Ransomware attack suspected on Macmillan Publications

Macmillan, that is into the publishing business of educational content, was hit by a cyber attack that is suspected to be of ransomware variant. The company is yet to confirm the incident. But the staff of the publishing giant admitted to be experiencing a digital disruption in the IT Infrastructure of the company.

Highly placed sources say the company is not interested in bowing down to the demands of hackers, as it has an efficient data continuity plan in place.

However, a slight delay to the shipments of books would be observed, as access to email to employees has been barred to contain and mitigate risks involved in the incident.

Unconfirmed sources say hackers got access to PII and so if the company cannot pay a ransom on time, it will sell that data on the dark web and would tarnish the image of the company on the internet.

Macmillan was contacted about the incident by Bleeping computer that first reported the matter to the world. But the authorities failed to acknowledge the approach as they were busy investigating the incident.

Usually, ransomware spreading gangs steal data to put pressure on the victim for paying up the demanded ransom. And if the victim cannot pay the ransom, they sell the data for a fair price on the dark web.

Nowadays, ransomware groups are indulging in more notorious tactics of black-mailing the victim to pay up or they threaten to contact the victim’s competitors, customers and partners by tarnishing their image in the business field, respectively.

 

The post Ransomware attack suspected on Macmillan Publications appeared first on Cybersecurity Insiders.

July 01, 2022 at 10:39AM

Read More

Amazon Photos exhibit high severity vulnerability

All you Amazon Photos users out there, please be aware of a high-severity vulnerability in the app that you are using to store photos and videos in original quality. The said application that is found to have over 50 million downloads can be exploited by hackers to steal Amazon access tokens and steal data thereafter.

Cybersecurity researchers from Checkmarx have confirmed a security bug on the Android phone application that could allow hackers to steal the personal information of hackers.

Researchers claim that the application has a mis-configured component that was exported in the applications manifest file, which allows external apps to access data.

Having a free hand to access tokens allows cyber criminals to change files and delete history leading to recovery issues, as the subjecting accessing the files can completely erase files and folders from Amazon Drive Account.

Upon discovering the vulnerability, Checkmarx contacted Amazon in a first level of action and notified the flaw to the technology giant.

Amazon reportedly acknowledged the issue by releasing a fix for it as soon as it analyzed the facts and got it figured out by its engineers as true.

Amazon Photos vulnerability news comes just a month after the china-based company was found exposing its Elasticsearch server to hackers with no password or 2FA protection and information such as personal email addresses, surnames, PayPal account and account profiles pertaining to Amazon sellers was up available for grab to anyone.

Interestingly, the server was also found hosting Amazon user reviews on its platform that were determined to be fake at a later stage.

 

The post Amazon Photos exhibit high severity vulnerability appeared first on Cybersecurity Insiders.

July 01, 2022 at 10:37AM

Read More

API security: 12 essential best practices to keep your data & APIs safe

This blog was written by an independent guest blogger.

If you don’t think API security is that important, think again. Last year, 91% of organizations had an API security incident. The proliferation of SOAP and REST APIs makes it easy for organizations to tailor their application ecosystems. But, APIs also hold the keys to all of a company’s data. And as data-centric projects become more in demand, it increases the likelihood of a target API attack campaign. 

Experts agree that organizations that keep their API ecosystem open should also take steps to prevent ransomware attacks and protect data from unauthorized users. Here is a list of 12 tips to help protect your API ecosystem and avoid unnecessary security risks. 

Encryption

The best place to start when it comes to any cybersecurity protocol is encryption. Encryption converts all of your protected information into code that can only be read by users with the appropriate credentials. Without the encryption key, unauthorized users cannot access encrypted data. This ensures that sensitive information stays far from prying eyes. 

In today’s digital business environment, everything you do should be encrypted. Using a VPN and Tor together runs your network connection through a secured server. Encrypting connections at every stage can help prevent unwanted attacks. Customer-facing activities, vendor and third-party applications, and internal communications should all be protected with TLS encryption or higher. 

Authentication

Authentication means validating that a user or a machine is being truthful about their identity. Identifying each user that accesses your APIs is crucial so that only authorized users can see your company’s most sensitive information. 

There are many ways to authenticate API users:

• HTTP basic authentication
• API authentication key configuration
• IdP server tokens

OAuth & OpenID Connect

A great API has the ability to delegate authentication protocols. Delegating authorizations and authentication of APIs to an IdP can help make better use of resources and keep your API more secure. 

OAuth 2 is what prevents people from having to recall from memory thousands of passwords for numerous accounts across the internet and allows users to connect via trusted credentials through another provider (like when you use Facebook, Apple, or Google to log in or create an account online).

This concept is also applied to API security with IdP tokens. Instead of users inputting their credentials, they access the API with a token provided by a third-party server. Plus, you can leverage the OpenId Connect standard by adding an identity layer on top of OAuth. 

Audit, log, and version

Without adequate API monitoring, there is no way organizations can stop insidious attacks. Teams should continuously monitor the API and have an organized and repeatable troubleshooting process in place. It’s also important that companies audit and log data on the server and turn it into resources in case of an incident. 

A monitoring dashboard can help track API consumption and enhance monitoring practices. And don’t forget to add the version on all APIs and depreciate them when appropriate. 

Stay private

Organizations should be overly cautious when it comes to vulnerabilities and privacy since data is one of the most valuable and sought-after business commodities. Ensure error messages display as little information as possible, keep IP addresses private, and use a secure email gateway for all internal and external messaging. Consider hiring a dedicated development team that has only necessary access and use an IP whitelist and blacklist to restrict access to resources. 

Consider your infrastructure

Without a good infrastructure and security network, it’s impossible to keep your API secure. Make sure that your servers and software are up to date and ensure that regular maintenance is done to consolidate resources. You should also ensure that third-party service providers use the most up-to-date versioning and encryption protocols. 

Throttling and quotas

DDOS attacks can block legitimate users from using their dedicated resources, including APIs. Restricting access to the API and application organizations can ensure that no one will abuse your APIs. Setting throttling limits and quotas is a great way to prevent cyberattacks from numerous sources, such as a DDOS attack. Plus, you can prevent overloading your system with unnecessary requests. 

Data validation

All data must be validated according to your administrative standards to prevent malicious code from being injected into your API. Check every piece of data that comes through your servers and reject anything unexpected, significantly large, or from an unknown user. JSON and XML schema validation can help check your parameters and prevent attacks. 

OWASP Top 10

Staying up on the OWASP (Open Web Application Security Project) Top 10 can help teams implement proactive measures to protect the API from known vulnerabilities. The OWASP Top 10 lists the 10 worst vulnerabilities according to their exploitability and impact. Organizations should regularly review their systems and secure all OWASP vulnerabilities. 

