total global pull volume using a combination of open-source and proprietary scanning tools. Slim.AI will quickly expand the dataset to cover the majority of public containers used by developers today across multiple registry providers. Developers can use Container Intelligence to make informed decisions when selecting containers or containerized applications for use in their tech stacks.

"Democratizing information about the security posture of public containers is critical if we want to meet the challenges of today's software supply chain," said John Amaral, co-founder and CEO at Slim.AI. "At Slim.AI, we believe in sharing information we have about the security and usability of public containers with developers so that they can make informed decisions about the containers they work with."

Key features of 'Container Intelligence' by Slim.AI:

*   Publicly available container profile pages on the Slim.AI website -- no login, no registration needed.
*   Profiles include vulnerability counts by severity, container construction details, and package information, along with comparisons to  
    similar public containers.
*   Containers are fully searchable and categorized according to use case (for example, base images, CMSs or DevOps tools).
*   The data is updated daily to ensure freshness.

Slim.AI will be adding more capabilities to Container Intelligence throughout the coming year. Future enhancements will include expanding the database to include more public registries, adding comparative analysis across images and providing container update notifications.

**Taking It to the Next Level with Slim.AI**

  
For those who want to know even more about their containers, developers can log in to the Slim.AI platform from the Container Intelligence page to analyze their own private containers, get vulnerability reports from multiple scanners, and automatically harden their container images for production.

Additionally, Slim.AI has been adding functionality for teams and is accepting a limited number of organizations into its design partner program. For more information, contact \[email protected\].

**Learn More About Container Security at KubeCon/CloudNativeCon**

  
For those interested in hearing more, Ayse Kaya, Slim.AI's senior director of strategy and insights, will present a keynote at KubeCon NA based on this dataset on Wednesday, October 26 at 10:05 a.m. EDT. Her presentation, "What We Learned Dissecting the World's Most Popular Containers," demonstrates the current paradox in software supply chain practices, especially the trade-offs teams make between "developer experience" and "production readiness."

Kaya's insights are based on a Dimensional Research survey of 300 software developers and DevOps engineers globally as well as an analysis of the most popular public container images used by developers today. This work forms the basis of the second annual Slim.AI Public Container Report.

"Perhaps the most stunning finding at a macro level is that after a year of intense focus on security, the cloud-native ecosystem is no safer today than it was this time last year," said Kaya. "The silver lining, however, is that awareness is increasing. The complexity of the problem is not our enemy; ignorance of the problem is. And our industry is taking strides to come together and make applications more secure."

Watch Kaya's keynote at KubeCon to learn more about her findings, which include:

1.  Of the top public containers Slim.AI observed over the past year, 60% actually contain more vulnerabilities today than they did one year ago. Most notably, high-severity vulnerabilities increased by 50%, followed by a 10% increase in critical vulnerabilities. The average public container has 287 vulnerabilities, 30% of which belong to a high/critical category (up from 20% last year).
2.  A discrepancy between executives and developers on both the capabilities required for supply chain security and the organization's preparedness. According to the survey, executives believe that more container security practices are happening in their organizations (49%) than frontline developers (34%).
3.  Developers are getting squeezed from both sides -- shifts to the left mean removing vulnerabilities from containers is a developer problem, with more and more customers demanding often unrealistic "zero vulnerabilities" in delivered software. Among developers, 88% said it is challenging to ensure containerized apps are free from vulnerabilities, complexity being the #1 contributing factor. Seventy percent stated their customers demand that their containers have zero vulnerabilities.

Visit Slim.AI at Booth SU64 to learn more from Slim.AI representatives.

**About Slim.AI**

  
Slim.AI helps developers create, build, deploy and run their cloud-native applications more efficiently and securely. The unique approach used by Slim.AI moves the focus on container optimization upstream in the DevOps lifecycle, giving developers the tools they need to author, manage and ship production-ready containers efficiently and effectively. More information at https://slim.ai and @SlimDevOps.

As Vulnerabilities Soar, Slim.AI Launches 'Container Intelligence' to Give In-Depth Analysis on Hundreds of Popular Container Images

Platform delivers unmatched performance, broad analysis capabilities, and governance across any data, geo, or cloud.

Hoboken, New Jersey — (October 25, 2022) Duality Technologies, the leader in secure data collaboration for enterprises, has launched the first of its kind, enterprise-ready privacy-enhanced data collaboration platform that enables organizations to share and jointly analyze sensitive data while ensuring privacy and regulatory compliance. The fully production-ready platform comes equipped with unparalleled data science and performance capabilities that significantly reduce the time to carry out encrypted queries on large datasets across any environment or cloud.

Enterprises need to have the ability to conduct deep analytics on data across their organization and subsidiaries, as well as with their business ecosystem: customers, partners, and suppliers. However, many are blocked by concerns around privacy, competition, and regulatory compliance. The platform serves as a one-stop-data-collaboration solution, replacing single point tools, and is powered by advanced cryptographic and data science techniques that eliminate concerns around data exposure while realizing the value of enterprise data.

