CrowdStrike Achieves 100% Prevention in Fourth Round of MITRE Engenuity ATT&CK® Enterprise Evaluations

AUSTIN, Texas–(BUSINESS WIRE)–CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its results from the fourth round of the MITRE Engenuity ATT&CK® Enterprise Evaluations. CrowdStrike achieved 100% prevention with comprehensive visibility and actionable alerts – demonstrating the power of the Falcon platform to stop today’s most sophisticated threats.

This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the WIZARD SPIDER and VOODOO BEAR (Sandworm Team) threat groups, which were chosen because of their sophistication and broad range of post-exploitation tradecraft. The Falcon platform was evaluated among products from 30 vendors.

Falcon Platform Delivers 100% Prevention

The Falcon platform delivered 100% prevention in the ATT&CK Evaluations, consisting of nine test scenarios (including 19 steps and 109 substeps) on Windows and Linux operating systems. According to the 2022 CrowdStrike Global Threat Report, the average breakout time for adversaries — the time an adversary takes to move laterally from an initially compromised host to another host within the victim environment — is 98 minutes. Organizations need to be able to stop attackers immediately, before they can move about the network and cause damage. CrowdStrike shuts down attacks before they start.

CrowdStrike Delivers a Unified Platform Approach

CrowdStrike was the only vendor to demonstrate native and unified Zero Trust and identity protection capabilities in its platform. Adversaries are increasingly using legitimate and stolen credentials to try and evade detection. The Falcon platform shuts down identity-based attacks before they can start by delivering powerful capabilities like identity-based security, comprehensive Indicators of Attack (IOAs), machine learning, automated orchestration and threat intelligence through a unified, cloud-native approach. In the ATT&CK Evaluations, the Falcon platform proved these capabilities stop attackers quickly with more than 93% of attacker tactics, techniques and procedures (TTPs) stopped before they could execute.

Falcon Platform Delivers Comprehensive Visibility and Actionable Alerts

The Falcon platform provides comprehensive capabilities and tools for security teams to see, stop and understand an attack – scoring visibility on 96% of substeps in the ATT&CK Evaluations while presenting evidence for 99% of substeps. Visibility is a critical requirement of effective security, as security teams require context, historical visibility and response capabilities. CrowdStrike visually highlights detected attacks with rich context to streamline the triage process and helps security teams focus on the most critical threats first. In the ATT&CK Evaluations, the tested activities are presented in just six incidents, minimizing alert fatigue and giving security teams needed context to understand an attack.

“Achieving 100% prevention in the fourth round of the MITRE Engenuity ATT&CK Evaluation shows the power of the Falcon platform, which was designed to enable organizations to take a unified approach in detecting and preventing attacks across the endpoint, cloud, identity and data. CrowdStrike is setting the industry standard with a cloud-native security platform that is designed to deliver the most robust protections and stop the most sophisticated threats,” said Michael Sentonas, chief technology officer at CrowdStrike.

For more information on CrowdStrike’s test results, please visit the blog.

For full results and more information about the evaluations, please visit the MITRE Engenuity website.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram

Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

The post  CrowdStrike Achieves 100% Prevention in Fourth Round of MITRE Engenuity ATT&CK® Enterprise Evaluations appeared first on Cybersecurity Insiders.

April 01, 2022 at 09:09AM

Read More

Cynet Announces Results in 2022 MITRE Engenuity ATT&CK® Enterprise Evaluations

BOSTON–(BUSINESS WIRE)–Cynet, the world’s first autonomous breach protection platform, today announced the results of its completed MITRE Engenuity ATT&CK Evaluation for the Cynet 360 AutoXDR platform. This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the Wizard Spider and Sandworm threat groups, highlighting results across 30 vendors.

MITRE ATT&CK Evaluations test cybersecurity vendors’ abilities to detect and respond to real-world threats within the context of the MITRE ATT&CK Framework. This year, tests focused on two top threat actors: Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive Russian threat group that is known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks. According to MITRE Engenuity, these two threat actors were chosen based on their complexity, relevancy to the market, and how well MITRE Engenuity’s staff can fittingly emulate the adversary.

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan Product and General Manager of ATT&CK Evaluations at MITRE Engenuity. “Additionally, we’ve significantly improved our vendor management workflows and processes, so that any vendor participant—either current or future—will now have a more structured and efficient experience.”

Highlights of Cynet’s performance in the 2022 MITRE ATT&CK Evaluation this year include:

• 100% visibility and detection across each of the 19 MITRE ATT&CK steps evaluated
• 100% prevention rate across the 9 tests conducted by MITRE
• Cynet is #3 vendor in number of prevented attacks and in speed of prevention in total
• Cynet is #3 vendor in detection coverage (98.2%) across the 109 sub-steps conducted in the MITRE ATT&CK Evaluation
• Cynet detected 98.5% of the different unique techniques presented in the MITRE ATT&CK Evaluation, demonstrating the platform’s ability to provide visibility and protection across the entire ATT&CK Kill Chain

“Our participation in the MITRE ATT&CK Evaluation last year helped drive several improvements to our protections,” noted Cynet CEO Eyal Gruner. “The results we achieved this year are proof of the value of participating in the evaluation and confirmation of Cynet’s protection capabilities for our valued customers.”

Cynet will host a series of webinars starting on April 7, during which their CTO, Aviad Hasnis, will explain how to interpret the MITRE ATT&CK Evaluation results and share details on Cynet’s performance. Sign up for the webinars here.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About Cynet

Cynet 360 is the world’s first Autonomous Breach Protection platform that natively integrates XDR endpoint, user and network attack prevention, and detection capabilities with an incident engine that fully automates investigation and remediation actions, backed by a 24/7 world-class MDR service. End to end, fully automated breach protection is now within reach of any organization, regardless of security team size and skill level. Visit to learn more: https://www.cynet.com.

The post Cynet Announces Results in 2022 MITRE Engenuity ATT&CK® Enterprise Evaluations appeared first on Cybersecurity Insiders.

April 01, 2022 at 09:09AM

Read More

7 ways to defend against a credential stuffing attack

This blog was written by an independent guest blogger.

Credential stuffing attacks essentially doubled in number between 2020 and 2021. As reported by Help Net Security, researchers detected 2,831,028,247 credential stuffing attacks between October 2020 and September 2021—growth of 98% over the previous year. Of the sectors that did experience credential stuffing during that period, gaming, digital and social media, as well as financial services experienced the greatest volume of attacks. What’s more, the United Kingdom was one of the top three regions that launched the most credential stuffing attacks in the world, followed by Asia and North America.

