New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.

**MIAMI - S4x22 Conference - April 19, 2022** – Forescout Technologies, the leader in cybersecurity automation, today announced that it has enhanced the operational technology (OT) and IoT capabilities for its newly released Forescout Continuum Platform, the industry’s first automated cybersecurity platform that continuously manages the risk posture of cyber assets and delivers enhanced threat detection and response for operational continuity.

The cyber and operational risks and threats affecting OT organizations are multiplying, calling for cybersecurity solutions that scale across an organization’s entire infrastructure and distributed locations. Organizations with OT and industrial control system (ICS) networks are also facing a cybersecurity skills gap and resource shortage, making it increasingly difficult to keep up with the evolving threat landscape. To address these issues for industrial enterprises, Forescout added new capabilities to provide broader visibility and threat detection for OT and IoT devices with an enhanced user experience, increased scalability and performance, and flexible deployment options to help automate workflows and enable a more effective platform operation and cost-effective deployments at scale.

“Forescout Continuum Platform is unique in its ability to automate cybersecurity workflows for both data collection and incident response, effectively collaborating with the other security tools for an effective collective defense,” said Daniel Trivellato, Vice President of OT, Forescout. “The new release allows organizations to quickly and easily gather and analyze the information they need, while reducing the learning curve and helping them prioritize and automate response across their OT networks. These enhancements also improve operational and cost effectiveness of large-scale enterprise deployments, which is highly valued by individual customers that have deployed our OT solution to a thousand distinct locations.”

The new capabilities and benefits include:

*   **Enhanced user experience:** A streamlined UI developed based on customer feedback for more efficient workflows, including at-a-glance insights into the trends and risks of all OT networks; a scalable asset page for effective analysis of risks, vulnerabilities and communications; and a new alerts page to better prioritize threat mitigation.
*   **Effective deployment at scale**: New sensor templates and centralized sensor configuration for faster deployment at hundreds of sites; ability to monitor up to 10 Gbps for centralized deployment models; support for DHCP networks and devices.
*   **Expanded visibility and detection:** Further expansion of our broad protocol coverage of 250+ IT, OT and IoT protocols so customers can identify and assess more assets and vendors; extended coverage to 30 active queries to identify common OT, IoT and IT devices; an extensibility framework for active queries and asset classification to expand built-in visibility and asset roles at run-time for more accurate classification.
*   **Flexible Deployment Options**: All passive and active sensors are deployed as containers by default, to allow deployment on almost any appliance; support for smaller, low-cost hardware for decentralization or segmented networks; support for deployment on 3rd party network infrastructure hardware; ability to deploy the Command Center in private AWS and Azure instances.

Forescout excels in ICS asset visibility according to the Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, Q4 2021 and has “_the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers_”. The in-depth visibility of IT, IoT and OT networks and assets offered by Forescout Continuum is key to enabling effective, real-time management of a full range of operational and cyber risks, and Forescout is committed to continuously broaden these capabilities so industrial enterprises can operate securely without disruptions.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Forescout Enhances Continuum Platform With New OT Capabilities

Collaboration aimed at connecting talent and employers.

ELLICOTT CITY, Md., April 19, 2022 /PRNewswire/ -- The national network of cyber communities, CyberUSA, has partnered with Superus Careers in launching the Cyber Career Exchange platform, aimed at supporting national, regional, and state level communities to fill a growing gap in cybersecurity jobs. Cybersecurity talent gaps exist across the country with nearly 600,000 unfilled positions, according to

CyberSeek

, a data analysis and aggregation project supported by the National Initiative for Cybersecurity Education (NICE). Closing these gaps requires detailed knowledge of the cybersecurity workforce.

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity. The specialized methodology provides a system for employers to find potential employees based on job skills and education; job seekers and employers to certify job skills and education; for the upkeep and maintenance of career related skills for candidates; a methodology for finding & developing candidates; and (future development) partnership workflow for associations, schools or other organizations to deploy the 'Cyber Career Exchange'.

"I am proud of our advancements over the past 6 years in connecting cyber communities across the country. Starting with seven statewide cyber communities and growing thirty states to date has provided tremendous value in shaping the cybersecurity landscape at both the state and federal levels," said CyberUSA's Co-founder David Powell, "With growing threats and talent shortage more has to be done. The most immediate solutions to filling the open cyber jobs is to provide a system, hosted within trusted communities across the US, designed specifically to help employers and candidates easily find one another. The Cyber Career Exchange accomplishes that goal and more."