Duality seamlessly integrates with OpenFHE, the leading open-source fully homomorphic encryption library, as well as uniquely supports the combination and stand-alone use of the breadth of Privacy Enhancing Technologies (PETs) to compute on data without exposing it. These include fully homomorphic encryption, multiparty computation, federated learning, differential privacy and more.

“Enterprises are increasingly moving from applying analytics and data science to data in silos, to setting strategies for how they collaborate on information to derive greater value.” Comments, Dr. Alon Kaufman, chief executive officer and co-founder at Duality. “The Duality platform opens up a full new set of opportunities to enhance an enterprise data strategy, while breaking down data silos.”

This highly scalable platform complies with each enterprise’s data privacy policy and governance needs, empowering data analysts and researchers to compute on sensitive data, anywhere, across any cloud or any geography. With Duality, enterprise customers are completely in control of how their data is used in collaborations and can select from a broad range of analytical capabilities to drive improved insights and outcomes.

Kaufman added, “Duality consolidates and builds on our years of expertise in data science, cryptography, and collaborative computing to deliver a production-ready solution that addresses enterprise needs for secure and compliant data collaboration. With Duality, organizations have the power to control how they collaborate, and consume data – compliantly and with privacy always maintained.”

Gartner recently listed privacy-enhancing computation (PEC), an umbrella term for various forward-looking and emerging techniques that maintain privacy and security, as a top three strategic technology trends for 2022, Gartner, Top Strategic Technology Trends for 2022, Bart Willemsen et al., 18 October 2021. Duality responds directly to this trend by embedding several leading privacy-enhancing technologies and computations within the Duality platform, such as fully homomorphic encryption (FHE), multiparty computation (MPC), federated learning (FL), differential privacy (DP), and more.

“By 2025, 60% of large organizations will use at least one privacy-enhancing computation technique in analytics, business intelligence and/or cloud computing,” Gartner, Top Strategic Technology Trends for 2022: Privacy-Enhancing Computation, Bart Willemsen, Ramon Krikken, et al.., 18 October 2021.

For more information about Duality and how they are revolutionizing the sensitive data sharing landscape, read the full white paper: Eliminate Data Silos to Unleash the Power of Collaboration.

**About Duality Technologies**

Duality is the leader in privacy enhanced secure data collaboration, empowering organizations worldwide to maximize the value of their data without compromising on privacy or regulatory compliance. Founded and led by world-renowned cryptographers and data scientists, Duality operationalizes privacy enhancing technologies (PETs) to accelerate data insights by enabling analysis and AI on encrypted data, while preserving data privacy, compliance and protecting valuable IP. A Gartner® Cool Vendor®, Duality was named a Tech Pioneer 2021 by the World Economic Forum (WEF) and listed on Fast Company's 2020 Most Innovative Companies and recently won the 2022 CB Insights’ AI 100, the 2022 RegTech 100 Awards, and the AIFinTech100 2022 Awards.

Duality Launches First Ever Enterprise-Ready Privacy-Enhanced Data Collaboration Platform

Trend Micro research finds most are over-confident about ability to withstand ransomware.

DALLAS, Oct. 25, 2022 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that financial services firms are more confident they're protected from ransomware than any other sector. Yet at the same time, they're exposed by supply chain risk and sub-par detection capabilities.  
  
Trend Micro commissioned Sapio Research to poll over 355 financial services IT and business leaders across the globe, as part of a wider cross-industry report into ransomware.

It found that 75% believe they're adequately protected from ransomware, far higher than the average of 63% across all sectors.

This confidence is partly justified: 99% say they regularly patch servers, 92% secure remote desktop protocol (RDP) endpoints, and 94% have rules in place to mitigate risks from email attachments.

However, 72% of respondents admitted their organisation has been compromised by ransomware in the past, and 79% see their sector as a more attractive target for threat actors than others.

This awareness of current threat levels in the financial services sector does not always translate into action.

Around two-fifths do not use network detection and response (40%) or endpoint detection and response tools (39%), and half (49%) don't have extended detection and response (XDR) in place.

This may account for poor detection rates for activity connected with ransomware. Only a third (33%) say they can accurately spot lateral movement, and 44% initial access.

Trend Micro also uncovered significant third-party cyber risk for financial services organisations:

*   56% have had supplier compromised by ransomware, mostly partners (56%) and subsidiaries (29%)
*   54% believe their suppliers make them a more attractive target
*   52% say a significant number of their suppliers are SMBs, who may have less resource to spend on security

"Greater collaboration and information sharing with third parties could help to improve the security posture of the overall supply chain," said Bharat Mistry, Technical Director at Trend Micro. "However, without adequate detection and response capabilities, they may not have the intelligence to hand in the first place. Financial services leaders recognise they're a top target for ransomware actors. It's time to turn that awareness into action."

