The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of December 1. This curated list features endpoint security and network monitoring vendors such as Inflect, Forescout, Halcyon, and more.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of December 1

Inflect Expands Instant Pricing Tool to Include Lumen Dedicated Internet Access (DIA)

Inflect, Inc., a marketplace for buyers and sellers of digital infrastructure, this week announced the availability of instant pricing for Dedicated Internet Access (DIA) from Lumen Technologies in the Inflect portal. Lumen’s integration into the Inflect portal means that customers turning to Inflect’s global digital infrastructure marketplace to source DIA can receive immediate price quotes from Lumen. This expedites the quoting process by removing the need to submit a request for pricing that may take days or weeks to complete. Instant pricing for Lumen DIA through the Inflect portal is now accessible in more than 145,000 on-net locations.

Read on for more.

Uptycs Unveils Cross-Cloud Anomaly Detection Engine

Uptycs, a unified CNAPP and XDR platform, this week announced its Cross-Cloud Anomaly Detection Engine, capable of analyzing billions of events in near-real time to help security teams rapidly identify and respond to emerging threats. Utilizing machine learning techniques Uptycs correlates anomalies with MITRE detections to further minimize the time to detect real threat behavior. This announcement comes on the heels of Uptycs’ launch of the industry’s “first” unified supply chain and runtime security for Kubernetes, which includes deep support for Amazon EKS, ECS, and connected assets.

Read on for more.

Elastic Completes Acquisition of Opster

Elastic, the company behind Elasticsearch, this week announced it has completed the acquisition of Opster, the creators of AutoOps and other tools used to help users get more out of their Elastic deployments. “I’m excited to welcome Ziv Segal and the Opster team as we continue our journey to make search better,” said Ken Exner, chief product officer, Elastic. “Joining forces will open up opportunities initially through AutoOps, which helps Elastic users detect and remediate issues, and as we look to apply Opster’s set of operational tools to future innovations.”

Read on for more.

Forescout Expands Ottawa R&D Footprint to Address Growing Market Demands

This week, Forescout, a global cybersecurity leader, officially opened its new Ottawa office– an expanded research & development (R&D) facility to help enterprises more effectively manage cyber risks and threats targeting their IT, OT and IoT devices and cyber assets. Forescout has been serving large enterprises throughout Canada for over a decade, including some of the largest financial services, healthcare and energy firms. The new Forescout Ottawa office is located at 515 Legget Dr, Kanata, ON K2K 3G4, Canada and will serve as the center of excellence to the company’s cloud security, software development, architecture, UX and data analytics teams.

Read on for more.

Halcyon Named to Fast Company’s Third Annual Next Big Things in Tech List

Halcyon, a ransomware solutions provider, announced that it has been named to Fast Company’s third annual Next Big Things in Tech list, honoring technology breakthroughs that promise to transform the future. The Halcyon Anti-Ransomware Platform is recognized on the list for its ability to detect, prevent, and recover from ransomware attacks, protecting organizations in every industry from the ever-growing threat of ransomware. Fast Company recognized a variety of technologies for their cutting-edge advancements and potential to impact consumers, businesses, and society overall, and identified Halcyon as “the only organization focused solely on combating ransomware.”

Read on for more.

The Cybersecurity Insight Jam Returns for Fifth Year on December 5th

Insight Jam LIVE, the annual element of Solutions Review’s Insight Jam, an always-on community for enterprise technology end-users, experts, and solution providers, kicks off its fifth year; starting with the Cybersecurity Insight Jam on December 5th. Expect roundtable discussions to take place throughout the day, featuring thought leaders from GitGuardian, Lenovo, Aware, LoginRadius, and more!

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Preparing for the Impact of EO 14028 on Software Security

Curtis Yanko of CodeSecure examines the dark side of executing Executive Order 14028 and how it will impact private-sector software security. Despite the fact that the Cybersecurity Executive Order, known as EO 14028, governs software designed for use by government agencies, these guidelines will eventually extend to and reshape private sector software security practices– especially for hardware used in critical infrastructure and safety-critical industries, including automotive, aerospace, IoT, medical devices, and more. We can expect EO 14028, which requires software supplies to adopt NIST SSDF, a set of guidelines and best practices for secure software development, to force profound changes in private sector software security requirements. Specifically, it calls for a proactive shift to integrating security considerations across the software development lifecycle, from design and coding to testing and deployment. While this transition will necessitate a shift in mindset and resource allocation, it is a critical step toward minimizing software supply chain vulnerabilities and hardening digital assets.

Read on for more.

The post Endpoint Security and Network Monitoring News for the Week of December 1; Inflect, Forescout, Halcyon, and More appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Nima Baiati of Lenovo answers the question on everyone’s mind: “Is AI Going to Change Everything in Cybersecurity?” Yes… but not like you think!

Perhaps not since Gutenberg’s printing press has a technology simultaneously created as much uncertainty, doubt, and fear of missing out as Artificial Intelligence (AI). There is enormous potential for disruption and productivity, particularly in cybersecurity, where the stakes for enterprises are already high and continually rising.

However, with that being said, chief technology officers (CTOs) and chief security officers (CSOs) have no more reason to panic or stress than usual.

Is AI Going to Change Everything in Cybersecurity? Yes! But Not Like You Think.

Better Spears, Better Shields

Security has always been a tough game, and there’s no reason to believe it’s going to get any easier. It is undoubtedly concerning that Generative AI (GAI) has the potential to provide malicious individuals with more advanced capabilities. Passwords may be compromised more readily, deepfakes could exploit vulnerabilities in social engineering, and hackers might enhance their malware with greater ingenuity, resulting in an acceleration of cyber-attacks.

Nevertheless, the good news is the same tools available to potential attackers will also be in the hands of defenders. This means an increasing number of cybersecurity activities can be automated and, therefore, more efficient. AI is being used for better risk analysis, threat detection, and automating alerts and responses. AI can also help balance security and user experience (UX) by analyzing behavioral data and simplifying verification— this is critical because an overly secure gate ceases to function as a serviceable passageway.

The new efficiencies gained by AI-enabled cybersecurity tools can help address the critical shortage of skilled labor in the field. Smaller organizations, such as small to medium-sized businesses (SMBs) and educational institutions, that lack the budgets and resources of government and large enterprises, will be able to automate more security solutions and become somewhat harder targets. Overall, while technology advances, the core infrastructure of every organization’s security system will remain constant.

The Hands That Make and Hold the Shields

People, not technology, are the most critical components of any security system. A castle may have impregnable walls, but they do not matter very much if the guards are poorly trained, complacent, or corruptible. For hackers, a misappropriated key is always better than a battering ram.