"Having worked within and recruited for Financial Services and Healthcare organizations, I understand the vulnerabilities, especially with a shortage that exists in the workforce," said Superus Careers CEO, Larry Silver. "I am excited for us to play our role in filling that void from an employment standpoint, which will have a positive impact on generations to come,"

**About CyberUSA.us**

CyberUSA (CyberUSA.us) is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience – all while connecting the cyber ecosystem of the United States and its Allies. This non-profit "community of communities" is governed by its advisors and members, established to enhance information sharing between individuals, organizations and states and improve cyber resilience at all levels of participation – local, regional and national. CyberUSA provides a communication framework, a national summit and cyber related resources to communities across the United States.

**About Superus Careers**

Superus Careers (SuperusCareers.com) places talented professionals with exceptional organizations across the country. We are redefining recruiting by leveraging cutting-edge technology and business intelligence to guide personal relationships. This high-tech, high-touch approach yields efficient, accurate matches that focus on total alignment, bringing talent and organizations together. Every candidate is technically qualified for the role, culturally aligned and ready to add value to the organization. Attention to detail and passion for results is what makes candidates and companies choose Superus Careers. When the right person is in the right role at the right company, everyone wins.

CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform

Orlando, FL, April 19, 2022 — Fortress Information Security (Fortress), the leading supply chain cybersecurity provider for critical industries, today announced that it received a $125 million strategic investment from funds managed by the Private Equity business within Goldman Sachs Asset Management (Goldman Sachs). This new investment will support Fortress’s mission of securing U.S. critical industries from cybersecurity and operational threats emanating from their supply chains. Existing investors, including co-founders Peter Kassabov and Alex Santos, ClearSky, First Analysis, American Electric Power, Caron Capital, KMMT, and Moquin Capital, will continue to support Fortress as investors.

Fortress is transforming how critical industry operators and government agencies secure their supply chains in the face of increasing supply chain cybersecurity threats. Founded in 2015, the Fortress platform is a deep, fit-for-purpose solution that enables customers in critical industries to assess, manage, and address risks associated with vendors, assets, and software in their supply chains. Fortress enhances cybersecurity postures and compliance with relevant regulations. The Fortress solution was co-developed with leading electric utilities and has since grown into a consortium tool that includes five of North America’s ten largest investor-owned utilities. Fortress’s platform secures 40% of the U.S. power grid, substantial national defense-related assets, and critical manufacturing industries.

As critical industries increasingly face cybersecurity threats emanating from the supply chains that underlie them, federal government and private sector stakeholders have recognized that securing critical supply chains is a national security issue. In response, authorities such as the Cybersecurity and Infrastructure Security Agency (CISA) and the North American Electric Reliability Corporation (NERC) have released supply chain cybersecurity guidelines in the past year.

“Supply chain cybersecurity is one of the most important challenges facing business and government leaders today. Supply chains represent a source of significant threats to the national economy and our ability to maintain our way of life,” said Peter Kassabov, executive chairman and co-founder of Fortress. “We started Fortress because we recognized major supply chain vulnerabilities in our country’s most critical industries. Many recent high-profile breaches have spawned a new wave of regulatory action in the U.S. that will likely expand for the foreseeable future.”

“The Goldman Sachs investment validates the hard work of our employees and clients who have brought collaborative cybersecurity to life,” said Alex Santos, Fortress CEO and co-founder. “This growth capital infusion will empower us to accelerate the execution of our vision of resilient supply chains.”

“Fortress has established itself as a market leader in end-to-end supply chain cybersecurity solutions for U.S. critical industries and we look forward to scaling the company’s Asset-to-Vendor network, which provides significant value to critical infrastructure suppliers and customers,” said Will Chen, managing director within Goldman Sachs Asset Management. “The depth and breadth of the Fortress platform are unmatched and we believe there is a meaningful opportunity to accelerate the expansion of the platform into compelling product adjacencies, including software and hardware bill of materials, workflow orchestration, and additional analytics and reporting capabilities.”

Foley & Lardner LLP acted as legal advisor, and DBO Partners acted as financial advisor to Fortress. Goodwin Procter LLP acted as legal advisor, and Goldman Sachs & Co. LLC served as financial advisor to Goldman Sachs Asset Management.

Further terms of the transaction were not disclosed.

**About Fortress Information Security**

Fortress Information Security secures critical industries from cybersecurity and operational threats stemming from vendors, assets, and software in their supply chains. Fortress is the only end-to-end platform that connects intelligence surrounding vendors, information technology and operational technology assets, and software through a holistic, fit-for-purpose approach. Fortress has also partnered with its customers and suppliers to form the Asset-to-Vendor (A2V) network, which facilitates the secure and seamless exchange of asset information and security intelligence, enabling collaborative workflows to better understand and remediate potential issues. Fortress serves critical industries such as energy, government, aerospace & defense, critical manufacturing, industrial automation, automotive, and healthcare.