Looking towards the rest of 2022, the security community expects the volume of credential stuffing attacks to grow even further. “Expect to see credential stuffing attacks double in number again in 2022,” noted Forbes.

Why is credential stuffing a concern for organizations?

First, the role of automation in credential stuffing makes it possible for anyone—even attackers with low levels of expertise—to perpetrate these attacks. A low barrier of entry helps to explain why credential stuffing is so pervasive and why it’s expected to continue in this way for 2022.

Let’s examine the flow of credential stuffing to illustrate this fact. According to the Open Web Application Security Project (OWASP), a credential stuffing attack begins when a malicious actor acquires compromised usernames and passwords from password dumps, data breaches, phishing campaigns, and other means. They then use automated tools to test those credentials across multiple websites including banks and social media platforms. If they succeed in authenticating themselves with a credential set, they can then conduct a password reuse attack, harvest the compromised account’s information/funds, and/or monetize it on the dark web.

Which brings us to our second reason why credential stuffing is so concerning: the impact of a successful attack can be far-reaching. The applications of a successful credential stuffing attack are tantamount to a data breach, so organizations can bet that all data privacy regulations will be enforced.

Meaning? Organizations could incur fines totaling millions of dollars in the aftermath of credential stuffing, per Cybersecurity Dive. Those penalties don’t include the costs that organizations will need to pay to understand the impact of the attack, figure out which data the malicious actors might have compromised, and remediate the incident. They also don’t cover the brand damage and legal fees that organizations could face after notifying their customers.

Credential stuffing defense best practices

To avoid the costs discussed above, organizations need to take action to defend themselves against a credential stuffing attack. Here are seven ways that they can do this.

1. Make credential stuffing defense an ongoing collaborative discussion

Organizations can’t tackle credential stuffing if there’s not even a discussion about the threat. Acknowledging this reality, TechRepublic recommends that organizations bring their security, fraud, and digital teams together to discuss credential stuffing, among other fraud trends, along with ways that they can use digital metrics to coordinate their defense efforts.

2. Implement multi-factor authentication

Credential stuffing hinges on the fact that malicious actors can translate access to a credential set into access to an account. Multi-factor authentication (MFA) denies this pivot point, as it forces attackers to also provide another factor such as an SMS-based text code or a fingerprint for authentication. This raises the barrier of taking over an account by forcing malicious actors to compromise those additional authentication factors in addition to the original credential set.

3. Use security awareness to familiarize employees with password best practices

Organizations can go a long way towards blocking a credential stuffing attack by cultivating their employees’ levels of security awareness. For instance, they can educate their employees on how malicious actors can leverage password reuse as part of a credential stuffing campaign. Per How-To Geek, organizations can also provide employees with a password manager for storing credentials that they’ve created in accordance with company password policies.

4. Analyze and baseline traffic for signs of credential stuffing

Infosecurity Magazine recommends that organizations create a baseline for their traffic including account activity. They can then use that baseline to monitor for anomalies such as a spike in failed login attempts and unusual account access requests.

5. Prevent users from securing their accounts with exposed passwords

The last thing security teams want is for their employees to use a password that’s been exposed in a previous security incident. Malicious actors use data breaches, information dumps, and other leaks to power automated tools used in credential stuffing, after all. Acknowledging this point, infosec personnel need to monitor the web for data breaches, information dumps, and other leaks that malicious actors could use to engage in credential stuffing. They can actively monitor the news for these types of incidents. They can also rely on receiving alerts from data breach tracking services such as Have I Been Pwned (HIBP).

6. Implement device fingerprinting

Infosec teams can use operating system, web browser version, language settings, and other attributes to fingerprint an employee’s device. They can then leverage that fingerprint to monitor for suspicious activity such as a user attempting to authenticate themselves with the device in a different country, noted Security Boulevard. If a circumstance like that arises, security teams can then prompt employees to submit additional authentication factors to confirm that someone hasn’t taken over their account.

7. Avoid using email addresses as user IDs

Password reuse isn’t the only factor that increases the risk of a credential stuffing attack. So too does the reuse of usernames and/or account IDs. Salt Security agrees with this statement.

“Credential stuffing relies on users leveraging the same usernames or account IDs across services,” it noted in a blog post. “The risk runs higher when the ID is an email address since it is easily obtained or guessed by attackers.”

Subsequently, organizations should consider using unique usernames that malicious actors can’t use for their authentication attempts across multiple web services.

Beating credential stuffing with the basics

Credential stuffing is one of the most prevalent forms of attack today. This popularity is possible because of how simple it is for malicious actors to obtain exposed sets of credentials on the web. However, as discussed above, it’s also simple for organizations to defend themselves against credential stuffing. They can do so in large part by focusing on the basics such as implementing MFA, awareness training, and baselining their traffic.

The post 7 ways to defend against a credential stuffing attack appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:10PM

Read More

CrowdStrike to Host Investor Briefing

AUSTIN, Texas–(BUSINESS WIRE)–CrowdStrike Holdings, Inc. (Nasdaq: CRWD) today announced that it will host a briefing for investors on April 7, 2022.

Event:				CrowdStrike Investor Briefing
Location:				Virtual
Date:				Thursday, April 7, 2022
Presentation time:				1:00 p.m. PDT
Presenters:				George Kurtz, chief executive officer
				Burt Podbere, chief financial officer
				Mike Sentonas, chief technology officer

A live webcast and replay of the briefing will be accessible from the investor relations section of CrowdStrike’s website at ir.crowdstrike.com.

About CrowdStrike Holdings

CrowdStrike Holdings, Inc. is a global cybersecurity leader that provides cloud-delivered protection of endpoints, cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and advanced artificial intelligence, the CrowdStrike Falcon® platform delivers better outcomes to customers through rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike Falcon leverages a single lightweight-agent architecture with integrated cloud modules spanning multiple security markets, including corporate workload security, managed security services, security and vulnerability management, IT operations management, threat intelligence services, identity protection and log management.

For more information, please visit: ir.crowdstrike.com/

The post CrowdStrike to Host Investor Briefing appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:10PM

Read More

SnapAttack Launches Community Edition to Drive Collaboration Across Cybersecurity Community

WASHINGTON–(BUSINESS WIRE)–SnapAttack, a cybersecurity firm that advances both proactive and collaborative security with a single platform, today announced the launch of its Community Edition, a free of charge, open platform that gives threat intel analysts, red teams, detection engineers and threat hunters an operational platform to accelerate the maturity of security operations. Additionally, in support of the mission of improving the world’s security, SnapAttack is releasing immediately actionable content corresponding to the latest threats from Russia, including HermeticWiper, IsaacWiper, HermeticRansom and WhisperGate. This content is available within the Community Edition and includes four attack sessions showing the actual real-world killchain along with nine detection analytics designed to pinpoint this specific adversary tradecraft within users’ environments.

