IBM Security GM on Seeing a Target Through the Hacker's Eyes

Michael Novinson • February 3, 2023

Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.

Governance & Risk Management

Forescout Gets 4th CEO Since 2020, Hires Barry Mainz

Latest

Security Operations

CrowdStrike CEO on Why It's Tough to Defend Sensitive Assets

Michael Novinson • February 3, 2023

Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.

Network Firewalls, Network Access Control

Jeetu Patel on Having a Consistent Design at Cisco Security

Michael Novinson • February 3, 2023

Cisco plans to debut a common design language across its network and security offerings so that products such as Cisco Meraki and Umbrella will no longer look or feel different from one another, says Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco.

Governance & Risk Management

CEO Faitelson on How Varonis' SaaS Migration Helps Customers

Michael Novinson • February 3, 2023

Varonis has dedicated most of its engineering resources to SaaS since the onset of COVID-19 to provide more automation to customers, says CEO Yaki Faitelson. The company has focused on delivering robust data protection to customers without them having to dedicate hardware or personnel to the task.

Fraud Management & Cybercrime

Cyberattack Wave on Healthcare Reaches Florida and Maryland

Marianne Kolbasuk McGee • February 3, 2023

A Florida healthcare system says it is diverting emergency patients and is only accepting certain Level 1 trauma cases while it deals with an "IT security incident." Meanwhile, a Maryland hospital is responding to its own ransomware incident.

Network Detection & Response

Proofpoint CEO on Thwarting Post-Compromise Lateral Movement

Michael Novinson • February 3, 2023

Proofpoint has focused on preventing cyberattacks, but customers have increasingly asked for help with blocking lateral movement from compromised identities, says CEO Ashan Willy. Acquiring Illusive in December will help Proofpoint block identity attack paths when a user is compromised.

Cloud Security

Wiz CEO on the Need to Consolidate Cloud Security Technology

Michael Novinson • February 3, 2023

The cloud security landscape has long been fragmented, and different vendors attempt to separately address containers, serverless and vulnerabilities, says Wiz CEO Assaf Rappaport. Consolidating detection, vulnerability and misconfiguration data in a single place reduces the noise for clients.

Application Security

Checkmarx CEO on Bringing Application, API Security Together

Michael Novinson • February 2, 2023

Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.

Cybercrime

Ubiquiti Insider Hacker Pleads Guilty

David Perera • February 2, 2023

The insider threat hacker who attempted to extort $1.9 million out of Ubiquiti Networks faces sentencing in May after pleading guilty to three crimes in federal court. The hacker, Nickolas Sharp, was the company's cloud lead and was on the team remediating the security incident he caused.

Cybercrime

'No Pineapple' Hacking Campaign Reveals North Korean Toolkit

Jayant Chakravarti • February 2, 2023

Researchers from cybersecurity firm WithSecure say they spotted a North Korean espionage campaign they dub "No Pineapple" that reveals a slew of tools in the Pyongyang hacking arsenal. They're confident the hackers were North Korean: One hacker connected to an infected server using a DPRK address.

Open XDR

Bitdefender CEO Florin Talpes on Bringing XDR to the Masses

Michael Novinson • February 1, 2023

Incumbent XDR platforms target large enterprises with access to a full security operations center, threat hunters and incident response teams, says Bitdefender CEO Florin Talpes. But firms looking to successfully serve the SMB market need to modify their XDR tools to address the skills shortage.

Identity & Access Management

Okta Exec Sagnik Nandy on Protecting the Extended Workforce

Michael Novinson • January 31, 2023

The guardrails organizations use to protect employee identities are often ineffective for contractors, business partners or vendors since they bring their own devices. Many businesses struggle to implement identity safeguards in a setting that's more heterogeneous and offers fewer controls.

Breach Notification

ITRC Breach Report: Lack of Transparency, Details Worsen

Anna Delaney • January 31, 2023

The Identity Theft Resource Center's 2022 Annual Data Breach Report reveals a near-record number of compromises - the second-highest number in 17 years. ITRC COO James Lee worries that a sudden lack of transparency in breach notices is creating more risk for consumers.