About Goldman Sachs Asset Management Private Equity

Bringing together traditional and alternative investments, Goldman Sachs Asset Management provides clients around the world with a dedicated partnership and focus on long-term performance. As the primary investing area within Goldman Sachs (NYSE: GS), we deliver investment and advisory services for the world’s leading institutions, financial advisors and individuals, drawing from our deeply connected global network and tailored expert insights, across every region and market—overseeing more than $2 trillion in assets under supervision worldwide as of December 31, 2021. Driven by a passion for our clients’ performance, we seek to build long-term relationships based on conviction, sustainable outcomes, and shared success over time. Goldman Sachs Asset Management invests in the full spectrum of alternatives, including private equity, growth equity, private credit, real estate and infrastructure. Established in 1986, the Private Equity business within Goldman Sachs Asset Management has invested over $75 billion since inception. We combine our global network of relationships, our unique insight across markets, industries and regions, and the worldwide resources of Goldman Sachs to build businesses and accelerate value creation across our portfolios. Follow us on LinkedIn.

_For more information, contact Adam Benson at \[email protected\] or 202.999.9104._

Fortress Information Security Receives  $125M Strategic Investment from Goldman Sachs Asset Management

Annual ThreatLabz Report reveals phishing-as-a-service as the key source of attacks across critical industries and consumers globally; underscores urgency to adopt a zero-trust security model.

**Key Findings**

· Phishing attacks rose 29% globally to a new record of 873.9M attacks observed in the Zscaler**TM** cloud last year

· Retail and wholesale were the most targeted industries, experiencing over a 400% increase in phishing attacks over the last 12 months

· The United States, Singapore, Germany, Netherlands, and the United Kingdom were the most frequently targeted by phishing scams

· Emerging phishing vectors, such as SMS phishing, are increasing faster than other methods as end users become more wary of suspicious emails

· Rising phishing activity is directly linked to “phishing- as-a-service” options, which provide a marketplace of pre-built attack tools that reduce technical barriers to entry for criminals

**SAN JOSE, Calif. – April 20, 2022** – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its 2022 ThreatLabz Phishing Report that reviews 12 months of global phishing data from the Zscaler security cloud to identify key trends, industries and geographies at risk, and emerging tactics. According to the FBI Internet Crime Complaint Center (IC3), phishing attempts are the most frequently-reported cyberattack. Zscaler’s ThreatLabz research team analyzed data from more than 200 billion daily transactions, and 150 million daily blocked attacks in order to identify emerging threats and track malicious actors from across the globe. This year’s report showed dramatic 29% growth in overall phishing attacks compared to previous years, with retail and wholesale companies bearing the brunt of the increase. The report also showed an emerging reliance on phishing-as-a-service methods, as well as new attack vectors, such as SMS phishing, becoming one of the more prevalent methods of intrusion.

“Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks. Our annual report highlights how cybercriminals continue to escalate their usage of phishing as a starting point to breach organizations to deliver ransomware or steal sensitive data,” said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler. “To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention and integrated deception to limit the blast radius of a compromised user, proactive controls to block high risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft.”

Phishing has always been one of the most pervasive cyberthreats, with various methods used to steal private information. One of the reasons this type of attack grows in prevalence every year is its low barrier to entry. Cybercriminals use current events, such as the COVID-19 pandemic or cryptocurrency, to convince unwitting victims to hand over confidential data, such as passwords, credit card information, and login credentials.

The 2022 ThreatLabz Phishing Report found that phishing attacks lure victims by posing as top brands or promoting topical events. The top phishing themes in 2021 included categories such as productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services.

**A Global Problem**

In 2021, the U.S. was the most-targeted country globally, accounting for over 60% of all phishing attacks blocked by the Zscaler security cloud. The next most frequently attacked countries include Singapore, Germany, the Netherlands, and the United Kingdom.

Not all countries experienced the same attention from phishing attacks. For example, the Netherlands experienced a decrease of 38 %, which may have resulted from recently-passed legislation that increased the penalties for online fraud.

Phishing attacks were also not evenly distributed across different industries. Retail and wholesale businesses experienced an increase of over 400% in phishing attempts - the most out of all tracked industries. These businesses were followed by financial and government sectors, with organizations in these industries seeing over 100% increases in attacks on average. However, some industries experienced partial relief from phishing attacks last year. Healthcare saw a notable drop of 59 %, while the services industry saw a decline of 33 %.

