The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of December 7. This curated list features identity management and information security vendors such as Quorum Cyber, OneSpan, 1Kosmos, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of December 7

Quorum Cyber Selects Scott Burman as Head of Advisory

This week, Scott Burman joins Quorum Cyber, a Microsoft Solutions Partner for Security, as Head of Advisory. With over 25 years of experience in providing professional services and strategic advisory in cyber security, Scott has a rich and varied background in advising customers from different sectors on how to best prioritize and manage their cyber risk and resilience. As a Chartered Engineer, former Chief Information Security Officer (CISO) and Global Cyber Risk Advisor, Scott has considerable multi-sector experience enabling and advising global organizations and governments on improving and maturing their information security, enabling their growth and resilience. He has a strong heritage in board advisory in the Financial Services sector and was an inaugural Technical Advisory Panel member for the UK Cyber Security Council. Prior to joining Quorum Cyber, Scott held the position as the Global Head of Cyber Risk Advisory for NCC Group, was a Senior Advisor to the National Cyber Security Programme and led his own professional services consultancy company advising FTSE-100 clients.

Read on for more.

OneSpan Introduces New Partner Network Program

OneSpan, a digital agreements security company, this week announced the launch of a new partner network program that now provides a comprehensive set of benefits that will “drive growth and help OneSpan partners deliver seamless and secure customer experiences.” Members of the global partner network can expand their security and e-signature portfolio with “market-leading” solutions, financial incentives, training, and certification, along with technical, sales, and marketing support.

Read on for more.

DOD Offices See Post-Quantum Cryptography as ‘Mission Critical’

Officials at the Department of Defense shed light on their agency’s plans to modernize their encryption infrastructure ahead of the anticipated advent of a fault-tolerant quantum computer, discussing familiar policy goals like private sector collaboration and supporting warfighter operations moving into 2024. Wanda Jones-Heath, the principal cyber advisor at the U.S. Air Force ​​said that updating the department’s encryption from classical cryptographic schemes to a network armed with post-quantum cryptographic standards. She said that this migration is “mission imperative” for the Air Force to ensure its cybersecurity defenses can handle emerging threats. “If we had not started this two years ago, we would be even further behind,” she said in remarks on a panel on Tuesday hosted by General Dynamics Information Technology. “Now we are again [in] a sense of urgency…this is a national security issue.”

Read on for more.

1Kosmos BlockID Adds Passwordless Authentication to Amazon Cognito

1Kosmos, a passwordless solutions provider, this week announced it has completed the integration of its 1Kosmos BlockID platform with Amazon Cognito. As an AWS Advanced Technology Partner, 1Kosmos allows Amazon customers to add passwordless multi-factor authentication (MFA) to their accounts. Customers can deploy and directly procure BlockID from the AWS Marketplace to implement phishing resistant passwordless MFA on AWS Cognito that delivers a frictionless user experience through non-spoofable, live biometrics with verified identity. The BlockID cloud service is designed to prevent identity impersonation, account takeover and fraud while delivering a “convenient, frictionless login experience.”

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

AI in the SOC: Should You Hire a Bot?

Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: “Should you hire a bot?” The possibility of AI has been inspiring for everyone, and, as a result, we’ve seen a rush by both consumers and enterprises alike to adopt AI-powered tools and gadgets. CISOs have had little time to think about how to best use AI, educate their employees about its benefits and risks or create and implement the proper security guardrails and policies. As a former CSO for a large global organization, I understand the enormity of the challenge. Yet implementing a complete company ban on the technology is not the answer. Instead of becoming the “Ministry of No”, CISOs need to be the “Ministry of How”, which begins by treating AI as a potential new hire to make sure it is the right fit for your organization.

Read on for more.

The Threat of Quantum Computing

Zibby Kwecka of Quorum Cyber examines the current and future states of quantum computing, and the inevitable threat of a quantum attack. The threat of quantum computing is very real, today. As of July 2022, 25 percent of Bitcoin and 66 percent of Ether are vulnerable to quantum attacks (Deloitte, 2023). These can be secured with action, however, even if a small number of these currencies are stolen, the market disruption may significantly devalue assets. Quantum computers have the potential to solve certain complex mathematical problems significantly faster than classical computers. One of the most notable implications is their ability to break encryption algorithms that rely on the difficulty of factoring large numbers or solving logarithm problems. There are theoretical methods to crack our current encryption methods that would be possible on a conventional computer, however widely inefficient. Quantum will allow the cracking of keys thousands of times more efficiently, making it possible to break today’s encryption in just a few cycles. Thankfully, for now, scale remains a problem for quantum computing. Once quantum computers become a tool that’s commercially available and matured, it’s expected attackers will take advantage of this to break current encryption methods, creating a significant risk to the security of our sensitive data. Using this technology as a platform for an attack is a concern for organizations, not just on the cryptography front. The threat of quantum computing becoming part of an actor’s offensive toolbox is likely. Taking advantage of decryption techniques, forging certificates, or its potential ability of rapid machine learning, could vastly speed up network recon and eavesdropping, and forging identities.

Read on for more.

The post Identity Management and Information Security News for the Week of December 7; Quorum Cyber, OneSpan, 1Kosmos, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

A schedule of events for the Cybersecurity Insight Jam LIVE on December 5, the annual element of Solutions Review’s Insight Jam, an always-on community for enterprise technology end-users, experts, and solution providers.

What is Insight Jam?

Think of the Insight Jam as a continuous, ongoing, interactive tech event. The Insight Jam will always be here when you need answers to the questions that matter to your organization and your career. We’ve partnered with the leading industry experts, thought leaders, and analysts to live-stream a never-ending collection of Roundtable Events, Breakout Sessions, and Expert Podcasts. And Insight Jam is built on a community platform that powers unlimited discussions, posts, and polls that will bring you deeper into the enterprise technology conversation.

Your Insight Jam journey starts here and starts now. We encourage you to dive in, explore, share, and engage. Let’s challenge ideas, bring new perspectives and elevate our knowledge together.

Join the Fastest-Growing Enterprise Tech Software End-User Community

Solutions Review is the largest software buyer and practitioner community on the web. Our Universe of Influence reach is more than 7 million business and IT decision-makers, as well as C-suite and other top management professionals. Our readers primarily use us as an enterprise technology news source and trusted resource for solving some of their most complex problems.

Our collection of vendor-agnostic buyer’s resources helps buyers and practitioners during the research and discovery phase of a buying cycle. This critical stage of information gathering is where buyers narrow down the field of solution providers to a short-list they plan to engage. The mission of Solutions Review is to make it easier for buyers of business software to connect with the best providers.