Now, more than ever, organizations need to build better security cultures, especially since one of the biggest challenges with making systems and companies secure starts with people. Employees must be equipped with the training and support to maintain constant awareness of the nature of threats and vigilance against attacks. For example, social engineering for phishing attacks is becoming much more sophisticated because of deepfakes, but they can still be defeated when employees adhere to proper protocols.

Even more critical than end-user vigilance is security by design. Not only should software be reviewed for security, but it should also be built with security embedded in it. Device manufacturers and purchasers must make better decisions based on security outcomes, rather than just form, function, and cost. Computer original equipment manufacturers (OEMs), for example, should provide protection throughout the lifecycle of a device. This includes a transparent and secure supply chain to protect devices from the bottom up, defending against below-the-operating-system threats like a basic input/output system (BIOS) attack, and ensuring data protection between the operating system and the cloud. Buyers of computing devices who don’t audit for security by design and rely too much on after-market or bolted-on security should be aware of the risk they assume.

AI for All

The only thing limiting the impact of AI is our imagination. The ability to exponentially process more data and make more decisions will change everything for everyone, similar to how the internal combustion engine and electricity empowered us to do more, faster.

This is a positive development because there are vastly more people striving to achieve good outcomes than bad actors looking to steal data or destroy value. However, to protect our organizations and harness the benefits of AI, we will need good decisions and vigilant behavior.

A critical aspect is ensuring that security is intrinsically built into every stage of development and deployment. Each organization will have its own security needs, frameworks, and different types of security threats, so it will be important for organizations to identify those nuances. When examining devices, for example, it is vital to integrate security into all layers of the platform: supply chain, below-operating system, and above-operating system.

Not all data can be protected equally, and the goal of achieving zero cybersecurity breaches is simply unattainable, given the vast threat of the landscape. Therefore, business leaders and security experts must make strategic decisions about their prime concerns and how to protect their assets. Overall, AI tools that support security-minded cultures with the right priorities will be able to achieve better defenses.

The post Is AI Going to Change Everything in Cybersecurity? Yes! But Not Like You Think. appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of November 10. This curated list features endpoint security and network monitoring vendors such as Ribbon Communications, Checkmarx, Boldyn Networks, and more.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of November 10

W3TEL Selects Ribbon Communications for Network Expansion and Regulatory Compliance

Ribbon Communications Inc., a global provider of real time communications technology and IP optical networking solutions announced this week that W3TEL a French provider of communications services to enterprises, has selected Ribbon’s solutions to “support its growth, simplify its network operations and fulfill French government mandates around call security.”

Read on for more.

Malwarebytes Launches New Endpoint Security Platform, ThreatDown

Malwarebytes, a global leader in cybersecurity solutions, this week announced the launch of ThreatDown, the product family that “protects IT-constrained organizations with effective, easy-to-use cybersecurity.” Formerly named Malwarebytes for Business, ThreatDown solutions are purpose-built to overpower threats through easy-to-use, effective technologies like the new Security Advisor dashboard and ThreatDown Bundles that combine the technologies and services needed to protect organizations from today’s sophisticated cyber landscape.

Read on for more.

Checkmarx Announces Integration with Mobb to Expand SAST Platform Capabilities

Checkmarx, an industry leader in cloud-native application security for the enterprise, announced this week an integration with Mobb, an automated vulnerability protection platform, to streamline application security testing and remediation within familiar developer workflows. Checkmarx customers can now deploy Mobb’s auto-remediation solution for vulnerabilities identified during scans with Checkmarx SAST. This new capability represents an expansion of Checkmarx’ auto-remediation offerings for SCA (software composition analysis) and IaC (infrastructure-as-code) Security.

Read on for more.

Robokiller Insights: “Drastic Spike in Robotexts and Robocalls in October”

Robotexts reached 12.8 billion while robocalls soared to 4.8 billion in October, a combined 6 percent month-over-month increase, according to Robokiller Insights. The simultaneous spike can be attributed to scammers shifting their tactics— they’re inundating Americans with well-timed scams surrounding current events like holiday shopping and student loan repayments.

Read on for more.

Boldyn Agrees to Acquire Cellnex’s Private Networks Business Unit

Boldyn Networks (Boldyn), one of the largest shared network infrastructure providers in the world, has agreed to acquire Cellnex’s private networks business unit. This largely includes EDZCOM, a Finnish pioneer and European market leader that designs, builds, and operates private 4G and 5G networks, predominantly for industrial clients in manufacturing, ports, oil and gas, energy generation, and mining. The agreement further advances Boldyn’s private networks strategy and puts it at the forefront of “driving digital transformations and industry 4.0 innovation.”

Read on for more.

AI Moment: Solutions Review Set to Host Monte Carlo & Salesforce for Exclusive GenAI Event on November 30

With the next Spotlight event, the team at Solutions Review has partnered with Monte Carlo (and their partner Salesforce) for an informative webinar show. While GenAI has its fair share of hype, data leaders are being tasked by executives with investing in AI across the business. But how can we ensure that these technologies are actually useful and impactful?

Read on for more.

Solutions Review’s William Jepma Compiles Definitive Guide on the White House’s New EO on AI, Through Quotes

As you can expect, there was a lot of discussion around the Executive Order, what it might mean for AI regulation, and how it will affect the trends involved in governing, developing, and using AI in enterprises across industries. See key commentary from industry experts who shared their thoughts on the EO and how it will change AI’s role in business.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Zero Trust: Implementing A Path Forward

Chaim Mazal of Gigamon helps pave the path forward for standardizing zero-trust architecture with these best practices to consider. Zero trust has been making waves in the cybersecurity community for more than a decade, but there’s still so much ambiguity around the concept and how to achieve it. The ultimate goal of implementing a zero-trust architecture is to remove any implicit trust in an organization’s network. Basically, the network should assume you are a malicious player unless you prove otherwise. This approach moves an organization’s security strategy away from perimeter-based controls to distributed controls across the network, including within your hybrid cloud environment. Since the onset of this concept, it’s long been thought of as a distant priority or an idealistic end goal organizations would strive to achieve one day. There was little momentum in making a true zero-trust implementation a reality, so achieving this felt unattainable. Until now.

Read on for more.