**Phishing-as-a-Service - The Growing Threat**

While phishing has long been one of the most common tactics used in cyberattacks by sophisticated threat actors, it's becoming more accessible to non-technical cybercriminals due to a maturing underground marketplace for attack frameworks and services. By selling their pre-built phishing tools and services on the dark web, cybercriminals are making it easier to deploy phishing scams at scale, creating a greater chance for more phishing activity in 2022.

**Countering Phishing Attacks**

According to the Zscaler ThreatLabz research team, an average-sized organization receives dozens of phishing emails every day. This means that employees at all levels must be aware of the most common phishing tactics and empowered to spot phishing attempts that can result in financial losses and damage to the business’ brand.

Facing the threats outlined in the 2022 ThreatLabz Phishing Report can be daunting, and while it's impossible to eliminate phishing risk, effective management can prevent business-critical information from falling into the hands of cybercriminals. Among other recommendations, Zscaler suggests the following tactics for countering phishing growth:

· Learning and understanding the risks posed by phishing to better inform policy and technology decisions

· Leveraging automated tools and actionable intelligence to empower employees with the tools needed to reduce phishing incidents

· Delivering timely employee training to build security awareness and promote user reporting

· Simulating phishing attacks to identify gaps in security policies and procedures

· Evaluating security infrastructure to ensure access to the latest research and system capabilities

**How the Zscaler Zero Trust Exchange****TM Can Mitigate Phishing Attacks**

User compromise is one of the most difficult security challenges to defend against. The Zscaler Zero Trust Exchange incorporates phishing prevention controls into a holistic zero trust architecture that disrupts every stage of attacks and minimizes damages. Capabilities include:

· **Preventing compromise** with full SSL inspection at scale, threat analysis using natively integrated threat intel and IPS signature detection, AI/ML phishing detection, and policy-defined high-risk URL categories commonly used for phishing such as newly observed and newly registered domains.

· **Eliminating lateral movement** by connecting users directly to apps, not the network, to limit the blast radius of a potential incident.

· **Shutting down compromised users and insider threats** with in-line application inspection and integrated deception capabilities to trick and detect attackers.

· **Stopping data loss** by inspecting data both in motion and at rest to prevent theft by an active attacker.

To download the full report, see the ThreatLabz 2022 Phishing Report.

**Methodology**

The ThreatLabz team evaluated data from the Zscaler security cloud, which monitors over 200 billion transactions daily across the globe. ThreatLabz analyzed a year’s worth of global phishing data from the Zscaler cloud from January 2021 through December 2021 to identify key trends, industries and geographies at risk, and emerging tactics.

New Zscaler Research Shows Over 400% Increase in Phishing Attacks With Retail and Wholesale Industries at Greatest Risk

Cybereason MalOp Detection Engine augmented with Nuanced DFIR Intelligence reduces the mean-time-to-detect and remediate incidents.

BOSTON, April 21, 2022 /PRNewswire-PRWeb/ -- Cybereason, the XDR company, today launched Cybereason DFIR (Digital Forensics Incident Response), a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes.

Today, many organizations find themselves vulnerable to breaches because security analysts lack the tools to quickly investigate and remediate all aspects of a threat. By offering incident response solutions driven by forensics, Cybereason can extend deeper value to Defenders. With the Cybereason MalOp™ Detection Engine augmented by Cybereason DFIR, security analysts can leverage the industry's most comprehensive detections from root cause across every impacted asset.

With forensics data added to the MalOp, security analysts have instant visibility into a wider range of intelligence sources to enable rapid decisions and remediate threats more efficiently. Cybereason DFIR includes the following capabilities:

Forensic Data Ingestion: Feed a treasure trove of forensic data to the MalOp™ Detection Engine for deeper insights, enrichment and contextualization.

Live File Search: Search for any suspicious file in the environment based on a wide variety of search criteria without the need for prior collection.

IR Tools Deployment: Streamline cumbersome IR investigations and work seamlessly with similar DFIR tools by deploying them via the Cybereason Sensor.

ExpressIR: IR Partners and large customers with internal DFIR teams can deploy a pre-provisioned IR environment to begin the investigation within hours of an incident.

"Cybereason DFIR enhances the performance of the Cybereason XDR Platform in our customers' environments enabling security analyst teams to detect, identify, analyze and respond to sophisticated threats before adversaries can inflict harm, and when needed, conduct a thorough post-mortem analysis of a complex incident. The merging of our powerful Cybereason XDR Platform with Cybereason DFIR provides the industry with the most powerful tools available," said Cybereason Chief Technology Officer and Co-founder Yonatan Striem-Amit.