Event Details: Cybersecurity Insight Jam LIVE on December 5, 2023

11:00 AM (EST): Executive Roundtable: Cybersecurity and The AI Executive Order, featuring Dwayne McDaniel of GitGuardian as moderator. This panel will examine the ins and outs of the AI Executive Order and how this affects the current and future landscape of cybersecurity. Panelists include: Brian Sathianathan of Iterate.ai, Daryan Dehghanpisheh of Protect AI, Josh Davies of Fortra’s Alert Logic, Luis Villa of Tidelift, and Mike Pedrick of Nuspire. Watch it on LinkedIn and YouTube!

12:00 PM (EST): Executive Roundtable: The Positive and Negative Impact of Generative AI on Cybersecurity, featuring Nima Baiati of Lenovo as moderator. This panel will examine the impact of Generative AI is having on cybersecurity… both the positive and the negative. Panelists include: Bobby Cornwell of SonicWall, Juan Perez-Etchegoyen of Onapsis, MacKenzie Jackson of GitGuardian, and Steve Winterfeld of Akamai Technologies. Watch it on LinkedIn and YouTube!

1:00 PM (EST): Executive Roundtable: Who Am AI? Identity Security in the Age of AI, featuring Dr. Mohamed Lazzouni of Aware as moderator. This panel will examine the world of identity security in the new age of AI. This includes deepfakes, authentication fraud, and other ways AI is being used by thieves. Panelists include: Alex Cox of LastPass, Carl Froggett of Deep Instinct, Nima Baiati of Lenovo, and Tim Callan of Sectigo. Watch it on LinkedIn and YouTube!

2:00 PM (EST): Executive Roundtable: Manipulating Generative AI Towards Malware and Other Malicious Behavior, featuring Nathan Vega of Protegrity as moderator. This panel will examine how exploitable Generative AI tools like ChatGPT really are, as hackers find new ways to generate new malware, phishing scams, and other malicious behavior. Panelists include: Anthony Green of OpenRep, Mike DeNapoli of Cymulate, Paul Laudanski of Onapsis, Ram Vaidyanathan of ManageEngine, and Dr. Ryan Ries of Mission Cloud. Watch it on LinkedIn and YouTube!

And that’s not all: Register for Insight Jam (free) to gain early access to all the exclusive 2024 enterprise tech predictions, best practices resources, and DEMO SLAM videos!

The post What to Expect at the 5th Annual Cybersecurity Insight Jam LIVE on December 5 appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of November 3. This curated list features identity management and information security vendors such as Markmonitor, CISO Global, Xage Security, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of November 3

Markmonitor Launches Next-Generation Enterprise Web3 Solutions

Markmonitor, a domain management solutions provider, this week announced the launch of its new Web3 solutions. Markmonitor has developed relationships with the most prominent NFT domain providers and other Web3 security partners – such as BitGo and MetaMask Institutional (MMI) – to provide a broad range of NFT domain solutions catered to corporate brands and their needs in the Web3 space.

Read on for more.

CISO Global Licenses Proprietary AI and Neural Net Intellectual Property to New Partner

CISO Global, an industry leader as a managed cybersecurity and compliance provider, has announced the signing of a licensing agreement to provide its entire suite of next generation intellectual property to CRG Research, LLC. “Licensing our full intellectual property portfolio to providers who then create wholly separate offerings in the marketplace will result in new revenue streams for CISO,” said CTO Jerald Dawkins, Ph.D., CISO Global. “The significance of this model is that it extends the reach of CISO Global’s leading-edge technology to help solve widespread cybersecurity problems. CRG is the first of a host of new partners who will build on top of our products to address issues and improve cybersecurity effectiveness across multiple industries.”

Read on for more.

KnowBe4 Study: “More Than 4 In 5 Workers Exhibit Poor Security Behaviours”

KnowBe4, a provider of security awareness training and simulated phishing platform, this week released its TAPPED Out Report which stands for Tired, Angry, Pissed, Pressed, Emotional and Distracted. It offers a detailed look into the security attitudes and behaviours of over 6,000 workers in the UK; specifically, 2,007 full time working from a remote location, 2,006 full time working in a hybrid fashion and 2,003 full time working from the office.

Read on for more.

Xage Security Receives $20M in Additional Funding

Xage Security, a zero trust cybersecurity company, announced it has raised $20 million in an additional funding round, bringing total funding to $80M. Existing investors, including Piva Capital, March Capital, SCF Partners, Overture Climate Fund, Valor Equity Partners and Chevron Technology Ventures, as well as new investor Science Applications International Corporation participated in the round. SAIC and Xage also announced a strategic collaboration (Xage Security and SAIC to Accelerate Zero Trust Adoption in Critical Infrastructure) to deliver zero trust security solutions to critical infrastructure and distributed operations including Operational Technology (OT), Information Technology (IT) and cloud environments.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

EleKtra-Leak Cryptojacking Attacks and Why We Need to Do Better

“Disappointing that we are struggling with the very simplest of cybersecurity issues. It’s not complicated, you just don’t post your keys in public. However, it’s also not fair to blame developers. There are thousands of these kinds of issues, and they have to perform perfectly on all of them or get dragged for being dumb or lazy. We need better authentication systems that make it easier for developers to make good choices. They should never be tempted to put their keys in AWS because doing things the right way is too difficult. Let’s make the secure path the easiest one as well.” – Jeff Williams, Co-Founder and CTO of Contrast Security

The post Identity Management and Information Security News for the Week of November 3; Markmonitor, CISO Global, Xage Security, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of October 6. This curated list features identity management and information security vendors such as Trend Micro, Compliance Risk, Tines, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of October 20

Trend Micro Announces Updates to Container Security Platform

Trend Micro, a global cybersecurity leader, this week announced the next evolution of its cloud container security capabilities for its flagship platform. The new capabilities simplify investigations by enabling analysts to prioritize incidents faster and with greater accuracy— potentially reducing the time spent on each container security incident by up to two weeks.

Read on for more.

QuSecure Launches PQC Partners Program

QuSecure, Inc., a leader in post-quantum cryptography (PQC), this week launched its new global partner program. It is the company’s first formal global channel partner program for value added resellers, systems integrators, solutions providers, and managed service providers. The launch of this new program will enable QuSecure to “address the unprecedented global demand” for its PQC solution. Additionally, QuSecure has hired Stuart Oliver as Vice President of world-wide partner go-to-market programs to facilitate QuSecure’s growing partner ecosystem and the Partner Program.

Read on for more.