API firewalling

An API firewall makes it more difficult for hackers to exploit API vulnerabilities. API firewalls should be configured into two layers. The first DMZ layer has an API firewall for basic security functions, including checking for SQL injections, message size, and other HTTP security activities. Then the message gets forwarded to the second LAN layer with more advanced security functions. 

API gateway management

Using an API gateway or API management solution can help save organizations a lot of time and effort when successfully implementing an API security plan. An API gateway helps keep data secure with tools to help monitor and control your API access. 

In addition to streamlined API security implementation, an API management solution can help you make sense of API data to power future business decisions. Plus, with the help of creative graphic design, many API management solutions and gateways offer a simple UI with easy navigation. 

Call security experts

Although cybersecurity positions are popping up worldwide, many organizations are having difficulty finding talented experts with the right security credentials to fill in the security gaps. There are ways to attract cybersecurity professionals to your company, but cybersecurity can’t wait for the right candidate. 

Call the security experts at AT&T cybersecurity to help you manage your network and API security. Plus, you can use ICAP (Internet Content Adaptation Protocol) servers to scan the payload of your APIs. 

Final thoughts

As digital tools and technologies continue to evolve, so will hackers’ attempts to exploit crucial business data. Putting some basic API security best practices in place will help prevent attacks in the future and contribute to a healthy IT policy management lifecycle. 

The best way to ensure that your APIs are safe is to create a company-wide mindset of cyber hygiene through continuous training and encouraging DevSecOps collaborative projects. However, organizations can secure their digital experiences and important data by following these simple tips to enhance their API security. 

The post API security: 12 essential best practices to keep your data & APIs safe appeared first on Cybersecurity Insiders.

July 01, 2022 at 09:09AM

Read More

Authenticating legacy apps with a reverse proxy

This blog was written by an independent guest blogger.

When we think of “authentication” for our applications, most of us think of user registration, a login form, and resetting passwords. Our concerns begin and end there. But as we dive deeper and our security and compliance requirements change over time, we have to consider new password hashing algorithms, blocking bots, multi-factor authentication, and external identity providers. What started as a clear, concise set of requirements became an ever-growing list.

For new applications, we can add an identity provider like Azure Active Directory or Okta, embed any number of framework plugins, and count on those systems to handle all the complexity and change that we’d normally have to consider within our system. It’s a quick and easy exercise and centralizes all the policy across your ecosystem.

Unfortunately, most of our apps don’t fit this nice, clean, predictable world. We have years or even decades of mission critical applications sitting in our infrastructure where the source code is lost to time, the team has moved onto other projects, and the overall system is working “so please don’t touch it!” That makes a “simple checkbox task” much more complicated. We need to rethink our approach on how we access these systems.

Enter the reverse proxy 

In general client-server architectures, the client makes requests directly to the server. As the number of clients grows, it’s feasible to overwhelm the server and prevent any requests from being fulfilled. With a reverse proxy, we put a system in front of the server to act as a gateway. This gateway applies its own rules to the requests, confirms those requests meet those requirements, and forwards the acceptable requests on to the server.

To think of it another way, consider your favorite restaurant. Do you sit down with the menu, choose a dish, and shout it to the kitchen? No, that would create chaos and confusion. Instead, a waiter takes your order and divides it into pieces to tell the bartender your drink order and the kitchen your dinner selection. As each dish is ready, the kitchen assembles the pieces, and the waiter brings you the result. You don’t know or care if one or ten cooks are preparing your meal. The wait staff provides an abstraction layer between you and the kitchen without changing how the diner or the kitchen operate.

When we think back to our legacy application, the reverse proxy performs the same service. It acts as an abstraction layer for our security requirements and allows the implementation to change independently of the system we’re protecting. In fact, as our requirements change and expand, we can usually focus entirely on the reverse proxy and ignore most of the underlying legacy system. 

HTTP Basic Authentication with a reverse proxy

Now that we can gate access to our server, forcing authentication is straightforward. For the following examples, we’ll assume the application we’re protecting lives at 192.168.1.1:8080.

At the simplest level, we can start with HTTP Basic Authentication. With an Apache or NGINX-based proxy, you would use a command like this to create a new user named “katelibby”:

> htpasswd /etc/apache2/.htpasswd katelibby reverseproxyftw

and then load the resulting htpasswd file into your configuration in seconds. At ngrok, we can accomplish the same on the command line with this option:

> ngrok http 192.168.1.1:8080 — basic-auth=”katelibby:reverseproxyftw”

But be careful, unlike the htpasswd approach, the ngrok command line approach is an ephemeral user and ceases to exist when this command is interrupted. On the positive side, you don’t need any additional services and components.

Unfortunately, HTTP Basic Auth isn’t usually the best option. On the surface, it’s easy to set up and maintain but it turns into an administrative headache over time. First, an admin must create each user so they normally have the passwords and – even worse – the end user can’t reset or recover their account on their own. In general, HTTP Basic Auth is really only useful for small, simple projects with minimal or non-existent security and compliance requirements.

OAuth 2.0 and OpenID Connect with a reverse proxy 

When we go deeper into the authentication rabbit hole, we quickly get to OAuth 2.0. OAuth addresses many of the self-service aspects by completely delegating anything authentication (and authorization!)-related to an identity provider.

Luckily because OAuth is an open protocol, there are implementations for every system out there. The Apache approach to auth gives you a toolbox of options to build your own while my former colleague at Okta, Aaron Parecki covers his approach in “Use nginx to Add Authentication to Any Application.”

At ngrok, we take a different approach to support some of the major OAuth providers:

> ngrok http 192.168.1.1:8080 –oauth=google

Or if we preferred to use OpenID Connect specifically, that command would change to:

> ngrok http 192.168.1.1:8080 –oidc=https://ift.tt/2kzsSTm –oidc-client-id=clientId –oidc-client-secret=clientSecret

Regardless of which approach we take, now our underlying system is protected with OAuth 2.0 or OpenID Connect without changing the system.

Further, since we’ve outsourced authentication to a separate identity provider, our underlying system is now under those security requirements. If our identity provider requires complex passwords, multi-factor authentication, or has IP restrictions on where to allow login, our legacy system doesn’t know and doesn’t care. We get all the benefits of those policies without having to touch the underlying system.

Is a reverse proxy the Holy Grail?

Regardless of the benefits, there are a few tradeoffs involved in choosing a reverse proxy. A reverse proxy can often view and inspect network traffic as it flows between the clients and servers. The positive take on this inspection is the proxy can detect malicious activity and block it or improve speed via compression and traffic shaping. The negative take is the proxy can log the traffic potentially providing a new target for attackers. In practice, you can mitigate the logging and introspection risks by implementing end to end encryption via TLS.

Architecturally, as the gateway to our application, it becomes a new single point of failure. Therefore, we have to plan for it to be stable, reliable, fail gracefully, and recover quickly. This may require teams to learn and implement new tooling and monitoring for observability but any reasonable reverse proxy configuration will consider those capabilities core.