Community Edition members will have access to the full-featured, core components of the SnapAttack platform, allowing them to share actionable threat intelligence data and create vendor-agnostic detection analytics. Community members that have been vetted and approved by SnapAttack will be given content authorship privileges, allowing them to develop and disseminate actionable content to all community users. The new feature also includes access to open source content from popular community tools, such as Atomic Red Team and Sigma, and will continue to expand over time. The Community Edition is a permanent platform feature that will be forever free as part of our commitment and core mission to help improve security writ large.

“We can’t overstate the power the Community has to accelerate SecOps maturity across all organizations,” said Peter Prizio, Chief Executive Officer at SnapAttack. “With our Community strategy, our customers will gain the benefit of thousands of security researchers and content engineers, crowdsourcing the hard work of keeping up with the latest threats—including state-sponsored attacks stemming from current and future geopolitical conflicts. We believe that hope is not a strategy and that threat detection analytics must be proven to be reliable. That’s why our team of researchers and curators will work to ensure all community-published content meets our stringent requirements on quality, accuracy and precision.”

Threats from cybercriminals and nation-state actors continue to escalate. Yet, intel analysts, threat hunters and Security Operation Centers (SOCs) struggle to keep up with the latest threats because the volume is too high and the resources for those who build detections are too scarce. Community users will have the ability to engage with over 700 pieces of curated threat intel, 400 attack sessions simulating real-world attacks like ransomware, and over 2,200 proven detection analytics that can be directly deployed to other security tools in Community users’ environments. In addition, users will be able to access:

• SnapAttack’s proprietary attack session capture tool, enabling security testers to create attack session snapshots which enable our no-code detection engineering platform.
• Base content pack of Russia/Ukraine adversary tradecraft. New tactics, techniques and procedures (TTPs) and malware variants will be added as they are identified.
• Opportunities to take security to the next level through subscription packages that provide additional features such as deeper tool integrations, advanced reporting and exclusive subscription-only content on the latest threats.

“I am a strong believer that the cybersecurity community must collaborate, share intelligence, and work together in order to withstand the barrage of threats industry and government faces on a daily basis,” said Fred Frey, Chief Technology Officer at SnapAttack. “Our Community Edition is the best platform to enable that collaboration, across businesses, sectors, SIEM and EDR vendors, and between cyber threat intelligence (CTI), red and blue teams. SnapAttack reduces the burden on all companies who each individually invest in curating intelligence and developing detection content—the world would be a safer place if we didn’t all duplicate each other’s efforts.”

Interested in becoming a member? Sign up for the community edition here: https://www.snapattack.com/community.

About SnapAttack

SnapAttack (www.snapattack.com) is a cyber threat hunting and detection company with a unique technical solution that enables community collaboration around threat intelligence, attack emulation, and behavioral analytics. The novel approach helps organizations proactively identify potential vulnerabilities, risks, and gaps in their infrastructure before an incident occurs. SnapAttack was incubated in Booz Allen’s Dark Labs and is rooted in years of experience in both nation-state and commercial cyber operations and tradecraft. In 2021, SnapAttack was established as a stand-alone company to focus on rapidly evolving its platform capabilities. They deliver proactive threat hunting, detection-as-code, and purple teaming in a single vendor-agnostic solution.

The post SnapAttack Launches Community Edition to Drive Collaboration Across Cybersecurity Community appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:09PM

Read More

The OpenNMS Group Releases OpenNMS Meridian 2022 with Enhanced Network Monitoring and Security Capabilities

RALEIGH, N.C.–(BUSINESS WIRE)–The OpenNMS Group, Inc., a subsidiary of NantHealth, Inc. (NASDAQ: NH), today announced the release of OpenNMS Meridian 2022. With this next major release, the fully open source Meridian product, which is the optimized and stable version of the OpenNMS platform curated by The OpenNMS Group for production environments, now features enhanced security among other improvements.

“As a leading open source network monitoring platform leveraged by some of the largest companies across all industry sectors, OpenNMS is dedicated to delivering a first-class enterprise solution that can be securely deployed to meet the security and compliance requirements these organizations demand,” said David Hustace, CEO of The OpenNMS Group. “Our investment in cybersecurity risk assessments and penetration testing for our products further demonstrates this commitment. We are proud to release this new version of Meridian and continue our mission of providing best-in-class, open source network monitoring for our customers.”

Major updates to Meridian include:

• Improved security by removing requirements for privileged access. Running as a non-root user limits the potential access that malicious code can gain to system resources, thereby reducing risk in the event of a system compromise.
• Improved analytics through enhanced flow processing. Updates to the NetFlow component allow users to add business metadata to flow records. This update also enables Meridian 2022 to classify network conversation data at speeds up to 30x faster than in previous releases.
• Simplified Minion communication. Minions now communicate with the Meridian core simply via the message broker, no longer requiring access to the core REST API. This single communication simplifies securing the Meridian platform and supporting firewalls policies.
• Enhanced geolocation with IP addresses. Users can now specify and/or query a node’s location using its IP address with the new GeoIP provisioning adapter.
• An expanded set of REST APIs. Users can integrate Meridian with their internal systems and customize it to fit their business needs and goals. APIs have full documentation in compliance with OpenAPI/Swagger.

Meridian is a subscription-based platform that includes the most stable and secure features from Horizon, OpenNMS’ community-driven distribution. The platform features inventory, performance, fault, and traffic management, business service monitoring, remote data collection, BGP Monitoring Protocol (BMP) support, and application perspective monitoring. Known for its reliability, adaptability, and scalability, Meridian allows users to customize the platform so it fits the unique needs of their business. A new major version of Meridian is released annually and updates are issued monthly, to maximize the platform’s value and minimize the effort required to maintain it.

OpenNMS has adopted penetration testing as a key aspect of our development and release processes for both the current products and forthcoming cloud services. In addition, The OpenNMS Group is improving its processes to align with the ISO 27001 security framework. This will help to ensure that the appropriate people, processes, and technologies are in place to assess cybersecurity risks and implement the measures necessary to protect, remediate, or recover from those risk events. The OpenNMS Group is also working towards becoming part of the Common Vulnerabilities and Exposures (CVE) system’s Numbering Authorities (CNA) program to augment its CVE reporting capabilities.

For more information about OpenNMS Meridian 2022, please visit: https://www.opennms.com/meridian-2022/.