Anything connected to the internet is part of an organization's attack surface, yet Defenders are forced to use multiple siloed solutions producing uncorrelated alerts to try to find and end these complex malicious operations. Now, Defenders can leverage Cybereason DFIR to centralize DFIR investigative work and end sophisticated attacks with the only solution on the market to deliver:

\--Comprehensive Response: Cybereason DFIR has a number of tailored remediation actions analysts can perform directly from the investigation screen. The solution empowers analysts to reduce Mean-Time- To-Detect and Mean-Time-To-Remediate. Cybereason DFIR also allows Defenders to contain attacks by executing commands directly on the host in question with remote shell and real-time response actions.

\--Uncover Advanced Adversaries: Fully reveal sophisticated adversaries and analyze complex TTP's by tracing the attacker path back to root cause. Defenders will have a better understanding of the full scope and timeline of an incident using enriched forensics to identify all impacted systems and users. Security analysts can investigate relevant files and forensic artifacts of interest through wide-ranging criteria to collect files as needed.

\--Fully Supported Technology: With a shortage of Tier III qualified security analysts, many security teams are understaffed and lack in-house IR expertise. Cybereason automates most aspects of a DFIR investigation and up-levels the capabilities of Level 1 and 2 analysts to perform complex forensic tasks. In addition, the Cybereason Services Teams fully supports investigations, breach recovery, forensic audits and deep-dive analysis.

About Cybereason  
Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.

Learn more: https://www.cybereason.com

Cybereason Launches Digital Forensics Incident Response

Seedrs Ltd. deployed and configured Alert Logic Intelligent Response in minutes, and immediately began blocking critical threats.

HOUSTON, April 21, 2022 /PRNewswire/ -- Alert Logic by HelpSystems today announced general availability of its new intelligent response capabilities. The innovations, including simple mode and a mobile application, relieve IT and security departments of repetitive response tasks and the need for constant administration through human-guided and fully automated workflows. Seedrs, Europe's leading online private investment platform, is among the first adopters of the new capabilities, now available at no additional cost to Alert Logic MDR® customers.

Alert Logic Intelligent Response™ is designed to minimize the impact of a breach via embedded SOAR capabilities with workflows to enable response actions across network, endpoints, and cloud environments. This provides a backstop if attacks bypass prevention tools, improving an organization's security posture while allowing them to adopt automation at their own pace. As part of a holistic response strategy, the solution addresses detection, notification, and containment with multiple actions and use cases in a simplified user experience, making it easy for any organization to create automated response actions.

"The wizard-based user interface of Alert Logic's simple mode made the whole intelligent response configuration possible in just minutes," said Jonas Pereira, Senior DevOps Engineer, Seedrs. "I also have full visibility of our infrastructure, and our safety, literally in my pocket with the Alert Logic mobile application, ensuring we can effectively respond to any potential threat instantly."

Intelligent response simple mode focuses on the three most commonly needed actions:

*   **Shun an attacker** at the edge of a network, for Alert Logic and AWS WAFs
*   **Isolate a host** for SentinelOne or Microsoft Defender for Endpoint users
*   **Disable user** credentials that may be compromised, via AWS IAM or Azure Active Directory (including Office 365)

These three use cases are vital for preventing attacks or reducing the impact of successful attacks. Organizations may introduce the human touch anywhere in the process and increase the level of automation to suit their needs. Customizable response playbooks also save time by helping security experts integrate automated response actions into their business processes.

In addition to simple mode, the Alert Logic mobile application streamlines human-guided response, allowing security teams to remotely execute decisions for response actions immediately. Using the mobile application, CISOs can instantly approve response actions from anywhere, for a more flexible work environment.

"The beta customers who helped guide development of Alert Logic Intelligent Response told us they needed a flexible solution that allowed them to adopt automation at their own pace to increase their security posture," said Onkar Birk, Managing Director, Alert Logic by HelpSystems. "We're putting response in front of people in an intuitive way, getting them involved in the process, taking security actions to contain problems, and enabling resource-stretched teams to deploy best practice security."

To learn more about Alert Logic Intelligent Response, visit https://www.alertlogic.com/why-alert-logic/intelligent-response/.

**About Alert Logic** **by HelpSystems  
**Alert Logic by HelpSystems is the only managed detection and response (MDR) provider that delivers comprehensive coverage for public clouds, SaaS, on-premises, and hybrid environments. Since no level of investment prevents or blocks 100% of attacks, you need to continuously identify and address breaches or gaps before they cause real damage. With limited expertise and a cloud-centric strategy, this level of security can seem out of reach. Our cloud-native technology and white-glove team of security experts protect your organization 24/7 and ensure you have the most effective response to resolve whatever threats may come. Founded in 2002, Alert Logic is headquartered in Houston, Texas and has business operations, team members, and channel partners located worldwide. Learn more at alertlogic.com. Alert Logic – unrivaled security for your cloud journey.