Fundamentally, a reverse proxy gives you control and oversight over the legacy systems living on your network. With just a little effort, you can bring it under the umbrella of your existing security practices and policies and even expand and adapt as those requirements change. Done well, a reverse proxy will let you consider non-security aspects like traffic shaping, payload/request validation, circuit breaking, and even replacing the underlying system completely and transparently to end users.

A reverse proxy does not solve all of our problems, but a single point of access gives us power.

The post Authenticating legacy apps with a reverse proxy appeared first on Cybersecurity Insiders.

July 01, 2022 at 09:09AM

Read More

How can your organization find and develop the next generation of cybersecurity?

Last week (ISC)² released the (ISC)² Cybersecurity Hiring Managers Guide: Best Practices for Hiring and Developing Junior Talent built on the latest research to help organizations grow their teams and retain top talent. The report highlighted the top technical skills, non-technical skills and personality attributes hiring managers seek and how organizations can benefit from unique recruiting and professional development strategies.

In a recent volunteer survey, we asked members with hiring experience what trends they are seeing in the industry. Many mentioned technological shifts expedited by the pandemic including remote work, virtual interviews and hybrid work environments. They also noted a shift in requirement of degrees and certifications for entry-level staff and more emphasis on diversity of backgrounds and experiences. Filip Chyla, CCSP said we are seeing a “slow shift from hiring the "unicorn" to someone that can grow into the role.”

“Previously, [the] hiring decision was made majorly on the candidates technical competencies (about 80% technical and 20% attitude and others) where the hiring was done for focused positions, over the last few years we are giving priority to candidates attitude and mindset more than technical capabilities (60% attitude and 40% technical) since the technology landscape is changing rapidly and we need people with right attitude and hunger for learning and trying new things,” said Kesav Viswanath, CISSP, CCSP.

“Strive for Diversity and Inclusion. The more we, our teams, resemble the world around us, the more we can accomplish as we bring different perspectives to the table,” said Jon Rohrich, CISSP, CCSP.

When asked for advice or suggestions for cybersecurity hiring practices today the general consensus was to make hiring easier for both organizations and entry-level candidates by reducing experience requirements and getting to know a candidate’s potential by understanding where are they in their cybersecurity journey and supporting them through training and other development practices. “Do not rely upon what you read in a resume – use it as a barometer of knowledge and skill. Then explore a candidate’s propensity to learn,” said Richard Tychansky, CISSP, CAP, CSSLP.

“We have had great hires who were not technically super sound but had the right mindset and overtime they built strong technical capability. With the growth of cyber security industry there is shortage of skilled resources, rather than hiring only technically sound candidates its worthwhile to consider people who can learn and adapt, as we say – hire for the attitude, build the skill.” – Kesav Viswanath, CISSP, CCSP

“A diversified team is key to successful work culture. Get candidates with various backgrounds – Ex-Military/Navy, Senior IT practitioners.” said Saju Thomas Paul, CISSP. Hear more from Saju and other panelists Jon France, CISSP – our own CISO – and Becky Goza, CISSP, Senior Manager of Information Security at Love’s Travel Stops in our upcoming free ThinkTank webinar later this week. Bring your questions surrounding hiring the next generation of cybersecurity professionals as we continue this conversation on June 23 at 11:00 a.m. ET: How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners.

The post How can your organization find and develop the next generation of cybersecurity? appeared first on Cybersecurity Insiders.

July 01, 2022 at 09:09AM

Read More

SECURE North America | Users Aren’t the Weakest Link, They’re Your Allies

Security teams should stop treating users as the weakest link in security and, instead, turn them into allies in building a strong security culture. This was the message from Shelly Epps, HCISPP, Director of Security Program Management at Duke Health, who delivered a presentation this week at the (ISC)² SECURE North America virtual event.

“If you are relying upon users for your security, you’ve effectively already failed,” she said. Instead, organizations need to develop comprehensive, multidimensional programs that keep users engaged.

Traditionally, Epps said, organizations have built security programs around compliance obligations and PowerPoint-based lists. Programs tended to be punitive, turning the cybersecurity staff into the bad guys, when a rewards-based approach is better.

Developing the right culture requires empowering people by helping them internalize the need for security and understand their own role in security, she said. It helps to instill a hive mentality with everyone “working together working for the greater good.” And Duke Health has sought to accomplish this with a series of awareness initiatives, including phishing simulations, short, easily digestible videos, the launch of a virtual security academy, and an ambassador program.

New Direction

Starting in 2020, Duke Health embarked on a new approach to security training and awareness. In February, the company did a phishing simulation using what Epps called the “ugliest Valentine’s Day phish.”

Users were sent an e-card that required them to click a link to see the card. “It was very similar to how e-cards work. I though e-cards were kind of done at that point,” Epps said.

As it turned out, e-cards still appealed to recipients. “We had a very concerning click rate in that phish.” Employees of all ages, roles, backgrounds and education levels clicked at a very high rate, and that included IT-centric workers as well.

So clearly there was some work to do. The corporate mandate was to conduct phishing simulations twice a year, but the security team decided to approach department members and suggest they run them more often. Some agreed to monthly simulations, others went with a quarterly schedule, and yet others opted to stay with the semi-annual schedule. The results clearly showed that those conducting monthly tests had the biggest drops in click rates, Epps said.

Right after the first organization-wide simulation, the pandemic hit causing the security training team to make adjustments including, for example, adding a focus on securing home environments.

The team also launched a video series that addressed relevant security topics in three-minute chunks. So that everyone could relate to the content, people of different ages, backgrounds and different physical abilities were used in the videos. This approach, Epps said, was well received because people could see themselves represented in the videos.

To maintain relevance, the security training team analyzes statistics of how many people watch the videos and how many drop off so they can learn what works best to keep viewers engaged.

Another initiative was the virtual security academy. Epps’ team put together a curriculum that in the first year focused on “train the trainer” by acquainting IT staff with seven domains of security. In the second year, non-IT staff were invited to participate. Epps’ team employed a story-telling approach using real-world examples to convey information. The third year is still in the planning, but Epps said it may focus on (ISC)² entry-level domains and exam prep.

Security Ambassadors

To recruit security ambassadors, the team turned to 170 users who completed all training modules in a phishing awareness program. The team used gamification and swag rewards to draw people to the training, and managed to get 2,100 employees to participate.

The most committed attendees – those who completed all 20 modules – were invited to become ambassadors. In that role, they are asked to help the security team evangelize the security message by suggesting ideas for phish simulations and videos, and by talking up security in general.

With their help, Epps said she hopes to see a huge amount of engagement in the third year of the program. Her team, she said, is never going to stop in its efforts to get everyone across the organization to embrace a security culture.

The post SECURE North America | Users Aren’t the Weakest Link, They’re Your Allies appeared first on Cybersecurity Insiders.