DNS Security and Protecting School Networks

Renée Burton of Infoblox says class is in session and educates us on how DNS security can help protect school networks. Advancements in IoT technologies have revolutionized the education sector, bringing about unprecedented opportunities for learning and collaboration. Online classrooms, digital resources, and interactive learning platforms have enriched learning experiences and expanded educational access for students. The reliance on wi-fi connected devices to modernize education has made IT infrastructure and network performance, in particular, mission-critical for schools. But it has also exposed schools to cyber-attacks, with ransomware looming as a significant threat. In fact, the education sector has become the top target for hackers. Personally, I experienced this firsthand when my children’s credentials were stolen from their school database. As a high school student, our kid was alerted that one of their gaming accounts had been compromised. After some investigation, it turned out that the school’s database of names, accounts, and passwords had been compromised. Attackers were able to correlate different pieces of information to exploit a number of students’ home accounts for different services. It was suspected that the initial access came from a phishing email to a staff member. Initially surprised that cyber-criminals had taken advantage of a small school system to gain access to other accounts, I learned that this was fairly common. According to the White House, “In the 2022-23 academic year alone, eight K-12 school districts throughout the country were impacted by significant cyber-attacks – four of which left schools having to cancel classes or close completely.” In addition to the monetary losses, the costs include days of missed learning for students and months of additional recovery time. The good news is that schools can get ahead of cyber-attacks before they happen– by uniting their network services and DNS security.

Read on for more.

The post Endpoint Security and Network Monitoring News for the Week of November 10; Ribbon Communications, Checkmarx, Boldyn Networks, and More appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of October 27. This curated list features endpoint security and network monitoring vendors such as Tenable, Zscaler, Tufin, and more.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of October 27

Tenable and Siemens Energy Expand Collaboration on OT Cybersecurity

Tenable, Inc. an Exposure Management sol, today announced that it has expanded its partnership with Siemens Energy to further secure operational technology (OT) environments in the energy sector. Building on years of collaboration, Siemens Energy will integrate Tenable OT Security into their Omnivise T3000 control system as a network intrusion detection system (NIDS), in addition to already leveraging Tenable OT Security for asset discovery and vulnerability management. Siemens Energy’s decision to bring Tenable into this flagship offering joins existing collaboration on their recently rebranded cybersecurity service offering, Omnivise OT Security, powered by Tenable.

Read on for more.

Zscaler ThreatLabz: “400 Percent Increase in IoT and OT Malware Attacks Year-over-Year”

Zscaler, Inc., a leader in cloud security, announced this week the release of the Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report.  The number of attacks on IoT devices saw a 400 percent increase in malware compared to the previous year. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.

Read on for more.

What to Expect at Solution Review’s Solution Spotlight with Broadcom on November 16th

With the next Solution Spotlight event, Solutions Review’s team has again partnered with Broadcom, a leader in cybersecurity and network monitoring solutions. In this webinar session, an expert from Broadcom will provide viewers with tips on enhancing the end-user experience across hybrid and multi-cloud environments.

Read on for more.

Tufin Announces Major Update and Capabilities to Tufin Orchestration Suite

Tufin, a network and cloud security policy automation solutions provider, this week announced the release of Tufin Orchestration Suite (TOS) version R23-2. The latest edition streamlines Secure Access Service Edge (SASE) policy management across an organization’s hybrid network, expedites security audits and compliance efforts, and enhances application connectivity triage, offering organizations a “comprehensive solution for their evolving security and networking needs.”

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share the best written and video resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Social Media Scams Impacting Businesses and Individuals Today

John Wilson of Fortra’s Agari breaks down common social media scams, their impact on businesses, and how to protect yourself against them. Social media has become the proverbial double-edged sword, equal parts meaningful connection, and highly convincing fraud. The challenge is that it’s sometimes hard to spot the difference. Threat actors use social media to target companies and individuals alike with the goal of stealing information they can monetize or hocking lookalike goods. As a Senior Fellow for Threat Research, I work daily with those targeted by these criminals to take down their scams. According to research from Fortra’s PhishLabs, attacks on businesses were nearly 19 percent more common in Q4 of 2022 than in the same quarter of 2021. Companies faced an average of 73 attacks per month on their social channels. On the consumer side, the Federal Trade Commission found that in 2022, end-users lost $1.2 billion as a result of scams originating on social media. Fraudsters worldwide are flocking to these platforms as an attractive attack vector. It’s easy to see why: they offer the ability to reach a mass audience quickly and at a very low cost. Here, we’ll highlight the most common scams and how to protect yourself, your organization, and your data.

Read on for more.

Breaking Software Security To Fix It: 5 Steps to Training that Delivers More Secure Applications

Ed Adams of Security Innovation walks us through why you may need to break software security before you can fix it. Software runs the modern world, from online trading applications to cloud-based SaaS, Medical Devices, and even hardware. These software-driven systems incorporate maze-like interconnections and dependencies that make them vulnerable to attack. Compounding the challenge are the blurred lines between builders, operators, and defenders, who all have a hand in building and deploying software securely. Software’s security stakeholders have exploded beyond the core developer in the rapid-release world of agile, DevOps, and CI/CD. Cross-functional skills are more critical than ever; however, long-established training methods aren’t keeping up with emerging technologies, methodologies, and roles.

Read on for more.

The post Endpoint Security and Network Monitoring News for the Week of October 27; Tenable, Zscaler, Tufin, and More appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. John Wilson of Fortra’s Agari breaks down common social media scams, their impact on businesses, and how to protect yourself against them.

Social media has become the proverbial double-edged sword, equal parts meaningful connection, and highly convincing fraud. The challenge is that it’s sometimes hard to spot the difference. Threat actors use social media to target companies and individuals alike with the goal of stealing information they can monetize or hocking lookalike goods. As a Senior Fellow for Threat Research, I work daily with those targeted by these criminals to take down their scams.

According to research from Fortra’s PhishLabs, attacks on businesses were nearly 19 percent more common in Q4 of 2022 than in the same quarter of 2021. Companies faced an average of 73 attacks per month on their social channels. On the consumer side, the Federal Trade Commission found that in 2022, end-users lost $1.2 billion as a result of scams originating on social media. Fraudsters worldwide are flocking to these platforms as an attractive attack vector. It’s easy to see why: they offer the ability to reach a mass audience quickly and at a very low cost.

Here, we’ll highlight the most common scams and how to protect yourself, your organization, and your data.

Social Media Scams Impacting Businesses and Individuals Today

Threat Actors Excel at Social Engineering

Social engineering is the basis for every social media scam. A threat actor’s goal is to lull a target into trusting what they see or hear so they lower their guard and ignore red flags. Cyber-criminals can easily set up convincing spoofed websites with pilfered IP, including legitimate-looking images, logos, and text.

Threats can arise through ads or direct messages that take someone to a malicious website or ask them to call a phone number. These venues seek to capture credentials, sell you imposter goods, or defraud you in another creative way.

Social Media Scams Affecting Individuals

I received a Facebook notification that a recently deceased friend was tagged in a post. When I viewed the post, I was horrified that it used a “look who just died” video lure, asking victims to provide their credentials to view the video. Once the criminals have end-user login details, they’re free to perpetuate further bad behavior.

Naturally, I reported it to Facebook right away, praying that the post would be removed before my friend’s grieving widow had to endure the additional pain of seeing her deceased husband’s account used in this way.