Hacker Leaks Millions of New 23andMe Genetic Data Profiles

Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions. This week, the hacker taking claim for last month’s leak, leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. The threat actors claim that the stolen data includes genetic information on the royal family, the Rothschilds, and the Rockefellers.

Read on for more.

Compliance Risk Receives $3.5M Investment from Bellini Capital

Compliance Risk, a Governance-as-a-Service solutions provider, this week announced it received a $3.5M investment from Bellini Capital and will be rebranding to Compliance Scorecard. Bellini Capital Managing Partner Arnie Bellini says Compliance Risk’s combination of expertise, support, and product put it in a unique position to help MSPs take an important next step. “MSPs need to get busy offering security operations services to their customers,” Bellini said. “Their customers are getting hacked, and it is time for MSPs to evolve. With Compliance Risk, MSPs can offer a basic set of security operations services. That puts MSPs on the path toward doubling their revenue.”

Read on for more.

IOActive Becomes a Founding Solutions Provider for Open Compute Project Foundation

IOActive, Inc., a security services provider, this week announced its support of and participation in the newly launched Open Compute Project Foundation (OCP) Security Appraisal Framework and Enablement (S.A.F.E.) program. A community-led security program, OCP S.A.F.E. was created to bring a consistency of methodology and elevated security standards to both data center providers and device manufacturers. With S.A.F.E., device manufacturers and purchasers will receive independent verification of security integrity of current and future devices, to build trust with a cost-effective approach.

Read on for more.

DigiCert Study: “61 Percent Concerned Their Organization Not Prepared to Address PQC”

This week, at its annual Trust Summit conference, DigiCert released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future. Key findings reveal that while IT leaders are concerned about their ability to prepare in the timeframes needed, they are hampered by obstacles which include lack of clear ownership, budget and executive support. Sixty-one percent of respondents say their organizations are not and will not be prepared to address the security implications of PQC.

Read on for more.

Tines Report: “More than Half of Security Professionals Likely To Switch Jobs Next Year”

Tines, a SOC solutions provider, published the 2023 Voice of the SOC report, which examines job satisfaction and workloads among security operation center (SOC) teams, the obstacles analysts encounter, and the impact of automation on the lives of security professionals. Sixty-three percent of the security decision-makers and practitioners surveyed are experiencing burnout amid relentless cyberattacks, internal pressures, and limited resources. Nine out of ten security teams are automating at least some of their work, and almost all (93 percent) of respondents believe that more automation would improve their work-life balance. This year’s report surveyed 900 security decision-makers and practitioners. Tines expanded the scope beyond the United States to include Europe, and garnered perspectives from security leaders, practitioners and analysts.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share the best written and video resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Solutions Review Launches New Insight Jam Community for Enterprise Technology Professionals

We are excited to bring an entirely new distribution channel to Insight Jam, and provide our readers with guidance, best practices, and advice on top-of-mind topics in enterprise technology, and our PR and vendor partners the ability to measure their impact on the community.

Read on for more.

Multifactor Authentication and Authorization: The Key to Evolving as Fast as Insider Threats

Jason Lohrey of Arcitecta introduces us to Multifactor Authentication and Authorization (MFA&A); examining how it’s the key against insider threats. As National Insider Threat Awareness Month in September reminded us, external actors are not the only threat. Threats can often already reside within an organization, in different forms. Some individuals may simply be negligent by unwittingly clicking on phishing emails, carelessly handling data, or not following security protocols. Others may unknowingly pose a risk when external actors compromise their credentials. Then, of course, malicious insiders intentionally cause harm by committing fraud, stealing sensitive data, or disrupting systems. Gartner predicts that by 2025, human failure or lack of talent will be the cause of more than half of significant cyber incidents, asserting that the number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation. The consequences of a successful insider threat may include a data breach, fraud, theft of trade secrets or intellectual property, and sabotage of security measures.

Read on for more.

The post Identity Management and Information Security News for the Week of October 20; Trend Micro, Compliance Risk, Tines, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of October 6. This curated list features identity management and information security vendors such as American Express, Blameless, Yubico, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of October 6

American Express “First Card Issuer” to Pilot Facial and Fingerprint Recognition for Online Checkouts

This week, American Express announced it is adding facial and fingerprint recognition to SafeKey to “help prevent fraud and create a simple and intuitive online checkout process.” The company is potentially the first card issuer to roll out these biometric features through a new pilot program. Now, when using a device that supports facial or fingerprint recognition, select U.S. Card Members that checkout with SafeKey will be prompted to enable these biometric features. SafeKey offers enhanced safety and ease to online transactions, making ID checks “stronger, speedier, and more intuitive.”

Read on for more.

Appfire Announces Participation in the Data Privacy Framework Program

Appfire, a global provider of cybersecurity solutions, announced it has been included on the Data Privacy Framework (DPF) participants’ list, maintained by the International Trade Administration (ITA) within the US Department of Commerce. Ongoing participation in the program by Appfire’s US entities listed among DPF participants signifies to partners, customers, vendors, and employees that Appfire has reliable mechanisms for personal data transfers to the United States from the European Union (EU), United Kingdom (UK), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

Read on for more.

ManageEngine Launches New Cloud-Native Identity Platform, Identity360

ManageEngine, the enterprise IT management division of Zoho Corporation, this week announced the launch of Identity360, its cloud-native identity management platform that addresses identity and access management (IAM) complexities arising within enterprise workforces. ManageEngine also announced the addition of access certification and identity risk assessment functions to ADManager Plus, its on-premises identity governance and administration (IGA) solution. These two functions enhance the compliance posture of enterprises and help them mitigate security risks.

Read on for more.

Blameless Introduces Comms Assistant, “First” Generative AI-Powered Incident Communications

Blameless, an incident management solutions provider, is thrilled to announce the release of Comms Assistant. This Generative AI feature is the first in a series of advanced AI capabilities integrated within the Blameless Platform. Comms Assistant allows customers to seamlessly integrate their existing OpenAI subscriptions, ensuring their data is exclusively associated and trained on their OpenAI account. Comms Assistant and the subsequent functionalities are included in the Blameless platform and will be available to all users from October 23rd.

Read on for more.

Concentric AI Introduces “Industry’s First” Data Lineage Functionality in a DSPM Solution

Concentric AI, a data security posture management (DSPM) solutions provider, announced this week that its Semantic Intelligence DSPM solution now offers data lineage functionality for organizations to better protect their data. Data lineage allows organizations to understand how data flows across their environment and who has access and has accessed it, in order to address risks associated with inappropriate access, inaccurate entitlements and risky sharing, as well as ensure effective data management. Organizations can make better business decisions from data protection to data management by understanding data’s entire journey and identifying redundant processes or changes that might affect risk to sensitive data. In the event of a data breach, understanding data lineage can help organizations quickly identify the source of the breach and the affected data, accelerate response time, and improve damage control.

