Image: Shutterstock

Skyrocketing Cyber Insurance Premium Growth May Slow

Akshaya Asokan • January 31, 2023

Premiums for cyber insurance have climbed sharply along with global rates of ransomware. But signs of increased competition and capital inflows suggest the cyber insurance market may be softening, Marsh executive Sarah Stephens told a U.K. parliamentary committee.

Business Email Compromise (BEC)

Reported Data Breaches in US Reach Near-Record Highs

Latest

Open XDR

Bitdefender CEO Florin Talpes on Bringing XDR to the Masses

Michael Novinson • February 1, 2023

Incumbent XDR platforms target large enterprises with access to a full security operations center, threat hunters and incident response teams, says Bitdefender CEO Florin Talpes. But firms looking to successfully serve the SMB market need to modify their XDR tools to address the skills shortage.

Critical Infrastructure Security

White House Mulls Banning Huawei's Access to US Technology

Mathew J. Schwartz • February 1, 2023

Chinese technology firms could be completely banned from buying U.S.-built technology under export control restrictions being mulled by the White House, which has already restricted access to the advanced semiconductors Beijing needs to realize its large-scale artificial intelligence ambitions.

Governance & Risk Management

Network Security, Isolation Still Pose Zero Trust Challenges

Suparna Goswami • February 1, 2023

Praveen Kumar, group CISO of Zee Entertainment Enterprises, says the market has failed to provide enough solutions to isolate the network when an attack happens. While a zero trust approach helps, there are not enough tools available in the market, he adds.

Governance & Risk Management

Radiant Logic Pursues Identity Governance With Brainwave Buy

Michael Novinson • February 1, 2023

Radiant Logic has agreed to buy Brainwave to move from an attestation-based identity governance model to one that more rigorously ensures the appropriateness of credentials. Brainwave uses data and AI to tell customers where in the organization user identities are most likely to be out of sync.

Endpoint Security

Trellix CEO on Unifying Endpoint, SecOps and Data Protection

Michael Novinson • January 31, 2023

Trellix will debut a console that offers endpoint, security operations and data protection capabilities and a plug-in for network detection and response. The company has moved FireEye's best-in-class detection engines to the cloud for NDR and examined how to address areas such as packet capture.

Governance & Risk Management

Juniper Exec Samantha Madrid on Pursuing Single-Vendor SASE

Michael Novinson • January 31, 2023

Juniper Networks has debuted security service edge capabilities that help clients consistently apply zero trust policies in the cloud regardless of the user or device. Juniper takes the policies customers already use within their network and converts them to cloud-delivered policies with one click.

Application Security

Snyk CEO Peter McKay on Making Defense Easier for Developers

Michael Novinson • January 31, 2023

The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.

Breach Notification

ITRC Breach Report: Lack of Transparency, Details Worsen

Anna Delaney • January 31, 2023

The Identity Theft Resource Center's 2022 Annual Data Breach Report reveals a near-record number of compromises - the second-highest number in 17 years. ITRC COO James Lee worries that a sudden lack of transparency in breach notices is creating more risk for consumers.

Customer Identity & Access Management (CIAM)

Founder Sachin Nayyar Back as CEO of Identity Vendor Saviynt

Michael Novinson • January 31, 2023

Saviynt has brought founder and longtime leader Sachin Nayyar back as its chief executive to govern access around privileged, machine and third-party identities. Saviynt wants Nayyar to implement a strategy that incorporates everything from critical apps and cloud workloads to IoT devices and bots.

Critical Infrastructure Security

Russian Sandworm APT Adds New Wiper to Its Arsenal

Mihir Bagwe • January 31, 2023

Security researchers say they found the Russian intelligence-linked Sandworm threat actor deploying a novel disk wiper against an energy sector company located in Ukraine. Data wipers have played a key role in Russia's hacking campaign against Ukraine.

Will Hive Stay Kaput After FBI Busts Infrastructure?

Mathew J. Schwartz • January 31, 2023

What's not to love about an international law enforcement operation visiting disruption on Hive, the ransomware-wielding crime syndicate? But with no suspects in jail, it's unclear how long this takedown might stick before the bad guys reboot or rebrand.

Governance & Risk Management

Tenable's $25M Venture Capital Fund Seeks Early-Stage Firms

Michael Novinson • January 30, 2023

Tenable has debuted a $25 million corporate investment program to support prevention-focused startups focused on technologies such as cloud, OT and identity. The Baltimore-area exposure management vendor says Tenable Ventures plans to scour Israel and the United States for startups.