About OpenNMS

Based in Morrisville, NC, OpenNMS provides a highly reliable, scalable and comprehensive fault, performance and traffic monitoring solution that easily integrates with business applications and workflows to monitor and visualize everything in a network. The OpenNMS platform monitors some of the largest networks in existence, covering the healthcare, technology, finance, government, education, retail and industrial sectors, many with tens of thousands of networked devices. OpenNMS users include five of the top twenty companies on the Fortune 100, as well as multiple large and multi-state health providers and one of the largest electronic medical record providers in the United States. For more information, visit https://www.opennms.com/.

About NantHealth, Inc.

NantHealth, a member of the NantWorks ecosystem of companies, provides enterprise solutions that help businesses transform complex data into actionable insights. By offering efficient ways to move, interpret and visualize complex and highly sensitive information, NantHealth enables customers in healthcare, life sciences, logistics, telecommunications and other industries to automate, understand and act on data while keeping it secure and scalable. NantHealth’s product portfolio comprises the latest technology in payer/provider collaboration platforms for real-time coverage decision support (Eviti and NaviNet), and data solutions that provide multi-data analysis, reporting and professional services offerings (Quadris). The OpenNMS Group, Inc., a NantHealth subsidiary, helps businesses monitor and manage network health and performance. For more information, visit nanthealth.com, follow us on Twitter, Facebook, LinkedIn and YouTube, and subscribe to our blog.

NantHealth Forward Looking Statement

This news release contains certain statements of a forward-looking nature relating to future events or future business performance. Forward-looking statements can be identified by the words “expects,” “anticipates,” “believes,” “intends,” “estimates,” “plans,” “will,” “outlook” and similar expressions. Forward-looking statements are based on management’s current plans, estimates, assumptions and projections, and speak only as of the date they are made. Risks and uncertainties include, but are not limited to: our ability to successfully integrate a complex learning system to address a wide range of healthcare issues; our ability to successfully amass the requisite data to achieve maximum network effects; appropriately allocating financial and human resources across a broad array of product and service offerings; raising additional capital as necessary to fund our operations; our ability to grow the market for our software and data solutions; successfully enhancing our software and data solutions to achieve market acceptance and keep pace with technological developments; customer concentration; competition; security breaches; bandwidth limitations; our ability to integrate The OpenNMS Group, Inc. into our operations; our use and distribution of open source software; our ability to obtain necessary regulatory approvals, certifications and licenses; dependence upon senior management; the need to comply with and meet applicable laws and regulations; unexpected adverse events; and anticipated cost savings. We undertake no obligation to update any forward-looking statement in light of new information or future events, except as otherwise required by law. Forward-looking statements involve inherent risks and uncertainties, most of which are difficult to predict and are generally beyond our control. Actual results or outcomes may differ materially from those implied by the forward-looking statements as a result of the impact of a number of factors, many of which are discussed in more detail in our reports filed with the Securities and Exchange Commission.

The post The OpenNMS Group Releases OpenNMS Meridian 2022 with Enhanced Network Monitoring and Security Capabilities appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:09PM

Read More

MEDIA ALERT: Anomali Announces eXtends Virtual Event, Showcasing How Organizations Can Leverage The Anomali Platform and Cloud-Native XDR Solution to Stop Attackers and Their Breaches

REDWOOD CITY, Calif.–(BUSINESS WIRE)–Anomali, a leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions, has opened registration for Anomali eXtends. This premier virtual cybersecurity event will be delivered live to a global audience on both Wednesday, April 13, and Thursday, April 14.

Anomali eXtends follows the launch of The Anomali Platform and Cloud-Native XDR Solution, recognized by customers, partners, and analysts as an innovation that optimizes detection and response to ensure greater resilience in a world marked by rapid digital transformation and increasing threats, including ransomware.

The live event features five main stage sessions, four deep dive sessions and two booths including:

• The Evolution of Adversary Defense. Featuring Anomali President Hugh Njemanze, this presentation reviews the evolution of cyber defense and what’s required to keep pace with the top threats of today and tomorrow.
• The Power of XDR. Led by ESG Senior Principal Analyst and Fellow, Jon Oltsik, and Anomali Chief Product Officer (CPO) Mark Alba, this presentation will focus on defining XDR, outlining its value proposition, and how Anomali delivers on needed enterprise outcomes.
• Taking Intelligence to Detection in Seconds: The Anomali Platform and Demo. Presented by Mark Alba, Anomali Chief Product Officer, and Scott Dowsett, Anomali VP of WW Sales Engineering, the session will showcase The Anomali Platform integrated product suite, its unique and differentiated features, and the use cases it addresses.
• Customer Panel: The Benefits of The Anomali Platform and XDR. Featuring Cherie Burget, Director, Cyber Intelligence Operations, MM-ISAC, and Rob Labbé, Director, Information Security, Teck Resources Limited, and Anomali Chief Revenue Officer Sean Foster, this session details how customers use Anomali to optimize their security investments and improve their overall security posture.
• Breakout Deep Dive Sessions include: The Anomali Platform with a detailed demo, The Anomali XDR Solution and use-cases, ROI of The Anomali Platform, and the benefits of machine learning and automation to stay ahead of attacks.
• The event will feature two booths offering an opportunity for participants to talk with an expert and receive live demos of The Anomali Platform and Suite of Offerings.

In response to demand from our global customers and partners, Anomali eXtends will be hosted on Wednesday, April 13 at 8 AM PDT, 11 AM EDT, 4 PM BST, or Wednesday, April 14 at 7 AM BST, 10 AM GMT+4, and 2 PM GMT+8. This event is structured to provide valuable insights and learning to all audiences, including executive security leaders and other security operations professionals, including threat intelligence and SOC analysts, security engineers, and other practitioners. To register for the event, visit: Anomali eXtends.

Twitter: https://twitter.com/Anomali

LinkedIn: https://www.linkedin.com/company/anomali/

Blog: https://www.anomali.com/blog

About Anomali

Anomali is the leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions. Anchored by big data management (the “X”) and refined by artificial intelligence, The Anomali Platform, an XDR solution, delivers unique proprietary capabilities that correlate the largest repository of global intelligence with telemetry from customer-deployed security solutions. This combination empowers security operations teams to detect threats with precision, optimize response, achieve resiliency, and to ultimately stop attackers and breaches. Our SaaS-based solutions easily integrate into existing security tech stacks through native-cloud, multi-cloud, on-premises, and hybrid deployments. Founded in 2013, Anomali serves global B2B enterprise businesses as well as large public sector organizations, ISACs, ISAOs, service providers and Global 1000 customers to help safeguard the world’s critical infrastructure, businesses and people. Leading venture firms, including Google Ventures, General Catalyst and IVP, back Anomali. Learn more at www.anomali.com.