Read on for more.

Tenable Completes Acquisition of Ermetic

Tenable, an exposure management solutions provider, announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), a cloud-native application protection platform (CNAPP) company. The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution to deliver “market-leading” contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud.

Read on for more.

Yubico Launches FIDO Pre-reg Passwordless Onboarding Service

Yubico, a provider of hardware authentication security keys, announced the initial availability of FIDO Pre-reg, an “industry-first” capability that delivers secure and seamless passwordless onboarding and account recovery/reset from day one at scale for enterprises. Available exclusively as part of YubiEnterprise Subscription, FIDO Pre-reg “simplifies the way organizations can adopt modern, phishing-resistant MFA with a frictionless and easy user experience.” With Okta as the inaugural identity provider (IdP) partner, both companies jointly shared the news at Oktane 2023 in San Francisco earlier this week.

Read on for more.

Expert Insights Section

Watch this space each week as our editors will share the best written and video resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

Solutions Review Launches New Insight Jam Community for Enterprise Technology Professionals

We are excited to bring an entirely new distribution channel to Insight Jam, and provide our readers with guidance, best practices, and advice on top-of-mind topics in enterprise technology, and our PR and vendor partners the ability to measure their impact on the community.

Read on for more.

Data Security Ownership: Navigating Top Challenges & Key Solutions

Ben Herzberg of Satori acts as our guide in navigating who ultimately claims data security ownership in an organization. Data security ownership involves the rights and responsibilities related to managing data security within an organization. It entails designating a person within the organization who appreciates the value of collected data and ensures its security, accuracy, and usefulness. These individuals aid in decision-making, ensure compliance, and foster a culture of responsible data management. However, pinpointing who exactly “owns” data security within a company can be complex.

Read on for more.

The post Identity Management and Information Security News for the Week of October 6; American Express, Blameless, Yubico, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of September 22. This curated list features identity management and information security vendors such as Regula Forensics, AU10TIX, LogicGate, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of September 22

Sybrin and Regula Launch Joint Onboarding Solution for US Banks and Financial Services

This week, Regula, a global developer of forensic devices and identity verification solutions, has joined forces with Sybrin, a provider of enterprise software solutions for the Financial Services, Insurance, and Telecom industries. Together, they are introducing a streamlined onboarding workflow tailored to the needs of financial service businesses across the USA. The joint solution offered by Sybrin and Regula enables banks and other financial institutions to seamlessly and securely onboard and verify their customers. This is achieved via combining Regula Document Reader SDK and Regula Face SDK with Sybrin’s KYC (Know Your Customer) onboarding solution and orchestration engine. As a result, financial service businesses can establish a comprehensive identity verification workflow that includes advanced document checks, selfie capture, and liveness verification, all in line with the strictest regulations.

Read on for more.

LogRhythm Announces Partnership with Novacoast

LogRhythm, a SIEM solutions provider, this week announced its partnership with Novacoast, a cybersecurity, identity and access company specializing in managed security, engineering, development, and advisory services. This partnership marks a significant milestone as Novacoast becomes the first LogRhythm Axon service provider to provide level one and level two analyst services and custom content for the cloud-native SaaS SIEM platform. LogRhythm is also taking a strategic step forward by transitioning its own security operations to the new Axon platform.

Read on for more.

QuSecure Selected to Present on Quantum and AI at Mobile World Congress Las Vegas 2023

QuSecure, a post-quantum cryptography (PQC) solutions provider, announced that it has been selected to present at Mobile World Congress (MWC) Las Vegas 2023 being held next week. Company Co-founder and Chief Product Officer (CPO) Rebecca Krauthamer will participate in a talk titled “Quantum and AI: A Powerful Partnership” at 11:30 am PDT on Sept. 28 on Stage B – W229, Level 2. The speaking event is described: With compute speeds nearly 158 million times faster than the most sophisticated supercomputer, quantum computing could process in four minutes a request that a traditional supercomputer would take 10,000 years to do. A recent report revealed that the global quantum computing market size was valued at around $457.9 million in 2021 and is projected to reach $5,274.9 million by 2030. Combine this incredibly powerful technology with the power of Artificial Intelligence (AI) and we could unlock the infinite potential for solving societal and technological problems that are beyond the capabilities of our current understanding. This partnership could revolutionize tasks such as how we train AI effectively, how we detect and fraud and enhance data security, and how it could unlock unprecedented possibilities in fields such as healthcare and security.

Read on for more.

Pizza Hut Australia: “Nearly Two-Hundred Thousand Customers Affected by Data Breach”

Nearly 200,000 Pizza Hut Australia customers have had their data leaked, following a cyber attack earlier this month. On Wednesday, a spokesperson for Pizza Hut Australia told ABC it became aware of the cyber incident in early September, where an unauthorized third party accessed some of the company’s data. According to DataBreaches.net, hacking group ShinyHunters are allegedly the group behind the hack. The spokesperson said the data is limited to the Australian market and does not impact Pizza Hut’s operations in any other country.

Read on for more.

Identity Verification Provider AU10TIX Chosen by Guesty, a Property Management Platform

AU10TIX, an identity verification solutions provider, this week announced that Guesty, the property management platform for the short-term rental and hospitality industry, has selected AU10TIX’s fully automated identity verification (IDV) solution to help meet global regulatory requirements and minimize fraud risk.

Read on for more.

LogicGate Launches Automated Evidence Collection Feature for Risk Cloud Platform

LogicGate, a Governance, Risk, and Compliance (GRC) solutions provider, announced this week the release of the Automated Evidence Collection feature designed to elevate productivity, control effectiveness and data-driven decision-making while ensuring compliance and security across more than 20 cybersecurity and privacy frameworks. This new capability systematically and automatically gathers, validates, and manages critical data and evidence central to an organization’s risk management and compliance initiatives. By employing automated workflows, it seamlessly assimilates data from diverse sources, from internal systems to external data feeds, reducing the need for manual interventions and mitigating the risk of human inaccuracies.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Contributed Content Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry thought leaders together to publish the web’s leading insights for enterprise technology practitioners.

PBAC: Why Policy-Based Access Control is the Future of Identity Management

Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management. Passwords are the primary way through which bad actors access complex environments: a single password dump unrelated to your company can sow the seeds of your company’s demise. Given that fact, the standard identity management solutions that businesses have deployed over the years — primarily Role-Based Access Control (RBAC) and, more recently Attribute-Based Access Control (ABAC) — can no longer be relied on for comprehensive protection. Only Policy-Based Access Control (PBAC) can grant businesses the flexibility and transparency needed to keep their assets out of the hands of bad actors.