July 01, 2022 at 09:08AM

Read More

ERI’s John Shegerian Shares Insights at VerdeXchange on Protecting the Planet through Innovation and a Circular Economy

LOS ANGELES–(BUSINESS WIRE)–Last week, John Shegerian, Chairman and CEO of ERI, the nation’s largest fully integrated IT and electronics asset disposition provider, was featured as a speaker on two panels at the VerdeXchange annual conference at the Omni Hotel in Los Angeles.

First, Shegerian contributed to a panel discussion titled “Circular Economy Solutions to California’s Waste Crisis” alongside Jean-Christophe Lambert of Lithion Recycling. The discussion was moderated by the Deputy Director of Los Angeles County Public Works, Coby Skye. During the presentation, Shegerian shared why e-waste is the fastest growing waste stream in the world today and how Circular Economy strategies are the only solution to the issue.

Later, Shegerian was featured as part of a special Luncheon Plenary event called “Game Changers: Meet the Innovators” in which he was joined on stage by Myrna Bittner, CEO of RunWithIt Synthetics; and Mark McGough, President & CEO of H2U. Moderated by Jim Kelly, the Director of S&C Electric, each panelist engaged with Kelly and the audience in a spirited discussion, sharing their stories and insights on providing solutions to the planet’s most challenging environmental issues.

“It was a great honor and privilege to be on stage with the innovators and thought leaders at VerdeXchange this year,” said Shegerian. “David Abel and his team at VerdeXchange produce vitally important impact events, providing decisionmakers, investors and policymakers with critical thought leadership and an opportunity for experts to share what they know and discuss vital best practices. Communication and education are vital if we are to problem-solve and work together to create solutions that protect our planet. We’re grateful to our long-time friend David and VerdeXchange for including such critical dialogue at this timely event.”

“John Shegerian, ERI’s CEO, powerfully conveyed at VX2022 the size of our e-waste problem, as well as the still daunting challenges of moving the globe and North America to a more sustainable circular economy,” said David Abel, Chairman of the VerdeXchange Institute and VX2022. “The VX audience ‘heard’ his message; were impressed with ERI’s successes; and, fully resonated with his values.“

For 15 years, VerdeXchange‘s annual cross-platform California conference has gathered accomplished clean and green tech entrepreneurs, energy & water companies, blue economy mavens, advanced vehicle manufacturers, soft & hardware developers, public policymakers as well as: procurers, innovative financiers, and environmental stewards under-one-roof to assess what’s in-market, about to be in-market, and what’s needed in market to propel the global, trillion dollar green economy.

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI is certified at the highest level by all leading environmental and data security oversight organizations to de-manufacture, recycle, and refurbish every type of electronic device in an environmentally responsible manner. It is the first and only company in its industry to achieve SOC 2 certification for security and data protection. ERI has the capacity to process more than a billion pounds of electronic waste annually at its eight certified locations, serving every zip code in the United States. ERI’s mission is to protect people, the planet and privacy. For more information about e-waste recycling and ERI, call 1-800-ERI-DIRECT or visit https://eridirect.com.

The post ERI’s John Shegerian Shares Insights at VerdeXchange on Protecting the Planet through Innovation and a Circular Economy appeared first on Cybersecurity Insiders.

July 01, 2022 at 09:08AM

Read More

New Hertzbleed vulnerability affects modern AMD and Intel Processors

A group of researchers from the University of Texas, University of Illinois, and the University of Washington have found a new vulnerability in modern AMD and Intel Processors. They dubbed the flaw Hertzbleed, as it uses frequency side channels to extract cryptographic keys from remote servers.

Experiments launched by the researchers from the three said educational institutions say that under certain circumstances dynamic frequency scaling feature is linked to the data processing feature in modern x86 processors. And because of this fault, the security of cryptography software becomes a threat as it gives an opportunity to use a novel chosen -cipher-text attack against SIKE- Supersingular Isogeny Key Encapsulation to perform full key extraction on a remote note.

Intel and AMD have issued an advisory on this note saying most of their processors were susceptible to Hertzbleed attacks.

Both companies have also announced the release of microcode patches to mitigate the risks raised by Hertzbleed.

Intel has taken a step ahead by issuing guidance to cryptographic developers to harden their libraries and applications against Hertzbleed attacks.

NOTE 1- In the past few years, both Intel and AMD have hit news headlines for products exhibiting different vulnerabilities. However, they always ensured that their customers never fall prey to hackers by issuing patches and updates from time to time.

NOTE 2- A white paper detailing Hertzbleed will be published at the ‘31st USENIX Security Symposium’ that is to be held in Boston between August 10-12 of 2022.

 

The post New Hertzbleed vulnerability affects modern AMD and Intel Processors appeared first on Cybersecurity Insiders.

June 30, 2022 at 10:13AM

Read More

DevSecOps deploy and operate processes

In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production.

The traditional handoff of an application is siloed where developers send installation instructions to IT, IT provisions the physical hardware and installs the application, and security scans the application after it is up and running. A missed instruction could cause inconsistency between environments. A system might not be scanned by security leaving the application vulnerable to attack. DevSecOps focus is to incorporate security practices by leveraging the security capabilities within infrastructure as code (IaC), blue/green deployments, and application security scanning before end-users are transitioned to the system.

Infrastructure as Code

IaC starts with a platform like Ansible, Chef, or Terraform that can connect to the cloud service provider’s (AWS, Azure, Google Cloud) Application Programming Interface (API) and programmatically tells it exactly what infrastructure to provision for the application. DevOps teams consult with developers, IT and security to build configuration files with all of the requirements that describe what the cloud service provider needs to provision for the application. Below are some of the more critical areas that DevSecOps covers using IaC.

Capacity planning – This includes rules around autoscaling laterally (automatically adding servers to handle additional demand, elastically) and scaling up (increasing the performance of the infrastructure like adding more RAM or CPU). Elasticity from autoscaling helps prevent non-malicious or malicious Denial of Service incidents.

Separation of duty – While IaC helps break down silos, developers, IT, and security still have direct responsibility for certain tasks even when they are automated. Accidentally deploying the application is avoided by making specific steps of the deploy process responsible to a specific team and cannot be bypassed.

Principal of least privilege – Applications have the minimum set of permissions required to operate and IaC ensures consistency even during the automated scaling up and down of resources to match demand. The fewer the privileges, the more protection systems have from application vulnerabilities and malicious attacks.

Network segmentation – Applications and infrastructure are organized and separated based on the business system security requirements. Segmentation protects business systems from malicious software that can hop from one system to the next, otherwise known as lateral movement in an environment.

Encryption (at rest and in transit) – Hardware, cloud service providers and operating systems have encryption capabilities built into their systems and platforms. Using the built-in capabilities or obtaining 3rd party encryption software protects the data where it is stored. Using TLS certificates for secured web communication between the client and business system protects data in transit. Encryption is a requirement for adhering with industry related compliance and standards criteria.