Social Media Scams Affecting Businesses

Attackers can interact with your employees, customers, and partners on social media. According to research, banking is the most frequently targeted industry, followed by retail and financial services.

Social media scams can attack organizations from different angles. A threat actor could lure customers into fraudulent campaigns or impersonate an executive. Employees using your corporate network can also check personal social accounts during the workday and unwittingly download malware, including ransomware, that spreads from their computer to other devices on the corporate network.

• Impersonation: In another report, impersonation was cited as the top risk for businesses, representing 36.4 percent of threats assessed. Impersonation ploys appear to be credible and can include scammers masquerading as executives.
• Counterfeit campaigns: One particular form of impersonation includes counterfeit retail ads that lure customers to a malicious website or fake social media page. These start with ads for an amazing deal, usually with some urgency attached to ‘act now’ before the item is gone. Those who fall for these campaigns may receive counterfeit goods, or they may find their payment card information has been stolen. For companies, this erodes their brand reputation and could cannibalize sales.
• Steganography: Steganography is the practice of concealing a message, file, or data within another seemingly innocuous medium, such as an image or audio file, to hide its existence. Social media ad campaigns rely heavily on interesting visuals to entice end-users, and malicious campaigns are no different. Malware can be baked into these images using steganography, and clicking on the picture will deliver malware right onto the person’s computer.

How to Protect Your Business

Companies can take several social media protection measures to prevent or minimize the impact of these threats.

• Employee training: As employees are your first line of defense, invest in hands-on training that simulates fraudulent social media and phishing campaigns. These teach employees to recognize threats and understand how to react.
• Partner with a company that has close relationships with social media admins: It’s easier to report and resolve brand impersonation when you have a relationship with a channel. Then, if you need to submit evidence of a problem (links, screenshots, etc.), you have a point of contact who can help.
• Technical controls: Besides implementing robust firewalls and antivirus software, partner with a provider that can monitor, detect, and take down malicious social media profiles and ads to safeguard your brand.

Social Media Scams Affecting Individuals

Many of us visit social media channels as a distraction or a way to unwind. Scammers know our guards are down and devise tactics that trick us into inputting credentials or high-value data such as payment information. Beware of these types of social media scams:

• False financial, banking, and crypto companies: Scammers create fake profiles impersonating trusted financial institutions or cryptocurrency platforms to steal your financial information or investments.
• Amazing retail deals, especially near holidays: Be cautious of too-good-to-be-true discounts on social media, especially around holidays, as scammers may lure you into purchasing counterfeit or non-existent products.
• Dating or confidence scams with people you’ve never met asking for money: Scammers create fake romantic relationships to gain your trust and then request money under false pretenses.
• Fake vacation rentals you can’t find on a map: Scammers offer enticing vacation rentals that don’t exist or aren’t located as advertised, leaving you without a place to stay.
• Fraudulent charities or ones posing as legitimate charity organizations: Beware of fake charities on social media seeking donations; they may divert funds away from genuine causes.
• Loan scams with extremely low rates: Scammers promise low-interest loans but often demand upfront fees and disappear after receiving payment, leaving you without the loan.
• False job postings: Scammers post fake job opportunities, aiming to steal personal information or money through application fees or phony background checks.

How to Protect Yourself

Always approach social media with a degree of suspicion and consider these aspects:

• Streamline what you share: An attacker can glean a lot about you from your public profiles, which can then be used to target you for fraud via social engineering. Ask yourself how much you need to share and how often. Lock your profiles down so only verified contacts can see them. Be sure to review the audience for your older posts. When you change your default audience for new posts, this usually does not impact existing posts.
• Use your intuition: If an ad promises something too good to be true, it likely is. If something seems amiss, it’s worth a second look.
• Do your research: If you haven’t heard of an advertiser, search online for their name followed by ‘scam.’ You can also map the business to see if they have a physical address. Watch for website URLs that are similar to those of well-known companies. Domain registrars list creation dates for websites. A recently created domain could indicate a scam.
• Verify through a second avenue: If something or someone on social media tells you to call a particular number, especially for financial purposes, find the number another way. This could be using your banking card or statement.

Final Thoughts

In a world where social media serves as both a bridge to connection and a gateway to deception, vigilance is paramount. Social media scams have grown rampant, infiltrating professional and private lives, and leaving a trail of financial losses and personal distress in their wake.

The post Social Media Scams Impacting Businesses and Individuals Today appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Neko Papez of Menlo Security guides us through the digital landscape and how to stay safe against malvertising.

Your responsibility is the security of your enterprise and ensuring that even the most widely used enterprise application, the browser, is secured. You know, better than anyone, that your users are still consumers when they are at work. Maybe your organization has shut down access to social media sites like Instagram or Facebook, or prevents shopping from Amazon, but users still interact with websites daily that either sell them products or serve them ads. Even granting access to legitimate news outlets that many users need to do their jobs means that they are targeted and retargeted by digital advertisements daily.

Those ads, and how they are served, are designed by digital marketers who have greatly leveraged the advantages of modern technologies. Today’s marketers know exactly who to target, how to reach them, and what content to serve to move a prospect from an interested party to a paying customer. With artificial intelligence (AI) access and adoption growing at breakneck speeds, digital marketers have what might be the most powerful tool in their toolbox to help them do their jobs effectively.

Thanks to AI, customer segmentation, personalized campaigns, and timed messages have become easier than ever. With tools like ChatGPT, as well as AI-based graphic design tools like Alibaba Luban, marketers can quickly produce highly effective advertisements that welcome potential buyers. Consider this statistic from Alibaba: Luban can create 8,000 banner ads every second.

But as with every technological advancement, there’s a dark side. In the world of digital advertising, that dark side is malvertising. It’s estimated that nearly one in every 100 online advertisements is currently malicious, which means that for your users, who still access advertisements at work, malvertising is now your concern, too.

The Rise of Malvertising and How to Stay Safe

Malvertising: A Highly Evasive Threat

You might be familiar with highly evasive threats such as HTML smuggling or MFA bypass attacks. We call them highly evasive because they use sophisticated techniques such as dynamic behavior, fileless attacks, and delayed execution to evade traditional security measures. They are designed to fly under the radar and bypass commonly deployed security found in your enterprise security stack.

Malvertising fits nicely into this category of highly evasive threats. These sophisticated attacks can be especially hard to detect by anyone – brands, advertising publishers, or internet users. And, because it’s a novel tactic, not many people know about it, so spotting it becomes even harder.

Malicious actors begin by infiltrating a third-party server to embed malware within digital advertisements, such as videos, banners, or even brand logos. Unsuspecting users who click on these tainted ads or images may either be redirected to a fraudulent site or immediately have malware installed on their devices. Once malware breaches a system, it grants bad actors vast capabilities to delete, modify, or encrypt data. These bad actors can even redirect internet traffic from legitimate websites or develop backdoor access routes to a network system.