Read on for more.

Closing the Talent Gap: Technological Considerations for SOC Analyst Retention

Kayla Williams of DEVO presents three technological considerations to close the talent gap and retain SOC analysts. Two of the most common refrains among cybersecurity leaders are that there’s a major skills gap and that existing employees are burning out. According to ISC(2), there’s a global workforce gap of 3.4 million people in cybersecurity. Not only are there not enough people, but those who are working in cybersecurity are at high risk for burnout. This challenge is particularly prevalent when it comes to working in the security operations center (SOC). For security leaders, overcoming these twin challenges is key– but it will require an understanding of just how serious the burnout threat is and of the technology and processes required to mitigate that threat.

Read on for more.

I Tricked AI, and I Liked It

Christian Taillon and Mike Manrod of Grand Canyon Education take us to school on the buzz, the applications, and the very real threat of AI in the cybersecurity space. The buzz around emerging capabilities related to Artificial Intelligence (AI) and ChatGPT is like nothing I have experienced during my career in technology. I walk past a breakroom that I usually expect to buzz with enthusiasm about the latest sports team or sitcom gossip, and instead hear talk about ChatGPT, AI, and Large Language Models (LLMs)– and that is not even in the IT breakroom. It seems we all grew up with the fictional lore of robots and AI– ranging from fantastical utopian notions to doomsday scenarios where we watch in horror as our own creations conspire to destroy us. While it remains unclear if our creations will condemn or liberate us, it has become clear that Artificial Intelligence (AI) will be a defining factor as this next chapter for humanity unfolds. In times of uncertainty, we often find ourselves looking for a crystal ball so that we can see the future, avoiding hazards and amassing a windfall by wagering on all the winners. Sadly, there is no crystal ball. There is a time capsule available, which can help us to gain some useful insights. Those of us who have been working in cybersecurity for a while, have already been through at least one AI craze, which started around a decade ago. This has served as a very effective hype-inoculation for experienced security practitioners, as we step back to think of what emerging technologies such as ChatGPT will disrupt, along with what aspects may be overhyped.

Read on for more.

The post Identity Management and Information Security News for the Week of September 22; Regula Forensics, AU10TIX, LogicGate, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of September 8. This curated list features identity management and information security vendors such as Logpoint, Jumio, Cowbell, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of September 8

Logpoint Appoints Michael Haldbo as Chief Financial Officer

This week, Logpoint announced the appointment of Michael Haldbo as Chief Financial Officer (CFO). Michael Haldbo has 20 years of International and Nordic experience in financial planning, analysis, and strategy execution. He served as CFO at Signicat, Europe’s leading provider of digital identity solutions. Michael has also held financial executive roles at other companies in the IT and payment-related sector, including Nets and Unwire.

Read on for more.

BullWall Launches BullWall Server Intrusion Protection; Introducing MFA to Server Access

BullWall, the global provider in ransomware protection for critical infrastructure, this week introduced BullWall Server Intrusion Protection to protect servers from unauthorized access resulting from the use of compromised credentials during Remote Desktop Protocol (RDP) sessions. By placing BullWall’s multi-factor authentication (MFA) between the server and any unauthorized users, organizations are protected from bad actors who may have gained entry to the network, preventing the deployment of ransomware. BullWall Server Intrusion Protection works together with BullWall Ransomware Containment (formerly BullWall RansomCare) to prevent and contain ransomware, protecting the organization’s most important, targeted digital assets against cyberattacks.

Read on for more.

IBM Expands Cloud Security and Compliance Center to Help Clients Protect Data

This week, IBM announced the expansion of the IBM Cloud Security and Compliance Center, a suite of cloud security and compliance solutions designed to help enterprises mitigate risk and protect data across their hybrid, multicloud environments and workloads. With the new addition of IBM Cloud Security and Compliance Center Data Security Broker, developed in collaboration with Baffle, Inc., the capabilities of the solution suite extend beyond compliance posture management and workload protection capabilities to include application-level security.

Read on for more.

Jumio Expands Presence in U.S. Gaming and Sports Betting

Jumio, an identity security solutions provider, announced this week its support of the American Gaming Association’s Responsible Gaming Education Month and its ongoing commitment to helping gaming operators and players follow safer gambling practices. Jumio is doubling down on its online gaming focus and commitment to promoting responsible gambling by obtaining licenses in multiple U.S. states where online betting is legal. To date, Jumio is licensed or otherwise permitted to provide its services to online gaming and sports betting operators in at least 15 states. By using Jumio’s automated solutions, gaming operators can verify their customers are not underage by checking their age from the date of birth on their identity document, and that they are not using an adult’s ID to create an account. Operators can also verify the person logging in is the same person who opened the account. This helps to prevent children from logging in to a parent or guardian’s account.

Read on for more.

Xage Security Sees 420 Percent Revenue Growth; Announces Geoffrey Mattson as New CEO

Xage Security, a zero-trust cybersecurity solutions provider, reported that demand for its zero trust cybersecurity mesh platform across critical infrastructure industries has driven year-over-year revenue growth of 420 percent in the first half of 2023 and a 560 percent growth in bookings over the same period. To guide its next phase of growth, Xage has named entrepreneur and cybersecurity executive Geoffrey Mattson as CEO, who brings decades of experience as a leader in R&D, product development, and go-to-market (GTM). Mattson’s predecessor, Duncan Greatwood, has assumed the role of Executive Chair of the Xage board. Greatwood will support Mattson in his leadership of Xage and contribute to the company’s vision and strategic direction as Xage accelerates its product and GTM investments.

Read on for more.

Tenable Announces Agreement to Acquire CNAPP Vendor Ermetic

Tenable, an exposure management platform, announced that it has signed a definitive agreement to acquire Ermetic Ltd. (“Ermetic”), a cloud-native application protection platform (CNAPP) company. Tenable intends to integrate these capabilities into its Tenable One Exposure Management platform to deliver contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premise and in the cloud. Combining Ermetic’s insights into Tenable One will extend Tenable’s offerings for hybrid environments.

Read on for more.

Cowbell Expands Partnership with Cloudflare

Cowbell, a leading provider of cyber insurance for small and medium-sized enterprises (SMEs), this week announced a new integration with Cloudflare, a cybersecurity solutions provider. With this integration, Cowbell has added security insights from Cloudflare to its risk rating model for cyber insurance. Cowbell is the first cyber insurance provider to incorporate Cloudflare security data into its cyber risk modeling, bringing “unprecedented benefits” to policyholders using Cloudflare.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Contributed Content Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry thought leaders together to publish the web’s leading insights for enterprise technology practitioners.