The post MEDIA ALERT: Anomali Announces eXtends Virtual Event, Showcasing How Organizations Can Leverage The Anomali Platform and Cloud-Native XDR Solution to Stop Attackers and Their Breaches appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:09PM

Read More

Biden’s new Cybersecurity legislation is unrealistic says study

A few days ago, the Biden administration issued new legislation that makes it mandatory for companies to disclose cybersecurity incidents within 72 hours.

But a survey conducted by cyber risks disclosing firm BitSight suggests that the set deadline is unrealistic as it is hard to achieve. The conclusion was made after security researchers from BitSight analyzed responses & data from over 190 respondents and 12K publicly disclosed cyber incidents from 2019 to 2021.

Researchers argue it takes at least 45-105 days for organizations to realize that hackers have targeted them and won’t disclose the incident until 50 days after discovery because of multiple reasons.

Practically, as large organizations have dedicated security teams on-premises, they find such incidents and respond faster than small organizations. Large businesses, in a sense, those operating with more than 10K employees, count.

Rest all small organizations either cannot discover the cyberattacks on time or don’t make them public within 72 hours, as they do not get the correct inputs on what to disclose, where to disclose and whom to disclose, and how to disclose?

Moreover, business reputation getting maligned is the biggest fear that holds CTOs and CIOs from disclosing the information to government agencies.

Meanwhile, the white house has tabled a new bill that would help federal authorities track, measure, and analyze cyber crimes.

Titled The Better Cybercrime Metrics Act, if introduced, will assist law enforcement in better identifying cyber threats, prosecuting cybercrime in a better way, and defending the overall infrastructure from future cyber attacks.

However, as Republicans are against the bill, its endorsement from the Biden administration is doubtful.

The post Biden’s new Cybersecurity legislation is unrealistic says study appeared first on Cybersecurity Insiders.

March 31, 2022 at 08:41PM

Read More

Lapsus$ ransomware group strikes software firm Globant

Laspsus$ ransomware group has revealed some details about its latest victim through its official telegram channel and Argentina-based IT and software firm Globant that has a global business presence seems to have become its latest victim.

Lapsus$ claimed that it has stolen about 70GB of Globant’s data, including the company’s software source code, and threatened the company to release more details, if it doesn’t bow down to its ransom demands.

Globant admitted the ransomware attack and acknowledged the source code steal. But the firm is still unsure how much of its data was compromised as its investigation was still underway.

Okta and Sitel are the other organizations that were hit by Lapsus$ group early this month and the former issued a press update that the incident could have affected up to 366 customers of the company.

On seeing the Lapsus$ ransomware group constantly targeting US firms, FBI has placed it on its ‘Most Wanted’ list and has investigated the group’s core members and their whereabouts with the help of other international law enforcement agencies.

Reports are in that the UK’s law enforcement agencies have arrested a 16-year-old teenager living near the Oxford University in connection with the Lapsus$ gang last week. It is believed that the youngster was connected with the Russian-speaking gang for a couple of years and was assisting them in financial transactions that take place between the criminals and the victims, on a respective note.

 

The post Lapsus$ ransomware group strikes software firm Globant appeared first on Cybersecurity Insiders.

March 31, 2022 at 02:52PM

Read More

Russian cyber attack on US mobile customers

From the afternoon hours of Tuesday, thousands of mobile users in United States received spam text from their phone numbers.

And telecom company Verizon Wireless was forced to issue a public statement that some threat actors might have taken control of its servers to send spam to its users and diverting them to Russian state media network Channel One.

Verizon, however, condemned the speculation that the spam was being delivered from the Putin led nation as it was still investigating the incident.

Initially, it seemed like threat actors were seen controlling the telecom servers to send spam. But as soon as they embedded the link to Channel One, security researchers suspected that Kremlin could have triggered the attack.

At the end of last week, US President issued a nationwide warning that Russian hackers could infiltrate the nation’s critical network to create unnecessary chaos. He asked all the technology CEOs, and the business heads to bolster their in-house cybersecurity measures to mitigate the cyber risks emerging from Moscow.

Cyber Attack on Verizon’s network and generating spam from the users’ own phone numbers needs a lot of technical expertise of international standards. And so, security experts believe it could be a highly sophisticated phishing attack launched by a foreign nation.

Interestingly, just a few weeks ago, Verizon proudly announced that it has developed a tool that intercepts the spam texts at its servers, before they are delivered. And still if they reach the customer, it is urging its customers to forward them to 7726 spam number from their mobile phones and is free.

By doing so, customers can help the telecom service provider to block spam text messages to core.

As per the official statistics released by the company, it has till date blocked over 12 billion spam messages and 80 million robocalls from the year June 2019-January 2022.

 

The post Russian cyber attack on US mobile customers appeared first on Cybersecurity Insiders.

March 31, 2022 at 02:49PM

Read More

Island Names Ellen Roeckl as Chief Marketing Officer

DALLAS–(BUSINESS WIRE)–Island, developer of the Enterprise Browser, has expanded its senior leadership team with the appointment of Ellen Roeckl as Chief Marketing Officer (CMO). Roeckl joins Island with decades of experience leading integrated marketing efforts at B2B technology leaders including Fastly, Symantec and Juniper Networks, as well as multiple executive leadership roles at Weber Shandwick, one of the world’s largest communications firms.

As Island CMO, Roeckl will oversee the company’s communications and business marketing strategy as it continues its rapid growth, following its recent Series B financing. Roeckl brings a strong track record of customer engagement success powered by a hands-on approach to execution and deep industry insight.

“What Island is doing and the impact it can have on cybersecurity and IT is extraordinary,” said Roeckl. “The Enterprise Browser challenges our preconceived notions of what work should be, and I’m thrilled to join the Island team to help drive growth and tell this story to our customers, prospects, partners and other important stakeholders.”

“When it came to marketing leadership at Island, we sought a proven professional poised to assume the challenge of communicating a completely new approach to work that resonates with our audiences,” said Mike Fey, co-founder, CEO, Island. “Ellen’s keen understanding of the security market and her results-driven thinking align perfectly with our company’s overall goals for category building and growth.”

Island’s Enterprise Browser is the first solution to provide a Chromium-based user experience while integrating the core needs of the business directly within the browser itself. The Enterprise Browser delivers security control, visibility and governance at every user touchpoint, without getting in the way of productivity.

To learn more about career development opportunities at Island, visit www.island.io/careers.

About Island

Island, the Enterprise Browser is the ideal enterprise workplace, where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect. Led by experienced leaders of the enterprise security and browser technology space and backed by leading venture funds – Insight Partners, Sequoia Capital, Cyberstarts and Stripes – Island is redefining the future of work for some of the largest, most respected enterprises in the world. Island is based in Dallas with research and development in Tel Aviv and can be reached at info@island.io or (866) 832-7114.