Detecting an infected logo or suspicious URL is challenging, but not impossible. We’ll get into what your users can do to help prevent malvertising from entering your network in a bit, but there are also browser security solutions that use AI-based computer vision algorithms to analyze data in tandem – things like URL characteristics or a logo located where it should not be – resulting in identification of infected brand logos and questionable URLs.

AI-Driven Digital Advertising: Your Users Aren’t Prepared

According to Statista, and published by HubSpot, AI usage in marketing activities was estimated to grow from $15.8 billion in 2017 to $107.5 billion by 2028, with more than 80 percent of professional marketers integrating some kind of AI technology into their current marketing activities.

Further, according to a recent survey by CensusWide for Menlo Security, 54 percent of U.S. consumers believe that at least half of all advertisements on websites or social media are AI-generated. As noted above, from a marketer’s perspective, AI-driven campaigns can be highly efficient and yield impressive results. But these advances also offer unique avenues for malicious actors to exploit.

Interestingly, there’s an alarming disparity between users’ knowledge of AI usage in marketing programs and their understanding of the threat it poses. For instance, three-quarters of respondents understand that they can be infected by a link in a phishing email, yet 63 percent do not yet know they can be similarly impacted by clicking on a brand logo, despite an increase in impersonated brands such as Google or Microsoft. This becomes a major concern for enterprises as 81 percent of respondents noted they click on internet advertisements “to some extent”, while a shocking one-quarter do so “very often” or “always.”

Countering Malvertising

No website, advertisement, or brand logo is foolproof against malvertising. Even the most credible brands and websites we’ve all come to familiarize ourselves with are not immune to malvertising. And, as shown previously, internet users are not aware of the threat it poses. As digital landscapes evolve, users need to stay vigilant. Here are five guidelines to reduce the risk of malvertising:

1. Examine URLs Thoroughly: Hover over an ad to reveal the destination URL. Ensure that it hasn’t been tampered with by looking for commonly misspelled words and making sure that the URL matches the image being provided.
2. Inspect Logos for Authenticity: Watch for any irregularities in a brand’s logo, like image distortion or odd coloring, which could hint at a counterfeit ad. Also, make sure the logo isn’t an outdated version like that which was used by the Witchetty espionage group in the Microsoft example above.
3. Evaluate Advertisements’ Intent: Malicious actors often use direct calls to action, like “buy now” or “act now before it’s too late.” Approach such ads with skepticism. You can always find the same “great deal” by going to the website directly rather than clicking on an ad.
4. Adopt a Cautious Approach on All Sites: Even trustworthy websites can inadvertently host malicious ads. Always practice caution, regardless of the site’s reputation.
5. Limit Redirections: The more ads you interact with, the higher your risk. Each subsequent site you’re directed to might have laxer security so avoid using redirects where possible.

Remember, your users are just a handful of clicks away from exposing your corporate network to malware online; our own research has shown users are only three to seven clicks away from malware at any given time. As malvertising threats continue to evolve, it’s imperative that your users are educated and remain vigilant while practicing safe browsing habits. Teach your users to follow the guidelines for countering malvertising and reach out to your security partners to ID if they have visibility tools that can spot malicious logos, URLs, and ads on your behalf.

The post Navigating the Digital Landscape: The Rise of Malvertising and How to Stay Safe appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of October 13

Xtract One Named Exclusive Preferred Supplier of the American Association of Professional Baseball

Xtract One, a threat detection and security solutions provider, this week announced that the company will serve as the exclusive preferred supplier for the American Association of Professional Baseball (AAPB). Through this three-year partnership, Xtract One will have the unique ability to advise AAPB regarding security and weapon detection technology, deploy solutions, and ensure best practices to deliver first-class fan experiences. Xtract One’s Gateway system replaces traditional metal detectors and hand wands, and delivers fast, reliable, and seamless patron screening. This solution unobtrusively scans patrons for guns, knives, and other prohibited items as they enter the facility, using AI-powered sensors to detect threats without invading patrons’ sense of privacy and comfort. The system was designed for large, ticketed venues to enable high throughput, and a brand-enhancing patron experience. With Xtract One, AAPB will eliminate long entry lines, allowing fans to quickly, and safely, enter the venue and enjoy the event.

Read on for more.

Lakera, an LLM Security Platform, Officially Launches; Backed by $10M in Funding

Swiss startup Lakera has officially launched to the world this week, with the promise of protecting enterprises from various LLM security weaknesses such as prompt injections and data leakage. Alongside its launch, the company also revealed that it raised $10 million round of funding earlier this year. Lakera has developed a database comprising insights from various sources, including publicly available open source datasets, its own in-house research, and  data gleaned from an interactive game the company launched earlier this year called Gandalf. With Gandalf, users are invited to “hack” the underlying LLM through linguistic trickery, trying to get it to reveal a secret password. If the user manages this, they advance to the next level, with Gandalf getting more sophisticated at defending against this as each level progresses.

Read on for more.

United States Department of Homeland Security Awards New PENS Contract to BlackBerry

BlackBerry Limited announced this week that the United States Department of Homeland Security (DHS) has awarded BlackBerry a new seven-year Indefinite Delivery, Indefinite Quantity (IDIQ) contract for the creation and sustainment of its new Super Enterprise for Personnel Emergency Notification System (PENS). BlackBerry, American Systems and 4 Points Technology will partner to deliver on the software and services contract, which is for DHS and all its components. The DHS will use BlackBerry AtHoc as a department-wide communication and visibility PENS solution for all its employees and contractors. BlackBerry AtHoc will deliver “super enterprise” capabilities so that the solution can be tailored to each DHS component while providing DHS with enterprise-wide functionality.

Read on for more.

Resurgence of LinkedIn Smart Links Identified in Sizable Credential Phishing Campaign

In 2022, the Cofense Phishing Defense Center (PDC) detected phishing campaigns that used LinkedIn links called Smart Links or “slink” to bypass security email gateway or SEG to deliver credential phishing. A year later, in late July into August, a resurgence of Smart Links was identified in a sizable credential phishing campaign targeting Microsoft Office credentials creeping into inboxes once again. While Smart Links in phishing campaigns are nothing new, Cofense identified an anomaly of over 800 emails of various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries containing over 80 unique LinkedIn Smart Links. These links can come from newly created or previously compromised LinkedIn business accounts.

Read on for more.

NSA and U.S. Agencies Issue Best Practices for Open Source Software in Operational Technology Environments

The National Security Agency (NSA) is joining U.S. federal partners to release cybersecurity guidance to promote understanding of open source software (OSS) implementation and provide best practices to secure operational technology (OT) and industrial control systems (ICS) environments. The Cybersecurity Information Sheet (CSI) “Improving Security of Open Source Software in Operational Technology and Industrial Control Systems” offers best practices and recommendations for improving OSS security in OT/ICS environments, such as supporting OSS development and maintenance, patch management, authorization and authentication policies, and establishing common frameworks. The joint cybersecurity guidance also encourages the adoption of “secure-by-design” and “secure-by-default” principles to decrease cybersecurity risk in OT environments.