Bystander Engagement Means Everyone is Responsible

“As we head into National Insider Threat Awareness Month, we’re reminded of the significance of this year’s theme of Bystander Engagement. The rapid adoption of cloud native technologies increases risk and need for engagement by CISO and security teams. There are now far more machines from datacenter to clouds that can be misused. Edward Snowden’s NSA breach shows how one individual in complex environments can exploit machine identities to go undetected and deal significant damage to an organization. Attacks like those against Capital One in the cloud demonstrate the risk that insider attacks are now most likely to happen in the cloud. Bystander Engagement means the developers and platform teams are part of the solution as CISO and Security teams make sure that observability and guardrails keep business safe.” – Kevin Bocek, VP, Ecosystem and Community at Venafi

Scaling Up the Response to Insider Threats

“Stolen identities continue to cause massive security breaches – and insider threats are a major part of the story. Without strong identity governance and a least-privileged access model, malicious insiders can move laterally across an organization’s systems to exploit valuable data. Such threats are a particularly pernicious type of unauthorized access; this overall method resulted in 91 percent of all records breached in the U.S. in 2022. In light of National Insider Threat Awareness Month, organizations must work to embrace faster and more scalable security methods, such as using decisioning AI, which can automate cumbersome workforce identity governance tasks to evaluate users quickly and the resources they can access. Such an approach can accelerate an organization’s Zero Trust maturity by enabling finer-grained, more dynamic, and contextually sensitive access decisions. In this way, security teams can better manage the looming security of insider threats – not just this month, but year-round.” – Eve Maler, CTO at ForgeRock

Security is a Team Sport

“Insider threat is a major concern for CISOs and top executives, but acknowledging that concern internally is challenging because it can feel like you’re saying you don’t fully trust your colleagues, which can be isolating and cause internal strife. CISOs should be a partner in security, not the “security police.” There’s always going to be potential for some people to purposefully be bad actors, but CISOs can instill preventative measures against insider threat in ways that still show respect to their coworkers and don’t assume malicious intent. I’m not often worried about what my coworker is doing, but I am worried about what their account is doing. While it might be my coworker (and yes, we do a lot to make sure that it is, like using two-factor authentication and keeping malware off devices), it might instead be a sneaky hacker who somehow managed to get onto their laptop and is misusing their access. So when we construct our security with that understanding and talk about it in that way, we are genuinely working with our coworkers to protect our customers and our systems. Another thing I worry about is someone pressuring my coworker. I’ve had coworkers at previous jobs pressured to turn over the personal information of dissidents to the precise governments who are unhappy about them. When those coworkers can truthfully say that this information is protected, it protects them. Even in cases where my coworkers might be tempted to make bad choices, I’m there to try to keep them from taking actions which, yes, could hurt our customers, but also actions which they might regret. It’s really, really important to explain why we’re doing what we’re doing both clearly and with respect– security is a team sport. Considering the motivations behind the potential attacks lets us more effectively ameliorate inside threat without alienating the people we work with.” – Lea Kissner, CISO at Lacework

Widget not in any sidebars

The post Identity Management and Information Security News for the Week of September 8; Logpoint, Jumio, Cowbell, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of August 4. This curated list features identity management and information security vendors such as Cyware, Veritas, QuSecure, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of August 4

Cybersecurity Expert Jason Keirstead Joins Cyware as Vice President of Collective Threat Defense

Cyware, a provider of threat intelligence management, security collaboration, and cyber fusion solutions, is pleased to welcome security expert and industry leader Jason Keirstead as its new Vice President of Collective Threat Defense. Keirstead is a distinguished cybersecurity authority with more than 20 years of industry experience– 13 of which he spent at IBM, leading the technical direction of an extensive portfolio of software and security products.

Read on for more.

Russian APT Phished Government Employees via Microsoft Teams

An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. Microsoft says that the targets in this campaign were government and non-government organizations, and organizations in the IT services, technology, discrete manufacturing, and media sectors. The company is still investigating how legitimate Azure tenants were compromised.

Read on for more.

Veritas Technologies Partners with the Joint Cyber Defense Collaborative

Veritas, a data security solutions provider, this week announced that it will partner with the Joint Cyber Defense Collaborative (JCDC). In this role, Veritas will work with JCDC’s federal government and private sector partners along with state, local, tribal and territorial governments to help lead the development and implementation of joint cyber defense plans and operations to reduce risk to the cyber ecosystem and critical infrastructure. In addition to working toward a shared goal of enhancing the collective cybersecurity posture of the US and its strategic international partners, Veritas and its customers will benefit from its JCDC membership through Veritas’ access to security analyst-to-security analyst collaboration and operational analysis as well as an information exchange portal available only to JCDC partners.

Read on for more.

TrustCloud Launches TrustHQ for Slack

TrustCloud, a cloud security solutions provider, this week announced the launch of TrustHQ for Slack— a bidirectional integration that allows employees, sales teams and GRC leaders to complete their GRC workflows and projects through a shared or private Slack workspace. TrustHQ for Slack follows the launch of TrustHQ for Atlassian, with additional collaboration capabilities coming soon. TrustHQ for Slack allows Slack customers to distribute tasks and communicate status updates to team members, so internal GRC tasks and customer-facing security questionnaires and reviews can be completed quickly and easily. GRC and sales leaders leveraging TrustHQ gain visibility into the status of required tasks, which reduces manual work, time spent on project management and room for error. This capability is available now to all TrustCloud customers using Slack, alongside AI to complete security questionnaires, and over 100+ evidence collection integrations, including Atlassian, AWS, Azure and Google Cloud, to automate compliance workflows.

Read on for more.

Keyfactor Joins the NCCoE’s to Post-Quantum Cryptography Building Block Consortium

Keyfactor, a cybersecurity solutions provider, this week announced it has joined the National Cybersecurity Center of Excellence’s (NCCoE’s) Migration to Post-Quantum Cryptography Building Block Consortium. Keyfactor joins companies, including Microsoft, IBM, and AWS, to bring about awareness to the issues involved in migrating to post-quantum algorithms and to develop practices to ease migration from current public-key cryptographic algorithms to replacement algorithms. The initial scope of the NCCoE Migration to Post Quantum Cryptography project is to engage the industry to demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithms that are widely deployed and to manage associated risks. Other goals include the development and improvement of a migration strategy, interoperability and performance of implementations, and outreach to standard developing organizations and industry sectors.

Read on for more.