Secured (hardened) image templates – Security and IT develop the baseline operating system configuration and then create image templates that can be reused as part of autoscaling. As requirements change and patches are released, the baseline image is updated and redeployed.

Antivirus and vulnerability management tools – These tools are updated frequently to keep up with the dynamic security landscape. Instead of installing these tools in the baseline image, consider installing the tools through IaC.

Log collection – The baseline image should be configured to send all logs created by the system to a log collector outside of the system for distribution to the Network Operations Center (NOC) or Security Operations Center (SOC) where additional inspection and analysis for malicious activity can be performed. Consider using DNS instead of IP addresses for the log collector destination.

Blue green deployment

Blue green deployment strategies increase application availability during upgrades. If there is a problem, the system can be quickly reverted to a known secured and good working state. A blue green deployment is a system architecture that seamlessly replaces an old version of the application with a new version.

Deployment validation should happen as the application is promoted through each environment. This is because of the configuration items (variables and secrets) that are different between the environments. Typically, validation happens during non-business hours and is extremely taxing on the different groups supporting the application. With a blue green deployment, the new version of an application can be deployed and validated during business hours. Even if there are concerns when end-users are switched over during non-business hours, fewer employees are needed to participate.

Automate security tools installation and scanning

Internet facing application attacks continue to increase because of the ease of access to malicious tools, the speed at which some vulnerabilities can be exploited, and the value of the data extracted. Dynamic Scanning Tools (DAST) are a great way to identify vulnerabilities and fix them before the application is moved into production and released for end-users to access.

DAST tools provide visibility into real-world attacks because they mimic how hackers would attempt to break an application. Automating and scheduling the scanning of applications in a regular cadence helps find and resolve vulnerabilities quickly. Company policy may require vulnerability scanning for compliance with regulatory and standards like PCI, HIPPA or SOC.

DAST for web applications focuses on the OWASP top 10 vulnerabilities like SQL injection and cross-site scripting. Manual penetration (PEN) testing is still required to cover other vulnerabilities like logic errors, race conditions, customized attack payloads, and zero-day vulnerabilities. Also, not all applications are web based so it is important to select and use the right scanning tools for the job. Manual and automatic scanning can also help spot configuration issues that lead to errors in how the application behaves.

Next Steps

Traditional deployments of applications are a laborious process for the development, IT, and security teams. But that has all changed with the introduction of Infrastructure as Code, blue-green deployments, and the Continuous Delivery (CD) methodology. Tasks performed in the middle of the night can be moved to normal business hours. Projects that take weeks of time can be reduced to hours through automation. Automated security scanning can be performed regularly without user interaction. With the application deployed, the focus switches to monitoring and eventually decommissioning it as the final steps in the lifecycle.

The post DevSecOps deploy and operate processes appeared first on Cybersecurity Insiders.

June 30, 2022 at 09:09AM

Read More

Infosecurity Europe: A show so secure a train strike couldn’t break it!

Infosecurity Europe is unquestionably the biggest and most significant cybersecurity conference and event on the European calendar, a mainstay that is enjoyed by the entire industry and that serves as an important opportunity for members to meet each other and engage with the (ISC)² team on our stand.

Like so many key industry events, Infosecurity Europe has been operating as a virtual event for the last two years due to the pandemic but made a triumphant return to physical being this year along with a move to a brand new venue. 2022 saw the show move from London’s Olympia Exhibition Center to ExCel in East London, a larger and more modern facility capable of accommodating the growing show and expanding industry. However, a national train strike risked undermining this return to physical events, but ultimately failed to do so. Such was the enthusiasm for returning to physical shows and events, attendees turned to everything from boats to cable cars to make it there on day one, while day two and three allowed attendees to make use of the new Elizabeth Line, a £19 billion high speed train line that cuts the journey time between Excel and Central London to just 12 minutes.

Leadership and Uncertainty

Inside the show itself, this year’s conference program had no shortage of stark warnings and recognition of the difficult challenges facing cybersecurity practitioners and the organizations they work for. The growth in encryption use and complexity was the subject of considerable debate for Baroness Eliza Manningham-Buller, the former head of MI5, the UK intelligence service. In her keynote address, Manningham-Buller told delegates that widespread use of encryption has created challenges for governments and the private sector alike, making it harder to surveil individuals as well as to intercept illegal, fake and other problematic content in-flight.

Manningham-Buller also discussed the need for greater diversity in the intelligence service and in the wider cybersecurity sector. “How can we do our job properly if we only reflect part of the population?” she said. “Why would we not wish to get the best people from across the spectrum?” Shaking off the James Bond persona and making it clear that careers in MI5 and other agencies are open and accessible to all is essential to its wider mission of protecting the nation and dealing with uncertainty.

Meanwhile, author and journalist Mischa Glenny discussed the impact of cybersecurity on geopolitical affairs (and vice versa). Best known as the author of McMafia (which spawned a drama series of the same name) and the radio show How to Invent a Country, Glenny discussed the “age of uncertainty” we now find ourselves in as a result of the Ukraine conflict, tensions between the West and China and the economic scars left by COVID-19. He did this by charting the history of cyber-attacks and mapping many of them to high points in geopolitical unrest.

Themes from the Floor

Across over 200 different sessions on three days, attendees heard firsthand from practitioners, vendors, politicians, industry commentators and other information security leaders about the issues, technologies, strategies and ideas of the moment.

From issues of possible industry regulation to the growing threats posed by phishing and ransomware, from the threat posed by fake news and disinformation to the spike in social engineering-based hacking that the pandemic has encouraged, from end-user behavior to enhancing technology countermeasures to extend the organizational forcefield to cover all its remote workers as well as those returning to the office. The program at Infosecurity Europe was as broad as it was relevant.

Risk and compliance were a consistent focus throughout the show. Whether it was discussing the ethics and merits of whether to pay a ransom or discussing the risk/cost dynamic of business continuity and disaster recovery measures, this year’s conference illustrated the more analytical shift in our industry’s thinking and focus, providing a balance between technological innovation and understanding the role of training, education, culture and awareness in both reducing risk and successfully implementing policies and countermeasures.

(ISC)² helped wrap up the event with a final talk on strategies for finding, nurturing, and growing cyber talent that referenced our recent Cybersecurity Hiring Managers Study, followed by a panel looking at the next generation of cybersecurity professionals, discussing the challenges facing them and the opportunities available to them and to their employers.

Infosecurity Europe 2022’s theme, Stronger Together, intended to shine a spotlight on the need for cybersecurity practitioners and employers to be more collaborative, representative and accessible. The content for this year’s show certainly achieved that, while the thousands of attendees embodied two other important traits – triumph over adversity and determination – in their refusal to let external obstacles derail their mission to keep us safe and secure.

The post Infosecurity Europe: A show so secure a train strike couldn’t break it! appeared first on Cybersecurity Insiders.