The post Island Names Ellen Roeckl as Chief Marketing Officer appeared first on Cybersecurity Insiders.

March 31, 2022 at 09:08AM

Read More

Ransomware news headlines trending on Google

1.) Notorious Hive Ransomware group has published details of 850,000 patient records belonging to Partnership HealthPlan of California and said that a portion of data will be sold on the dark web, if the healthcare provider doesn’t bow down to its ransom demands.

As an incident response, the Partnership HealthPlan of California says that it has set up a Gmail address for patients to respond and showed that a team of experts have been pressed to probe the incident.

A press update released by the company states that information such as email addresses, social security numbers, physical addresses of over 850,000 PII were stolen by Hive hackers and all measures were being taken to stop them from posting 400 GB data onto the dark web.

2.) Conti Ransomware group has published on the dark web that it has targeted the servers belonging to Shutterfly, an online store that sells and purchases photography related services via web.

The incident reportedly occurred in December 2021 and the threat actors gained access to their network via a Windows Domain Controller.

Online tech news resource Bleeping computer reported Conti gang encrypted over 4k devices and 120 VMware ESXi servers that stored information belonging to Shutterfly.

3.) Third, a ransomware group dubbed SunCrypt that involves in triple extortion tactics of file encryption, a threat to post data online and launching DDoS attack on victims failing to pay a ransom is doing round on internet. And as per the sources, SunCrypt Ransomware gang is back in business and is slowly picking up in 2022. Minerva Labs, a security firm has endorsed the news and added that the threat group is looking to target only large enterprises and is keeping its ransom negotiations anonymous, to stay away from the tracking radar of law enforcement agencies.

4.) Last, but not the least, is the information regarding how fast the ransomware encrypts files. Researchers from Spunk have found that most of the reputed ransomware groups encrypt servers within a matter of 5 minutes and 50 seconds to encrypt 100,000 files. And the quickest among them is LockBit Ransomware that encrypts over 100 GB data within 4 minutes 9 seconds. Other ransomware forms were found encrypting files in the following time frame- Babuk Ransomware- In 6 minutes 34 seconds for a data of 100GB; Avaddon Ransomware- In 13 minutes 14 seconds for a data of 100GB; RYUK at 14 minutes,30 seconds; REvil in 24 minutes 16 seconds and BlackMatter ransomware in a time frame of 45 minutes. DarkSide that has the history of encrypting databases of Colonial Pipeline took 47 minutes to encrypt data on the victim database and Conti Ransomware at a time of 59 minutes 23 seconds to lock down access to 54GB of data files. Maze and PYSA were slow in doing their work as they were found encrypting a 50GB data file in over 109 minutes.

 

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

March 30, 2022 at 02:06PM

Read More

Healthcare focus: Need for resilience

Data breaches are still on the rise in healthcare.  2021 accumulated 686 healthcare data breaches of 500 or more records in 2021, resulting in 45M exposed or stolen healthcare records.  2022 is off to a poor start with over 3.7M healthcare records compromised as of 3/2/2022.[1]

Healthcare organizations face a landscape that is increasingly riddled with complexities, threats, and a multitude of attack vectors.  The pandemic take a toll on hospitals and ransomware attacks increased significantly. Nevertheless, healthcare organizations must continue to provide patient care through various avenues that necessitate emerging and advanced digital solutions, like edge computing.  With that, comes cybersecurity risk.  This can be challenging for even the most mature organizations, but there are many healthcare organizations that are still lagging behind and do not have the fundamentals of cybersecurity in place. 

Cybersecurity frameworks for the healthcare industry

Frameworks are becoming increasingly more important to build that foundation, to measure improvements, and to drive results.  Frameworks allow for a defensible and rational approach to managing your cybersecurity risks and complying with regulatory requirements.    Many regulations purposely strike a balance between specificity and flexibility to allow organizations latitude in applying the requirements based upon their size, complexity, and risk assessment. 

Established frameworks are adopted across industries, some are industry-specific, but all continue to evolve as cybersecurity risks evolve.  Most recently we have seen the newly updated ISO 27002 standard published last month, the DoD has come out with CMMC 2.0 (NIST 800-171r2), and the National Institute of Standards and Technology (NIST) regularly publishes new and updated standards. 

The need for a vertical-specific framework

Adoption of a particular framework can vary from industry to industry.  One such framework is the HITRUST CSF that has been heavily adopted in the healthcare industry.  The HITRUST CSF was established to provide prescription and consistency in the application of security and privacy controls for healthcare organizations. It provides for the protection of health data by creating a single framework that harmonizes various, related compliance requirements and industry standards.  While HITRUST is no longer focused on only the healthcare industry, the adoption of the HITRUST CSF can help organizations in healthcare lay the foundation and continuously improve their cybersecurity posture and address existing and emerging threats. 

The HITRUST CSF is valuable to healthcare organizations for the reasons mentioned above….it provides a defensible approach to compliance with HIPAA, it is prescriptive in control implementation, and is continually updated based upon the threats and risks the healthcare industry faces.   The healthcare industry not only has to demonstrate cybersecurity risk management to regulators, but to business partners and clients as well.  HITRUST offers certification for this purpose. 

HITRUST has added two new assessments to provide organizations options. The assessment formerly known as the HITRUST CSF Validated Assessment could be daunting for some organizations to take on.  Given this, HITRUST published in early 2022 what is called the Implemented, 1-Year (i1) Assessment.   This assessment allows organizations to take a streamlined and a crawl, walk, run approach to assurance and certification. 

The i1 Assessment is based upon a static set of 219 controls with substantial coverage for NIST SP 171 revision 2, The HIPAA Security Rule, and the AICPA Availability Trust Services Principle, evaluating the maturity of control implementation.  This is an attractive assessment for organizations that need to demonstrate a moderate level of assurance and are willing to go through the assessment and certification process on an annual basis.  It is also a good stepping stone to higher levels of assurance.   

This does not replace the former HITRUST CSF Validated Assessment, which is now called the Risk-Based, 2 Year (r2) Assessment.  The r2 Assessment’s requirements are risk-based, where the number of controls are dependent on scoping factors and will vary from organization to organization.  The evaluation of the controls is very rigorous, analyzes policy, process, implemented, measured, and managed maturity, and demonstrates high assurance. 

Also new in 2022 is the Basic, Current-state (“bC”) Assessment, which is a self-assessment focused on  good security hygiene controls and is suitable for quick and low assurance requirements.  There is coverage for NISTIR 7621: Small Business Information Security Fundamentals. 