**About HelpSystems  
**HelpSystems is a software company focused on helping exceptional organizations secure and automate their operations. Our cybersecurity and automation software protects information and simplifies IT processes to give our customers peace of mind. We know security and IT transformation is a journey, not a destination. Let's move forward. Learn more at www.helpsystems.com.

© HelpSystems, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.

Alert Logic®, Alert Logic MDR®, and Alert Logic Managed Detection and Response® are registered trademarks of Alert Logic, Inc.

Alert Logic Intelligent Response™ is a trademark of Alert Logic, Inc.

Alert Logic Releases MDR Incident Response Capability for Addressing a Breach

To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets.

As we look ahead, there are many reasons for optimism in cybersecurity. Defenders are maturing in their approach, we're getting better at articulating cyber threats in the language of business risk, and we're continually improving cross-sector collaboration.

But we still face a challenge navigating the changing threat landscape, something I discussed with industry peers on an HP-hosted CISO panel. I believe the cybersecurity industry needs to build on the positives by understanding cyber strategy more clearly in the context of good corporate governance, and by addressing the growing diversity and skills gap within our cybersecurity talent pool.

**When Change Is the Only Constant  
**As IT modernizes to support remote work, new customer experiences and evolving business processes, we're seeing attack surfaces expand exponentially. On the one hand, this contributed to a record number of compromises in 2021, while the number of published vulnerabilities surged to an all-time high.

Yet there's another story behind the headlines. For years, we've been talking about the same old paradigm of attacker and victim. In this one-to-one relationship, the attacker targets a victim and either succeeds or doesn't. Today, we're seeing more of what I would call "one-to-many" attacks. Supply chain attacks are nothing new, but we're seeing an uptick in their sophistication and ambition. Attackers have realized they don't need to constantly go one-to-one. They can find a common hub that connects hundreds or even thousands of potential victims and compromise it. For close to the same effort expelled, they have a significant step up in ROI.

As organizations look to manage supplier risk, spiraling costs, and geopolitical tension in the post-pandemic world, the complex web of interdependencies upon which they rely is growing. This is most apparent in the airline industry. It was fascinating to hear United Airlines VP and CISO, Deneen DeFiore, explain how the mindset in cyber is shifting from data protection to resilience. Understanding these supplier dependencies is critical to managing risk effectively, to minimize the operational impact of cyber threats.

**Collaboration Will Be Key  
**This mounting complexity also makes industry collaboration more important. It's only via collaboration with the right public and private sector organizations that we can understand how attackers are operating. Part of this involves organizations thinking about what is and isn't helpful to disclose around breaches. We can all agree that indicators of compromise (IoCs) are out of date as soon as they're published. So, what is relevant that can be shared between organizations?

Today's conversation is too centered around whether an organization was breached or not. If breaches are close to inevitable, we should focus more on sharing breach findings and post-mortem results that will help others.

The way CISA coordinated information sharing during the early days of the Log4Shell saga offers a useful model. The agency did an amazing job organizing and sharing information from different industry sources. Let's learn from it. Because as Ian Pratt, HP's global head of security for personal systems, explained, cybercriminal organizations are run like businesses now. They've become masters at sharing intelligence, information, and tooling to further their objectives.

**A People Problem  
**This touches on another critical point. The industry is short of more than 2 million cybersecurity professionals globally. In this moment of crisis, we should nurture the beginnings of something far bigger and better by growing our talent pool and breaking down the barriers to joining our sector.

There's an opportunity to make the cybersecurity tent bigger by looking outside of the industry. We could bring in more nontraditionally educated people, as we don't necessarily need college degrees for every role. We could target workers mid-to-late in their careers who have a rich set of skills in areas such as risk management or communication.

Diversity is also critical, but much work needs to be done. According to findings in an HP-commissioned study, 30% of women in the US applied for a promotion last year. However, of those that applied, only 40% of women were successful, vs. 52% of men. Cybersecurity, like the tech industry as whole, has a diversity issue, particularly with getting women into senior roles. We must understand how to best support women and their careers, as this is key for fostering a diverse workforce and attracting new talent.

Employers must do better at harnessing this large pool of untapped talent. As Siemens USA Chief Cybersecurity Officer Kurt John explained, diversity is the No. 1 way to drive creativity in response to the threats that we all face.