June 30, 2022 at 09:09AM

Read More

Adlumin Named to First-ever MES Matters – Key Vendors Serving the Midmarket List

WASHINGTON–(BUSINESS WIRE)–Adlumin, Inc., the command center for security operations, announced today that Midsize Enterprise Services (MES), a brand of The Channel Company, has recognized Adlumin on its 2022 MES Matters- Key Vendors Serving the Midmarket list.

The MES Matters list recognizes vendors that have proven themselves to be forward-thinking technology providers offering solutions that support the growth and innovation of midmarket organizations. MES defines the midmarket as an organization with an annual revenue of $50M-$2B and/or 100-2500 total supported users/seats. Companies were selected due to their go-to-market strategy, how they serve the midmarket, and the strength of their midmarket product portfolios.

Adlumin’s Managed Detection and Response platform is an exclusive channel play. With Adlumin, partners can position Adlumin software to customers, manage Adlumin capabilities for their customers, or position Adlumin to run 24/7 security operations for their customers. Either way, Adlumin’s patented, proprietary, and managed security services platform is the command center for all security operations. The platform deploys in minutes and is feature-rich with robust security capabilities, including continuous vulnerability management and deep and dark web monitoring. Adlumin’s platform provides visibility to advanced cyber threats, system vulnerabilities and sprawling IT operations to stop threats, reduce organization risk, and automate compliance.

“Adlumin is honored to be a part of the first-ever MES Matters list as we are proud vendors of midmarket organizations who are focused on revolutionizing their cybersecurity landscape,” says Jim Adams, Senior Vice President of Worldwide Sales and Channels at Adlumin. “Our command center for security operations is priced and scaled to meet the business needs of midmarket organizations, adding full visibility into their networks and providing an unparalleled level of security and protection that meets them where they are within their market journey.”

“The MES Matters list is designed to recognize key vendors that are invested in the growth and development of midmarket organizations which according to Harvard Business Review 3/21, represent only 3% of US businesses but are responsible for 33% of private sector GDP and employment. Technology is often designed and priced for either the consumer in mind, or the extreme opposite for the heavy enterprise in mind. Midmarket organizations are unique in the way they are structured and as a result their technology needs and requirements from features to pricing are very different than other market segments,” said Adam Dennison, VP Midsize Enterprise Services, The Channel Company. “The vendors and executives identified on this first-ever MES Matters list have shown a consistent commitment to help midmarket organizations succeed and thrive, they should be recognized and commended for their dedication to this important market segment.”

The MES Matters list is featured online at https://www.crn.com/rankings-and-lists/mes2022.htm.

About Adlumin

Adlumin Inc. is a patented, cloud-native managed security services platform built for corporate organizations that demand innovative cybersecurity solutions and easy-to-use, comprehensive reporting tools. The Adlumin team has a passion for technology and solving the most challenging problems through the targeted application of data science and compliance integration. Our mission is to illuminate or provide visibility to every customer’s environment through real-time threat detection, analysis, and response to ensure sensitive data remains secure. www.adlumin.com

Follow Adlumin: Twitter, LinkedIn, and Facebook

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2022 The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Adam Dennison

The Channel Company

adennison@thechannelcompany.com

The post Adlumin Named to First-ever MES Matters – Key Vendors Serving the Midmarket List appeared first on Cybersecurity Insiders.

June 30, 2022 at 09:08AM

Read More

CyberArk Announces Impact 2022: The Identity Security Event of the Year

NEWTON, Mass. & PETACH TIKVA, Israel–(BUSINESS WIRE)–CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the details of CyberArk Impact 2022. The global cybersecurity conference will bring together Identity Security professionals to connect, learn, collaborate and discuss the critical importance of Identity Security-based strategies. The event will showcase industry-leading products and solutions from CyberArk and its large ecosystem of partners that help reduce risk and support business innovation.

Thousands of Identity Security leaders and professionals are expected, both in-person and virtually. The in-person event will take place July 12-14 at the Hynes Convention Center in Boston; the virtual event experience will feature a mix of live and on-demand content.

The agenda is packed with expert-led training, dynamic keynotes, breakout sessions and immersive hands-on lab experiences. Featured keynotes and panels include:

• Robert Herjavec, CEO of Cyderes, Shark on ABC’s Shark Tank
• Merritt Baer, principal, office of the CISO at AWS
• Nicole Perlroth, award-winning cybersecurity author and angel investor
• Customer panel with leaders from Spencer Stuart, Healthfirst and others
• Partner panel with leaders from Accenture, PwC and others

Additionally, CyberArk will once again host its Women in Security breakfast, bringing together women and advocates of women in cybersecurity to share their experiences and best practices.

“Impact is where the visionary thought leaders, cybersecurity leaders and professionals, global customers, partners, and CyberArk’s experts all meet to connect, share and discover the innovation making Identity Security vision a reality,” said Simon Mouyal, chief marketing officer at CyberArk. “We can’t wait to engage with members of the Identity Security ecosystem who are joining us as we prepare for cybersecurity’s next era.”

Session tracks for Impact 2022 include:

• Innovation – Hear from CyberArk leadership about upcoming Identity Security Platform capabilities, including to-be-announced products and services for Cloud Privilege Security, Identity Management and Secrets Management.
• CyberArk Solutions – Learn how to tackle some of the most pressing security challenges facing enterprises by leveraging CyberArk solutions that address password sprawl, provide just enough access for cloud management, protect IoT devices, support adoption of Zero Trust strategies and more.
• Digital Transformation – Learn about the new capabilities and practices organizations can leverage as they transition to digital environments including new SaaS solutions from CyberArk and strategies for safeguarding the software supply chain.
• Evolving Threat Landscape – Listen to CyberArk Labs, Red Team and other company experts to gain insight into the latest attacker innovations and evolving threats – from how attackers are exploiting identities and risks across the blockchain, to lessons learned from ongoing attacks in the Ukraine.
• Audit and Compliance – Build and refine Identity Security programs that satisfy audit and compliance challenges including strategies for increasing adoption of privileged access management controls and changes in the cyber insurance landscape.

To learn more about CyberArk Impact 2022 and to register, visit: https://impact.cyberark.com.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.

Copyright © 2022 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

The post CyberArk Announces Impact 2022: The Identity Security Event of the Year appeared first on Cybersecurity Insiders.

June 30, 2022 at 09:08AM

Read More

The three core strengths of USM Anywhere

This blog was written by an independent guest blogger.

USM Anywhere is the ideal solution for small and mid-sized businesses that need multiple high-quality security tools in a single, unified package.

There’s no reason large, global enterprises should have a monopoly on top cybersecurity technology. Solutions like USM Anywhere give smaller organizations access to security tools that are both effective and affordable.

USM Anywhere offers a centralized solution for monitoring networks and devices for security threats. It secures devices operating on-premises, remotely, and in the cloud. By combining multiple security tools into a single, streamlined interface, USM Anywhere gives smaller organizations a competitive solution for obtaining best-in-class security outcomes.