Read on for more.

Lookout Named Mobile Security Solution of the Year by the CyberSecurity Breakthrough Awards

This week , Lookout, Inc., a cybersecurity solutions provider, announced that its Lookout Mobile Endpoint Security solution has won the “Overall Mobile Security Solution of the Year” award in the Seventh Annual CyberSecurity Breakthrough Awards program conducted by CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market. Lookout provides visibility into mobile threats and state-sponsored spyware, while also protecting against mobile phishing and credential theft that can lead to unauthorized access to sensitive corporate data. The solution analyses telemetry from more than 215 million devices, 269 million apps and more than 500 million web destinations to uncover thousands of new threats each day. Lookout is FedRAMP JAB P-ATO Authorized and available through CDM DEFEND, trusted by enterprise and government customers alike to protect sensitive data, enabling the workforce to “connect freely and safely from any device.”

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share the best written and video resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Solutions Review Launches New Insight Jam Community for Enterprise Technology Professionals

We are excited to bring an entirely new distribution channel to Insight Jam, and provide our readers with guidance, best practices, and advice on top-of-mind topics in enterprise technology, and our PR and vendor partners the ability to measure their impact on the community.

Read on for more.

37 Cybersecurity Awareness Month Quotes from Industry Experts in 2023

As part of Cybersecurity Awareness Month, we called for the industry’s best and brightest to share their comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value. A number of thought leaders were presented with this prompt: What are some overlooked cybersecurity best practices people take for granted/easily forget? Things that might be obvious to experts but not to the average enterprise user. Or best practices that are so obvious when you say them out loud, but are often forgotten. Here’s how they responded, along with some general responses from other experts and thought leaders, for Cybersecurity Awareness Month.

Read on for more.

AI’s Unprecedented Role in Revolutionizing 5G Connectivity

Manish Mangal of Tech Mahindra dives into detail AI’s unprecedented role in revolutionizing 5G connectivity. The development and standardization of 5G connectivity has been a long time coming. The groundwork for 5G started before 2015, when companies and researchers were exploring new technologies that could improve upon 4G and LTE. Little did they know that by the time 5G was ready for commercial rollout, artificial intelligence (AI) would be available to help ensure successful deployment and operation of the network. The convergence of AI and 5G networks has ushered in a new era of possibilities for the telecom industry. By combining the immense processing power of AI with the lightning-fast connectivity of 5G, operators can unlock a host of opportunities to optimize network performance, streamline operations, and pioneer innovative services. As the technology matures, its impact on the telecom industry is likely to be even greater.

Read on for more.

The post Endpoint Security and Network Monitoring News for the Week of October 13; Xtract One, Lakera, Blackberry, and More appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of September 29

Nord Security Secures $100M in Funding

Nord Security, an Amsterdam, The Netherlands-based company which specializes in internet privacy and security solutions, raised $100M in funding, at a $3 Billion valuation. The round saw participation from Warburg Pincus, Novator Ventures and Burda Principal Investments. Chandler Reedy, Warburg Pincus’ Managing Director, Head of Strategic Investments, and Co-Head of Business Services, joined Nord Security’s board. The company intends to use the funds to expand its product offering and accelerate growth through strategic mergers and acquisitions.

Read on for more.

EMA and Auvik Research: “Hybrid and Remote Work Increases Challenges to Remote Network Experiences”

New research by Enterprise Management Associates (EMA) and Auvik, a provider of cloud-based network management software, revealed that the ongoing shift to hybrid and remote work environments has resulted in key changes to the roles and priorities of network administrators in order to address new connectivity challenges and prioritize and preserve a secure, productive end-user experience. The report examined the remote and hybrid work paradigm through the lens of network operations teams– 73 percent of which reported an increase in workloads, either slightly or significantly, following the shift from traditional to hybrid work environments.

Read on for more.

T-Mobile Debuts SASE Platform

This week, T-Mobile  introduced T-Mobile SASE, a network management and ZTNA (Zero Trust Network Access) platform that helps customers securely connect employees, systems and endpoints to remote networks, corporate applications and resources. Not only is it potentially the first SIM-based SASE solution, it’s also “the nation’s first solution to offer customers a secure network slice dedicated to SASE traffic.” These components are designed to help make it easier for organizations to protect corporate data and network resources from nearly anywhere.

Read on for more.

WatchGuard Acquires CyGlass Technology Services

WatchGuard Technologies, a global leader in unified cybersecurity, this week announced the acquisition of CyGlass Technology Services, a provider of Cloud and network-centric threat detection and response solutions. CyGlass’s 100 percent cloud native platform utilizes advanced artificial intelligence (AI) and machine learning (ML) capabilities to deliver “enterprise-class” cyber defense across hybrid networks, to mid-sized and small organizations at an affordable cost and without hardware. The CyGlass technology will add to the WatchGuard Unified Security Platform architecture, delivering AI-based detection of network anomalies with a future Network Detection and Response (NDR) service, and will accelerate Open eXtended detection and response (XDR) capabilities within WatchGuard ThreatSync.

Read on for more.

Appdome Launces Malware Protection Solutions for Android

Appdome, a mobile apps security solutions provider, this week announced new mobile anti-malware protections that detect Android Accessibility Service Malware such as Xenomorph, Brasdex, Octo, Sharkbot, Flubot, TeaBot, PixPirate, Sova, Spynote, Joker and more. These malware are used to carry out large scale, distributed attacks on mobile banking apps, crypto wallets, and other financial services apps. Appdome’s Cyber Defense Automation platform for mobile apps allows developers and cyber teams to build protections against Accessibility Service Malware directly into any mobile app, all from within the DevOps CI/CD pipeline with no code or coding required.

Read on for more.

CrowdStrike Set to Buy AppSec Startup, Bionic

This week, CrowdStrike announced it has agreed to acquire Bionic, an AppSec solutions provider. The combination will extend CrowdStrike’s Cloud Native Application Protection Platform (CNAPP) with ASPM to deliver comprehensive risk visibility and protection across the entire cloud estate, from cloud infrastructure to the applications and services running inside of them.  Announced at the industry’s marquee cybersecurity conference, CrowdStrike Fal.Con 2023, the signing of the deal comes on the heels of CrowdStrike’s Q2 FY24 financial results, in which the company delivered a record quarter for its fast-growing cloud security business. In addition, ending ARR as of July 31, 2023 for CrowdStrike modules deployed in the public cloud grew to $296 million, up 70 percent year-over-year

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Contributed Content Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry thought leaders together to publish the web’s leading insights for enterprise technology practitioners.