The good news is that boardrooms are starting to appreciate the importance of diversity and cybersecurity — just as CISOs are beginning to talk about cyber in the language of business risk. That offers definite grounds for optimism.

What has increasingly dawned on me is that, as cybersecurity leaders, we're much more likely to make the right decisions for the enterprise by viewing cyber in the context of effective corporate governance. I believe that's the way to craft an enterprise-specific strategy. Let's make the "G" in _environmental, social, and governance_ (_ESG_) really mean something for cybersecurity and get ourselves onto the front foot.

3 Ways We Can Improve Cybersecurity

Intel, FiVerity, and Fortanix team up to launch an AI-driven fraud detection platform into a confidential computing environment.

A new partnership will bring confidential computing to financial services companies in their fight against digital identity fraud.

Confidential computing tackles the challenge of securing data during processing or runtime by using hardware-based trusted execution environments (TEE), an environment that focuses on data integrity, data confidentiality, and code integrity. The data, as well as the application processing that data, are isolated within secure enclaves so that nothing else can access that data, even if the infrastructure is compromised. This way, enterprises can run sensitive applications on public clouds or other hosted environments without worrying about the possibility of data exposure.

The partnership is between Intel, digital fraud prevention platform FiVerity, and Fortanix, a cloud security company. FiVerity's anti-fraud platform relies on artificial intelligence (AI) to detect fraud and incorporates the latest data privacy technologies. FiVerity will rely on Intel Software Guard Extensions to protect the data and control access, while Fortanix will deliver the confidential computing environment for FiVerity's fraud-detection models and transaction data from financial institutions.

Financial institutions would be able to analyze intelligence on fraud activity without exposing personally identifiable information, keeping banks in compliance with security and privacy requirements and reducing their exposure to digital fraud, the three companies said in a joint statement.

The confidential computing market is estimated to grow to $54 billion by 2026, according to a recent report from the Linux Foundation and Confidential Computing Consortium and conducted by the Everest Group.

"We believe that digital fraud detection is a particularly important and timely challenge for the industry which can be addressed with this technology," said Fortanix CEO Ambuj Kumar in a statement.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Anti-Fraud Partnership Brings Confidential Computing to Financial Services

Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.

Identity cloud provider Okta concluded its investigation into a recent breach of its systems by the Lapsus$ extortion group, which gained access to some of company's systems through a third-party contract firm and then revealed the compromise in March.

The breach impacted only two customers, with the hackers maintaining control of a single computer at contract firm Sitel for a 25-minute period, Okta said in the postmortem analysis published on Tuesday. While the identity and access management firm had initially considered as many as 366 customers at risk, the impact ended up being far less, David Bradbury, chief security officer at Okta, stated in the analysis.

The breach caused consternation within the security community because of the lack of notice from Okta and worries that access to the company's systems could undermine much of the security of its single sign-on (SSO) services — an issue of trust that Bradbury acknowledged.

"While the overall impact of the compromise has been determined to be significantly smaller than we initially scoped, we recognize the broad toll this kind of compromise can have on our customers and their trust in Okta," he said, adding: "The conclusions from the final forensic report do not lessen our determination to take corrective actions designed to prevent similar events and improve our ability to respond to security incidents."

To head off attacks in the future, Okta intends to create more stringent security requirements for third-party contractors and have processes in place to confirm compliance. The company has already cut ties with Sitel, according to the postmortem report.

The Okta breach raised the profile of attacks on software supply chains and third-party providers, adding on to lessons from previous compromises such as SolarWinds and Kaseya, says Merritt Maxim, vice president at business intelligence firm Forrester Research. Third-party firms and service providers need to have measures in place to continuously assure customers that their services are secure, he says.

"This is an issue that has to be front and center for security organizations, to push beyond doing just security questionnaires for providers, to doing actual assessments and auditing of third parties," he says. "Simulate breaches and test your incident response plans, and rather than rely on the vendors to do it perfectly, you should be determining what you can do in response to a breach."

**Conduct Your Own Investigation**  
When a breach happens in a third-party provider, such as Okta or its own third-party provider Sitel, companies either are left in the dark or must pursue their own investigation. Whether Okta knew of the breach and failed to notify customers for two months, or the company failed to understand that a contractor's computer had been compromised, businesses need to be ready to verify the details of an incident, members of Cloudflare's security team argued in a March blog post.

Cloudflare has to verify its own systems, since some of the screenshots in leaked by Lapsus$ group appeared to indicate that they may have had access to Cloudflare's instance of Okta. As soon as a provider is breached, companies should have a playbook in place to spell out the steps that need to be taken to assure the integrity of their systems, such as checking all passwords and verifying changes to multifactor authentication with special attention paid to any event initiated by the support group.

