SailPoint held its European user conference this week in London. It announced new products and an update on its recent The Horizons of Identity Security report. F-Secure announced it had delivered an embedded solution for TNG Digital’s Touch ‘n go eWallet.
Enterprise Times also published a podcast with Andrew Patel at F-Secure, talking about some of the security challenges AI brings. LastPass and the FIDO Alliance also published the 2023 Workforce Authentication Report. It shows that 92% of organisations already planning to move to passwordless technology.
Blancco, The data erasure vendor, has announced that its software was used to wipe 63.8 million devices in FY 2023 (July 2022 to June 2023). This is an increase of 11.2 million devices on the previous year.
The company goes on to say that “This prevented an equivalent of 107 million kilograms (236 million lbs.) of IT devices, about the weight of 583 jumbo jets, from potentially entering landfill.”
Check Point Software
Check Point Software has launched Horizon Playblocks. It is a security collaboration platform that automates security operations across the network. The goal is to identify and contain attacks to stop them from spreading.
The company calls out three key features for Horizon Playblocks:
- Collaborative: Horizon Playblocks triggers action across every security enforcement point when there is an attack. With predefined prevention playbooks, attacks are immediately detected and prevented from spreading. Seamless integration with Check Point’s Quantum and Harmony (Endpoint, Mobile) fortifies this collaborative defense mechanism, ensuring that threats are contained across the entire security environment.
- Consolidated: Serving as a unified security infrastructure, Horizon Playblocks provides a consolidated shield across both Check Point and third party products. This unity ensures that all operational and security tools are working in tandem, offering a robust defense against cyber threats.
- Automatic: The platform can be deployed in under five minutes with playbooks, which provide automatic policy and rule updates that provide immediate value, without manual intervention. Its 25 advanced out-of-the-box playbooks cater to various security needs—from blocking IPs across enforcement points to quarantining internal threats. Playblocks can be triggered to automatically assign zero trust security policies to devices.
Cisco released a security advisory to address the critical vulnerability affecting the Cisco IOS XE Web UI. The vulnerability affects many different models of Cisco switches and wireless controllers. The impact is wider than just Cisco branded devices. It also affects those from Palo Alto.
The company has recommended three immediate actions while a patch is developed:
- Disable the HTTP/HTTPS interface for any Cisco equipment running IOS XE that is accessible from untrusted networks.
- Where wireless controllers use the captive portal function disabling this feature will also disable the captive portal, Cisco also recommends organisations conduct a risk assessment/business impact assessment and use the outcome to establish if disabling the interface at this time is warranted.
- Conduct log review against the provided indicators of compromise.
Cisco also released its 2023 Consumer Privacy Survey. It shows that younger consumers (18-24) are seven times more likely to ask about the data companies hold on them than those aged 75 or over. It also shows that 60% of consumers have lost trust in organisations due to their AI use.
Dragos and ABS Consulting have expanded their strategic partnership to strengthen OT Defences. The deal will see the two companies deliver new OT solutions, services and training to federal and commercial organisations.
Robert M Lee, CEO of Dragos, said, “Amid an evolving threat landscape, tightening regulations and the widening cybersecurity talent gap, C-suite leaders are overwhelmed by the cybersecurity challenges industrial organizations, especially critical infrastructure, face. Expanding our strategic partnership with ABS Consulting will simplify the complicated task of securing both public and private infrastructure, helping to bring better protection within reach for more organizations.”
The two companies will also give each other access to technologies. Dragos will gain access to ABS Consulting’s industrial cybersecurity managed services and 24/7 Industrial Security Operations Center (ISOC) monitoring, cybersecurity assessments and consulting services designed to meet customer’s needs, as well as the company’s deep expertise in industrial risk management. In turn, ABS Consulting clients will get access to the Dragos Platform, a leading cybersecurity technology tailored specifically to OT environments.
ESET has released its latest report on Operation King TUT (The Universe of Threats) in Latin America. It covers the period 2019-2023, where it has looked at over a dozen operations and cybercriminals campaigns. It says, “These campaigns exhibit a high level of sophistication, specifically tailoring their approaches to exploit enterprise users, including government sectors.”
F-Secure is to expand its Sense partner program with a new router certification at the Network X event. It comes as it publishes a report Putting a price on smart home protection. 55% of consumers expect their ISPs to keep them safe online with 36% saying they are more likely to leave if offered better protection at the same price and speed.
The announcement states, “That means that 1 in 5 consumers, the equivalent to tens of millions of households in the United States alone, would at least consider switching their ISP to find better security.”
JumpCloud launched JumpCloud Go for phishing-resistant passwordless authentication. The company claims that it is delivering dramatic new capabilities for IT admins and MSPs. JumpCloud Go is a set of platform extensions that create new workflow automation. It is about reducing the day-to-day operational burden while adding a new passwordless experience.
Greg Armanini, vice president, product management, JumpCloud, said, “With the new JumpCloud Go passwordless authentication, Android Enterprise Mobility Management (EMM) release, Dynamic Groups automation, and other new capabilities, JumpCloud makes it easy for IT teams and MSPs to deliver the safest online identity, the easiest login experience for users, and a simple, intuitive process for securely managing users and whatever IT resources they need.”
According to JumpCloud, 31% of SMEs report biometrics are the most secure form of multi-factor authentication (MFA). Meanwhile, more than 37% see a growth in cybersecurity attacks caused by password breaches, credential compromise, phishing and ransomware.
Okta says that 96% of organisations now favour Zero Trust. That claim comes in a blog written by David Bradbury, Chief Security Officer, Okta. Look more closely, and only 61% have a solution now, with 35% saying they will implement it in the next 18 months.
However, despite the optimism, there are strong headwinds. Cost, technology gaps, privacy regulations and data security, and talent shortages are just four of those.
The numbers used by Bradbury come from Okta’s State of Zero Trust Security 2023 report, which it has also just released. That report sheds more light on key challenges and drivers around zero trust.