QuSecure Expands its Board of Directors with Cisco Distinguished Engineer

QuSecure, Inc., a leader in post-quantum cryptography (PQC), this week announced it has named Cisco Distinguished Architect Craig Hill as an independent director to its Board of Directors. “With a looming crisis, you must go to the undisputed leader,” says Lisa Hammitt, QuSecure board member. “Cisco powers the Internet and you can’t find anyone who is more deeply involved in wide-scale network security than Craig Hill. Everyone at QuSecure, without exception, knows how fortunate we are that he’s with us.”

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Contributed Content Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

MFA: Why Cyber Insurance Calls for Multifactor Authentication

Eric Williams of HID argues that as data breaches become more common, MFA will help you qualify for cyber insurance and lower your premiums. It’s not your imagination. Data breaches and ransomware attacks have become a nearly regular topic in the news. Why? One reason is the explosion of cloud and SaaS applications, which led to a 307 percent rise in account takeover attacks between 2019 and 2021 alone. The financial losses incurred by these attacks can be staggering. According to IBM’s “Cost of Data Breach 2022” report, the average cost of a data breach reached USD 4.35 million in 2022, an existential cost for many SMEs. There are no easy answers to this problem. Organizations of all sizes need a robust cybersecurity strategy to help minimize risks, utilizing a range of tools and procedures that ensure adequate protection. However, there is one crucial foundation that all organizations should have in place: multi-factor authentication (MFA), which is the use of multiple discrete authentication methods during access to accounts, applications, and data. MFA is so effective that its use can lead to reduced cyber insurance premiums. In fact, some cyber insurance companies won’t provide coverage unless MFA is in place.

Read on for more.

IDV: Identity Security Begins with Assurance

Janer Gorohhov of Veriff examines how IDV (identity verification) adds assurance to customers depending on identity security solutions. “On the internet, no one knows you’re a dog.” This line from a 1993 New Yorker cartoon heralded a shift in the internet’s history, in two ways: firstly, that the web was becoming both accessible to, and popular with, the general public– and secondly, that it was incredibly easy for the average user to hide, or even lie about, their identity. While consumers do want verification measures to safeguard their online activity and business, data privacy has become a prime concern in the process. Though there are certainly many factors to be considered when implementing identity-based security for one’s users, it’s one of the most important steps to take toward bringing trust to your online business or communities.

Read on for more.

The post Identity Management and Information Security News for the Week of August 4; Cyware, Veritas, QuSecure, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of July 28. This curated list features identity management and information security vendors such as OneTrust, Veza, BTQ, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of July 28

OneTrust Secures $150M Investment

OneTrust, a trust intelligence solutions provider, this week announced a $150 million funding round. This capital will bolster OneTrust’s continued growth to meet customer demand for trust intelligence software. The round was led by new investor Generation Investment Management with participation from existing investor Sands Capital, bringing the total funds raised to date to over $1 billion with a current $4.5 billion valuation.

Read on for more

DoControl Announces New Bulk Remediation Capability

DoControl, an SaaS Security platform, announced this week a new patent pending bulk remediation capability, which supports Google Shared Drives. By leveraging DoControl’s implementation, customers have the ability to remediate “hundreds of thousands of unwanted file permissions, mapping entire file system hierarchies, and presenting full visibility of the impact.”

Read on for more

Veza Welcomes Phil Venables to its Board of Directors

Veza, an identity security solutions provider, has announced the appointment of Phil Venables to its Board of Directors. Venables has more than 35 years of experience working in engineering, management, and board level advisory roles, including for The White House. Before joining a large global technology company as Chief Information Security Officer, Venables was a Partner at Goldman Sachs where he spent two decades in various risk and cybersecurity leadership positions, in particular as their first CISO, a role he held for 17 years. He has been Chief Information Security Officer for other multiple large banking companies like Standard Chartered Bank and Deutsche Bank. He is on the board of directors at HackerOne, Interos, New York University, and he serves in advisory roles for The President’s Council of Advisors on Science and Technology (PCAST) and NIST.

Read on for more

BTQ’s Preon Selected by NIST as Candidate for the PQC Standardization Process

BTQ, a quantum security solutions provider, this week announced the National Institute of Standards and Technology (NIST) has selected BTQ’s post-quantum cryptography scheme, Preon, in the first round for consideration in their Post-Quantum Cryptography (PQC) standardization process. This announcement comes amidst the fourth round of the ongoing PQC standardization process, wherein several Key Encapsulation Mechanisms (KEMs) including BIKE, Classic McEliece, and HQC are still being evaluated. Since December 2016, NIST has been engaged in a public process to select quantum-resistant public-key cryptographic algorithms for standardization, to combat the threats posed by the rapid advancement of quantum computing. Thus far, several algorithms have been standardized, including public-key encapsulation mechanism (KEM) CRYSTALS-KYBER and digital signatures CRYSTALS-Dilithium, FALCON, and SPHINCS+. With the exception of SPHINCS+, all these selected schemes are based on the computational hardness of problems involving structured lattices.

Read on for more

PokerStars Confirms MOVEit Data Breach Leaked Up to 110k Social Security Numbers

On July 20, 2023, PokerStars filed a notice of data breach with the Attorney General of Maine after discovering that an application the company used to transfer files contained a vulnerability that allowed hackers to access confidential consumer information. In this notice, TSG Interactive US Services Limited, better known as PokerStars, explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and addresses. Upon completing its investigation, PokerStars began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

Read on for more

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

Solutions Review Set to Host Infinidat for Exclusive Spotlight Webinar on August 15

With the next Solutions Spotlight event, the team at Solutions Review has partnered with leading enterprise data and cloud solution provider Infinidat. This session will demonstrate how easily enterprises can create cyber-resilient storage environments that can withstand and recover from cyber-attacks.

Read on for more.

Defense-in-Depth: Paving the Way Forward in Cybersecurity

Sam Crowther of Kasada examines how defense-in-depth can potentially pave a new path forward for cybersecurity as we know it.

Each day brings new research highlighting the rampant security issues that every online business faces, detailing how detrimental a cyber-attack is to their operations, bottom line, and reputation. Despite the multitude of security tools in the market, organizations are still facing an increasing number of attacks. The root cause is that attackers continually evolve their methods of attack to get around your defenses. If there are roadblocks in place that prevent them from making money, they will find another route. This year’s Verizon Data Breach Investigations Report found that some 60 percent of all breaches occurred through web applications. Too many organizations would treat a finding like this as a “bot problem,” or an “API issue,” instead of looking at the larger picture. Attacks have many layers – so defenses should too. Concentrating solely on one security layer could mean that the most important layer – or at least the one being used in a current attack – is left unprotected. Security is the sum of all available defenses. That’s why organizations need to question their current security stack and adopt a defense-in-depth strategy.