To facilitate future investigations, Cloudflare's security team recommended that companies store logs from third-party services on their own premises to have a verifiable copy.

"For years, it has been a struggle to work with different software as a service provider to get all the logs ourselves," says Joe Sullivan, chief security officer at Cloudflare. "Too many times in the past, we have thought there was a risk and we did not have the logs, so we are very proactive."

For its part, Okta maintains that the company did not know about the severity of the issue until March 17, when Sitel sent their summary report, which they then connected with the Lapsus$ screenshots a few days later. "We recognized what appeared to be a connection to the January failed takeover attempt we observed and reported to Sitel," an Okta spokesman said. "We've publicly said we didn't understand the extent of the Sitel compromise in January, and if we had, our actions would have been different."

**Cloud Rife With Single Points of Failure**  
The incident also underscores that while cloud providers typically raise their customers' level of security, the cloud attracts attacks because so much access is concentrated in a small number of providers. Companies should always start by conducting a threat assessment to understand the risks presented by any infrastructure that they move to the cloud, Sullivan says.

"You look at what is the worst that could happen, and how do you mitigate that risk," he says. "If a compromise of a system could lead to a bunch of customer data getting exposed or intellectual property being accessed, then you need to go further."

In the end, while the cloud model asserts that responsibility for security is shared, companies need to understand that that they need to take their fate into their own collective hands, says Forrester Research's Maxim.

"Don't assume that the vendor is going to take care of security and will do it all perfectly," he says. "Have the right playbooks and policies ready to go, so if there is an incident, you can take action whether the vendor is ready or not."

For its own part, Okta plans to directly manage even third-party devices that access its customer-support tools so as to maximize visibility into potential security threats, and it will limit the amount of information that support personnel can view, Bradbury said in the company's postmortem analysis. In addition, as a third-party provider itself, Okta plans to review how to better communicate incidents with its customers.

_Editor's note: This story was updated on April 21 with a quote from an Okta spokesman._

Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls

Module enables apps to establish trust in new devices without adding user friction.

**Palo Alto, CA -- April 20, 2022 --** Mobile authentication pioneer Incognia, today announced the launch of a new location identity fraud detection module to support mobile app security for customers across finserv, crypto, social networks, online gaming and more. Incognia’s latest solution module is Location-based Device Authorization which prevents fraud following device change at login.

Authorization of new devices on mobile is one of the highest friction and highest risk points in the user journey. When new devices attempt a login, the challenge is determining whether this is the legitimate user, or a fraudster using social engineering to get access to the user's credentials. Traditional device fingerprinting solutions are useless in establishing trust in new devices, and as a result most organizations have been forced to employ multi-factor authentication (MFA), which increases user friction and ultimately creates a poor user experience. The Incognia Location-based Device Authorization solution is designed to address the challenges of establishing trust in new devices without adding user friction.

Incognia provides a highly accurate risk signal using anonymized location behavior and device intelligence to detect high risk devices attempting to login before fraud occurs. At login, Incognia delivers a risk assessment based on checking the device integrity and whether the current device location is consistent with the user’s historical location behavior pattern. In an internal study, Incognia identified that 89% of legitimate device authorizations occur at trusted locations, which are places that the user visits most frequently, such as home.

Key benefits and features include:

\- Reduced friction when legitimate good users change their mobile device

\- Reduction in account takeovers due to social engineering

\- Real-time validation of trusted devices with global geographic coverage

“The frequent use of one-time passwords over SMS for new device authorization in mobile apps is causing users unwanted friction and frustration, while also serving as an inadequate security measure to keep fraudsters out,” said André Ferraz, founder and CEO of Incognia. “We’re excited to expand Incognia’s fraud prevention capabilities with our new module, using anonymized location behavior and device intelligence to detect high risk devices attempting login and catch fraud before it happens. Leveraging trusted location behavior allows our customers to enable a frictionless authentication experience.”

Incognia fraud prevention modules are available now. To get started, visit www.incognia.com.

**About Incognia**

Incognia is a privacy-first location identity company that provides frictionless mobile authentication to banks, fintech and mCommerce companies, for increased mobile revenue and lower fraud losses. Incognia’s award-winning technology uses location signals and motion sensors to silently recognize trusted users based on their unique behavior patterns and is a key enabler for zero-factor authentication. Deployed in over 200 million devices, Incognia delivers a highly precise risk signal with extremely low false positive rates.

Incognia is privately held and headquartered in Palo Alto, California with teams in New York and Brazil.

Stay connected and follow Incognia on Twitter and LinkedIn.

Tag

#intel