What to Expect at Solutions Review’s Solution Spotlight with Zscaler on October 5th

With the next Solution Spotlight event, the team at Solutions Review has partnered with Zscaler to provide viewers with a unique webinar called Deliver Fast and Secure Digital Experiences for the Modern Hybrid Workforce. In this webinar, attendees will hear how to efficiently detect, triage, and resolve IT incidents that have global, regional, or user-specific impact, at scale. Solutions Review’s Solution Spotlights are exclusive webinar events for industry professionals across enterprise technology. Since its first virtual event in June 2020, Solutions Review has expanded its multimedia capabilities in response to the overwhelming demand for these kinds of events. Solutions Review’s current menu of online offerings includes the Demo Day, Solution Spotlight, best practices or case study webinars, and panel discussions. And the best part about the “Spotlight” series? They are free to attend!

Read on for more.

Two Sides of the AI Coin: Balancing Innovation and Business Continuity

Lee Waskevich of ePlus Technology notes that adapting AI requires striking a balance between innovation and business continuity. There’s no question that artificial intelligence (AI) is radically transforming business and society as we know it, driving unprecedented innovation and unleashing creativity across virtually every sector– from healthcare to retail to manufacturing. Further, the generative AI market, which is expected to demonstrate an annual growth rate of 24.4 percent from 2023 to 2030, is just beginning to scratch the surface of what’s possible. However, while the new wave of AI continues to make the previously impossible, possible, it is also accompanied by a host of new risks and security challenges. Landing in the right place when it comes to AI starts with striking a delicate balance between accelerating innovation and minimizing threats.

Read on for more.

The Current State of Web Browsing is Wreaking Havoc on Cybersecurity

Dor Zvi of Red Access examines how the current state of web browsing is wreaking havoc on the world of cybersecurity. In just a few short years, web browsing has gone from something done primarily in our free time, to the primary activity underpinning all of our work. But, with this newfound has also come a great deal of unwanted attention. As web browsing plays an increasingly central role in the day-to-day operations of the enterprise, it simultaneously becomes a more and more attractive target to malicious actors. But, web browsing is changing in more ways than one, and already over-extended enterprise security teams are scrambling to keep up. In order to face this mounting challenge, organizations must begin by reimagining the idea of web browsing altogether — including how it is defined, where it takes place and what strategies are needed to secure it.

Read on for more.

The post Endpoint Security and Network Monitoring News for the Week of September 29; Nord Security, T-Mobile, CrowdStrike, and More appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Lee Waskevich of ePlus Technology notes that adapting AI requires striking a balance between innovation and business continuity. 

There’s no question that artificial intelligence (AI) is radically transforming business and society as we know it, driving unprecedented innovation and unleashing creativity across virtually every sector– from healthcare to retail to manufacturing. Further, the generative AI market, which is expected to demonstrate an annual growth rate of 24.4 percent from 2023 to 2030, is just beginning to scratch the surface of what’s possible.

However, while the new wave of AI continues to make the previously impossible, possible, it is also accompanied by a host of new risks and security challenges. Landing in the right place when it comes to AI starts with striking a delicate balance between accelerating innovation and minimizing threats.

Two Sides of the AI Coin: Balancing Innovation and Business Continuity

Three keys to establishing that balance between innovation and business continuity include:

1. Don’t overlook the most common security challenges posed by AI technology.

With generative AI, hackers or other bad actors can now create far more sophisticated and intricate versions of common cyber-attacks, such as email phishing, malware, ransomware, and social engineering. With the ability to create perfectly worded, convincing, and realistic emails on a massive scale, the old tactics of identifying email phishing by peculiarities in language or tone are being replaced by a new level of complexity. In fact, according to a Palo Alto Networks report on malware trends, threat actors are increasingly taking advantage of interest in Gen AI programs, driving a 910 percent increase in monthly registrations for domains, both benign and malicious, related to ChatGPT.

For business leaders, it’s essential to go back to the basics. This means putting mechanisms in place to protect against the risk points associated with the use of AI in potential attacks.  Creating a culture of awareness and education at the workplace and training end-users on security standards and protocols is an obvious but critical block-and-tackle measure that can help ensure that you’re not taking two steps forward to take one step back.

2. Embrace the pros but also take the time to understand (and plan for) the potential cons

Companies are well on their way to understanding the many helpful applications and uses of AI, including maximizing productivity, automating tasks, enhancing customer experiences, developing products more efficiently, and deploying them to market faster.

Likewise, they are also learning how much potential risk is involved and what those risks look like. For example, 11 percent of the data employees input into ChatGPT is currently classified as confidential, increasing the risk of data breach or even identity theft. Further, GenAI projects are linked to data loss or data misuse, especially among sectors that are experimenting with GenAI to eliminate repetitive, time-consuming tasks.

Driving long-term success means first understanding whether and how your company is already utilizing AI to ensure that cybersecurity is embedded across every touchpoint, from the creation of algorithms to training the data. You can’t protect what you can’t identify. Building security protocols into your landscape can help guarantee that you have the right procedures in place to protect customer data, while also safeguarding the company’s most proprietary information from internal and external threats.

3. Strive for AI alignment across the entire enterprise

A common question for leaders across an organization is: Who owns the AI function? Is it the IT team, the C-suite, the cyber team, or some combination of them all? Many times, it’s the IT team. However, it is not uncommon for organizations in various industries, like defense, healthcare, or manufacturing, to have AI-driven activities that are siloed and led by individual business units or specialty teams that are focused on enabling specific research initiatives or projects.

As a result, the AI function can often become disjointed and siloed across business functions creating gaps in the security fabric and enhancing risk. But with one cybersecurity attack occurring every 39 seconds, there’s no time for siloes. It’s vital for risk managers to understand not only who has the oversight from a cybersecurity perspective, but also who has the responsibility to manage and monitor risk.

On the heels of newly released SEC regulations, the ideal scenario is for companies to already have close alignment between all stakeholders involved in any initiative with AI tools, as well as an understanding of an organization’s overall cybersecurity governance, architecture, and risk management and reporting processes.

Conclusion

Artificial intelligence is an exciting new space that welcomes innovation and opportunity in nearly every workstream and industry. However, it doesn’t come without risk. The advancements that AI stewards demand cybersecurity leaders to find the right balance, one that offers safety alongside innovation.

The post Two Sides of the AI Coin: Balancing Innovation and Business Continuity appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Dor Zvi of Red Access examines how the current state of web browsing is wreaking havoc on the world of cybersecurity.