Read on for more.

The post Identity Management and Information Security News for the Week of July 28; OneTrust, Veza, BTQ, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of July 14. This curated list features identity management and information security vendors such as PrivacyHawk, Razer, Teleskope.ai, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of July 14

Data Security Provider, PrivacyHawk, Raises $2.7 Million

PrivacyHawk, a data security solutions provider, this week announced it has received $2.7 million in funding. ff Venture Capital (ffVC) led the most recent round, which also includes investments from Nufund, Alumni Ventures, AngelList, Gaingels, Duro Ventures, Sandhill Angels and Seraphim Ventures. ffVC, Tech Coast Angels, Duro Ventures and Gaingels invested in a prior round.

Read on for more.

BanklessTimes Report: “Exchange Hacks 36 Percent Of the $30B the Blockchain Industry Lost”

According to a recent BanklessTimes.com report, the industry has lost a whopping $30 billion to hacking incidents, and 36 percent ($10.95B) of these losses occurred through exchange hacks. This growing menace raises concerns about the vulnerability of exchanges and the urgency to bolster their security measures. According to BanklessTimes Editor and cryptocurrency expert Alice Leetham, several factors make exchanges alluring hacking targets. But the most prominent factor is the centralized nature of many exchanges, which necessitates users to trust a single entity to safeguard their funds. This concentration of assets makes exchanges more appealing to hackers, who can gain control over a significant amount of cryptocurrencies in one fell swoop.

Read on for more.

Laminar Report: “Organizations Lack Tools to Monitor Cloud Data”

Laminar, a data security platform, this week released the findings of a survey conducted at two cybersecurity industry events: the RSA Conference in April of 2023 and InfoSec Europe in June of 2023. The good news is that 63 percent of the 219 respondents now use cloud-native security tools to monitor and protect data. They recognize that cloud data assets are different enough to warrant a specialized approach that evolves beyond legacy static- and connector-based security solutions. However, 25 percent percent still do not have the ability to monitor all data stores across their hybrid cloud infrastructures, and 26 percent are not sure if they have these capabilities. As a result, many companies likely have significant security gaps they are not currently addressing.

Read on for more.

Razer Investigating Razer Gold Data Breach

Gaming hardware company Razer is investigating what it refers to as a “potential data breach” related to its Razer Gold digital currency, the company confirmed to Polygon on Monday. The monetary device is used across multiple video games. Razer began investigating the breach after a hacker attempted to sell the data for $100,000, according to a tweet from the Razer Twitter account. Razer originally responded Monday to a tweet from cybersecurity company Falcon Feeds that claimed a hacker is trying to sell a collection of Razer’s data, including its source code, and encryption keys. The data breach has not been confirmed by Razer, but a spokesperson told Polygon that the company has “taken all necessary steps to secure [its] platforms” after it was alerted to the threat on Sunday. The hacker, calling themselves “Nationalist,” is asking for $100,000 in a cryptocurrency called Monero, which allows for untraceable transactions, according to Falcon Feeds. Razer Gold is a digital wallet service that holds “credits” that can be spent in video games, like Clash of Clans, Genshin Impact, or on the Nintendo eShop, for instance. When you use Razer Gold, you earn rewards called Razer Silver. Those Razer Silver reward points can be used to buy or get discounts on Razer products. It’s unclear what piece of Razer Gold is impacted, whether that’s its website or the wallets themselves.

Read on for more.

Passwordless Authentication Now Available on GitHub.com

Earlier this week, GitHub users were treated to a new feature: Passkeys, a form of passwordless authentication.  Passkeys build on the work of traditional security keys by adding easier configuration and enhanced recoverability, giving you a secure, privacy-preserving, and easy-to-use method to protect your accounts while minimizing the risk of account lockouts. To use passkeys with your GitHub account, navigate to your ‘Settings’ sidebar, locate the ‘Feature Preview’ tab, and click ‘enable passkeys’. Once you’ve enabled passkeys, you’ll be able to upgrade eligible security keys to passkeys and register new passkeys.

Read on for more.

Data Security Startup, Teleskope, Raises $2.2M Pre-Seed Funding

This week, Teleskope, a cybersecurity startup, launched a data protection platform that “automates data security, privacy, and compliance at scale, helping organizations comply with regulations like GDPR and CCPA, and reduce the manual and operation burden on security, data, and engineering teams.” The company raised $2.2 million in pre-seed funding led by Lerer Hippeau. Founded by two former Airbnb security engineers, Elizabeth Nammour and Julie Trias, Teleskope brings the combination of expertise and fresh perspective to the issue of data security. Prior to starting Teleskope, the co-founders wrestled with the problem of constant manual assessments, and reviews that become obsolete as soon as they’re completed. They recognized the need to replace point-in-time spreadsheets and ad hoc scripts with automation that provides a real-time and always up-to-date data security and privacy posture.

Read on for more.

Expert Insights Section

Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

What to Expect at Solutions Review’s Spotlight with Rubrik on July 20

With the next Solutions Spotlight event, the team at Solutions Review has partnered with leading zero trust data security vendor Rubrik. The resource webinar will showcase how the immeasurable volumes of data in your Microsoft 365 environment are at risk. And now that Rubrik is partnered with Microsoft, its Microsoft 365 protection is even stronger.

Read on for more.

Solutions Review Celebrates 1,000 Premium Content Submissions This Year

It’s been a year of celebrations for Solutions Review. After commemorating 50 vendors served through its growing selection of virtual event programs earlier this summer, Solutions Review editors are proud to announce a milestone of more than 1,000 pieces of Premium Content published in the last calendar year. Since Solutions Review first institutionalized the Premium Content Series in June 2022, and in conjunction with its popular Insight Jam events, its editors have been overwhelmed by the response. In fact, the response has helped begin shaping Solutions Review as a premier enterprise technology publishing platform.

Read on for more.

Messaging: Navigating Nuances in an Ever-Changing Cybersecurity Landscape

Larissa Gaston of Exabeam examines the nuances of updating your business’s messaging in an ever-changing cybersecurity landscape.

How often have you gone to a technology or cybersecurity website and left still not knowing what the company actually does? You’re not alone. If you’re in the hot seat to help refine messaging for your organization, know that it will require a nuanced approach. Also, roll up your sleeves and don’t give up— it’s not for the faint of heart.

Read on for more.

The post Identity Management and Information Security News for the Week of July 14; PrivacyHawk, Razer, Teleskope.ai, and More appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.