The bC, i1, and r2 provides various assurance options to meet organizational, partner, and client needs, and continues to reduce efforts in responding to third-party requests to demonstrate a sound, security posture. 

A balance of risk and transforming the delivery of patient care necessitate adopting a framework that is sustainable and continually updated, especially as healthcare organizations invest in cybersecurity strategies like securing the edge. 

[1] U.S Department of Health and Human Services Office of Civil Rights Breach Portal:  Notice to the Secretary of HHS Breach of Unsecured Protected Health Information

The post Healthcare focus:  Need for resilience appeared first on Cybersecurity Insiders.

March 30, 2022 at 09:09AM

Read More

TD SYNNEX Provides Medium-Term Financial Model at 2022 Investor Day

FREMONT, Calif. & CLEARWATER, Fla.–(BUSINESS WIRE)–TD SYNNEX (NYSE: SNX), a leading global distributor and solutions aggregator for the IT ecosystem, today hosted its 2022 Investor Day during which it provided further details regarding its fiscal 2022 financial outlook and introduced its medium-term financial targets.

“Through the merger of two great companies to form TD SYNNEX, we believe we are uniquely positioned and qualified to transform our industry and provide unmatched capabilities to our partners, customers, shareholders and co-workers,” said Marshall Witt, CFO. “We have an attractive core business, which when combined with above-average growth rates in technology areas such as Cloud, Data & Analytics, AI, IoT and Hyperscale Infrastructure provide us with the ability to further improve our operating margins, and generate robust cash flow and enhanced shareholder returns over the medium-term.”

Fiscal 2022 Financial Targets⁽¹⁾

For Fiscal 2022, the company provided the following financial targets:

• Adjusted net revenue growth of 6-8%
• Non-GAAP operating margin of 2.5-2.7%
• Adjusted ROIC of 11%
• Total debt leverage of 2.5 times and net debt leverage of 1.6 times

Medium-Term Financial Targets⁽¹⁾

Over the medium-term, which is defined as the next three to four years, the company provided the following financial targets:

• Revenue growth of 6-7% at a compounded annual growth rate
• Revenues and non-GAAP operating margins from high-growth technologies to approximately double
• Non-GAAP operating margin of approximately 3%
• Adjusted ROIC of 300 basis points above the company’s weighted average cost of capital
• Total shareholder returns of 15-20%
• Free cash flow of nearly $1.5 billion
• 2% dividend yield

Investor Day Presentations

The Investor Day presentations were webcast, and an archived replay will be available shortly from the Investor Relations website, ir.synnex.com, where the accompanying presentation slides may also be accessed.

About TD SYNNEX

TD SYNNEX (NYSE: SNX) is a leading global distributor and solutions aggregator for the IT ecosystem. We’re an innovative partner helping more than 150,000 customers in 100+ countries to maximize the value of technology investments, demonstrate business outcomes and unlock growth opportunities. Headquartered in Clearwater, Florida, and Fremont, California, TD SYNNEX’ 22,000 co-workers are dedicated to uniting compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. Our edge-to-cloud portfolio is anchored in some of the highest-growth technology segments including cloud, cybersecurity, big data/analytics, IoT, mobility and everything as a service. TD SYNNEX is committed to serving customers and communities, and we believe we can have a positive impact on our people and our planet, intentionally acting as a respected corporate citizen. We aspire to be a diverse and inclusive employer of choice for talent across the IT ecosystem. For more information, visit www.TDSYNNEX.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

⁽¹⁾Use of Non-GAAP Financial Information

In addition to the financial results presented in accordance with GAAP, TD SYNNEX also uses adjusted selling, general and administrative expenses, non-GAAP operating income, non-GAAP operating margin, non-GAAP net income, and non-GAAP diluted earnings per share, which are non-GAAP financial measures that exclude acquisition, integration and restructuring costs, the amortization of intangible assets, share-based compensation expense, purchase accounting adjustments and the related tax effects thereon. The Company also uses adjusted earnings before interest, taxes, depreciation and amortization (“Adjusted EBITDA”) which excludes other income (expense), net, acquisition, integration and restructuring costs, share-based compensation expense and purchase accounting adjustments. In prior periods, TD SYNNEX has excluded other items relevant to those periods for purposes of its non-GAAP financial measures.

Acquisition, integration and restructuring costs typically consist of acquisition, integration, restructuring and divestiture related costs and are expensed as incurred. These expenses primarily represent professional services costs for legal, banking, consulting and advisory services, severance and other personnel related costs, share-based compensation expense and debt extinguishment fees. From time to time, this category may also include transaction-related gains/losses on divestitures/spin-off of businesses, costs related to long-lived assets including impairment charges and accelerated depreciation and amortization expense due to changes in asset useful lives, as well as various other costs associated with the acquisition or divestiture.

TD SYNNEX’ acquisition activities have resulted in the recognition of finite-lived intangible assets which consist primarily of customer relationships and lists and vendor lists. Finite-lived intangible assets are amortized over their estimated useful lives and are tested for impairment when events indicate that the carrying value may not be recoverable. The amortization of intangible assets is reflected in the Company’s Statements of Operations. Although intangible assets contribute to the Company’s revenue generation, the amortization of intangible assets does not directly relate to the sale of the Company’s products. Additionally, intangible asset amortization expense typically fluctuates based on the size and timing of the Company’s acquisition activity. Accordingly, the Company believes excluding the amortization of intangible assets, along with the other non-GAAP adjustments, which neither relate to the ordinary course of the Company’s business nor reflect the Company’s underlying business performance, enhances the Company’s and investors’ ability to compare the Company’s past financial performance with its current performance and to analyze underlying business performance and trends. Intangible asset amortization excluded from the related non-GAAP financial measure represents the entire amount recorded within the Company’s GAAP financial statements, and the revenue generated by the associated intangible assets has not been excluded from the related non-GAAP financial measure. Intangible asset amortization is excluded from the related non-GAAP financial measure because the amortization, unlike the related revenue, is not affected by operations of any particular period unless an intangible asset becomes impaired or the estimated useful life of an intangible asset is revised.

Share-based compensation expense is a non-cash expense arising from the grant of equity awards to employees based on the estimated fair value of those awards. Although share-based compensation is an important aspect of the compensation of our employees, the fair value of the share-based awards may bear little resemblance to the actual value realized upon the vesting or future exercise of the related share-based awards and the expense can vary significantly between periods as a result of the timing of grants of new stock-based awards, including grants in connection with acquisitions. Given the variety and timing of awards and the subjective assumptions that are necessary when calculating share-based compensation expense, TD SYNNEX believes this additional information allows investors to make additional comparisons between our operating results from period to period.