Castra's extensive experience working with USM Anywhere has given us unique insight into the value it represents. There is a clear difference in security returns and outcomes between USM Anywhere users and those that put their faith in proprietary solutions developed by managed security service providers. This is especially true for organizations with less than 1000 employees, where management is under considerable pressure to justify security expenditures.

Three ways USM Anywhere outperforms

USM Anywhere furnishes organizations with essential security capabilities right out of the box. It is a full-featured security information and event management platform that enables analysts to discover assets, assess vulnerabilities, detect threats, and respond to security incidents. It features built-in and customizable compliance reporting capabilities, as well as behavioral monitoring capabilities.

These features, along with the platform’s uniquely integrated architecture, provide valuable benefits to security-conscious organizations:

1. Automated log management

USM Anywhere enables analysts to automate log collection and event data from data sources throughout the IT environment. With the right configuration, analysts can receive normalized logs enriched with appropriate data and retain them in a compliant storage solution.

This eliminates the need for costly and time-consuming manual log aggregation, significantly improving the productivity of every employee-hour spent on security tasks. Improved logging efficiency gives security teams more time to spend on strategic, high-value initiatives that generate significant returns.

2. Cloud platform API integration

USM Anywhere integrates with the most popular cloud and productivity platforms, including Office 365 and Amazon AWS.

With the Office 365 Management API, analysts can monitor user and administrator activities throughout the entire Microsoft environment. This makes it easy for analysts to detect anomalies like users logging in from unfamiliar territories, changing mailbox privileges, or sending sensitive data outside the organization.

The CloudWatch and CloudTrail APIs allow analysts to monitor AWS environments and review log activity within the cloud. Gain real-time visibility into asset creation, security group configurations, and S3 access control changes directly through an intuitive, unified SIEM interface.

3. Orchestrated response capabilities

Analysts need accurate, real-time data on suspicious activities so they can categorize attacks and orchestrate a coherent response. USM Anywhere gives analysts access to full details about attack methods, strategies, and response guidance.

AlienApps™ users can extend USM Anywhere capabilities to third-party security and management platforms, allowing analysts to initiate and orchestrate comprehensive event response from within the USM Anywhere user interface. This allows Castra analysts to automate the integration of Palo Alto Cortex XDR capabilities and Anomali Threat Intelligence data from directly within USM Anywhere.

Make Castra your USM Anywhere partner

Castra has been an AlienVault partner since 2013, successfully deploying the company’s security technologies thousands of times. Our remarkable customer renewal rate of almost 100% stands a testament to the effectiveness of our approach. Working with Castra gives you visibility and control over your security posture, while supporting it with qualified expertise on demand.

We have worked closely with AT&T’s USM Anywhere development team for years, providing critical feedback even before AlienVault was publicly released. Our security analysts have deep knowledge of this platform and can personalize its performance to meet your security objectives and compliance needs to the letter. Speak to a Castra expert about optimizing your SIEM deployment to find out more.

The post The three core strengths of USM Anywhere appeared first on Cybersecurity Insiders.

June 29, 2022 at 09:09AM

Read More

ENTRY-LEVEL CYBERSECURITY JOBS KEY TO SOLVING WORKFORCE GAP

Facing an acute shortage of qualified cybersecurity professionals, hiring managers are recruiting entry- and junior-level practitioners to their teams. The latest (ISC)² research captured in our Cybersecurity Hiring Managers Guide reveals this practice enables organizations to build stronger and more resilient cybersecurity teams.

The findings come from a poll of 1,250 hiring cybersecurity managers who hire entry- and junior-level practitioners for small, mid-size and large organizations in the United States, Canada, United Kingdom and India.

The cybersecurity skills gap currently stands at 2.7 million worldwide, forcing hiring managers to deprioritize experience when choosing candidates who show promise. Managers are less insistent on finding technical skills and, instead, have honed their focus on non-technical skills such as ability to work in a team and independently, as well as personal attributes such as problem solving, creativity and analytical thinking.

Today, the composition of participants’ security teams across organizations of all sizes includes significant numbers of entry-level members (less than one year of experience) – typically a quarter to a third of team members. Junior-level practitioners (one to three years of experience) typically make up 30% to 37% of cybersecurity teams. 

Duties and Development

Once on board, entry- and junior-level hires are getting solid opportunities for career development, with 91% of respondents saying their organizations allow staff development time during work hours.

This is a welcome trend, indicating that organizations recognize the need to invest time and money in skills development to build effective, robust teams. Practices include mentorship programs (63%), certification courses (54%), and career pathing and advancement (47%).

Development costs for most organizations are often modest, ranging from U.S. $500 to $5,000. And getting less-experienced cybersecurity staff up to speed is relatively quick. Entry-level staffers can be ready to work unsupervised in as little as six months, according to 34% of respondents, although half said it takes up to a year.

On-the-job training is common, and study respondents are tasking less-experienced team members with a number of responsibilities that place them in the thick of day-to-day cybersecurity work. For instance, 35% of respondents assign entry-level staff to alert and event monitoring and to documenting processes and procedures. Junior-level staff get assigned to information assurance (authentication, privacy) and backup, recovery and business continuity, according to 48% of respondents.

The study reveals that junior-level practitioners can be trained to handle many day-to-day cybersecurity tasks. This allows senior staffers to focus on advanced tasks such as secure software development, endpoint security, data security and risk assessment.

Lingering Disconnect

As the cybersecurity profession has matured over the years, a persistent problem has been a focus on hiring professionals with high levels of skills, certifications and experience. The new study shows hiring managers have become more realistic, but there is still a disconnect.

When asked about certifications they like entry- and junior-level candidates to have, hiring managers cited certifications that require several years of experience, such as the (ISC)² Certified Information Systems Security Professional (CISSP) and the ISACA Certified Information Security Manager (CISM) certification.

A more realistic expectation would be to zero-in on non-technical skills such as analytical thinking and problem solving. Then, have a plan to build up technical skills through training and certification courses once candidates are on board. This, in addition to realistic job descriptions postings, can help organizations build effective cybersecurity teams to protect them against ever-present cyber dangers.

To learn more, download the 2022 Cybersecurity Hiring Managers Guide and register for the webinar How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners on June 23 for a roundtable discussion of (ISC)² members sharing their experiences and best practices for hiring entry- and junior-level practitioners.

The post ENTRY-LEVEL CYBERSECURITY JOBS KEY TO SOLVING WORKFORCE GAP appeared first on Cybersecurity Insiders.