A quarter (24%) of financial services firms don't share any threat information with their partners, 38% do not do so with suppliers, and even more (42%) don't engage with the broader ecosystem, according to the research.

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Financial Services Firms Operating Under False Sense of Security

Driving better security outcomes for customers through partner-delivered incident response services built on Cortex XDR.

SANTA CLARA, Calif., Oct. 25, 2022 /PRNewswire/ — Building on its managed services momentum, Palo Alto Networks (NASDAQ: PANW) announced today the expansion of the NextWave Program to empower partners to rapidly contain and remediate cyberthreats by enabling them to deliver incident response (IR) services powered by industry-leading Cortex XDR®.

The effects of cybersecurity incidents are far reaching in the digital age, but navigating rapidly evolving risks can pose a challenge for organizations. To solve this challenge, many turn to managed security service providers (MSSPs) for help strengthening their security outcomes. The NextWave Program now provides the tools, training and resources to address customer demand for IR services and aligns with the expansion of the Palo Alto Networks Cortex® MSSP ecosystem, which grew 146% year over year. Leveraging a partner specializing in IR services can accelerate response and remediation across the incident lifecycle for holistic response to an incident.

"The 2022 Unit 42 Incident Response Report found that in 44% of cases, organizations did not have an extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems. Palo Alto Networks Cortex XDR is designed to provide more comprehensive visibility so threats are identified early along with better context for accelerated investigation and tighter containment," said Tom Barsi, vice president, WW Cortex Ecosystems, Palo Alto Networks. "We are investing in our MSSP partner ecosystem more than ever before with the expansion of the NextWave Partner Program to encompass Threat Response. Partners that achieve this designation are highly skilled and have met stringent requirements with demonstrated deep experience in delivering Threat Hunting and IR services leveraging Cortex XDR. They are able to support customers through Incident Response, during their greatest time of need."

The Palo Alto Networks NextWave Program for Threat Response offers partners:

*   **Leading IR XDR technology** built utilizing proactive and reactive use cases to reduce time and resources spent on delivering services, including collecting data, aggregating data, analyzing data and remediating; a purpose-built platform and program that is designed for true IR in addition to endpoint detection and response (EDR).
*   **Expert technical and deployment support 24/7** for online access to XDR tenants within minutes and around-the-clock technical support.
*   **Expanded routes to market** with more ways to offer proactive services to clients pre- or post-IR engagement, including advanced threat analytics, proactive assessments and attack surface management.

**NextWave Partner Quotes  
**Deloitte India and Palo Alto Networks recently announced an expansion of their collaboration to offer complete, end-to-end technology-based cyber incident response services to businesses in India. "We are pleased to have earned the Palo Alto Networks NextWave designation for Threat Response to help transform the cyber incident response space together. With cybersecurity incidents becoming increasingly prevalent and sophisticated, along with added regulatory pressure, we foresaw the need for a smarter, faster, and more extensive suite of services that would provide our clients with next-generation security technology and services. Our partnership with Palo Alto Networks affirms that commitment to our clients," said Aloke Kumar Dani, partner — Risk Advisory, Deloitte India.

"Earning the Palo Alto Networks NextWave designation for Threat Response helps further our security team's expertise in delivering a holistic security operations platform to our customers," said Kevin Kilgo, vice president of Managed Services, Fulcrum. "Combining Fulcrum's managed security services, our 24x7x365 security operations center, SIEM as a service, and SOAR capabilities with the best-in-class power of Cortex XDR has helped our SOC team significantly in addressing the ever-growing burden of our customer's detection & response operations."

"We continue to see our enterprise clients divesting internal Digital Forensics and Incident Response (DFIR) capabilities. Instead, they are outsourcing this work to chosen partners like PwC," said Ross Foley, director, Managed Cyber Defense Lead, PwC UK. "We are proud to have achieved the Palo Alto Networks NextWave designation for Threat Response to help clients respond to, contain, and remediate cyberthreats and vulnerabilities so they can focus on their business. Our solutions powered by Palo Alto Networks Cortex XDR deliver trusted offerings to clients, combining the recognized cyber expertise of both organizations to reduce the probability of a breach as well as the impact should an incident occur."

"We required a technology that checked the boxes for IR capabilities while simultaneously meeting the needs and use cases of an incident responder. The Cortex XDR platform has been built with our biggest daily pain points in mind, and it is designed to be deployed in fragile incident response situations," said Imelda Flores, head of SCILabs, Scitum TELMEX. "By receiving the Palo Alto Networks NextWave designation for Threat Response and adopting Cortex into our service delivery portfolio, we have multiplied our capabilities and offerings without investing in additional resources."

Learn more about Palo Alto Networks NextWave Threat Response.

**About Palo Alto Networks  
**Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021) and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Tag

#intel