Purchase accounting adjustments are primarily related to the impact of recognizing the acquired vendor and customer liabilities related to the merger with Tech Data at fair value. The Company expects the duration of these adjustments to benefit our non-GAAP operating income through fiscal 2022 and through a portion of fiscal 2023 based on historical settlement patterns with our vendors and in accordance with the timing defined in our policy for releasing vendor and customer liabilities we deem remote to be paid.

Trailing fiscal four quarters ROIC is defined as the last four quarters’ tax effected operating income divided by the average of the last five quarterly balances of borrowings and equity, net of cash. Adjusted ROIC is calculated by excluding the tax effected impact of non-GAAP adjustments from operating income and by excluding the cumulative tax effected impact of current and prior period non-GAAP adjustments on equity.

TD SYNNEX also uses free cash flow, which is cash flow from operating activities, reduced by purchases of property and equipment. TD SYNNEX uses free cash flow to conduct and evaluate its business because, although it is similar to cash flow from operations, TD SYNNEX believes it is an additional useful measure of cash flows since purchases of property and equipment are a necessary component of ongoing operations. Free cash flow reflects an additional way of viewing TD SYNNEX’ liquidity that, when viewed with its GAAP results, provides a more complete understanding of factors and trends affecting its cash flows. Free cash flow has limitations as it does not represent the residual cash flow available for discretionary expenditures. For example, free cash flow does not incorporate payments for business acquisitions. Therefore, TD SYNNEX believes it is important to view free cash flow as a complement to its entire Consolidated Statements of Cash Flows.

TD SYNNEX management uses non-GAAP financial measures internally to understand, manage and evaluate the business, to establish operational goals, and in some cases for measuring performance for compensation purposes. These non-GAAP measures are intended to provide investors with an understanding of TD SYNNEX’ operational results and trends that more readily enable investors to analyze TD SYNNEX’ base financial and operating performance and to facilitate period-to-period comparisons and analysis of operational trends, as well as for planning and forecasting in future periods. Management believes these non-GAAP financial measures are useful to investors in allowing for greater transparency with respect to supplemental information used by management in its financial and operational decision-making. As these non-GAAP financial measures are not calculated in accordance with GAAP, they may not necessarily be comparable to similarly titled measures employed by other companies. These non-GAAP financial measures should not be considered in isolation or as a substitute for the comparable GAAP measures, and should be read only in conjunction with TD SYNNEX’ Consolidated Financial Statements prepared in accordance with GAAP. A reconciliation of TD SYNNEX’ GAAP to non-GAAP financial information is set forth in the supplemental tables at the end of this press release.

The Company has not provided a reconciliation of its FY22 and medium – term adjusted return on invested capital and medium-term adjusted operating margin outlook to an expected return on invested capital and operating margin outlook because certain items that are a component of return on invested capital and operating margin cannot be reasonably projected. In particular, sufficient information is not available to calculate certain adjustments required for such reconciliations, including Acquisition, integration and restructuring costs, Amortization of intangibles, Share-based compensation and invested capital comprising of equity and borrowings. These components of return on invested capital and operating margin could significantly impact Company’s actual return on invested capital and operating margin.

Safe Harbor Statement

Statements in this news release that are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934 involve known and unknown risks and uncertainties which may cause the Company’s actual results in future periods to be materially different from any future performance that may be suggested in this release. The Company assumes no obligation to update any forward-looking statements contained in this release.

These forward-looking statements may be identified by terms such as believe, foresee, expect, may, will, provide, could and should and the negative of these terms or other similar expressions. These forward-looking statements include, but are not limited to, statements regarding shareholder returns, revenue growth, our expectations and outlook for fiscal 2022 as to revenue, non-GAAP operating margin, adjusted ROIC and total debt leverage and our outlook for the next three to four years, including revenue growth, gross revenues, non-GAAP operating margin, shareholder returns and free cash flow.

The forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those discussed in the forward-looking statements. These risks and uncertainties include, but are not limited to: the risk that the legacy SYNNEX and legacy Tech Data businesses will not be integrated successfully or realize the anticipated benefits of the combined company; new or ongoing effects of the COVID-19 pandemic; the unfavorable outcome of any legal proceedings that have been or may be instituted against us; the ability to retain key personnel; general economic conditions and any weakness in information technology and consumer electronics spending; seasonality; the loss or consolidation of one or more of our significant original equipment manufacturer, or OEM, suppliers or customers; market acceptance and product life of the products we assemble and distribute; competitive conditions in our industry and their impact on our margins; pricing, margin and other terms with our OEM suppliers; our ability to gain market share; variations in supplier-sponsored programs; changes in our costs and operating expenses; changes in foreign currency exchange rates; changes in tax laws; risks associated with our international operations; uncertainties and variability in demand by our reseller and integration customers; supply shortages or delays; any termination or reduction in our floor plan financing arrangements; credit exposure to our reseller customers and negative trends in their businesses; any future incidents of theft; the declaration, timing and payment of dividends, and the Board’s reassessment thereof; and other risks and uncertainties detailed in our Form 10-K for the fiscal year ended November 30, 2021 and subsequent SEC filings. Statements included in this press release are based upon information known to TD SYNNEX as of the date of this release, and TD SYNNEX assumes no obligation to update information contained in this press release unless otherwise required by law.

Copyright 2022 TD SYNNEX Corporation. All rights reserved. TD SYNNEX, the TD SYNNEX Logo, and all other TD SYNNEX company, product and services names and slogans are trademarks of TD SYNNEX Corporation. Other names and trademarks are the property of their respective owners.

Forecast
		Fiscal Year Ended November 30, 2022
(Amounts in millions, except per share amounts)		Low			High
Revenue		$	62,100		$	63,000
Adjustments
Foreign Currency Exchange Impact(1)			1,200			1,200
Accounting Policy Alignment(2)			1,100			1,100
Adj. Revenue		$	64,400		$	65,300
Adj. Y/Y Revenue Growth			6%			8%

Forecast
		Fiscal Year Ended November 30, 2022
(Amounts in millions)		Low			High
Operating income		$	806		$	1,013
Acquisition, integration and restructuring costs			267			227
Amortization of intangibles			330			310
Share-based compensation			41			39
Purchase accounting adjustments			120			100
Non-GAAP operating income			1,564			1,689
Non-GAAP operating income margin(1)			2.50%			2.70%

 

The post TD SYNNEX Provides Medium-Term Financial Model at 2022 Investor Day appeared first on Cybersecurity Insiders.

March 30, 2022 at 09:09AM

Read More