June 29, 2022 at 09:09AM

Read More

Industry Leader, Cyber Defense Magazine, Awards Calix ProtectIQ for Best in Anti-Phishing, Network Security, and Management for Helping Broadband Providers Protect Subscribers From Millions of Digital Threats

SAN JOSE, Calif.–(BUSINESS WIRE)–Calix, Inc. (NYSE: CALX) announced today that ProtectIQ® home network cybersecurity, a key offering in Calix Revenue EDGE Suites (EDGE Suites)—a component of the Calix Revenue EDGE platform—won the Cyber Defense Magazine 2022 Global InfoSec Award for “Best in Anti-Phishing, Network Security, and Management.” The award, which honors the top 10 percent of the cybersecurity industry, recognizes ProtectIQ for enabling broadband service providers (BSPs) of all sizes to stop web threats, intrusions, malware, and viruses from entering home networks. A recent Washington Post poll revealed that many cyber experts believe the U.S. is more vulnerable to cyberattacks today than it was five years ago. The U.S. president also recently warned consumers to take the initiative to protect themselves from cyberattacks. A record number of BSPs across North America leveraging Revenue EDGE are stepping up to offer ProtectIQ to all subscribers as a critical part of their managed Wi-Fi offerings. As a result, they are further differentiating themselves as market leaders and growing their businesses. So far in 2022, BSPs deployed ProtectIQ to 210 percent more subscribers and blocked millions of digital threats from entering their home networks.

Subscribers access ProtectIQ through the BSP’s subscriber-facing mobile app, CommandIQ®, which BSPs can customize with their brand. The app sends push notifications and reports on threats blocked directly to the palm of the subscriber’s hand. This reinforces the value BSPs provide daily and increases subscriber loyalty. Multiple Calix customers across North America proactively secure their communities against digital threats while growing their business and trust in their brands. For example:

• ALLO offers ProtectIQ to all subscribers, increasing customer lifetime value by 53 percent in a year. ALLO Communications recently announced it offers ProtectIQ to all subscribers across Nebraska, Colorado, and Arizona in response to the increased digital dangers worldwide. ALLO blocked tens of thousands of digital threats from entering homes and businesses last month. Calix Customer Success Services and ALLO created a playbook to increase subscriber use of ProtectIQ. As a result, ALLO’s brand reputation continues to grow. Thanks to deeper subscriber relationships, ALLO saw a 53 percent increase in both the average subscriber tenure and the customer lifetime value in less than a year.
• MEC blocks 16,000+ monthly digital threats and increases revenue by 13 percent in seven months. Midwest Energy & Communications (MEC) is an 85-year-old company founded as a cooperative to introduce electricity to completely unserved communities. MEC is advancing that mission today by partnering with Calix to deliver more than essential broadband connectivity to its subscribers across Michigan, Indiana, and Ohio. As a result, MEC increased revenue by 13 percent in the past seven months and now blocks more than 16,000 monthly digital threats with ProtectIQ. In addition, MEC is preparing to roll out Arlo Secure connected cameras to secure subscribers’ homes for additional peace of mind.
• Norvado increases margins by 400 percent in 12 months. Two years ago, Wisconsin-based Norvado launched Apex Managed Wi-Fi built on Revenue EDGE. Using data and behavioral insights delivered through Calix Marketing Cloud, the marketing team created targeted managed Wi-Fi service bundles to offer ProtectIQ to meet subscribers’ varying needs. As a result, Norvado achieved an incredible 99 percent adoption of their Apex Managed WIFI service among new subscribers, boosting margins by 400 percent in just 12 months.
• Four States Fiber blocks 196 percent more threats per user than three months ago. Arkansas-based Four States Fiber is focused on constantly improving its subscriber experience. They recently introduced innovative, differentiated security services using turnkey offerings like ProtectIQ. Part of that experience is keeping the subscriber’s network safe while online. With GigaSpire® BLAST systems—integrated with EDGE Suites—included in subscribers’ homes, Four States Fiber blocks thousands of digital threats a month from entering their subscribers’ networks.

“When we started our fiber-to-the-home project, the customer experience was our top priority,” said Marty Allen, general manager at Four States Fiber. “Part of that experience is keeping the subscriber’s network safe while online. So we partnered with Calix to ensure ProtectIQ was included for every home we installed with a GigaSpire BLAST. So far this year, ProtectIQ has blocked thousands of web threats, malware, intrusions, and viruses from our subscribers’ home networks. With our SmartNet Wi-Fi app, built on CommandIQ, subscribers receive notifications and have access to reports on the digital threats blocked by ProtectIQ, further reinforcing the value our services deliver.”

Other services in EDGE Suites include advanced parental controls from ExperienceIQ, which has seen a 178 percent increase in subscriber use since the beginning of the year, and connected home camera security systems (Arlo Secure). This summer, Calix is launching two new services—social media monitoring (Bark) and connected device protection (Servify Care).

“By offering ProtectIQ to secure home networks, BSPs can demonstrate that protecting subscribers is not an option—it is a responsibility,” said Matt Collins, executive vice president of commercial operations and chief marketing officer at Calix. “ProtectIQ delivers a critical service that empowers subscribers with important information and gives them more control of their home network security. Government leaders and cyber experts continue to sound the alarm and encourage people to protect themselves against a long list of digital threats. For many, it is difficult to know exactly how to solve these complex issues. The number of connected devices in the home continues to grow, and many subscribers don’t understand how to secure their entire network. Local service providers are perfectly positioned to step in and fill this need in their communities with ProtectIQ. By embracing the power of the Revenue EDGE platform, with the GigaSpire BLAST system and EDGE Suites, BSPs can easily and continuously introduce critical new services like network security, and go to market with an expanded value proposition. More importantly, they can demonstrate to their subscribers that they actually care about their well-being.”

Learn more about how BSPs are protecting their subscribers from increased digital threats with ProtectIQ in Revenue EDGE Suites.

About Calix

Calix, Inc. (NYSE: CALX)—Calix cloud and software platforms enable service providers of all types and sizes to innovate and transform. Our customers utilize the real-time data and insights from Calix platforms to simplify their businesses and deliver experiences that excite their subscribers. The resulting growth in subscriber acquisition, loyalty, and revenue creates more value for their businesses and communities. This is the Calix mission: to enable broadband service providers of all sizes to simplify, excite, and grow.

This press release contains forward-looking statements that are based upon management’s current expectations and are inherently uncertain. Forward-looking statements are based upon information available to us as of the date of this release, and we assume no obligation to revise or update any such forward-looking statement to reflect any event or circumstance after the date of this release, except as required by law. Actual results and the timing of events could differ materially from current expectations based on risks and uncertainties affecting Calix’s business. The reader is cautioned not to rely on the forward-looking statements contained in this press release. Additional information on potential factors that could affect Calix’s results and other risks and uncertainties are detailed in its quarterly reports on Form 10-Q and Annual Report on Form 10-K filed with the SEC and available at www.sec.gov.

The post Industry Leader, Cyber Defense Magazine, Awards Calix ProtectIQ for Best in Anti-Phishing, Network Security, and Management for Helping Broadband Providers Protect Subscribers From Millions of Digital Threats appeared first on Cybersecurity Insiders.

June 29, 2022 at 09:09AM

Read More