In just a few short years, web browsing has gone from something done primarily in our free time, to the primary activity underpinning all of our work. But, with this newfound has also come a great deal of unwanted attention. As web browsing plays an increasingly central role in the day-to-day operations of the enterprise, it simultaneously becomes a more and more attractive target to malicious actors.

But, web browsing is changing in more ways than one, and already over-extended enterprise security teams are scrambling to keep up. In order to face this mounting challenge, organizations must begin by reimagining the idea of web browsing altogether —  including how it is defined, where it takes place and what strategies are needed to secure it.

The Current State of Web Browsing is Wreaking Havoc on Cybersecurity

Why We Web Browse, Then and Now

It wasn’t long ago that web browsing served primarily as a leisure-time activity. Back then, we might open Internet Explorer or Netscape Navigator with any number of different goals in mind  — entertainment, exploration, discovery, distraction — but rarely for the purposes of productivity. And especially not in the workplace. In fact, in those days, being spotted with a browser window open at work was often seen as a sign of slacking off — and not without reason. That’s because, back then, work didn’t happen on the web. It happened largely offline — within our own local operating environments, most often in desktop applications like Word, Powerpoint and Excel. Even email, the hallmark of digital connectivity, was accessed almost exclusively via desktop clients like MS Outlook and Apple Mail.

Today, however, all this couldn’t be further from the truth. For many knowledge workers — and especially those working hybrid or remotely — not having a web browser open at work is tantamount to not working at all. Today, web browsing underpins virtually everything we do at work, playing a role that’s more akin to an operating system than merely another application. For many of us, web browsers have become our sole gateway to the digital world; and as a result, our sole gateway to work. With the rise of web-based productivity suites like Google Workspace, the average knowledge worker can now spend the entirety of their workday without ever leaving a web browser. And, increasingly, many of them do exactly that. In fact, as far back as 2018, employees were already spending roughly a third of their workday using a web browser. Ultimately, this isn’t a surprise, considering the ability to check email, write reports, chat with coworkers, schedule meetings — and just about any other job function — is all just a URL away.

Browsers’ Increasing Complexity Complicates Security Efforts

Web browsing’s new, central role in the workplace has both fueled and been fueled by a decades-long run of innovations and advances in the category’s capabilities. Catalyzed by the first “browser wars” of the mid-90s, and again in the early-to-mid-aughts, web browsers went from relatively simple tools to extremely complex, feature-rich platforms capable of far more than the average user realized they ever wanted or needed. Nowadays, web browsers are infamous for being some of the largest, most resource-intensive programs regularly run by average users — gobbling up RAM, taxing CPUs and draining batteries more and more quickly with each update.

This ballooning complexity comes with an even greater cost that’s often overlooked, and that’s to security. Collectively, web browsers are now responsible for well over 8,000 CVEs, and for Chrome specifically, 2022 ranked as its worst year ever for zero-days exploited in the wild. The problem has gotten so widespread that in March of last year, Google’s Chrome Security Team released a statement addressing the uptick and outlining what they intend to do to combat it. In the piece, they offered several explanations for the sudden rise in CVEs, including the simple fact of the software’s complexity.  “..there’s simply the fact that software has bugs,” the statement reads. “Some fraction of those bugs are exploitable. Browsers increasingly mirror the complexity of operating systems — providing access to your peripherals, filesystem, 3D rendering, GPUs — and more complexity means more bugs.”

Although Chrome has been disproportionately affected by this rise in vulnerabilities, it’s almost certainly a byproduct of its relative popularity (having roughly 60 percent of the market share), rather than it being uniquely more prone to bugs. Indeed, the overall trend of complexity-driven vulnerability is common across the web browsing landscape.

The Borders of Web Browsing are Getting Blurry

The web browsing arms race means we can now do a lot more inside a browser than ever before. However, just because so many tasks can be done inside a web browser today doesn’t mean they always necessarily are. There is still a place in this world for desktop applications, and there are users who will defend them vehemently, even when web app versions of the software are already available. For some, it’s simply a force of habit — this is the way they’ve always done things, and they have little to no interest in changing that. For others, it is a more practical consideration, in which certain desktop applications (especially resource-intensive ones) offer superior performance and/or expanded functionality than their web app counterparts. And, of course, there are still plenty of widely used enterprise applications for which web app alternatives simply do not exist.

The once unmistakable line separating desktop applications from the web has recently begun to blur. Capabilities once reserved exclusively for dedicated web browsers (e.g. Chrome, Firefox) are increasingly showing up in other types of applications, blurring the lines between what is and isn’t web browsing and where it does and doesn’t take place. The first and most obvious example of this trend can be seen in the rise of “in-app browsing”. Most prominently found in social media apps like Facebook and LinkedIn, “in-app browsers” are software components like WebView that let users open and navigate web pages inside the app they are presently using (as opposed to launching the page in a traditional, dedicated web browser). Increasingly, researchers are finding that in-app browsers come with a wide variety of security and privacy risks.

However, they are far from the only avenues through which the act of web browsing has begun to extend beyond the boundaries of traditional web browsers. In a sense, any application that enables web access in some way, shape or form is moving the act of web browsing outside the purview of the web browser itself. Whether it be accessing remote files, following hyperlinks, engaging in chat, or viewing web pages, whenever a user initiates a web connection outside the confines of a traditional browser, they’re redefining what it means to browse the web, and redrawing the traditional borders established around it. And there is no shortage of enterprise applications that fit this bill.

Regardless of where the web browsing capabilities are being employed, as soon as a user clicks on a link or opens a remote file within a desktop application, they set in motion web connections that operate independently from the web browser. These connections are exposed to risks like data loss, harmful files, and various other online threats. This not only adds complexity to the conventional understanding of browsing-related vulnerabilities but also highlights a significant gap in the capabilities of many present-day secure browsing solutions.

The Security Implications of Web Browsing’s About Face

There’s perhaps no better illustration of web browsing’s former role in digital society than the now-extinct expression of “surfing the web”. Web browsing used to be a laid back, directionless endeavor motivated by a desire for discovery and entertainment. Now, web browsing is much more akin to running on a treadmill (or a hamster wheel) than it is catching waves at the beach.

In the end, we spend more time doing more things with much higher stakes with modern web browsing. The rise in remote work that has taken place over the past three years has only kicked that trend into overdrive. As a result of these factors, browsing-based threats now constitute CISOs’ number one security concern, and with good reason. With their newfound central role in the workplace and mounting list of capabilities, web browsers have become poorly guarded treasure troves of sensitive data and unauthorized access.

But, hope remains. A vibrant ecosystem of secure browsing technologies has begun to take shape over the past few years. Although this field is still relatively young, it is quickly crowding with competitors, which we can hope will provide the kind of consistent innovation, intelligence and drive we need to successfully navigate the changing face of browsing security.

The post The Current State of Web Browsing is Wreaking Havoc on Cybersecurity appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.