Search results for: zero trust


Zero trust isn’t just for IT, it can also protect targeted critical infrastructure

Gartner predicts that by 2025 cyber attackers will have weaponized OT environments to successfully harm or kill humans. Not only is a solution to secure OT assets imperative, but it may also be a matter of life and death. Bare-minimum OT security is no longer passable in today’s cyber landscape. A future-proof solution is already effective in the IT world: zero trust. Let’s examine some of the big challenges in OT security, and how zero … More

week in review

Week in review: Log4Shell updates, Kronos ransomware attack, unused identities threat

Here’s an overview of some of last week’s most interesting news, articles and interviews: Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. The Log4j JNDI attack and how to prevent it The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional … More

Develop a cybersecurity team

Want to assemble a cyber Dream Team? Look back at the ‘92 Olympics

A common question I often receive from organizational leaders is how to assemble the right team that can ensure their enterprise is positioned to effectively combat the escalating presence of cyberattacks. There isn’t a simple and straightforward answer, but a good analogy can be found in the world of sports. Think back to 1992, when the USA “Dream Team”, critically acclaimed as the greatest basketball team of all-time, secured the gold medal at the Summer … More


Digital IDs don’t have to impinge on civil liberties and privacy

The shift towards an increasingly digital world has become overwhelmingly apparent. The coronavirus era has forced a technological leap on all fronts, and incumbent technologies are struggling to hold back a deluge of fraud and cybercrime. Between the need for secure access to digital services and the demand for increased security, the case for a trusted and verifiable ID system has never been stronger. However, one question remains: Who gets to implement this system? If … More


Immudb: Open-source database, built on a zero trust model

Now, with full transactional support for everyday business applications, the open source immudb tamper-proof database can serve as the main transactional database for enterprises. Version 1.2 has the ability to rollback changes and have data expire. “There is no need to have immudb running next to a traditional database anymore, as immudb now has full ACID transactional integrity compliance,” said Jerónimo Irázabal, co-founder of immudb and lead architect at Codenotary. The company is the primary … More


Ermetic raises $70M to scale sales and marketing operations

Ermetic announced it has closed a $70M Series B round of financing led by Qumra Capital with support from new investor Forgepoint Capital and participation from existing investors Accel, Glilot Capital Partners, Norwest Venture Partners and Target Global. The company has now raised $100M in funding for its security platform that provides holistic multi-cloud protection for global enterprise customers. Ermetic will use the funds to scale sales and marketing operations in the US, Europe, the … More


When done right, network segmentation brings rewards

96% of organizations claim to be implementing segmentation in their networks, yet only 2% of those organizations are segmenting all six mission-critical asset classes, including critical applications, public-facing applications, domain controllers, endpoints, servers, and business critical assets/data, with segmentation, according to a Vanson Bourne survey. The research surveyed 1,000 IT security decision-makers across seven countries, detailing current trends in segmentation across enterprises and the security advantages associated with strong segmentation implementations. Segmentation is an IT … More


Appaegis raises $7.7M to deliver data-centric zero trust by federating identity and authorization

Appaegis announced that it raised $7.7M in seed funding, led by Taiwania Capital, whose mission is to invest in enterprise software, AI, information security, and cloud infrastructure companies. Joining Taiwania Capital are TSVC, Alumni Ventures, First In, LDV Partners, and Silicon Valley Future Capital. The funding will accelerate customer acquisition, increase the pace of innovation and grow the team. It will further the mission to deliver data-centric zero trust by federating identity and authorization. Organizations … More

Crystal Eye XDR

Product showcase: Is Crystal Eye XDR the most comprehensive security platform on the market?

In this product showcase, we look at Red Piranha’s Crystal Eye XDR platform. Red Piranha pioneered the integrated security service model back in 2015 with out of the box MDR and Incident Response capability, now known as XDR. Since then, the Crystal Eye XDR platform has expanded its feature set to cover Integrated Risk Management (IRM), as well as Endpoint Protection with its Crystal Eye Attack Surface Reduction (CEASR) App and an extended range of … More


Passwordless verification API transforms every mobile phone into a security token for zero trust access

What is small, tamper-proof, cryptographically secure, and already used by 6.37 billion people? The SIM card. We carry this compact piece of secure tech everywhere without thinking of it as such, taking for granted how it connects us to the mobile network to make phone calls, send text messages, browse, buy and send/receive payments. But behind the apparent effortlessness of enabling customers to use the GSM network lies a formidable security architecture that authenticates, encrypts, … More


The cyber risk future doesn’t look good, but organizations are ready

A Trend Micro report predicts global organizations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk. Research, foresight, and automation are critical for organizations to manage risk and secure their workforce. 40.9 billion email threats, malicious files and malicious URLs were blocked for customers in the first half of 2021 alone – a 47% year-over-year increase. Researchers predict that threat actors in 2022 will … More

Patch Tuesday

Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to deliver Emotet/Trickbot/Bazaloader malware family. Vulnerabilities of note in this patch batch Of the 67 CVE-numbered flaws, CVE-2021-43890 – a Windows AppX Installer spoofing vulnerability – will, understandably, be a patching priority. “CVE-2021-43890 allows an attacker to create a malicious package file and then modify it to look like a legitimate application, and … More